The ITER Interlock Control System (ICS) requires the application of the IEC61508 standard for all mission-critical (known as investment protection) control functions. Such functions must detect the events of the integrated physical processes and distribute them to the actuators with hard real-time constraints on the order of milliseconds or sometimes microseconds.
Systems that can achieve these kinds of timing requirements are often bespoke FPGA-based solutions, which are a well-known challenge to IEC61508 processes.
However, to minimize the variety of components and simplify the procurement process for an international supplier-base, ITER decided to standardize the use of Commercial Off-The-Shelf (COTS) devices. The COTS selected for the ICS was the FPGA-based CompactRIO NI9159 chassis (and its associated I/O modules), provided by National Instruments (NI). This COTS requires the use of a high-level language (LabVIEW-FPGA), and the associated integrated development tools to develop the FPGA functionality.
Therefore, it is necessary to provide the required level of assurance that a COTS device is of good quality, fit for purpose and can be properly integrated into an investment protection control loop with the necessary level of systematic capability during the development process.
This paper describes in detail the method ITER uses to perform the verification and validation process of the COTS FPGA logic configuration generated by the LabVIEW-FPGA high-level language used for the development, according to the IEC61508 standard recommendations oriented to investment protection.
|Are you a student?||Yes|