Abstract

The evolution of Microelectronics has made the application of Programmable Logic Devices (PLDs) inevitable in modern digital circuit designs and when they are deployed in Safety Systems, their Reliability and Safety need to be proved beyond doubt. The design will have to meet the stringent requirements. This paper provides a review of commercially available PLDs and the design methodologies to be adopted while deploying them in safety systems.

Key words: PLD, error detection, correction codes

I. INTRODUCTION

Safety Systems are those systems whose failure or failure to operate may cause injuries to system, personnel and the environment. e.g. an aircraft flight control or Nuclear reactor control system. Such systems should be highly reliable and safe. Hence, the selection and application of Programmable Logic Devices (PLDs) for Safety Critical Applications have to be made judiciously. A Programmable Logic Device or PLD is a digital device but unlike a conventional IC which has a fixed function, a PLD has an undefined function at the time of manufacture. Before it can be used in a circuit it must be programmed. The Umbrella term "PLDs" subdivides into several categories: SPLDs/PALs, CPLDs and FPGAs. Refer Fig. 1. All are Programmable Logic Devices, though their internal architecture implementations differ. The PLD market consists of low and high capacity devices. Low capacity devices, called simple PLDs, typically contain fewer than 600 usable gates and include products such as PALs and GALs. Simple PLDs are manufactured using CMOS technology offering EPROM, EEPROM, and FLASH memory elements. High Capacity Programmable Logic Device (HCPLD) typically contains more than 600 usable gates, and include both CPLDs and FPGAs. HCPLDs are manufactured using CMOS technology with EPROM, EEPROM, FLASH, SRAM, and antifuse options. HCPLDs can be differentiated by their interconnect structure: CPLDs use continuous interconnect structures, while FPGAs use segmented interconnect structures (Refer Fig. 8).

II. PROGRAMMABLE LOGIC DEVICES (PLDs)

Programmable Logic Devices (PLDs) are standard ICs with configurable logic and flip-flops linked together with programmable interconnects. Memory cells control and define the function that the logic performs and how the various logic functions are interconnected. Though various devices use different architectures, all are based on this fundamental principle. User through programming defines the functionality of the PLD.

Simple programmable logic devices (SPLDs)

SPLDs are the smallest and consequently the least-expensive form of programmable logic. An SPLD is typically comprised of 4 to 22 macrocells and can typically replace a few 7400-series TTL devices. One macrocell is typically equivalent to about 30 gates. Each of the macrocells is an array of AND and OR gates and typically fully connected to the others in the device. Refer Figure 2. Most SPLDs use either fuses or non-volatile memory cells such as EPROM, EEPROM, or FLASH to define the functionality. Programmable Read Only Memory (PROM), Programmable Array Logic (PAL), Generic Array Logic (GAL) & Programmable LogicArray (PLA) are SPLDs.

PROM has a fixed AND plane and a programmable OR gates and can typically fully connected to the others in the device. Refer Figure 2. Most SPLDs use either fuses or non-volatile memory cells such as EPROM, EEPROM, or FLASH to define the functionality. Programmable Read Only Memory (PROM), Programmable Array Logic (PAL), Generic Array Logic (GAL) & Programmable LogicArray (PLA) are SPLDs.

Complex programmable logic devices (CPLDs)

CPLDs provide a range of high-density programmable logic devices. It's an array of SPLDs. The architecture is based on a number of logic blocks that are connected by a Programmable Interconnect Matrix (PIM). Refer Fig. 3. The PIM distributes signals from the logic block outputs and all input pins to the logic block inputs. A typical CPLD is equivalent to 2 to 64 SPLDs. A CPLD typically contains from tens to a few hundred macrocells. A group of eight to 16 macrocells forms logic block. The
anti-fuse devices are one-time programmable (OTP). Once programmed, they cannot be modified.

### III. PROGRAMMING TECHNOLOGIES

#### EPROM and EEPROM technology

Applying a programming high voltage $V_{pp}$ (usually greater than 12V) to the drain of the n-channel EPROM transistor programs the EPROM cell. A high electric field causes electrons flowing toward the drain to move so fast they "jump" across the insulating gate oxide where they are trapped on the bottom, floating gate. This phenomenon is called hot-electron injection or avalanche injection. Electrons trapped on the floating gate raise the threshold voltage of the n-channel EPROM transistor. Once programmed, an n-channel EPROM device remains off even $V_{pp}$ applied to the top gate. Refer Fig. 5.

#### SRAM technology

The configuration cell drives the gates of other transistor on the chip—either turning pass transistor or transmission gates on to make the connection or off to break a connection. Refer Fig. 6.

#### Antifuse technology

An antifuse is normally an open circuit until a programming current (about 5mA) is passed through it. In a poly-diffusion antifuse the high current density causes a large power dissipation in a small area, which melts a thin insulating dielectric between polysilicon and diffusion electrodes and forms a thin (about 20 nm in diameter), permanent, and resistive silicon link. Refer Fig. 7.

### Field programmable gate arrays (FPGAs)

FPGAs are distinct from SPLDs and CPLDs and typically offer the highest logic capacity. FPGA is usually just larger and more complex than SPLD & CPLD. A generic description of an FPGA is a programmable logic device with an internal array of logic blocks, surrounded by a ring of programmable input/output blocks, connected together via programmable interconnect. Refer Figure 4. There are three basic categories of FPGAs in the market today: SRAM based FPGAs, FLASH based FPGAs and antifuse based FPGAs. SRAM, FLASH based FPGAs are inherently re-programmable, even in-system. In contrast, anti-fuse devices are one-time programmable (OTP). Once programmed, they cannot be modified.
**Fig. 5. An EPROM Transistor**
a. With High Voltage (>12V) Programming Voltage
b. Electrons Stuck on gate 1
c. Ultra Violet (UV) light provides enough energy for electrons stuck on gate 1 to "jump" to the bulk

**Fig. 6. SRAM Controlled programmable switch**

**Fig. 7. Actel antifuse structure**

**Fig. 8. CPLD vs. FPGA Routing scheme**

---

### Table 1. Summary of programming technologies

<table>
<thead>
<tr>
<th>Name of the Technology</th>
<th>Re-programmable</th>
<th>Volatile</th>
<th>Process Technology</th>
</tr>
</thead>
<tbody>
<tr>
<td>Fuse</td>
<td>No</td>
<td>No</td>
<td>Bipolar</td>
</tr>
<tr>
<td>EPROM</td>
<td>Yes, Out of circuit</td>
<td>No</td>
<td>UVCMOS</td>
</tr>
<tr>
<td>EEPROM</td>
<td>Yes, In Circuit</td>
<td>No</td>
<td>EECECMOS</td>
</tr>
<tr>
<td>FLASH</td>
<td>Yes, In Circuit</td>
<td>No</td>
<td>EECECMOS</td>
</tr>
<tr>
<td>SRAM</td>
<td>Yes, In Circuit</td>
<td>Yes</td>
<td>CMOS</td>
</tr>
<tr>
<td>Antifuse</td>
<td>No</td>
<td>No</td>
<td>CMOS</td>
</tr>
</tbody>
</table>

### Table 2. PLD vendors vs. Programming technologies for FPGAs, CPLDs and SPLDs

<table>
<thead>
<tr>
<th>Vendor</th>
<th>FPGA</th>
<th>CPLD</th>
<th>SPLD</th>
</tr>
</thead>
<tbody>
<tr>
<td>Altera</td>
<td>SRAM</td>
<td>EEPROM, EPROM</td>
<td>EPROM</td>
</tr>
<tr>
<td>Xilinx</td>
<td>SRAM</td>
<td>FLASH</td>
<td></td>
</tr>
<tr>
<td>Lattice</td>
<td></td>
<td>EEPROM</td>
<td></td>
</tr>
<tr>
<td>Actel</td>
<td>FLASH, Antifuse</td>
<td></td>
<td></td>
</tr>
<tr>
<td>Cypress</td>
<td></td>
<td>EEPROM, FLASH, EPROM, SRAM</td>
<td>FLASH, EPROM</td>
</tr>
<tr>
<td>Atmel</td>
<td>SRAM</td>
<td>FLASH, EPROM</td>
<td></td>
</tr>
<tr>
<td>QuickLogic</td>
<td>Antifuse</td>
<td></td>
<td></td>
</tr>
<tr>
<td>TI</td>
<td></td>
<td></td>
<td>Fuse (Bi-Polar)</td>
</tr>
<tr>
<td>ICT</td>
<td></td>
<td>EEPROM</td>
<td>EPROM</td>
</tr>
</tbody>
</table>
IV. RADIATION EFFECTS

High energy particles contained in cosmic galactic rays enter the earth's atmosphere and collide with atoms of atmospheric gases. These collisions produce a wide variety of sub-atomic particles, many of which recombine quickly. However, a significant quantity of high-energy neutrons are also produced by these collisions. Neutrons possess no electrical charge, and do not recombine; instead, they are slowly attenuated by the atmosphere. While the greatest quantities of neutrons (called the neutron flux density) occur at an altitude of 60,000 feet, a significant number of neutrons penetrate the atmosphere and reach the earth's surface. These high-energy neutrons can cause flip-flops and memory cells in modern semiconductor electronics to change state. Given this discovery, the effects of neutrons on programmable logic devices, which use memory cells to determine their functionality, is a major concern.

Additionally, plastic package molding compounds contain tiny quantities of radioactive isotopes which emit alpha particles. Many of these alpha particles are sufficiently energetic to cause upsets in data flip-flops and memory cells, including the configuration SRAM memory in programmable logic devices, which use memory cells to determine their functionality, is a major concern.

Sensitivity to Radiation Effects is dependent on many factors, including transistor geometry and cell layout. Certain CMOS technologies, such as SRAM, are sensitive to SEE.

The SEUs caused by neutrons inside integrated circuits can occur in memory cells or flip-flops. Most attention has been focused on how to mitigate against data corruption as a result of these SEUs, with techniques such as error detection and correction codes (EDAC) and triple-module redundancy (TMR) being used to detect and overcome SEU-induced soft errors.

In some systems SEU detection and correction alone can achieve an acceptable level of reliability. However, for applications where an even higher level of reliability is needed, or simply that any interrupt in service is unacceptable, SEU mitigation techniques may be applied. A good SEU mitigation technique should filter out the effects of upsets, during their short existence, as well as filter out the results of transient upsets or other SEFI effects. A commonly known method for SEU mitigation is “triple module redundancy with voting.” This mitigation scheme uses three identical logic circuits performing the same task in tandem with corresponding outputs compared through a majority vote circuit.

Radiation testing results has shown that antifuse
and Flash-based devices are not subject to loss of configuration due to upsets caused by atmospheric neutrons or alpha particles emitted from packaging materials. This makes them eminently suitable for applications both ground-based and airborne where high reliability is imperative.

V. VERIFICATION OF HDL-BASED DESIGNS

As the average gate count for designs now approaches or exceeds one million, functional verification has become the main bottleneck in the design process. As designs grow more complex, the verification problems increase exponentially. To eliminate the verification bottleneck, verification engineers have tried incorporating new methodologies and technologies. While various methodologies have evolved, including formal methods, simulation is still the preferred method for verification. High level Verification Languages (HVLs) like e / VERA have emerged to solve the functional verification bottleneck. e can be used to construct components to do the following functions in a verification environment.

Data Checking
After the output data is received from the DUT, the data must be checked. Data value checks compare the output data values against the expected data. Temporal assertions monitor the functional protocol at important interfaces. Temporal checking constructs are used to build protocol monitors.

Coverage
Functional coverage tells the verification engineer if the test plan goals have been met. There are three types of coverage: basic item coverage, transition item coverage, and cross coverage. Basic item coverage tells the engineer if all the legal values of an interesting variable have been covered. Transition item coverage tells the engineer if all legal transitions of a state machine have been covered. Cross coverage allows the engineer to examine the cross product of two or more basic or transition items to check if all interesting combinations of basic and transition items have been covered. Figure-9 shows the components of a verification environment.

VI. CONCLUSION

PLDs are appropriate (and even desirable) to use in safety-critical systems, provided, proper steps are taken to avoid failures. The selection of a particular programming technology has to be made judiciously and proper design methodology has to be followed to address design related problems.

Random failures can be avoided by the selection of proper device technologies. Studies have shown that SRAM based devices are prone to soft errors. On the other hand, antifuse, EEPROM and FLASH based devices are immune to soft errors and radiation effects.

Safety Logic with Fine Impulse Test (SLFIT) for shutdown system-1 of Prototype Fast Breeder Reactor (PFBR) is a safety critical system. This system has the important function of a safe shutdown of the nuclear reactor in the event of any malfunctioning and has been designed using anti-fuse technology based devices (One Time Programmable devices). These devices are highly reliable since during programming the device, the internal structure of the device gets physically changed which can not be altered again.
ACKNOWLEDGEMENT

The authors thank Dr. Baldev Raj, Director, Indira Gandhi Centre for Atomic Research, Kalpakkam for his encouragement and support for this work. We also thank Mr. P. Swaminathan, Director (E&I) Group & Mr. N. Sridhar, EID of our centre for their technical contribution.

REFERENCES

[8] Design Verification with e, by Samir Palnitkar