

## FPGA Version HFC-6000 Platform

Allen Hsu and Steve Yang

Doosan HF Controls Corporation 1624 W. Crosby Road, Carrollton, TX, USA

9<sup>th</sup> International FPGA Workshop October 3 – 6, Lyon-Villeurbanne, France

#### **Innovation Leadership Service**











Development Goal & Guidance >HFC's FPGA Experiences HFC's FPGA Technology I & II ✓ As Microprocessor Emulator ✓ Generic FPGA control System >HFC-6000 FPGA Control System ✓ System Description ✓ System Configuration ✓ System Components (including Com.) Equipment Qualification (EQ) Processes and **Sequences** ≻Logic Translation Automation Tool (OneStep<sup>™</sup>)



≻Summary

## **Development Goal**

- HFC-6000 Technology is a combination of advance microprocessors, DSP and FPGA. The platform received US NRC SE Report in April, 2011 and TUV SIL3 in 2010 & 2013.
- FPGA Platform is suitable for some particular safety control applications in Nuclear Power Plant due to the FPGA hardware characteristics.
- The development of generic FPGA safety I&C platform depends upon the maturity and enhancement of FPGA technology in order to improve the calculation power and networking capability.
- HFC treats FPGA as a mix of software and hardware; and therefore its development for applications follows system, software, and hardware development lifecycle processes.

#### **Development Goal -**

- ✓ HFC 's generic FPGA nuclear safety I&C platform is based upon the foundation of current HFC-6000 FPGA technology.
- ✓ HFC has filed FPGA HFC-6000 design as an Amendment to current SER.
- ✓ To acquire US NRC SE Report for theHFC-6000 FPGA Amendment .



#### **Regulatory Guidance and Industry Standards for FPGA Development**

- The NUREG/CR-7006 is the current NRC available review guidance on the FPGA.
- > Applicable regulatory guidance and industry standards include:
  - ✓ NUREG-0800 BTP 7-14,
  - ✓ NRC RG 1.152, 1.168, 1.169, 1.170, 1.171, 1.172, 1.173
  - ✓ DO-254 (Design Assurance),
  - ✓ IEEE Std 603
  - ✓ IEEE Std 1012-2004 and 2012 (V&V),
  - ✓ IEC 61508 (Functional Safety), and
  - ✓ IEEE Std 7-4.3.2 (Safety Digital Systems).
- The intent of HFC's FPGA design and development process is to meet relevant regulatory requirements and industry standards.



## **HFC's FPGA Experiences**

| HFC-6000 Modules                                     | FPGA Applications                                                                                                                                                    |
|------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| HFC-SBC06/SCG06 Controllers                          | MultiBus <b>arbitration</b> processor, Redundancy circuitry, <b>communication</b> Process and SOE timer                                                              |
| HFC-SBC04A Loop Controller                           | Dual Ported Memory Process, SPI processor, SOE timer, SOE calibration algorithm processor                                                                            |
| HFC-FPC08 Communication<br>Controller                | ICL <b>I/O interface</b> processor, Low Pin Count redundant channel processor for <b>redundancy</b><br>circuitry                                                     |
| HFC-AI16F/FD 16-Channel<br>Analog Input Module       | 16-channel ADC <b>data collection</b> logic and <b>diagnostic.</b> Each channel include CRC data protection function processor                                       |
| HFC-AC16RD 0-5vdc Analog<br>Input Card               | 16-channel ADC data collection logic. Each channel include CRC data protection function<br>processor                                                                 |
| HFC-AO8F/FD 8-Channel<br>Analog Output Module        | 8-channel DAC data output logic. Each channel has output verification function processor                                                                             |
| HFC-Al8M/MD 8-Channel 100Ω<br>RTD Input Module       | 8-channel ADC data collection logic. Each channel include CRC data protection function processor                                                                     |
| HFC-AI8LD 8-Channel Type-E<br>TC Input Module        | 8-channel ADC data collection logic. Each channel include CRC data protection function processor                                                                     |
| HFC-AC36FD 4-Channel Analog<br>Input / Output Module | 4-channel ADC data collection 4-channel DAC output logic processor                                                                                                   |
| HFC-AI4K/AI4K2 Analog Pulse<br>Input Card            | 4 channel pulse counter processor                                                                                                                                    |
| HFC-HSIM                                             | ICL slave processor, DI control logic, DO control logic (DIP selectable), <b>HSIM</b> optic channel protocol processor, Forward-Error Correction algorithm processor |



## HFC's FPGA Technology (I) – FPGA as emulator

#### A. FPGA as Microprocessor's Emulator

- To emulate the process of current microprocessors and to interpret the execution of CPU processes.
- Existing software of communication networking and control algorithms can be adopted easily and quickly.
- It is suitable for retrofit project.

#### **Current Status -**

- ✓ HFC developed a FPGA version SBC-01Y controllers as the direct replacement for <u>YGN NPP unit 3 & 4</u>. More than 250 of them had been installed successfully at the site since 2009. It uses existing system and application software from old board.
- $\checkmark~$  SBC-01Y emulates the functions of Intel 8085 microprocessor .



## FPGA version SBC01Y Retrofit at YGN Unit 3 & 4

The existing system configuration where the single loop controller board (AFS SBC-01) was the Intel 8085 Microprocessor-based that is obsolete.





## FPGA version SBC01Y Retrofit at YGN Unit 3 & 4



OIS Console /EWS



## HFC's FPGA Technology (II) - FPGA Platform

#### **B. Generic FPGA platform for nuclear safety application**

- A generic platform design should consider all requirements of nuclear safety I&C (calculation power, response time,...).
- The complexity in the implementation of 100% verification, true parallel processing for heavy analog logics and multiple level communication network.
- Continuous enhancement depends on the maturity of FPGA technology.
- It is suitable for both retrofit and new build applications.

#### Approach -

- ✓ Distributed Loop Control Scheme and Centralized Control scheme.
- ✓ Based upon HFC's nuclear safety I&C experiences for nuclear plants, a combination of FPGA version controller (i.e., CPU, Digital, Analog, Special function,...) with onboard I/O has been developed and fitted into HFC-6000 racks.
- The controllers is capable of handling application logics that generated from HFC One-step automated logic generator.



## **FPGA HFC-6000 System Descriptions**

- Up to 14 FPGA Processing Units (FPU) with configurable onboard I/O points (digital or analog) can be installed into standard HFC-6000 19" rack.
- > FPUs are capable of handling both digital and analog algorithms.
- FPUs can be configured as Single, Redundant or Triple Modular Redundant (TMR) set.
- All FPUs within the rack communicate with each other via backplane with Token-Passing protocol (similar to HFC's qualified C-Link protocol). This 12.5 MB FPGA Link allows these FPGA Processing Units to exchange their I/O status and internal database.
- A FPGA Link (F-Link) can have up to 26 FPGA Processing Units (2 racks) as a FPGA Node, the Token Passing cycle within the node is 6 msec.
- A Redundant Gateway with C-Link protocol handles the communication among FPGA Controller Nodes.



## HFC-6000 FPGA System Configuration - 1



This diagram illustrates the typical configuration of HFC-6000 FPGA control system with Distributed Loop Control Scheme -

- Two (2) or more FPU Control Modules and redundant Gateway Controller communicate with:
  - Safety C-Link to other Nodes
  - F-Link within the FPGA Node
- Each HFC-6000 FPGA Node is capable of connecting up to 26 FPU Control Modules in two (2) racks. All FPUs are connected via 12.5MB F-Link.
- •Accessories (i.e. Power Supply, Hubs,...)

10

## HFC-6000 FPGA System Configuration - 2



This diagram illustrates the typical configuration of HFC-6000 FPGA control system with Centralized Control (i.e. FCPU) Scheme -

- Redundant FCPU and its FPU I/O Modules with redundant Gateway **Controller with:** 
  - Safety C-Link to other controllers
  - G-Link to Gateway Controller
  - F-Link to its FPU I/O Modules
- Each redundant FCPU is capable of connecting up to 24 FPU I/O Modules in two (2) racks via 12.5MB F-Link.
- Accessories (i.e. Power Supply, Hubs,...)



## **Rack Configuration with FPU and FCPU**



**Distributed Logic Control** 

**Centralized Logic Control** 





## **Example – The FPGA version HFC-6000**

#### Non-Redundant



#### Redundant



#### **Triple Redundant**



This diagram illustrates the system configuration of HFC-6000 FPGA Load Sequencer for NPP application -

- The Load Sequencer logic for NPP can be programed into four (4) HFC-6000 FPGA Processing Units.
- The system can be configured in one of following cases:
  - ✓ Non-Redundant
  - ✓ Duel Modular Redundant (DMR) with 1002D voting
  - ✓ Triple Modular Redundant (TMR) with 2003D voting
- Voting in DMR and TMR on input signals, controller execution and output signals.



#### System Components (Including Comm. Links and Modules).

| Module Name (including<br>Comm. Links and Interfaces) | Description                                                                                                     |
|-------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|
| HFC-FPUD01                                            | FPU Controller for 16 DI Channels and 16 DO Channels                                                            |
| HFC-FPUD02                                            | FPU Controller for 32 DI Channels                                                                               |
| HFC-FPUA01                                            | FPU Controller for 16 4- to 20-mA AI Channels                                                                   |
| HFC-FPUAO                                             | FPU Controller for 8 4- to 20-mA AO Channels                                                                    |
| HFC-FPUL                                              | FPU Controller for 8 AI Channels for Type E Thermocouples                                                       |
| HFC-FPUM                                              | FPU Controller for 8 AI Channels for 100-Ohm Platinum RTDs                                                      |
| HFC-FCPU                                              | CPU for the FPU Controller product line                                                                         |
| HFC-HSIM                                              | F-Link High Speed Interface Module                                                                              |
| F-Link Communication                                  | All modules installed in the same rack configured as nodes<br>on a common F-Link                                |
| I/O Interface                                         | Unique hardware interface with the field equipment for each module type                                         |
| Redundant Controller Interface (RIF) Communication    | HFC-FCPU typically configured as a redundant controller set<br>and installed in adjacent card slots             |
| G-Link Communication                                  | Managing communication with the C-Link, and the redundant<br>CPU modules control status transfer to the Gateway |
| C-Link Communication                                  | Redundant Ethernet links connecting all remotes making up a control system                                      |



#### Communication Interfaces♪





#### **F-Link Arrangement**



#### HFC-FCPU FPGA Based System Controller <a>></a>

#### HFC-FCPU System Controller -

#### **Product Features**

- FPGA based controller with diagnostics capabilities
- Intelligent module diagnostics and self checking capabilities
- Power on reset circuitry with onboard watchdog timer
- Redundant power feeds with onboard diode auctioneering
- Redundant communications capability
- ✤ Onboard status LED indications with fuse protection

#### **Functional Description**



- ✓ The HFC-FCPU supports communications with FPGA FPU I/O modules via F-Link, Gateway Controller via G-Link and its redundant controller.
- ✓ The two FPGAs on the HFC-FCPU is partitioned into process FPGA and diagnostic FPGA. They are intended to work in tandem, processing the same input and output data.
- ✓ The dual FPGA structure is designed to protect final output data from Single Event Upset, and single component failure that may impact safety function.
- The HFC-FCPU circuit structure includes multiple layers of function safety protection circuitry and logic to enforce the DI/DO channel verification and communication data acquisition/verification.
- The diagnostic FPGA controls the F-Link RS485 transmit enable signal. The diagnostic FPGA also controls the G-Link RS485 and monitors all DI/DO activity. For any diagnostic non-conformance, the diagnostic FPGA validates the F-Link and G-Link transmit data packet.

### HFC-FPU FPGA Based I/O Modules 👂

RESET
RUN

#### HFC-FPU DI/DO/AI/AO/RTD/TC

#### **Product Features**

- FPGA based intelligent module diagnostics and self checking capabilities
  Power on reset circuitry with onboard watchdog timer
  Redundant power feeds with onboard diode auctioneering
- Redundant communications capability
- **\***Onboard status LED indications and fuse protection

#### Functional Description



 $\checkmark$  The two FPGAs on the HFC-FPU I/O modules are partitioned into process FPGA and diagnostic FPGA. They are intended to work in tandem, processing the same input and/or output data.

 $\checkmark$  The dual FPGA structure is designed to protect final output data from Single Event Upset, and single component failure that may impact safety function.

 ✓ The HFC-FPU circuit structure includes multiple layers of function safety protection circuitry and logic to enforce the I/ O channel verification and communication data acquisition/verification.

✓ The diagnostic FPGA controls the F-Link RS485 transmit enable signal. The diagnostic FPGA also monitors all I/O activities. For any diagnostic non-conformance, the diagnostic FPGA validates the F-Link transmit data packet.



#### **FPGA Hardware Product Lifecycle and Production Test**



#### **FPGA Version HFC-6000 Control System EQ Sequence**



#### HFC-6000 FPGA Platform has passed the EQ Test!



### **Typical FPGA HFC-6000 EQ Cabinet**



- ✓ HFC's nuclear safety class cabinet
- Three(3) racks of FPGA PCB modules for typical parameterized safety and protection functions; the Test Specimen Application Program (TSAP) includes the following:
  - Functional Diesel Generator Load Sequencer
  - Functional Diverse Protection System (DPS)
  - Typical logics from RTS and ESFAS
- Two (2) racks simulator with HFC-FPC08 controller and I/O modules
- ✓ Two (2) Gateway Controllers
- Termination boards, Connection cards, cables
- A rack mounted Personal Computer (PC) with Flat Panel Device (FPD) and Human Machine Interface (HMI) utility software
- ✓ Network Hubs and Fans
- Rack mounted power supply set 40ms withhold time, 24VDC
- Power distribution and a set of circuit breakers

## **14 G Seismic Test Rack**





#### **HFC Development and V&V Automation Tool – Programming**

Most of Existing NPP I&C systems were built from integrated analog control circuitry to control device individually. The Control and Logic Diagram (C & LD) represents the control process.





## Sample Drawings – OneStep<sup>™</sup>





#### **Automated Logic Generator for NPP I&C Applications**

HF Controls "OneStep<sup>™</sup>" Solution for Nuclear Safety Application:

- Employ AutoCAD Platform To Document Logic from C&LD;
- Standardized Icons and Macros for both analog and digital logics;
- Ability to Create any Customized Control Icons and Macros;
- Translate AutoCAD Graphics to Executable Code;
  - Translate CAD drawings with linked FPGA utility (i.e. communication, diagnostic, algorithms etc.) into FPGA downloadable codes.
- Provide Machine Intelligence to Minimize Human Drawing Errors;
- Link w/Graphic Display and Real Time Databases to View the Execution of Logic; and
- Link Functions Into Single Seamless Package.



## Summary

- 1. HFC has the experience of using FPGA for applications in the nuclear power plants in the past 20 years. For FPGA applications, the development approach categorizes into microprocessor CPU emulation (which can provide solution for obsolescence issue in the industry) and FPGA platform (which can be used for both retrofit and new build applications especially safety-related applications).
- 2. HFC has developed an FPGA version of the HFC-6000 platform. There are two basic architectures for the HFC-6000 FPGA platform, namely distributed control scheme and centralized control system.
- 3. In order to reach high confidence in the FPGA platform development and application, the development of the FPGA-based platform and systems must follow acceptable lifecycle process. HFC follows lifecycle process of system, software, and hardware, as specified in IEEE Std 1012-2012 since FPGA is a mix of hardware and software.
- 4. The FPGA-based platform and systems must pass the EQ Tests in accordance with relevant industry guidance including EPRI TR-107330-1996 for safety applications. HFC-6000 FPGA platform is being in the process of applying its SER as HFC-6000 amendment. HFC has passed its HFC-6000 FPGA platform EQ test.
- 5. "OneStep<sup>™</sup>" tool has been developed to automate the logic translation process so that human errors can be minimized. The automation tool must be evaluated in accordance with the relevant industry standards (i.e., guidance as provided in IEEE Std 7-4.3.2-2003).





## Thank you!

# QUESTIONS?

