AN 704: FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification

ID 683720
Date 9/01/2018
Public
Document Table of Contents

FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification

This design flow significantly reduces the certification efforts for the lifetime of an FPGA-based industrial system containing both safety critical and nonsafety critical components.

This application note describes how to use the design flow with a motor control system design example.

Industrial machinery manufacturers throughout the world experience the continuous pressure to reduce system cost, extend performance and efficiency, and deliver to ever reduced timescales. For products in safety critical environments, designers also strive to ensure safe behavior with compliance to IEC 61508: Functional Safety of electrical/electronic/programmable electronic safety-related systems and ISO 26262: Road vehicles - Functional safety.

FPGA-based systems provide designer with design flexibility performance scalability, and integration options. The TÜV Rheinland approved safety separation design flow retains these FPGA benefits and completely removes the need for a full design certification (when you don't change safety critical regions in a single FPGA device).

You can create safety and non-safety regions (or partitions) on a single Cyclone® IV, Cyclone V or Intel® MAX® 10 device. When you only change non-safety regions, the safety areas are fully preserved. The design flow provides the evidence that the placement and routing in the safety regions are identical to a previous hardware compilation. Then you should validate the FPGA design to ensure that the modified non-safety regions of the FPGA perform correctly with the safety regions. This validation may include functional tests of the safety regions.