Digital Replacing Analog

NT still doesn't get it. No surprise there.

--
Bil Sloman, Sydney

Ricketty has previously posted in a different thread about a homebrew/hacker lung ventilator project.

Several people pointed out the difficulties (technical and more importantly non-technical) of getting that approved under any circumstances, let alone the circumstances he described for that project. Those comments were not welcomed.

It might be worth trying to understand how that background might relate to this thread :)

:

te:

:

age

...

aren't really

ate the

used. There are

merous to list

ss C code when

tated.) By that

ffectively, which

o changes are not

ive than

it is an AOD4185

rcuitry to make

en the power

rease the whole

and wired-OR

hey offer, it

t can deliver

verload period

this carefully.

age divider with

verting input and

oltage reference.

nel pass FET, the

e NFET, and

degeneration is

be used here,

ea, but not

e) -- much more

e from.

evel shifting is

now? Then you

mall shunt) to

es loop gain) or

it

AD744 (picked

ks ok but with

again, mind the

gate voltage

big current, and

ner yanks the

ransients (under

or above the

ing on how much

d can incorporate

case it is on the

s odd that we are

it will be easier

didn't specify

ts seem to be in

w bucks.

", but I don't

ck.

block defined in SRAM like registers

sters at interval in run mode. 60730 defines all the modes that must be tes ted at interval and at boot

ld" electronics.

office

motor in it, or any product that has a power level that in case of a fault could heat a component up and exceed insulation specs or outright burst int o flames is covered.

near mode that would not trigger a safety function will heat the motor up t o above 150 degrees for Class F wire, would then fail the UL/IEC test

hat makes sure the SW behaves correctly, even when you introduce errors int o the microcontroller. Bit flip, timer going berserk, oscillator outside ra nges etc

be sure the product is safe

that you should comply to?

be approved as a HW block

along with other parameters

l NASA gear that would reboot periodically to deal with soft radiation indu ced errors. Is that the sort of thing you are talking about?

lement that can potentially heat up to unsafe levels. So in this case, a mo tor for a household gadget. In our case, it's a circulation pump

ent? How do they meet it other than just not using digital "stuff"?

om ST:

the controller. You feed the main clock to a timer, and you then compare th e main clock with say the watchdog clock/timer. They must not differ much, if they do, you pull the reset flag

safe. So if your clock will impact your product to have double heat consum ption at half clock frequency and that is a problem, then that is your limi t

checksum. During runtime, the code checksum is calculated every 10 seconds. If it differs, you pull reset

NASA approach for FPGAs works well.

that such errors are sufficiently rare. In our case the software and firmw are can keep an eye on one another. If either sees something wonky the ent ire unit gets rebooted. The MCU can reboot the FPGA after the FPGA has reb ooted the MCU.

you do not have approved Class B SW, then your micro is considered to be on e big fault generator. If you have your checks in place, then you can get i t approved. The advantage of using the libraries from ST or Microchip and o thers is that they are preapproved, so you only need to argue about the app lication layer when you talk to the approval body

ponents (those that need UL/IEC approval, since they are connected to the l ine, Y caps, X caps, varistors etc)

The standard you are referring to does not apply to medical equipment. T he medical standard may require something similar, but that will be the med ical standard requirement, not the standard you are referring to which may be very different. The software hazards are not relevant if they are preve nted from materializing because the hardware prevents them.

derstand what I'm saying and you don't seem to.

e than a household appliance, so your needs for approved SW will be even mo re relevant

Others are working the requirements. I see references to MHRA V4.0 RMVS re quirements.

The only SW that needs to be validated is code that impacts the safety of t he patient. The alarms have been moved to the FPGA, so even if the softwar e fails to ventilate properly, the alarms will still operate.

--

  Rick C. 

  +-+ Get 1,000 miles of free Supercharging 
  +-+ Tesla referral code - https://ts.la/richard11209

te:

rote:

te:

ssage

om...

ns aren't really

odate the

e used. There are

numerous to list

less C code when

nstated.) By that

effectively, which

so changes are not

nsive than

ly it is an AOD4185

circuitry to make

when the power

grease the whole

p and wired-OR

they offer, it

hat can deliver

overload period

e this carefully.

ltage divider with

inverting input and

voltage reference.

annel pass FET, the

the NFET, and

ce degeneration is

t be used here,

idea, but not

ode) -- much more

ose from.

level shifting is

'know? Then you

small shunt) to

stes loop gain) or

it it

an AD744 (picked

orks ok but with

(again, mind the

t gate voltage

ls big current, and

Zener yanks the

transients (under

ctor above the

nding on how much

and can incorporate

s case it is on the

t's odd that we are

d it will be easier

I didn't specify

arts seem to be in

2. > > > > > > > > >

few bucks.

re", but I don't

luck.

ch block defined in SRAM like registers

gisters at interval in run mode. 60730 defines all the modes that must be t ested at interval and at boot

hold" electronics.

r office

a motor in it, or any product that has a power level that in case of a faul t could heat a component up and exceed insulation specs or outright burst i nto flames is covered.

linear mode that would not trigger a safety function will heat the motor up to above 150 degrees for Class F wire, would then fail the UL/IEC test

that makes sure the SW behaves correctly, even when you introduce errors i nto the microcontroller. Bit flip, timer going berserk, oscillator outside ranges etc

to be sure the product is safe

u that you should comply to?

t be approved as a HW block

d along with other parameters

all NASA gear that would reboot periodically to deal with soft radiation in duced errors. Is that the sort of thing you are talking about?

element that can potentially heat up to unsafe levels. So in this case, a motor for a household gadget. In our case, it's a circulation pump

ement? How do they meet it other than just not using digital "stuff"?

from ST:

e the controller. You feed the main clock to a timer, and you then compare the main clock with say the watchdog clock/timer. They must not differ much , if they do, you pull the reset flag

ll safe. So if your clock will impact your product to have double heat cons umption at half clock frequency and that is a problem, then that is your li mit

e checksum. During runtime, the code checksum is calculated every 10 second s. If it differs, you pull reset

e NASA approach for FPGAs works well.

t that such errors are sufficiently rare. In our case the software and fir mware can keep an eye on one another. If either sees something wonky the e ntire unit gets rebooted. The MCU can reboot the FPGA after the FPGA has r ebooted the MCU.

f you do not have approved Class B SW, then your micro is considered to be one big fault generator. If you have your checks in place, then you can get it approved. The advantage of using the libraries from ST or Microchip and others is that they are preapproved, so you only need to argue about the a pplication layer when you talk to the approval body

omponents (those that need UL/IEC approval, since they are connected to the line, Y caps, X caps, varistors etc)

t. The standard you are referring to does not apply to medical equipment. The medical standard may require something similar, but that will be the m edical standard requirement, not the standard you are referring to which ma y be very different. The software hazards are not relevant if they are pre vented from materializing because the hardware prevents them.

understand what I'm saying and you don't seem to.

ise than a household appliance, so your needs for approved SW will be even more relevant

requirements.

So you are working on a design in which you don't know which standard is go verning your design decisions?

Most likely you need to comply to IEC 62304, which describes SW for medical devices

An overview:

vices_-_module_3.pdf

Oh, yes, MHRA points down to the 62304 standard:

the patient. The alarms have been moved to the FPGA, so even if the softw are fails to ventilate properly, the alarms will still operate.

Is the FPGA approved for medical?

Most likely no

Check this:

e-georg-heidenreich

Quote

- everything being executed on a PROCESSOR will be considered SOFTWARE and therefore be under IEC 62304, including software to be executed on FPGA-pro cessors, signal processors and graphics boards.

Unquote

Cheers

Klaus

rote:

e:

rote:

message

.com...

igns aren't really

mmodate the

be used. There are

o numerous to list

e less C code when

unstated.) By that

ze effectively, which

c, so changes are not

pensive than

ntly it is an AOD4185

e circuitry to make

t when the power

ow grease the whole

wap and wired-OR

an they offer, it

that can deliver

er overload period

dle this carefully.

voltage divider with

p inverting input and

ed voltage reference.

channel pass FET, the

g the NFET, and

urce degeneration is

ght be used here,

d idea, but not

mode) -- much more

hoose from.

ra level shifting is

y'know? Then you

a small shunt) to

wastes loop gain) or

cuit it

o an AD744 (picked

works ok but with

on (again, mind the

ght gate voltage

ulls big current, and

Zener yanks the

0A transients (under

factor above the

pending on how much

2 and can incorporate

his case it is on the

It's odd that we are

aid it will be easier

ce I didn't specify

parts seem to be in

$2.

a few bucks.

ware", but I don't

d luck.

each block defined in SRAM like registers

registers at interval in run mode. 60730 defines all the modes that must be tested at interval and at boot

sehold" electronics.

or office

h a motor in it, or any product that has a power level that in case of a fa ult could heat a component up and exceed insulation specs or outright burst into flames is covered.

n linear mode that would not trigger a safety function will heat the motor up to above 150 degrees for Class F wire, would then fail the UL/IEC test

ds that makes sure the SW behaves correctly, even when you introduce errors into the microcontroller. Bit flip, timer going berserk, oscillator outsid e ranges etc

, to be sure the product is safe

you that you should comply to?

not be approved as a HW block

ked along with other parameters

ecall NASA gear that would reboot periodically to deal with soft radiation induced errors. Is that the sort of thing you are talking about?

an element that can potentially heat up to unsafe levels. So in this case, a motor for a household gadget. In our case, it's a circulation pump

cs

irement? How do they meet it other than just not using digital "stuff"?

t from ST:

ide the controller. You feed the main clock to a timer, and you then compar e the main clock with say the watchdog clock/timer. They must not differ mu ch, if they do, you pull the reset flag

till safe. So if your clock will impact your product to have double heat co nsumption at half clock frequency and that is a problem, then that is your limit

ode checksum. During runtime, the code checksum is calculated every 10 seco nds. If it differs, you pull reset

the NASA approach for FPGAs works well.

ept that such errors are sufficiently rare. In our case the software and f irmware can keep an eye on one another. If either sees something wonky the entire unit gets rebooted. The MCU can reboot the FPGA after the FPGA has rebooted the MCU.

If you do not have approved Class B SW, then your micro is considered to b e one big fault generator. If you have your checks in place, then you can g et it approved. The advantage of using the libraries from ST or Microchip a nd others is that they are preapproved, so you only need to argue about the application layer when you talk to the approval body

Components (those that need UL/IEC approval, since they are connected to t he line, Y caps, X caps, varistors etc)

it. The standard you are referring to does not apply to medical equipment . The medical standard may require something similar, but that will be the medical standard requirement, not the standard you are referring to which may be very different. The software hazards are not relevant if they are p revented from materializing because the hardware prevents them.

o understand what I'm saying and you don't seem to.

wise than a household appliance, so your needs for approved SW will be eve n more relevant

S requirements.

governing your design decisions?

al devices

devices_-_module_3.pdf

of the patient. The alarms have been moved to the FPGA, so even if the sof tware fails to ventilate properly, the alarms will still operate.

ope-georg-heidenreich

d therefore be under IEC 62304, including software to be executed on FPGA-p rocessors, signal processors and graphics boards.

"executed on FPGA-processors" that seems very open for interpretation

code executed on cpu implented in an FPGA, sure statemachine in FPGA with programmable state table, maybe hardwired statemachine in fpga, I don't think so

rote:

e:

rote:

message

.com...

igns aren't really

mmodate the

be used. There are

o numerous to list

e less C code when

unstated.) By that

ze effectively, which

c, so changes are not

pensive than

ntly it is an AOD4185

e circuitry to make

t when the power

ow grease the whole

wap and wired-OR

an they offer, it

that can deliver

er overload period

dle this carefully.

voltage divider with

p inverting input and

ed voltage reference.

channel pass FET, the

g the NFET, and

urce degeneration is

ght be used here,

d idea, but not

mode) -- much more

hoose from.

ra level shifting is

y'know? Then you

a small shunt) to

wastes loop gain) or

cuit it

o an AD744 (picked

works ok but with

on (again, mind the

ght gate voltage

ulls big current, and

Zener yanks the

0A transients (under

factor above the

pending on how much

2 and can incorporate

his case it is on the

It's odd that we are

aid it will be easier

ce I didn't specify

parts seem to be in

$2.

a few bucks.

ware", but I don't

d luck.

each block defined in SRAM like registers

registers at interval in run mode. 60730 defines all the modes that must be tested at interval and at boot

sehold" electronics.

or office

h a motor in it, or any product that has a power level that in case of a fa ult could heat a component up and exceed insulation specs or outright burst into flames is covered.

n linear mode that would not trigger a safety function will heat the motor up to above 150 degrees for Class F wire, would then fail the UL/IEC test

ds that makes sure the SW behaves correctly, even when you introduce errors into the microcontroller. Bit flip, timer going berserk, oscillator outsid e ranges etc

, to be sure the product is safe

you that you should comply to?

not be approved as a HW block

ked along with other parameters

ecall NASA gear that would reboot periodically to deal with soft radiation induced errors. Is that the sort of thing you are talking about?

an element that can potentially heat up to unsafe levels. So in this case, a motor for a household gadget. In our case, it's a circulation pump

cs

irement? How do they meet it other than just not using digital "stuff"?

t from ST:

ide the controller. You feed the main clock to a timer, and you then compar e the main clock with say the watchdog clock/timer. They must not differ mu ch, if they do, you pull the reset flag

till safe. So if your clock will impact your product to have double heat co nsumption at half clock frequency and that is a problem, then that is your limit

ode checksum. During runtime, the code checksum is calculated every 10 seco nds. If it differs, you pull reset

the NASA approach for FPGAs works well.

ept that such errors are sufficiently rare. In our case the software and f irmware can keep an eye on one another. If either sees something wonky the entire unit gets rebooted. The MCU can reboot the FPGA after the FPGA has rebooted the MCU.

If you do not have approved Class B SW, then your micro is considered to b e one big fault generator. If you have your checks in place, then you can g et it approved. The advantage of using the libraries from ST or Microchip a nd others is that they are preapproved, so you only need to argue about the application layer when you talk to the approval body

Components (those that need UL/IEC approval, since they are connected to t he line, Y caps, X caps, varistors etc)

it. The standard you are referring to does not apply to medical equipment . The medical standard may require something similar, but that will be the medical standard requirement, not the standard you are referring to which may be very different. The software hazards are not relevant if they are p revented from materializing because the hardware prevents them.

o understand what I'm saying and you don't seem to.

wise than a household appliance, so your needs for approved SW will be eve n more relevant

S requirements.

governing your design decisions?

I am working on a design from requirements I am given. It is up to others to ascertain what requirements apply to the design. I am not working this project alone. I am not doing the entire job myself. As is done in any co mpany, various members are working on portions they are expert in.

al devices

devices_-_module_3.pdf

of the patient. The alarms have been moved to the FPGA, so even if the sof tware fails to ventilate properly, the alarms will still operate.

ope-georg-heidenreich

d therefore be under IEC 62304, including software to be executed on FPGA-p rocessors, signal processors and graphics boards.

Exactly. There are no processors or software in the FPGA.

More importantly, what you are failing to acknowledge is that not every asp ect of the device has to be dealt with in the same way. Not every aspect o f the design is safety critical. A risk assessment is part of the process.

--

  Rick C. 

  ++- Get 1,000 miles of free Supercharging 
  ++- Tesla referral code - https://ts.la/richard11209

hing an overload condition before it can tear up the gears or break the sha ft (which the others on the project have done several times). This shut do wn was measuring the motor current and pulling the plug, then allowing the MCU to restart it when needed.

need something to limit the voltage. A regulator often requires significan t head room to work, so I used the same pass transistor to add a voltage ou tput limit.

bunch of other stuff, and not cost any more. The design time will be a lot less as well although the analog circuit is already done in simulation.

by a few FF and gates inside a chip where they will never be seen, just chu g along.

I did move the voltage limit back into analog. I came up with a circuit th at limits the voltage to 12.5 volts before running through the H-bridge usi ng a pair of 2n2007 in a differential configuration. Seems to work pretty well with no tendency to oscillate and keeps the voltage within 0.1 volt ra nge over all current conditions and only drops 160 mV as the power source d rops below 12 volts. The 5 volt rail is spec'd to be within 1% so that is the reference voltage. To shut down the power another 2N7002 drops the ref erence voltage to zero commanded by either the software or the motor over c urrent.

So analog still lives!

--

  Rick C. 

  +++ Get 1,000 miles of free Supercharging 
  +++ Tesla referral code - https://ts.la/richard11209

This is sophistry. Field Programmable Gate Arrays have to be programmed before they can do anything, and the software that programs them is an essential part of the design.

And if you think that the string of text that programs the FPGA isn't software, you don't seem to be in close enough touch with reality to be a particularly reliable risk assessor.

--
Bill Sloman, Sydney

te:

:

sage

E and therefore be under IEC 62304, including software to be executed on FP GA-processors, signal processors and graphics boards.

Only to those who know as little about FPGAs as you do.

nything, and the software that programs them is an essential part of the de sign.

In spite of the name, FPGAs are not programmed, they are configured. They require no software to configure them since they are capable of loading the ir own configuration either from on chip Flash, non-erasable memory or exte rnal flash.

aspect of the device has to be dealt with in the same way. Not every aspec t of the design is safety critical. A risk assessment is part of the proces s.

tware, you don't seem to be in close enough touch with reality to be a part icularly reliable risk assessor.

The schematic I use to design my PCBs are just text as well. Yet no one cl aims the board of analog circuitry is a processor.

That's the issue. There is no processor in an FPGA unless the user designs one for it.

This isn't rocket science. A processor has a definition. Look it up. If the FPGA is a processor, it's not very Turing complete. While an FPGA can be configured to be a processor, very few of them are. If they aren't conf igured to be a processor, they aren't processors.

Please stop being silly about this.

--

  Rick C. 

  ---- Get 1,000 miles of free Supercharging 
  ---- Tesla referral code - https://ts.la/richard11209

:

rote:

te:

essage

ARE and therefore be under IEC 62304, including software to be executed on FPGA-processors, signal processors and graphics boards.

anything, and the software that programs them is an essential part of the design.

require no software to configure them since they are capable of loading th eir own configuration either from on chip Flash, non-erasable memory or ext ernal flash.

More sophistry. The process of "configuring" them is programming a bunch o f uncommitted gates (or whatever) to do a specific job - the circuit is pro grammed so particular combinations (and sequences) of inputs produce partic ular combination and sequences of outputs.

They aren't single-threaded, so they aren't Turing machines, but what prog rams them is software.

ry aspect of the device has to be dealt with in the same way. Not every asp ect of the design is safety critical. A risk assessment is part of the proc ess.

oftware, you don't seem to be in close enough touch with reality to be a pa rticularly reliable risk assessor.

laims the board of analog circuitry is a processor.

Nobody bothers pointing out the obvious. You may not be old enough to remem ber analog computers, but that's where the analog/digital distinction came from.

s one for it.

processor /?pr??s?s?/ noun noun: processor; plural noun: processors

a machine that processes something. "the processor overexposed the film" Computing another term for central processing unit.

can be configured to be a processor, very few of them are. If they aren't c onfigured to be a processor, they aren't processors.

If you don't know what words mean, you might believe that. If you want to think that if you don't pay a license fee for a particular processor design to put in your FPGA, you haven't got processor that's your privilege, but it isn't a sensible way of looking at what the device is being asked to do , which is to process sequences of inputs to provide the desired sequences of outputs

You first.

--
Bill Sloman, Sydney

te:

:

rote:

message

TWARE and therefore be under IEC 62304, including software to be executed o n FPGA-processors, signal processors and graphics boards.

do anything, and the software that programs them is an essential part of th e design.

ey require no software to configure them since they are capable of loading their own configuration either from on chip Flash, non-erasable memory or e xternal flash.

of uncommitted gates (or whatever) to do a specific job - the circuit is p rogrammed so particular combinations (and sequences) of inputs produce part icular combination and sequences of outputs.

ograms them is software.

Sophistry indeed, from the horses mouth! You literally have no idea of how FPGAs work. The board I sell has no processor of any kind. The FPGA cont ains flash which is loaded into the configuration RAM by hardware in the FP GA to control the interconnections and the tiny blocks of RAM that make up the logic. But none of this is "programming" in the sense it is intended i n the matter being discussed. This is called "configuration" because that' s what it is. Configuration of the logic and the interconnections.

Either learn how the devices work, or just stop posting about it, ok? You are making yourself look stupid.

very aspect of the device has to be dealt with in the same way. Not every a spect of the design is safety critical. A risk assessment is part of the pr ocess.

software, you don't seem to be in close enough touch with reality to be a particularly reliable risk assessor.

claims the board of analog circuitry is a processor.

ember analog computers, but that's where the analog/digital distinction cam e from.

gns one for it.

A can be configured to be a processor, very few of them are. If they aren't configured to be a processor, they aren't processors.

o think that if you don't pay a license fee for a particular processor desi gn to put in your FPGA, you haven't got processor that's your privilege, b ut it isn't a sensible way of looking at what the device is being asked to do, which is to process sequences of inputs to provide the desired sequence s of outputs

I didn't expect you would actually acknowledge you were wrong and try to le arn something.

Oh well, I'll go back to ignoring you. That's better than feeding the trol ls.

--

  Rick C. 

  ---+ Get 1,000 miles of free Supercharging 
  ---+ Tesla referral code - https://ts.la/richard11209

rote:

te:

in message

.

OFTWARE and therefore be under IEC 62304, including software to be executed on FPGA-processors, signal processors and graphics boards.

n do anything, and the software that programs them is an essential part of the design.

They require no software to configure them since they are capable of loadin g their own configuration either from on chip Flash, non-erasable memory or external flash.

h of uncommitted gates (or whatever) to do a specific job - the circuit is programmed so particular combinations (and sequences) of inputs produce par ticular combination and sequences of outputs.

rograms them is software.

w FPGAs work. The board I sell has no processor of any kind. The FPGA conta ins flash which is loaded into the configuration RAM by hardware in the FPG A to control the interconnections and the tiny blocks of RAM that make up t he logic. But none of this is "programming" in the sense it is intended in the matter being discussed. This is called "configuration" because that's w hat it is. Configuration of the logic and the interconnections.

are making yourself look stupid.

Actually, I do know how the devices work - like most of the people who post here. The stupidity is all yours.

every aspect of the device has to be dealt with in the same way. Not every aspect of the design is safety critical. A risk assessment is part of the process.

't software, you don't seem to be in close enough touch with reality to be a particularly reliable risk assessor.

ne claims the board of analog circuitry is a processor.

emember analog computers, but that's where the analog/digital distinction c ame from.

signs one for it.

PGA can be configured to be a processor, very few of them are. If they aren 't configured to be a processor, they aren't processors.

to think that if you don't pay a license fee for a particular processor des ign to put in your FPGA, you haven't got processor that's your privilege, b ut it isn't a sensible way of looking at what the device is being asked to do, which is to process sequences of inputs to provide the desired sequence s of outputs

learn something.

Correctly. Since I'm not wrong, and you haven't advanced anything that I di dn't know or needed to learn. When I am wrong I do admit it.

lls.

Learning where you own point of view falls short would be even better, but not many people who post here are up to that.

--
Bill Sloman, Sydney

Quote

For some MCUs exactly the same is true. When they are initialised they load their configuration from external flash non-erasable memory or external flash.

An FSM implemented in gates processes inputs according to a configuration stored in an external memory (except mask programmed or one time programmable devices).

An FSM implemented in an MCU processes inputs according to a configuration stored in an external memory (except mask programmed or one time programmable devices).

The languages used to specify the configuration are different, but both require complex compilation to convert from input text to the binary bit pattern. Compilers are not error free.

Think about the theoretical fundamentals and the practical implementation details, or just stop...

I don't think I need to complete that "mirror", do I.

:

RE

on

o

the

hey

their

ernal

igns

A FSM implemented with 7402 logic is just as much a processor by your defin ition, yet not included in this category by anyone.

I don't know why a few people here want to stretch this point until it brea ks. It is patently absurd to think of general logic in an FPGA being a pro cessor executing software any more than logic configured in any other way. If the logic were designed using CAD tools from an HDL but implemented in SSI functions we would not be having this discussion. There is nothing uni que about FPGAs that make them "processors".

--

  Rick C. 

  --+- Get 1,000 miles of free Supercharging 
  --+- Tesla referral code - https://ts.la/richard11209

Quote

Correct, it is indeed a processor.

That processor implementation technology has its function immutably cast in copper and doped silicon (i.e. wires and gates).

FPGAs and MCUs (unless mask programmed) have their function cast in bits in memories which are initialised at power up, and can (in unusual circumstances) change during operation. In addition the bits are derived, possibly imperfectly, from an abstract specification in a sequence of ASCII characters. That derivation is itself error prone.

They are both a sequence of bits automatically derived from ASCII characters and stored in memory.

Those similarities are fundamental, and very relevant to reliability and verification.

There would be the question of whether the compilation was correct.

There would be the question of whether the implementation had mutated during operation due to flipped bits.

Correct.

But it is much easier to verify some implementation technologies than others.

It is not a processor in the normal use of the term which has to do with executing software. You have taken your own argument to the point of absurdity calling anything digital a "processor".

While FPGAs have their functionality stored in memory, unless that functionality is a processor the FPGA is not a processor.

Are you talking about the circuit boards I design??? That clearly applies to the schematic capture, layout and PWB fabrication processes.

But not in the way you are saying because the FPGA is not a processor.

SSI logic is designed using automatic tools from ASCII files and uses memory elements that can have bits flipped.

Whatever that means. If the requirements say "processors" that does not apply to FPGAs.

--

  Rick C. 

  -+-- Get 1,000 miles of free Supercharging 
  -+-- Tesla referral code - https://ts.la/richard11209

It is loading a configuration from a separate memory location, so the procedure is very much like a processor at boot

Yes, but a SSI design can be reviewed by just looking at it, writing up the logic equations. Same for the PCB, you can inspect the design directly

For a FPGA with 100k config registers, I am guessing you do not sit down and dissect it all

If the design has flip flops, you can have bits changed, and you would probably need voting mechanism and ways to do periodic resets

About the tool chains, it is well known that they generate different code from version to version and from chain to chain (Keil, IAR, GCC)

Cheers

Klaus

e:

te:

ote:

nd

to be

can

part

ed.

of

asable

they load

ernal

er

uration

guration

both

ry bit

ur

h executing software. You have taken your own argument to the point of abs urdity calling anything digital a "processor".

tionality is a processor the FPGA is not a processor.

cedure is very much like a processor at boot

It can be liked a processor in many ways and still not be a processor. Cop ying memory is not a requirement of being a processor.

it

being a

ies to the schematic capture, layout and PWB fabrication processes.

ted in SSI

emory elements that can have bits flipped.

he logic equations. Same for the PCB, you can inspect the design directly

You mean using software to view ASCII text files that describe the schemati c? Or using software to view ASCII text files that describe the board layo ut? I don't know anyone who actually traces the copper on a PWB as the mea ns of verifying the board is designed properly. They use software, lots of wonderful, unqualified software to view and automatically verify the desig n. Every layout package I've ever seen provides a check for unrouted nets. .. which does not work 100% all of the time. I've seen software that fails on checking for connections via power pours.

and dissect it all

I verify my designs in simulation using software. Yup, these days you can' t even create an installation procedure without software. It was a faulty installation procedure that caused a head gasket to blow on one of the gene rators of the local nuclear plant when the plant was scrammed during an ear thquake. It was only chance that the other generators did not fail.

Was the single point of failure the software used to produce the installati on procedure? I don't know. They've never said what was wrong or why it w as wrong. But the software did nothing to prevent the problem.

The issues you are talking about with FPGAs only need to be less likely tha n the human errors that are behind most accidents. But regardless, none of this makes an FPGA into a processor unless you design a processor into it.

obably need voting mechanism and ways to do periodic resets

Or not. Are you suggesting you need three FFs and voting logic for every S SI level circuit FF?

t apply to FPGAs.

from version to version and from chain to chain (Keil, IAR, GCC)

Yup. Even different revisions of the same tools produce different outputs. The same is true for FPGAs as well. Different revisions of KiCAD will pr oduce different files for the same schematic.

None of this is relevant to the point of FPGAs not being processors... they aren't.

--

  Rick C. 

  -+-+ Get 1,000 miles of free Supercharging 
  -+-+ Tesla referral code - https://ts.la/richard11209