

# DO-254 UltraScale+<sup>™</sup> Soft Error Mitigation Controller v1.00a Certifiable Data Package (DAL A)

#### **General Description**

The UltraScale+<sup>™</sup> Soft Error Mitigation (SEM) Controller DO-254 Certifiable Data Package is made up of the artifacts produced by applying the DO-254 lifecycle to the Xilinx<sup>®</sup> UltraScale+<sup>™</sup> SEM IP and an encrypted version of the source code. This includes the following completed documents:

- Plan for Hardware Aspects of Certification
- Hardware Validation and Verification Plan
- Hardware Configuration
  Management Plan
- Hardware Design Plan
- Hardware Process Assurance Plan
- Hardware Validation and Verification Standard
- Hardware Requirements Standard
- Hardware Design Standard
- Hardware Requirements Document
- Hardware Design Document
- Hardware Configuration Index
- Verification Configuration Index (includes Hardware Lifecycle Environment Configuration Index)
- Hardware Test Procedures
- Hardware Requirements Traceability
  Matrix
- Hardware Verification Results
- Hardware Elemental Analysis Results
- Hardware Accomplishment Summary

The above documents are available for certification efforts, however not all documents are included in the delivery package. The DO-254 UltraScale<sup>™</sup> SEM is an automatically configured, pre-verified solution to detect and correct soft errors in Configuration Memory of Xilinx<sup>®</sup> Field Programmable Gate Arrays (FPGAs). This core provides a method to better manage the system-level effects of soft errors. Proper management of these events can increase reliability and availability as well as reduce system maintenance and downtime costs.

#### Features

- Typical detection latency of 25ms in many devices
- Integration of built-in silicon primitives to fully leverage and improve upon the inherent error detection capability of the FPGA
- Six modes
  - Mitigation and Testing
  - Mitigation Only
  - Detect and Testing
  - Detect Only
  - o Emulation
  - Monitoring
- Optional error correction, using selectable method: repair, enhanced repair, or replace
- Optional error injection and convenient debug feature to support evaluation of UltraScale+<sup>™</sup> SEM controller applications
- Integration of silicon features to leverage built-in error detection capability
- Implementation of error correction capability to support correction of



soft errors

- Implementation of error classification capability
- Provision for error injection to support verification of the controller and evaluation of applications to the controller

# **Block Diagram**



# **Supported FPGA Families**

Xilinx<sup>®</sup> Kintex<sup>®</sup> UltraScale+<sup>™</sup> FPGA Family Xilinx<sup>®</sup> Virtex<sup>®</sup> UltraScale+<sup>™</sup> FPGA Family Xilinx<sup>®</sup> Zynq<sup>®</sup> UltraScale+<sup>™</sup> FPGA Family

# **Development Tools**

QuestaSim<sup>®</sup> v10.4 or later Xilinx<sup>®</sup> Vivado<sup>®</sup> 2019.1 or later

# Configuration

The DO-254 UltraScale+<sup>™</sup> SEM IP is configurable as shown below:

| Parameter<br>Name         | Allowable Values |
|---------------------------|------------------|
| C_HAS_ERROR_<br>INJECTION | 0, 1             |

| Parameter<br>Name | Allowable Values                                                                                                                                                                                                                                                                                                              |
|-------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| C_FEATURE_SET     | 1-5                                                                                                                                                                                                                                                                                                                           |
| C_DEVICE_NAME     | "XCKU3P", "XCKU5P",<br>"XCKU9P", "XCKU11P",<br>"XCKU13P", "XCKU15P",<br>"XCVU3P", "XCZU2",<br>"XCZU3", "XCZU4",<br>"XCZU5", "XCZU6",<br>"XCZU7", "XCZU6",<br>"XCZU11EG",<br>"XCZU15EG",<br>"XCZU15EG",<br>"XCZU17EG",<br>"XCZU19EG",<br>"XCZU21DR",<br>"XCZU23DR",<br>"XCZU25DR",<br>"XCZU27DR",<br>"XCZU28DR",<br>"XCZU29DR" |

# Assumptions

Assumption 1: The integrator will develop a full set of DO-254 artifacts to reflect the objectives, activities, and lifecycle data related to the system/safety, implementation, target test, acceptance test, production transition aspects, related validation and verification, configuration management, process assurance, and certification liaison aspects of the system/LRU.

Assumption 2: The objectives, activities and lifecycle data related specifically to the DO-254 UltraScale+<sup>™</sup> SEM IP will be provided to the Integrator for inclusion into their overall certification package. Assumption 3: Place and route, clock frequency, and parameter selection decisions related to the IP core will have an impact on critical areas such as timing. These decisions and the verification of these implementation decisions will be the responsibility of the integrator.

Assumption 4: All objectives related to the building, integration and production (including Production Testing — ATP) of the system/LRU will be the responsibility of the integrator.

Assumption 5: Objectives related to hardware components other than the DO-254 UltraScale+<sup>™</sup> SEM IP are the responsibility of the integrator.

Assumption 6: The integrator will develop all DO-254 artifacts that are related to the integration and testing of the DO-254 UltraScale+<sup>™</sup> SEM IP in their system.

Assumption 7: The integrator will perform implementation objectives related to the target hardware, including the integral process objectives, to verify the timing and other critical parameters of the DO-254 UltraScale+™ SEM IP.

Assumption 8: The applicant is responsible for communicating with their Certification Authority relative to the implementation of the DO-254 UltraScale+<sup>™</sup> SEM IP into their system.

**Assumption 9**: Compliance with the objectives related to system (and safety-

related) requirements allocated to the hardware will be the responsibility of the integrator. The requirement to feed all IP derived requirements to the System/Safety Process will be the responsibility of the integrator. The integrator will be required to generate hardware requirements allocated from the system requirements that exercise the DO-254 UltraScale+<sup>™</sup> SEM IP at the system level.

Assumption 10: The integrator is required to include a clock timing constraint for this DO-254 UltraScale+<sup>™</sup> SEM IP. This clock timing constraint will define the clock rate at which the IP core will operate. It is recommended that the integrator defines this constraint in the xdc file. The integrator typically would also include (at a minimum, but not limited to) pinout constraints, I/O electrical standards, etc. An example xdc file will be provided in Chapter 3 of the 10142-UG, but it is for reference only.

Assumption 11: The integrator is not required to rerun any elemental analysis (code coverage). Code coverage results indicate that all configurations required to attain 100% coverage are tested.

Assumption 12: Some testing of the DO-254 UltraScale+<sup>™</sup> SEM IP was done on a test board. The integrator is responsible for black box testing in their system to verify that the IP performs its intended function in the system. In order to assist the integrator with determining what should be tested at



the system level, Logicircuit has included a list of potential target tests in the "Potential Target Test" section of the User Guide for each IP. The integrator should evaluate the list of tests against the hardware functions of the IP they are using in their system to determine which tests they should perform at the system level.



# **Revision History**

|          |                                           |            | Subversion |
|----------|-------------------------------------------|------------|------------|
|          |                                           |            | repository |
| Revision | Reason/Description                        | Date       | revision   |
|          | Draft 2 has formally been released as Rev | 11/25/2019 | 76         |
|          |                                           |            |            |
|          |                                           |            |            |