Programmable Logic

Educating Assurance Engineers

NASA Glenn Research Center

Kalynnda Berens (PI)Jackie Somos (Course designer)

SAIC @ NASA Glenn Research Center 2

Mission Success Starts With Safety

SAS, 2004

What is Programmable Logic Programmable Logic Controllers (PLC) Programmable Logic Devices

Field Programmable Gate Array (FPGA)Application Specific Integrated Circuit (ASIC)System-on-chip (SOC)Complex PLD (CPLD)OthersFAA calls these “Complex Electronic

Hardware”

SAIC @ NASA Glenn Research Center 3

Mission Success Starts With Safety

SAS, 2004

The Hardware/Software BoundarySoftware

BIOS/bootstrap

Operating system

Applications

Programmed

Easily changed

Can “do anything”

Cannot be 100%, exhaustively tested

Firmware

Software residing in non-volatile storage

Electronic Hardware

ICs

Microprocessor

A/D, D/A

Sensors

Off-the-shelf components

Exhaustively Tested by Vendor

Programmable Logic Controllers

Special purpose computer (process control)

Uses LadderLogic, other languages for programming

SOC Reconfig. Computing

Programmable Logic Devices

FPGA

CPLD

PAL

ASIC

Designed with HDL

Compiled/Programmed

May be reprogrammable in the field

Cannot be 100%, exhaustively tested

SAIC @ NASA Glenn Research Center 4

Mission Success Starts With Safety

SAS, 2004

Issues ASICs and FPGAs have been used to avoid the rigors of

the software approval process. Fundamental verification issues are bypassed

Devices are designed and programmed by engineers Often without QA oversight or configuration management (CM)

control of the designs. The development process may not be well defined (e.g. ad-hoc).

Tool-induced design errors occur and can be difficult to detect.

Meaningful verification requires the person performing verification to be knowledgeable.

SAIC @ NASA Glenn Research Center 5

Mission Success Starts With Safety

SAS, 2004

Issues (2) ASICs, FPGAs, and System on Chip (SoC) can contain

embedded microprocessor cores with user-supplied software. Combine electronics and firmware into one chip. The presence of this firmware (i.e. software) is not always

obvious to assurance personnel.

Complex programmable logic functionality cannot be completely simulated, nor the resulting chip completely tested.

High-level languages (e.g. C, C++) are now being used to define PLD designs (in whole or in part).

SAIC @ NASA Glenn Research Center 6

Mission Success Starts With Safety

SAS, 2004

Issues (3) It can be difficult to detect faulty operation of

Programmable Logic (PL). Design errors Tool-induced errors Unexpected interactions Defects in the silicon

Due to extremely small ASIC geometries, certain analog and transmission line phenomena occur internal to the ASIC, generating failures that are data-sensitive. Designers and tools may not account for these effects The effects can easily escape notice during test.

SAIC @ NASA Glenn Research Center 7

Mission Success Starts With Safety

SAS, 2004

Issues with Assurance Activities Hardware QA may not be fully cognizant of the functions,

potential problems, and issues with these devices. Software Assurance personnel are currently not trained

to understand programmable logic devices, and may not be able to provide effective oversight and assurance.

At NASA, Software assurance personnel are not usually involved with

PLCs, even for software hazard controls for the facility/system. Hardware QA will usually only verify that testing was performed.

There is little verification or analysis of requirements, design, and implementation processes for these devices.

NASA is using these devices in flight and ground hardware and facilities

SAIC @ NASA Glenn Research Center 8

Mission Success Starts With Safety

SAS, 2004

Recommendations - PLCs Treat PLC programming languages (e.g.

LadderLogic) as softwareApply Software Assurance (SA)

Train Software Assurance personnel to understand and assure this softwareAll should have basic understandingAt least one should be an “expert”

SAIC @ NASA Glenn Research Center 9

Mission Success Starts With Safety

SAS, 2004

Recommendations - PLDs Define boundary between simple and complex

electronics Develop complex electronics checklist for

Hardware Quality Assurance (QA) to use Use Design/Process Assurance with Complex

Programmable Logic Both QA and Software Assurance should be

involved in assurance of complex electronics

SAIC @ NASA Glenn Research Center 10

Mission Success Starts With Safety

SAS, 2004

Recommendations – PLDs (2) Train Software Assurance in understanding

complex electronicsAll should have basic understandingAt least one should be an “expert”

Train QA in understanding and applying process assurance

Apply techniques from software to complex electronics

Apply techniques from hardware to software

SAIC @ NASA Glenn Research Center 11

Mission Success Starts With Safety

SAS, 2004

Year 1 of Research

Surveys on the usage and assurance of programmable logic to all Centers.

Survey results showed SA involved in less than 1/3 of the projectsProjects performed their own verificationsSA knowledge of these devices is limited

SAIC @ NASA Glenn Research Center 12

Mission Success Starts With Safety

SAS, 2004

Year 2 of Research What is industry and other government agencies doing

for assurance and verification? An intensive literature search of white papers, manuals,

standards, and other documents that illustrated what various organizations were doing.

Focused interviews with industry practitioners. Interviews were conducted with assurance personnel (both hardware and software) and engineering practitioners in various industries, including biomedical, aerospace, and control systems.

Meeting with FAA representatives. Discussions with FAA representatives lead to a more thorough understanding of their approach and the pitfalls they have encountered along the way.

Position paper, with recommendations for NASA Code Q

SAIC @ NASA Glenn Research Center 13

Mission Success Starts With Safety

SAS, 2004

Current Effort Implement some of the recommendations

Develop coursework to educate software and hardware assurance engineers

Three courses PLCs for Software Assurance personnel PLDs for Software Assurance personnel Process Assurance for Hardware QA

Guidebook Other recommendations

For Code Q to implement if desired Follow-up CSIP to try software-style assurance on complex

electronics

SAIC @ NASA Glenn Research Center 14

Mission Success Starts With Safety

SAS, 2004

Course 1: PLCs for Software Assurance Engineers

SAIC @ NASA Glenn Research Center 15

Mission Success Starts With Safety

SAS, 2004

PLC Course: Clip 2

SAIC @ NASA Glenn Research Center 16

Mission Success Starts With Safety

SAS, 2004

PLC Course: Clip 3

SAIC @ NASA Glenn Research Center 17

Mission Success Starts With Safety

SAS, 2004

PLC Course: Clip 4

SAIC @ NASA Glenn Research Center 18

Mission Success Starts With Safety

SAS, 2004

Future Work

Complete PLC course Create PLD and Process Assurance

Courses Course Review

If you can help, please contact Kalynnda.Berens@grc.nasa.gov

Courses available on Solar

Try out the PLC class at the tool demo!