AN 704: FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification

Download PDF
ID 683720
Date 9/01/2018
Public
Document Table of Contents
Document Table of Contents x
FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification
FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification x
About the Functional Safety Separation Flow Work Flows Functional Safety Separation of a Motor Control Design Example Appendix A: Terminology Appendix B: Design Checklist Document Revision History for AN 704: FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification
Work Flows x
Design Creation Flow Design Modification Flow
Functional Safety Separation of a Motor Control Design Example x
Design Considerations Design Creation Flow Using the Design Modification Flow
Design Considerations x
About Safety IP Partitions and LogicLock Regions Assigning I/O Pins Clocks, PLLs and Resets Routing Across Safety IP Partitions
Design Creation Flow x
Design Hierarchy and safety IP partitions Preparing the Design Example in the Intel® Quartus® Prime Software DC Link Monitor safety IP partition Creating a Safety IP partition for the DC Link Monitor and PLL Subsystem Component Creating a Safety IP partition for the PWM Interface Component Creating a Safety IP LogicLock Region for the DC Link Monitor Creating a LogicLock Region for the PWM Interface Creating a Fixed Size and Origin for a LogicLock Region Removing Precomiled Netlists Using the Intel® Quartus® Prime Incremental Compilation Compiling the Design The Fitter Report Exporting Safety IP Partition Generating Safety IP Bitstream Files
Using the Intel® Quartus® Prime Incremental Compilation x
Creating a Partition for the FOC Fixed-Point Component Creating a LogicLock Region for the FOC Fixed-Point Component
Generating Safety IP Bitstream Files x
Generating Complete FPGA Bitstream File
Using the Design Modification Flow x
Changing Nonsafety IP - Changing FOC Algorithm Parameter Adding New Features to Nonsafety IP Importing Safety IP Partition
FPGA-based Safety Separation Design Flow for Rapid Functional Safety Certification

Creating a Safety IP partition for the DC Link Monitor and PLL Subsystem Component

  1. In the Project Navigator, expand the DOC_Single_Axis_FE2H_CVE:u_doc hierarchy
  2. Select the entity DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link
  3. Right-click and select Design Partition > Set as Design Partition.
    Figure 12. Selecting the Entity
    Note: A safety IP partition must include all IO pins that are directly connected to the partition.
  4. Confirm a partition icon appears next to the DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link entity.
  5. Open the Design Partition Window:
    1. In the Project Navigator, select the entity DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link
    2. Right-click and select Design Partition > Design Partition Window.
  6. Ensure you strictly preserve the design partition, as required by the safety separation flow:
    1. In the Design Partition Window, right-click the DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link partition and select Design Partition Properties…
    2. Set the partition netlist type to Post-Fit.
    3. On the Strict Preservation tab, turn on Allow partition to be strictly preserved for safety.
    4. On the Advanced tab set the Fitter Preservation Level to Placement and Routing.
    5. Click Apply and click OK.
  7. Assign the safety partition I/O pins to the design partition.
    Note: A safety IP partition must include all IO pins that are directly connected to the partition.
    1. Identify the I/O pins that are directly connected. Assign them to fixed pin locations and add these named pins to the partition by adding assignments to the project settings file (DOC_top_FE2H_CVE.qsf) using a text editor. 
    #Reference clock to PLL
set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to clk_50 -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"

set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to dc_link_Sync_Dat_VBUS -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"

set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to "dc_link_Sync_Dat_VBUS(n)" -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"

#Output clocks from PLL to ADC (3 LVDS pairs)
set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to VBus_Clk -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"

set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to "VBus_Clk(n)" -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"

set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to IU_Clk -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"

set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to "IU_Clk(n)" -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"

set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to IW_Clk -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"

set_instance_assignment -name ENABLE_STRICT_PRESERVATION ON -to "IW_Clk(n)" -section_id "DOC_Single_Axis_FE2H_CVE_DOC_Safe_PLL_DC_Link:doc_safe_pll_dc_link"
    Note:

    Several DC link monitor block signals are connected to pins of LVDS IO standard and therefore have two pins associated with each signal e.g. dc_link_Sync_Dat_VBUS and dc_link_Sync_Dat_VBUS(n).

    CAUTION:
    All the I/O pins that connect up to a safety IP should have an explicit assignment. The Intel® Quartus® Prime software reports an error if:
    • a pin that connects to the safety IP does not have an assignment
    • a pin with an assignment does not connect to the specified safety IP.
    CAUTION:

    If an IO_REG group contains a pin that is assigned to a safety IP, the Intel® Quartus® Prime software reserves all the pins in the IO_REG group for this safety IP. You must assign all pins in the IO_REG group to the same safety IP; assign none of the pins in the group to nonsafety signals.

Level Two Title