close By using this website, you agree to the use of cookies. Detailed information on the use of cookies on this website can be obtained on OneSpin's Privacy Policy. At this point you may also object to the use of cookies and adjust the browser settings accordingly.

Formal Verification Signoff Flow for FPGA Implementation
IEC 61508 / ISO 26262 / EN 50128 / DO 254 

FPGAs in safety-critical applications in compliance with IEC 61508 / ISO 26262 / EN 50128 / DO-254


Field-programmable gate arrays (FPGAs) are the dominant hardware platform in many safety-critical, low-volume applications, including aerospace and nuclear power plants (NPPs). Modern FPGA devices feature integrated microprocessor cores, digital signal processing (DSP) units, memory blocks and other specialized intellectual properties (IPs).

These advanced devices allow for the implementation of large, high-performance system-on-chip (SoC) designs with integrated safety mechanisms, making a strong case for adoption in additional safety-critical applications traditionally dominated by application- specific integrated circuits (ASICs).

A notable example is automotive hardware, which, driven by the challenges of autonomous vehicles, must serve the demands of an expanding range of applications, including sensor data fusion and processing. 


White paper: The Rise and Fall of Synthesis Bugs in Safety-Critical FPGAs

FPGAs are the dominant hardware platform in low-volume, safety-critical applications, including aerospace and nuclear power plants. Modern FPGAs allow for the implementation of high performance designs with integrated safety mechanisms. This is driving adoption in additional industries, including automotive.

Functional safety standards require a rigorous development process to minimize the risk of introducing systematic faults. Some RTL issues may only reveal themselves as bugs in the synthesis netlist. Additionally, synthesis tools manipulate the design to map it into the fixed FPGA structure. These complex transformations present a high risk of introducing bugs.

Gate-level simulation and lab testing can only cover a tiny portion of the FPGA functionality and are likely to miss implementation bugs. Moreover, they are slow to run and challenging to debug. 

Safety-critical FPGA white paper:

  • Safety-critical FPGAs
  • Implementation issues in FPGA flows
    • Simulation-Synthesis Mismatches
    • Implementation
    • Optimizations
    • Insertion of Safety Mechanisms
    • Traditional Verification of Implementation Steps
  • Formal signoff of FPGA implementation
    • Inspection of RTL Code
    • Equivalence Checking for FPGAs
    • Verification of Safety Mechanisms
    • Formal Signoff Flow
  • Compliance with functional safety standards
    • OneSpin TÜV SÜD Certification
    • OneSpin DO-254 Tool Qualification Kit

Download the safety-critical FPGA white paper

This white paper presents an implementation signoff flow proving that the final FPGA netlist is functionally equivalent to the RTL model. Based on FPGA-specific, mature formal verification technology, the solution is exhaustive and efficient, catching many issues before synthesis starts.


 I would like to recieve more technical information via mail.
By downloading this content, you comply with OneSpin's privacy policy and give your consent for the collection of the entered data. OneSpin Solutions will protect the information that is collected on this site as stated in the privacy policy. It will not be shared with, or sold to any third party. This declaration of consent is entirely voluntary and can be retrieved on our website and revoked at any time. Should you have any objections to the collection, processing and use of your personal data at a later stage, you can withdraw your declaration of consent at any time in the future, without giving any reasons, by writing to dpo@onespin.com.