|
1 | 1 | # HARDENS |
2 | 2 |
|
| 3 | +## Copyright (C) Galois 2021 |
| 4 | +## Principal Investigator: Joe Kiniry <[email protected]> |
| 5 | +## Project Lead: Andrew Bivin <[email protected]> |
| 6 | +## Research Engineers: Alexander Bakst <[email protected]> and Michal Podhradsky <[email protected]> |
| 7 | + |
3 | 8 | Repository for the HARDENS project for the [Nuclear Regulatory Commission](https://www.nrc.gov/about-nrc.html). |
| 9 | + |
| 10 | +## Overview |
| 11 | + |
| 12 | +The goal of HARDENS is to provide to the NRC expert technical services |
| 13 | +in order to (1) develop a better understanding of how Model-Based |
| 14 | +Systems Engineering (MBSE) methods and tools can support regulatory |
| 15 | +reviews of adequate design and design assurance, and (2) identify any |
| 16 | +barriers or gaps associated with MBSE in a regulatory review of |
| 17 | +Digital Instrumentation and Control Systems for existing Nuclear Power |
| 18 | +Plants (NPPs). |
| 19 | + |
| 20 | +In the HARDENS project Galois will demonstrate to the Nuclear |
| 21 | +Regulatory Commission (NRC) cutting- edge capabilities in the |
| 22 | +model-based design, validation, and verification of safety-critical, |
| 23 | +mission-critical, high-assurance systems. Our demonstrator includes |
| 24 | +high-assurance software and hardware, includes open source RISC-V |
| 25 | +Central Processing Units (CPUs), and lays the groundwork for a |
| 26 | +high-assurance reusable product for safety critical Digital |
| 27 | +Instrumentation and Control Systems systems in NPPs. |
| 28 | + |
| 29 | +Details about the HARDENS project are found in our |
| 30 | +[original proposal](docs/HARDENS.pdf), which was written in response |
| 31 | +to the [original NRC RFP](docs/RFP.pdf). |
| 32 | + |
| 33 | +This document summarizes the current state of affairs of the project |
| 34 | +and demonstrator. |
| 35 | + |
| 36 | +## Task 1: Implementation |
| 37 | + |
| 38 | +As described in our proposal and the project Statement of Work, in |
| 39 | +Task 1 (Implementation), the first task of the HARDENS project, Galois |
| 40 | +will implement the system described above using both (1) highly |
| 41 | +integrated computer-based engineering development processes and (2) |
| 42 | +model-based systems engineering. All the modules of the simple |
| 43 | +protection system will be modeled functionally, and one FPGA-based |
| 44 | +circuit card will be modeled/designed in detail. The deliverable will |
| 45 | +be the model-based design itself. We will use Galois’s RDE process and |
| 46 | +methodology to achieve this goal, as well as the V&V in Task 2. |
| 47 | + |
| 48 | +All project models---the SysMLv2 model, the executable, rigorously |
| 49 | +validated and formally verified Cryptol model, and the semi-formal and |
| 50 | +formal requirements model---are included in this release and are found |
| 51 | +in the `develop` branch of the repository. |
| 52 | + |
| 53 | +Also, the initial implementation of the system which runs as an |
| 54 | +application on a POSIX host (e.g., a Linux or macOS development |
| 55 | +machine or in the HARDENS Docker image) is found in the |
| 56 | +as-of-yet-unmerged `c-impl` branch in the HARDENS repository. That |
| 57 | +implementation includes both hand-written C code conforming to the |
| 58 | +model-based specifications discussed above, as well as automatically |
| 59 | +synthesized formally verified sub-components, as described in the |
| 60 | +HARDENS proposal, for a small handful of critical sub-components. |
| 61 | +These synthesized components are generated in formally verified C |
| 62 | +source code and in the System Verilog HDL. The POSIX-based simulation |
| 63 | +can execute both the generated C components and the generated System Verilog |
| 64 | +components by means of a shim library wrapping the Verilated components. |
| 65 | + |
| 66 | +Finally, we have a formally verified RISC-V CPU, called the `nerv` |
| 67 | +CPU, built and tested on the ECP5-5G board. We have sketched out |
| 68 | +an initial three core SoC design using Bluespec SystemVerilog, but |
| 69 | +have not yet built that SoC for emulation or put it on the FGPA. We |
| 70 | +will accomplish such early in Task 2, and cross-compile our POSIX C |
| 71 | +implementation to that SoC. That ongoing work is found in the `nerv` |
| 72 | +branch of the repository. |
| 73 | + |
| 74 | +## Repository Structure |
| 75 | + |
| 76 | +The repository is structured as follows: |
| 77 | + |
| 78 | +- [specs](./specs) contains a domain model (`*.lando`, `*.lobot`), requirements |
| 79 | + (exported from `FRET` to `RTS_requirements.json`), and a specification of the RTS architecture |
| 80 | + (`*.sysml`). |
| 81 | +- [models](./models) contains the executable Cryptol model |
| 82 | +- [assets](./assets) and [docs](./docs) contain project and device documentation |
| 83 | + |
| 84 | +## Submodules |
| 85 | + |
| 86 | +This repository does not currently use any submodules. If/when it |
| 87 | +does, initialize with: |
| 88 | + |
| 89 | +``` |
| 90 | +$ git submodule init |
| 91 | +$ git submodule update --recursive |
| 92 | +``` |
| 93 | + |
| 94 | +## Docker |
| 95 | + |
| 96 | +A Docker container has been built to make for easier use, evaluation, |
| 97 | +reusability, and repeatibility of project results. We are adding |
| 98 | +tools to this container as necessary during project execution. |
| 99 | + |
| 100 | +### HARDENS Container |
| 101 | + |
| 102 | +To build and run the core HARDENS Docker image, use the `build` and |
| 103 | +`run` commands. |
| 104 | + |
| 105 | +``` |
| 106 | +$ docker build -t hardens:latest . |
| 107 | +$ docker run --network host --privileged -v $PWD:/HARDENS -it hardens:latest |
| 108 | +``` |
| 109 | + |
| 110 | +In order to run a long-lived Docker container for reuse, use a `docker |
| 111 | +run` command like the following, ensuring that you are in the right |
| 112 | +directory in order to bind your sandbox properly into the container. |
| 113 | + |
| 114 | +``` |
| 115 | +$ docker run -d -it --name HARDENS --network host --privileged -v $PWD:/HARDENS hardens:latest |
| 116 | +``` |
| 117 | + |
| 118 | +After running such a detacted container, attach to it for interactive |
| 119 | +use by running a command like: |
| 120 | +``` |
| 121 | +$ docker exec -it HARDENS bash -l |
| 122 | +``` |
| 123 | + |
| 124 | +### SysMLv2 Container |
| 125 | + |
| 126 | +To pull and use the pre-build SysMLv2 container, use the following |
| 127 | +`pull` command to pull the container from DockerHub. See |
| 128 | +https://hub.docker.com/r/gorenje/sysmlv2-jupyter for details. |
| 129 | + |
| 130 | +``` |
| 131 | +$ docker pull gorenje/sysmlv2-jupyter:latest |
| 132 | +$ docker run -d -it --name SysMLv2 --network host -v $PWD:/HARDENS gorenje/sysmlv2-jupyter:latest |
| 133 | +``` |
| 134 | + |
| 135 | +## Lattice ECP5 evaluation board |
| 136 | + |
| 137 | +We are using an ECP5-5G FPGA board for the RTS demonstrator. |
| 138 | + |
| 139 | +Details [here](https://www.latticesemi.com/products/developmentboardsandkits/ecp5evaluationboard#_C694C444BC684AD48A3ED64C227B6455). The board uses ECP5-5G FPGA ([LFE5UM5G-85F-8BG381](https://www.latticesemi.com/en/Products/FPGAandCPLD/ECP5)) which has: |
| 140 | + |
| 141 | +- 84k LUTs |
| 142 | +- On-board Boot Flash – 128 Mbit Serial Peripheral Interface (SPI) Flash, with Quad read featu |
| 143 | +- 8 input DIP switches, 3 push buttons and 8 LEDs for demo purposes |
| 144 | + |
| 145 | + |
| 146 | + |
| 147 | +### GPIO headers |
| 148 | + |
| 149 | +Headers are: J5, J8, J32, J33 and Max I_OUT for 3V3 is 1.35A |
| 150 | + |
| 151 | +J5 Pinout: |
| 152 | + |
| 153 | +* 1, 2 - VCCIO2 (Sensor 1 VIN, Sensor 2 VIN) |
| 154 | +* 3, 4 - H20, G19 (Sensor 1 I2C) |
| 155 | +* 5, 6 - GND (Sensor 1 GND, Sensor 2 GND) |
| 156 | +* 7, 8 - K18, J18 (Sensor 2 I2C) |
| 157 | + |
| 158 | +### LEDs: |
| 159 | + |
| 160 | + |
| 161 | + |
| 162 | +### Switches |
| 163 | + |
| 164 | + |
| 165 | + |
| 166 | +### Buttons |
| 167 | + |
| 168 | +General purpose button `SW4` is connected to `P4` |
| 169 | + |
| 170 | +## Sensors/Actuators |
| 171 | + |
| 172 | +* MOSFET power control kit: https://www.sparkfun.com/products/12959 |
| 173 | +* 12 V Latch solenoid: https://www.sparkfun.com/products/15324 |
| 174 | +* Pressure sensor: https://www.sparkfun.com/products/11084 |
0 commit comments