

# **Table of Contents**

- I. Introduction
- II. FPGA-based I&C Platforms and its Development Lifecycle
- **III.** Logic Translation Process
- **IV.** Tool Qualification Process
- V. Summary



# Introduction

- The loop logics used in a digital control system for process controls are usually implemented through CAD drawings or loop schematics.
- To execute loop logic algorithms, the CAD drawings are first translated into logic equations. The logic equations are then compiled into executable binary files that are finally loaded into the controller memory.
- The process of translating CAD drawings into logic equations is laborious and errors prone, especially for a system with a great number of inputs and outputs.
- It is therefore desired to automate the translation process, and achieve error-free implementation and conversion of loop control algorithms, especially for critical loop controls as applied in the nuclear industry, where safety and reliability are always the primary concern.
- For this reason, logic translation process needs to be automatic. The automation tool One-Step for FPGA Applications has been developed.



## Introduction

- However, the developed tool has to contain no errors that may mask errors in the system and software being developed, before the tools are used.
- > The automation tool qualification has to be put in place.
- IEEE Std 7-4.3.2-2003 guidance is used during the tool development.
- The tool not only automates the logics translation, but also enhances reliability and therefore errors-free in logics implementation for FPGA applications is achievable.



# HFC-6000 FPGA System Configuration - I



This diagram illustrates the typical configuration of HFC-6000 FPGA control system with Distributed Loop Control Scheme -

- Two (2) or more FPU Control Modules and redundant Gateway Controller communicate with:
  - Safety C-Link to other Nodes
  - F-Link within the FPGA Node
- Each HFC-6000 FPGA Node is capable of connecting up to 26 FPU Control Modules in two (2) racks. All FPUs are connected via 12.5MB F-Link.

4

<sup>•</sup>Accessories (i.e. Power Supply, Hubs,...)

# **HFC-6000 FPGA System Configuration - II**



| 24V | 24V | 24V | 24V |  |
|-----|-----|-----|-----|--|
| PSR | PSR | PSR | PSR |  |

This diagram illustrates the typical configuration of HFC-6000 FPGA control system with Centralized CPU (i.e. FCPU) scheme -

- Redundant FCPU and its FPU I/O Modules with redundant Gateway Controller with:
  - Safety C-Link to other controllers
  - G-Link to Gateway Controller
  - F-Link to its FPU I/O Modules
- Each redundant FCPU is capable of connecting up to 24 FPU I/O Modules in two (2) racks via 12.5MB F-Link.
- Accessories (i.e. Power Supply, Hubs,...)



# **Rack Configuration with FPU and FCPU**



#### **Centralized Logic Control**





#### **FPGA-based Application Development Lifecycle**

- 1. Development process of FPGA-based application is similar to that of software for microprocessor-based systems.
- 2. The control system application development starts with system requirements specification.
- 3. The system requirements are then allocated to the FPGA specific application requirements.
- 4. FPGA architecture and design specification are then constructed.
- 5. With the completion of the design, the FPGA implementation is followed.
- 6. FPGA-based module level testing is planned and executed.
- 7. FPGA-based modules are integrated with system for system integration testing and acceptance testing.



#### FPGA-based Application Development Lifecycle and V&V (SW Perspective)





#### **FPGA-based Hardware Development (Lifecycle Process)**



#### **FPGA-based Hardware Implementation (EQ Process)**

For EQ and EMC qualification of the FPGA-based Control Systems, the TR-107330 requirements are applicable because the FPGA-based systems are the same as the PLCs in terms of digital devices.

**1.Environmental Test - conditions presumed to be possible.** 

2.Seismic Test - ensures that the system continues to operate correctly during the seismic conditions which are provided in EPRI TR-107330.

3.Electromagnetic Interference ensures that the system operate correctly under the temperature and humidity /Radio-Frequency Interference (EMI/RFI) Test - ensures that the system is not susceptible to and does not radiate more than the specified EMI/RFI levels.

4.Surge Withstand Capability Test - ensures that the system withstands the specified surge limits.

5.Electrical Fast Transient / Burst (EFT/B) Test - ensures that the system withstands the specified EFT/B limits.

6.Electrostatic Discharge (ESD) Test - ensures that the system continues operation when exposed to the specified ESD levels.



#### **FGPA-based I/O Boards – Digital Input / Output**



DOOSAL

**HF** Controls

#### HFC-FPUD01 Digital Input and Output Module

- FPGA based intelligent module diagnostics and self checking capabilities
- Power on reset circuitry with onboard watchdog timer
- Redundant power feeds with onboard diode auctioneering
- Redundant communications capability
- Onboard status LED indications and fuse protection
- > 1 millisecond SOE resolution option
- Optional Sequence of Events Recording (SOE)

11

#### **FGPA-based I/O Boards – Analog Input / Output**



Shown is HFC-FPUAO Analog Output Module



# **HFC Automated Logics Generator** ONESTEP®



"The drawings the engineer designed generated the graphics the operators monitored in plant operation."



## The Requirement of Automated PGM Tool -

#### Most of Existing NPP I&C systems were built from integrated analog control circuitry to control device individually. The control and logic diagram represents the control process.





## **Automated Logics Generator for NPP I&C**



# Sample Drawings – OneStep





## **Diagnostic Dynamic Displays**



Note: Recurring Logic '



## **Creation of New Functional Blocks**









#### An Example for Feed water Control Logics



A Simple Analog Loop Schematics

## **Control Logics Equations – Analytical Form**

To execute the above algorithm, the logic schematics shown in the previous figure is translated into the following logic equations:

BL, 501 = VA, 30, IF (BL, 501 EQ VA, 0.0)(1)

MAGRP(BL, 3, BL, 1, BL, 501, BL, 3, BL, 3) (2)

AIC(BL, 1, 100) (3)

PID(BL, 3, 100) (4)

ANO(BL, 31, 100) (5)

These equations are then compiled into a binary file that is programmed into the onboard EPROM of the controller to be executed.



#### **Simulation to Ensure Logics Correctness**



ALT COMMANDS

# **Configuration Management and Testing**



There can be several rounds of testing

**Domot** lose the control of the configuration during testing!

#### **Software Tool Regulatory Qualification Guidance**

➢ The guidance specified in IEEE Std 7-4.3.2 shall be used to evaluate and qualify tools before they are used. The guidance requires that software tools used to support software development processes and verification and validation (V&V) processes shall be controlled under configuration management.

>One or both of the following methods shall be used to confirm the software tools are suitable for use:

- A test tool validation program shall be developed to provide confidence that the necessary features of the software tool function as required.
- The software tool shall be used in a manner such that defects not detected by the software tool will be detected by V&V activities.
- Finally, tool operating experience may be used to provide additional confidence in the suitability of a tool, particularly when evaluating the potential for undetected defects.

➢ Based on the guidance, the qualification of software Development and V&V tools consists of the following steps including tool requirements specification development, tool detailed design and implementation, tool V&V program, tool revision control and the use of the tool in nuclear safety I&C applications.



#### Engineering Tool Qualification – Tool Development Process

#### **Tool Requirements Specification, Design Description and Implementation**

>The tool Requirements Specification defines the functions, capabilities, and limitations of the tool.

≻The tool Design Description shows how the tool will be structured to satisfy the requirements identified in the tool requirements specification.

- It is a translation of requirements into a description of tool structure, tool module components, interfaces, and data necessary for the implementation of the tool.
- ✓ In essence, the tool design description becomes a detailed blueprint for the implementation activity.

>In a complete tool design description, each requirement must be traceable to one or more design entities.

>During the tool implementation, if there are third party tools or modules involved, then these tools or modules shall be treated as commercial tools that are subjected to a dedication process defined in EPRI TR 106439-1996 to reach high confidence in their uses.



#### Engineering Tool Qualification – Tool V&V Program

A V&V program for use in FPGA applications should be developed. This program is consistent with the guidance provided by the IEEE Std 7-4.3.2-2003 and the V&V methodologies specified in the IEEE Std 1012-2004. Specific steps are described as follows:

- Review and Verification of Tool Requirements Specification and Design Implementation
- Tool Code Review and Walkthrough
- Tool Code Coverage Testing (complete for all needed logics gates and MACROs)
- > Tool Functional Coverage Testing (all logics functions)
- Fool Functional and Timing Simulation Testing (on all required logics and selected examples)
- Fool Use in the FPGA Circuitry System Testing (on selected typical applications as well as loops logics that have been used in operating NPPs)



## **Summary and Discussions**

- 1. FPGA-based development process is basically similar to that of software for microprocessor-based systems. In order to reach high confidence in the FPGA-based systems, Verification and Validation that is consistent with the IEEE Std 1012 should be performed along with EQ.
- 2. Logic translation process needs to be automatic. The automation tool One-Step for FPGA Applications has been developed.
- 3. The tool not only automates the logics translation, but also enhances reliability and therefore errors-free in logics implementation for FPGA applications is achievable.
- 4. The tool has to be qualified to ensure that the tool would not mask any errors during the logic translation process.





# **Thank you!**

