200 likes | 587 Views
Programmable Logic. Educating Assurance Engineers. NASA Glenn Research Center Kalynnda Berens (PI) Jackie Somos (Course designer). What is Programmable Logic. Programmable Logic Controllers (PLC) Programmable Logic Devices Field Programmable Gate Array (FPGA)
E N D
Programmable Logic Educating Assurance Engineers NASA Glenn Research Center Kalynnda Berens (PI) Jackie Somos (Course designer)
What is Programmable Logic • Programmable Logic Controllers (PLC) • Programmable Logic Devices • Field Programmable Gate Array (FPGA) • Application Specific Integrated Circuit (ASIC) • System-on-chip (SOC) • Complex PLD (CPLD) • Others • FAA calls these “Complex Electronic Hardware” SAIC @ NASA Glenn Research Center
The Hardware/Software Boundary SOC Reconfig. Computing SAIC @ NASA Glenn Research Center
Issues • ASICs and FPGAs have been used to avoid the rigors of the software approval process. • Fundamental verification issues are bypassed • Devices are designed and programmed by engineers • Often without QA oversight or configuration management (CM) control of the designs. • The development process may not be well defined (e.g. ad-hoc). • Tool-induced design errors occur and can be difficult to detect. • Meaningful verification requires the person performing verification to be knowledgeable. SAIC @ NASA Glenn Research Center
Issues (2) • ASICs, FPGAs, and System on Chip (SoC) can contain embedded microprocessor cores with user-supplied software. • Combine electronics and firmware into one chip. • The presence of this firmware (i.e. software) is not always obvious to assurance personnel. • Complex programmable logic functionality cannot be completely simulated, nor the resulting chip completely tested. • High-level languages (e.g. C, C++) are now being used to define PLD designs (in whole or in part). SAIC @ NASA Glenn Research Center
Issues (3) • It can be difficult to detect faulty operation of Programmable Logic (PL). • Design errors • Tool-induced errors • Unexpected interactions • Defects in the silicon • Due to extremely small ASIC geometries, certain analog and transmission line phenomena occur internal to the ASIC, generating failures that are data-sensitive. • Designers and tools may not account for these effects • The effects can easily escape notice during test. SAIC @ NASA Glenn Research Center
Issues with Assurance Activities • Hardware QA may not be fully cognizant of the functions, potential problems, and issues with these devices. • Software Assurance personnel are currently not trained to understand programmable logic devices, and may not be able to provide effective oversight and assurance. • At NASA, • Software assurance personnel are not usually involved with PLCs, even for software hazard controls for the facility/system. • Hardware QA will usually only verify that testing was performed. There is little verification or analysis of requirements, design, and implementation processes for these devices. • NASA is using these devices in flight and ground hardware and facilities SAIC @ NASA Glenn Research Center
Recommendations - PLCs • Treat PLC programming languages (e.g. LadderLogic) as software • Apply Software Assurance (SA) • Train Software Assurance personnel to understand and assure this software • All should have basic understanding • At least one should be an “expert” SAIC @ NASA Glenn Research Center
Recommendations - PLDs • Define boundary between simple and complex electronics • Develop complex electronics checklist for Hardware Quality Assurance (QA) to use • Use Design/Process Assurance with Complex Programmable Logic • Both QA and Software Assurance should be involved in assurance of complex electronics SAIC @ NASA Glenn Research Center
Recommendations – PLDs (2) • Train Software Assurance in understanding complex electronics • All should have basic understanding • At least one should be an “expert” • Train QA in understanding and applying process assurance • Apply techniques from software to complex electronics • Apply techniques from hardware to software SAIC @ NASA Glenn Research Center
Year 1 of Research • Surveys on the usage and assurance of programmable logic to all Centers. • Survey results showed • SA involved in less than 1/3 of the projects • Projects performed their own verifications • SA knowledge of these devices is limited SAIC @ NASA Glenn Research Center
Year 2 of Research • What is industry and other government agencies doing for assurance and verification? • An intensive literature search of white papers, manuals, standards, and other documents that illustrated what various organizations were doing. • Focused interviews with industry practitioners. Interviews were conducted with assurance personnel (both hardware and software) and engineering practitioners in various industries, including biomedical, aerospace, and control systems. • Meeting with FAA representatives. Discussions with FAA representatives lead to a more thorough understanding of their approach and the pitfalls they have encountered along the way. • Position paper, with recommendations for NASA Code Q SAIC @ NASA Glenn Research Center
Current Effort • Implement some of the recommendations • Develop coursework to educate software and hardware assurance engineers • Three courses • PLCs for Software Assurance personnel • PLDs for Software Assurance personnel • Process Assurance for Hardware QA • Guidebook • Other recommendations • For Code Q to implement if desired • Follow-up CSIP to try software-style assurance on complex electronics SAIC @ NASA Glenn Research Center
Course 1: PLCs for Software Assurance Engineers SAIC @ NASA Glenn Research Center
PLC Course: Clip 2 SAIC @ NASA Glenn Research Center
PLC Course: Clip 3 SAIC @ NASA Glenn Research Center
PLC Course: Clip 4 SAIC @ NASA Glenn Research Center
Future Work • Complete PLC course • Create PLD and Process Assurance Courses • Course Review • If you can help, please contact Kalynnda.Berens@grc.nasa.gov • Courses available on Solar Try out the PLC class at the tool demo! SAIC @ NASA Glenn Research Center