design of a single event effect fault tolerant
play

Design of a Single Event Effect fault tolerant microprocessor for - PowerPoint PPT Presentation

Feb 25, 2024 •384 likes •704 views

Design of a Single Event Effect fault tolerant microprocessor for space using commercial EDA tools Design Automation Conference DAC 2009 Roland Weigand European Space Agency Roland.Weigand[at]esa.int Jean Edelin Atmel Aerospace

  1. Design of a Single Event Effect fault tolerant microprocessor for space using commercial EDA tools Design Automation Conference DAC 2009 Roland Weigand European Space Agency Roland.Weigand[at]esa.int Jean Edelin Atmel Aerospace Jean.Edelin[at]atmel.com Microelectronics Section DAC User Track Slide # July 2009 (1)

  2. Contents ◆ The AT697 SPARC V8 microprocessor ◆ Radiation effects in space components ➙ Total Ionising Dose (TID) and Single Event Effects (SEE) ◆ Mitigation of Single Event Effects ➙ Hardened flip-flops, triple modular redundancy (TMR), glitch filtering ➙ RAM protection by parity and EDAC ◆ STMR: 3 voted flip-flops with 3 phase-skewed clock trees ◆ Impact on design flow ➙ Implementation of STMR in HDL or in netlist ➙ Clock tree synthesis (CTS) ➙ Verification ➙ Timing issues ➙ Scan path ➙ EDA tool issues ◆ Overheads for STMR fault tolerant design Microelectronics Section DAC User Track Slide # July 2009 (2)

  3. The AT697 Microprocessor [1] ◆ SPARC V8 Architecture ➙ LEON2 IP core [2] ➙ IEEE 754 FPU ➙ Max. 100 MHz ◆ PCI 2.2 32-bit 33 MHz ◆ SRAM/SDRAM interface ◆ Radiation tolerance ➙ Parity/EDAC on internal and external memories ➙ Up to 300 kRad total dose ➙ SEU <= 10 -5 error/device/day ➙ Latch-up free (70 MeV*cm 2 /mg) ◆ Power consumption <= 1W ◆ Atmel 180 nm technology [1] ➙ Packages: MCGA 349, QFP 256 Microelectronics Section DAC User Track Slide # July 2009 (3)

  4. Floorplan of the AT697 Microelectronics Section DAC User Track Slide # July 2009 (4)

  5. Radiation effects in space components ◆ Total Ionising Dose (TID) ➙ Defects in the semiconductor lattice, degradation of mobility and V th ➙ Reduced speed, increased leakage current at end-of-life ➙ Mitigation: process, cell layout (guardrings), design margins (derating) ◆ Single Event Effects (SEE) ➙ Electron-hole pair generation by interaction with heavy ions ➙ Glitches when carriers are caught by drain pn-junctions Drawing from: [3] Microelectronics Section DAC User Track Slide # July 2009 (5)

  6. Single Event Effects ◆ Single Event Latchup (SEL) ➙ SEE induced triggering of parasitic thyristors ➙ Mitigation by process and library cell design ◆ Single Event Upset (SEU) in Flip-Flops and SRAM ➙ SEE glitch inside the bistable feedback loop of storage point ➙ Immediate bit flip → loss of information, change of state, functional fault ◆ Single Event Transients (SET) in clocks and resets ➙ Glitches on clocks → change of state, functional fault ➙ Asynchronous resets are clock-like signals ◆ Single Event Transients (SET) in combinatorial logic ➙ SEE glitches in combinatorial logic behave like cross-talk effects ➙ Causes SEU when arriving at flip-flop/memory D-input during clock edge ➙ Sensitivity increases with clock frequency ➙ Synchronous resets are like combinatorial signals Microelectronics Section DAC User Track Slide # July 2009 (6)

  7. Mitigation of SEU in Flip-Flops ◆ Standard synchronous RTL design ◆ SEU hardened flip-flops ◆ Triple Modular Redundancy (TMR) flip-flops Microelectronics Section DAC User Track Slide # July 2009 (7)

  8. Mitigation of combinatorial SET ◆ Triple redundancy of flip-flops and combinatorial logic [4] ◆ Glitch Filtering on all flip-flop inputs [5] (P. Mongkolkachit, Pitsini; Bharat Bhuva, 2003) ◆ STMR: TMR flip-flop with triple skewed clock trees ➙ Selected for the AT697 microprocessor, see next slide... Microelectronics Section DAC User Track Slide # July 2009 (8)

  9. STMR: TMR with triple skewed clock By skewing the clocks, a glitch at D can be latched at most in one of the 3 FF D D3 SET latched into FF1 only D1 D2 SET pulse FF1 FF2 FF3 clock clk Q1 tree 1 clock δ tree 2 Q2 δ clock tree 3 Q3 Triplicated clock tree clk1 Q remains at correct value Majority and skewed clocks clk2 Voter δ ~ SET pulse length Q clk3 Q = (Q1 and Q2) or (Q2 and Q3) or (Q1 and Q3) Microelectronics Section DAC User Track Slide # July 2009 (9)

  10. Impacts on the RTL-GDS design flow ◆ Insertion of STMR into the design ➙ Create TMR flip-flops in RTL or post-synthesis ➙ Generation of triple skewed clock trees ◆ Increased complexity affects the design flow and –results ➙ Increased cell and node count → higher tool runtime (or crashes) ➙ Optimisation is less efficient, higher interconnect delay ◆ Synthesis tools are designed to remove redundancy ➙ Don't use sequential optimisation (register merging, pipelining, retiming) ◆ Timing issues ➙ TMR voters and clock skewing reduces maximum speed ➙ Clock skewing can be removed by hold-time fix ◆ Verification and test issues ➙ TMR and formal verification (1 FF in RTL  3 FF at gate level) ➙ TMR (= redundancy) affects testability in scan testing ➙ Implementation of protection has to be verified at netlist level Microelectronics Section DAC User Track Slide # July 2009 (10)

  11. STMR insertion at RTL or gate level STMR in VHDL STMR at gate level ➙ Clock nets/ports are a vector of 3 bit ➙ Used mainly for third party IP ➙ Use the “two-process” method [6] ➙ Library and tool dependent ➙ Synthesise netlist without TMR -- One process per TMR domain: rx0 : process(clk) begin ➙ Create HDL package with TMR if rising_edge(clk(0)) then r0 <= d; equivalent macro-cells end if; end process; ➙ Edit netlist to triplicate clocks and rx1 : process(clk) begin asynchronous resets if rising_edge(clk(1)) then r1 <= d; sed -e 's/CLK\(.*\) std_logic/CLK\1 end if; end process; std_logic_vector(2 downto 0) /' rx2 : process(clk) begin ➙ Edit netlist replacing every flip-flop by if rising_edge(clk(2)) then r2 <= d; its TMR equivalent end if; end process; sed -e 's/DFF1/DFF1_TMR/' -- Vote outputs sed -e 's/DFF2/DFF2_TMR/' r <= (r0 and r1) or (r0 and r2) or (r1 and r2); ➙ Resynthesise the edited netlist, linking ➙ Synthesis with TMR in one go with the TMR macro-cell package ➙ Disallow register merging ➙ Disallow register merging ➙ Structural verification required ➙ Structural verification required Microelectronics Section DAC User Track Slide # July 2009 (11)

  12. Inserting triple skewed clock/reset trees ◆ Clock Tree Synthesis (CTS) optimises skew inside a clock tree ➙ Need control over the insertion delay ( δ 1 = δ 2 ) ➙ Synthesis of several coherent trees not provided by CTS ➙ Compromise: insert three distinct trees with well adjusted CTS parameters ◆ Delay δ inserted at the origin of the clock trees ➙ Instantiate delay buffers in the VHDL source code for simulation ➙ Model δ at synthesis by set_ideal_latency and set_propagated_clock ➙ Initial value for δ is speculative → control/adjustment in backend process ◆ Combinatorial logic on clock/asynchronous reset ➙ Needs to be triplicated as well Microelectronics Section DAC User Track Slide # July 2009 (12)

  13. Coherent clock trees We need to control the relative clock latency: X X+ δ X+2* δ CTS did not achieve goal → Manual adjustment of delay elements required Microelectronics Section DAC User Track Slide # July 2009 (13)

  14. Mastering skew inside each clock tree Above: δ ~ 800 ps high variance Below: δ ~ 600 ps low variance Microelectronics Section DAC User Track Slide # July 2009 (14)

  15. Verification of STMR ➙ TMR is larger and slower than normal flip-flops » Redundancy removed by logic optimisation (synthesis and back-end) » TMR modified by timing optimisation ➙ Defects in redundant structures do not appear at simulation » TMR simulation “works” even if only two of the three FF are correct ??????????? Microelectronics Section DAC User Track Slide # July 2009 (15)

  16. Verification of STMR ➙ TMR is larger and slower than normal flip-flops » Redundancy removed by logic optimisation (synthesis and back-end) » TMR modified by timing optimisation ➙ Defects in redundant structures do not appear at simulation » TMR simulation “works” even if only two of the three FF are correct ⇒⇒⇒⇒⇒⇒⇒ ➙ Structural and formal verification required » Presence of triple FF, correct wiring of the three clock/reset domains » Parsing the netlist with scripts (grep) » Increasing complexity requires formal verification tools ➙ Timing analysis of clock trees » Measure insertion delay from clock root (PLL) to every flip-flop » Difference between clock arrival and data arrival Microelectronics Section DAC User Track Slide # July 2009 (16)

  17. Structural and Formal Verification ◆ COTS formal verification tools get confused ➙ Netlist contains three FF for one described in RTL ➙ Workarounds: declare equivalence of flip-flops ➙ Script/constraint was provided by tool vendor ◆ Structural verification of TMR ➙ Netlist parsing was used in our project ➙ Formal verification, custom tool developed at ESA [7] ➙ NASA/Mentor: Formal verification for TMR designs [3] ◆ Fault injection ➙ Fault injection by simulation » Example: SST, an SEU simulation tool developed at ESA [8] ➙ Fault emulation by FPGA emulation » Example: FT-Unshades [9] ◆ Radiation Testing ➙ Expensive, and only after manufacturing Microelectronics Section DAC User Track Slide # July 2009 (17)

  18. TMR Timing Issues FF3 d3a t setup q3a d3a FF3 q3a combinat. Voter Voter t prop d2a FF2 q2a logic d2a FF2 q2a δ voter δ voter δ logic d1a FF1 q1a d1a FF1 q1a clk clk1 δ clk2 δ clk3 Cycle Time T >= t prop + δ logic + t setup + δ voter + 2 δ TMR voters and clock skewing reduce operating frequency Microelectronics Section DAC User Track Slide # July 2009 (18)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

1 Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and Validation Reflective Design and Validation Marc-Olivier Killijian Dependable Computing and Fault Tolerance Research Group Toulouse - France 2

865 views • 50 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
4/22/2009 Designing highly available systems Incorporate elements of fault-tolerant design

4/22/2009 Designing highly available systems Incorporate elements of fault-tolerant design

4/22/2009 Designing highly available systems Incorporate elements of fault-tolerant design Replication, TMR Distributed Systems Fully fault tolerant system will offer non-stop availability Clusters You cant achieve this! Problem:

458 views • 11 slides
Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the

Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the

EDA421/DIT171 - Parallel and Distributed Real-Time Systems, Chalmers/GU, 2011/2012 Lecture #14 Updated May 2, 2012 Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the effects if the

374 views • 9 slides
FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09,

FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09,

FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09, Gdask Canonical Control Engineering Problem Disturbance Controlled output Set-point Filter Controller Plant Sensor Noise This problem is

639 views • 29 slides
A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09,

A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09,

A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09, MS 12 W. Robert Daasch, Professor Integrated Circuits Design and Test Laboratory Problem Statement In a fault tolerant system containing

478 views • 35 slides
Fault-Tolerant Subgraph For Single-Source Reachability: General and Optimal Surender Baswana,

Fault-Tolerant Subgraph For Single-Source Reachability: General and Optimal Surender Baswana,

FMC-Properties Main Tools Construction of 2-FTRS Reference Fault-Tolerant Subgraph For Single-Source Reachability: General and Optimal Surender Baswana, Keerti Choudhary, Liam Roditty Presented by: Santhini K A and Sampriti Roy CS18D013

1.46k views • 91 slides
REVIEW OF FAULT TOLERANT TECHNIQUES FOR DIFFERENT TYPES OF GRAPHS BY- HATEM NASSRAT TARAK

REVIEW OF FAULT TOLERANT TECHNIQUES FOR DIFFERENT TYPES OF GRAPHS BY- HATEM NASSRAT TARAK

REVIEW OF FAULT TOLERANT TECHNIQUES FOR DIFFERENT TYPES OF GRAPHS BY- HATEM NASSRAT TARAK SHINGNE Outline General view of Fault Tolerance Ft-Design approaches Trees Meshes &amp; Hypercubes conclusion Introduction Fault

584 views • 44 slides
CS6100: Topics in Design and Analysis of Algorithms Fault Tolerant Consensus CS6100 (Even 2012):

CS6100: Topics in Design and Analysis of Algorithms Fault Tolerant Consensus CS6100 (Even 2012):

CS6100: Topics in Design and Analysis of Algorithms Fault Tolerant Consensus CS6100 (Even 2012): Fault Tolerant Consensus Models Failure Types 1. Clean Crash Failure completely fail 2. (Unclean) Crash Failure fail after some messages

653 views • 16 slides
Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

4/1/2014 Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault coverage COMPUTING Checkpointing and backward error recovery (rollback) Kewal K.Saluja General principles General principles

259 views • 3 slides
Kinematic Design of Redundant Robotic Manipulators that are Optimally Fault Tolerant Presented

Kinematic Design of Redundant Robotic Manipulators that are Optimally Fault Tolerant Presented

Introduction Kinematics Fault Tolerance Goal 3R Planar 4R Planar To Spatial 4R Spatial 7R Spatial Conclusions Kinematic Design of Redundant Robotic Manipulators that are Optimally Fault Tolerant Presented by: Khaled M. Ben-Gharbia

1.11k views • 76 slides
Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent Monitoring Networks Networks Heterogeneous Intelligent Monitoring Jing Deng Department of Computer Science University of North Carolina at

335 views • 18 slides
IBM zSeries Fault Tolerant Design Lisa Spainhower Technology m ^ September 20, 2001

IBM zSeries Fault Tolerant Design Lisa Spainhower Technology m ^ September 20, 2001

IBM zSeries Fault Tolerant Design Lisa Spainhower Technology m ^ September 20, 2001 Power/Cooling Fault Tolerance N+1 350 volt DC to DC Load Converter AC to DC DC to DC Converter Converter AC input Battery DC to DC Load Converter

131 views • 9 slides
Fault-tolerant design techniques slides made with the collaboration of: Laprie, Kanoon, Romano

Fault-tolerant design techniques slides made with the collaboration of: Laprie, Kanoon, Romano

Fault-tolerant design techniques slides made with the collaboration of: Laprie, Kanoon, Romano Fault Tolerance Key Ingredients Error Processing ERROR PROCESSING Error detection: identification of erroneous state(s) Error diagnosis : damage

1.16k views • 104 slides
Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems

Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems

Design Optimization of Time- and Cost-Constrained Fault-Tolerant Distributed Embedded Systems Viaceslav Izosimov, Paul Pop, Petru Eles, Zebo Peng Embedded Systems Lab (ESLAB) Linkping University, Sweden 1/21 1 of 14 Motivation Faults

408 views • 21 slides
Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

1/21/2014 Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction Kewal K.Saluja Kewal K Saluja Fault models at different levels (HW) Department of Electrical and Computer Engineering Error

304 views • 5 slides
Subdiffusive behaviour generated by some non-hyperbolic (but ergodic) systems Stefano Isola

Subdiffusive behaviour generated by some non-hyperbolic (but ergodic) systems Stefano Isola

Subdiffusive behaviour generated by some non-hyperbolic (but ergodic) systems Stefano Isola Universit di Camerino stefano.isola@unicam.it https://unicam.it/ stefano.isola/index.html/ Prelude Prelude Symmetric random&quot; walk on Z

1.66k views • 151 slides
= = + = W H dB H dH H dJ H dJ i H ( t ) dB/dt o R s R w1 i

= = + = W H dB H dH H dJ H dJ i H ( t ) dB/dt o R s R w1 i

MAGNETIC LOSSES: QUESTIONS &amp; PROBLEMS 1) Electrotecnical derivation: demonstrate that the magnetic energy loss per cycle is = = + = W H dB H dH H dJ H dJ i H ( t ) dB/dt o R s R w1 i 2 i H 0.4 Fe-Ni

538 views • 21 slides
The Memory Abstraction Association of &lt;name, value&gt; pairs typically named as byte

The Memory Abstraction Association of &lt;name, value&gt; pairs typically named as byte

The Memory Abstraction Association of &lt;name, value&gt; pairs typically named as byte addresses often values aligned on multiples of size Sequence of Reads and Writes Write binds a value to an address Read of addr returns

1.57k views • 121 slides
Decomposable Schur multipliers and non-commutative Fourier multipliers Christoph Kriegler

Decomposable Schur multipliers and non-commutative Fourier multipliers Christoph Kriegler

Decomposable Schur multipliers and non-commutative Fourier multipliers Christoph Kriegler (Clermont-Ferrand), joint work with C edric Arhancet (Besan con) Jussieu 20 October 2015 Regular operators on classical L p () spaces Let 1

955 views • 37 slides
Relative dosimetry: output factors, profiles, penumbra and depth functions Dott. Rossella

Relative dosimetry: output factors, profiles, penumbra and depth functions Dott. Rossella

Relative dosimetry: output factors, profiles, penumbra and depth functions Dott. Rossella Vidimari Department of Medical Physics Trieste Hospital Introduction The dose deposition in a patient is a very complicated process. Its must take

499 views • 47 slides
How to make an application code using G4MT Xin Dong and Gene Cooperma High Performance Computing

How to make an application code using G4MT Xin Dong and Gene Cooperma High Performance Computing

How to make an application code using G4MT Xin Dong and Gene Cooperma High Performance Computing Lab College of Computer and Information Science Northeastern University Boston, Massachusetts 02115 USA { gene,xindong } @ccs.neu.edu Geant4MT

693 views • 29 slides
ENGR/CS 101 CS Session Lecture 8 Log into Windows/ACENET (reboot if in Linux) Start

ENGR/CS 101 CS Session Lecture 8 Log into Windows/ACENET (reboot if in Linux) Start

ENGR/CS 101 CS Session Lecture 8 Log into Windows/ACENET (reboot if in Linux) Start Microsoft Visual Studio 2010 Open DotChaser program Does everyone's game increment the score and move the dot when the dot is clicked? Lecture 8

272 views • 14 slides
Work Site Traffic Management Practice Review Progress Update and Options for Changes to Current

Work Site Traffic Management Practice Review Progress Update and Options for Changes to Current

Work Site Traffic Management Practice Review Progress Update and Options for Changes to Current Practice Project Brief Review current work site traffic management practices in Queensland with a view to improving value for money and

421 views • 18 slides

More recommend