In a control system where an extremely high reliability is required to secure safety in human life and environment such as a plant, a railway, a vehicle, and an airplane. In the worst case, a failure or an abnormality may occur in a system, and thus there is a need to take an action not to make the system out of control and fall into a dangerous state.
Therefore, a lot of reliability and safety is required in a control device which performs control in the system.
Until now, an ASIC (Application Specific Integrated Circuit) has been mainly used in the control of such a control device.
However, in recent years, a production cost of the ASIC is increased as a semiconductor process is departmentalized, and thus it is difficult to develop a new product in an industrial control system of which the number of production is less.
On the other hand, a field programmable gate array (hereinafter, referred to as FPGA) which has been practically used in 1980s is increased in integration and performance through a miniaturization and, in some cases, has been used in the industrial control system of which the number of production is less.
By the way, an SRAM (Static Random Access Memory)-based FPGA is primarily used in recent years.
With the SHAM-based FPGA, when power is input, arbitrary logic circuits can be realized by changing values to be written in an LUT (Look Up Table) which is configured in the SRAM.
However, with this feature, if a temporary failure called a soft error in which a bit of the SRAM is temporally changed occurs under the influence of noises from the outside and cosmic rays radiated from the air, the FPGA is configured to be different from a desired circuit. As a result, a malfunction of the system is caused, or the device may be stopped.
Therefore, particularly, in order to use an industrial specific SRAM-based FPGA, there is a need to securely operate a mechanism which shifts the device to a fail-safe (hereinafter, referred to as FS), which is a safe state, in a case where a failure is detected by a circuit in the FPGA and it is determined as a failure.
From such a background, there is proposed a technique to improve safety of the SRAM-based FPGA which is known for having the soft error compared to an ASIC in which a circuit configuration is fixed.
For example, PTL 1 discloses an example in which a protection circuit is mounted in the SPAM-based FPGA to improve resistance when the FPGA is out of order.