In a control system for which very high reliability is demanded so as to ensure safety of a human life and environment for a plant, a railroad, an automobile, an airplane and the like, in case failure and abnormality should occur in the system, measures for preventing the system from running out of control and running into a dangerous situation are required to be taken.
Therefore, for a controller that controls inside such a system, reliability and safety are required to be enhanced.
For such a controller, an ASIC (Application Specific Integrated Circuit) has been principally used.
However, recently, it has been difficult to newly develop ASIC for an industrial control system having a small number of production units because of the rise of manufacturing costs according to refinement in a semiconductor process.
In the meantime, as to a Field Programmable Logic Array (hereinafter called FPGA) put in practical application in the 1980s, since a degree of integration and performance are enhanced because of refinement and the price is also settled down, case where FPGA is used for an industrial control system having few production units is seen.
Incidentally, it is an SRAM (Static Random Access Memory) type that is principally used for recent FPGA.
The SRAM-type FPGA has a characteristic that it can realize an arbitrary logical circuit by changing a value to be written to a LUT Look Up Table) configured by SRAM when power is turned on.
However, when temporary failure called a soft error that a bit of SRAM temporarily changes occurs due to this characteristic by influence of noise from the outside, cosmic rays radiated in the air and the like, the configuration is turned into a configuration different from a desired circuit, consequently, a malfunction of a system is caused, and a case where a system is shut down may occur.
Accordingly, to use the SRAM-type FPGA especially for industry, failure is required to be detected in a circuit inside the FPGA and when the situation is judged as failure, a mechanism for transferring the FPGA to a safe state is required to be securely fabricated.
From such a background, technique for enhancing safety of the SRAM-type FPGA which is said to easily cause a soft error, compared with ASIC in which circuitry configuration is fixed is proposed.
For example, in Patent Literature 1, an example that resistance when FPGA fails is enhanced utilizing incremental resetting in operation is described.
In addition, in Nonpatent Literature 1, an example that an internal region of FPGA is divided into blocks and the blocks are packaged for each function is described.