

# Workshop on Fault-Injection and Fault-Tolerance tools for Reprogrammable FPGAs

11<sup>th</sup> September 2009

Fault-Injection and Fault Tolerance Tools for Re/Programmable FPGAs





| 9:00 – 9:15   | Welcome address                                                            | Agustín Fernández-León,<br>David Merodio Codinachs, ESA |
|---------------|----------------------------------------------------------------------------|---------------------------------------------------------|
| 9:15 – 9:30   | Reprogrammable FPGAs at Astrium                                            | Tim Pike, Chris Topping, EADS Astrium                   |
| 9:30 – 10:00  | SIRF program overview                                                      | Gary Swift, Xilinx                                      |
| 10:00 – 10:30 | A Comparison of Xilinx SRAM Based<br>Configuration Scrubbing Methodologies | Melanie Berg, NASA Goddard                              |
| 10:30 – 10:50 | ATF280 SRAM based RHBD FPGA: description and SEE test results              | Bernard Bancelin, Atmel                                 |
| 10:50 – 11:10 | Coffee Break                                                               |                                                         |

Note: final time slots TBC





| 11:10 – 11:40 | CNES feedback on the ATF280E FPGA and Space FPGA Designer                              | Jean Bertrand/ Pierre Gasnier, CNES     |
|---------------|----------------------------------------------------------------------------------------|-----------------------------------------|
| 11:40 – 12:10 | Analysis of SCU and MCU effects in SRAM-based FPGAs                                    | Massimo Violante, Politecnico di Torino |
| 12:10 – 12:30 | Mitigation of SCU and MCU effects on SRAM-based FPGAs: placement and routing solutions | Luca Sterpone, Politecnico di Torino    |
| 12:30 – 13:00 | FLIPPER                                                                                | Monica Alderighi, Fabio Casini, INAF    |
| 12:50 – 14:00 | Lunch Break                                                                            |                                         |





| 14:00 – 14:20 | FT-UNSHADES                                            | Miguel A. Aguirre, University of Seville                              |
|---------------|--------------------------------------------------------|-----------------------------------------------------------------------|
| 14:20 – 14:40 | Xilinx Fault Injection Board                           | Gary Swift, Xilinx                                                    |
| 14:40 – 15:30 | DEMOs, Part 1                                          |                                                                       |
| 15:30 – 15:40 | Coffee Break                                           |                                                                       |
| 15:40 – 16:00 | An approach to system-wide fault tolerance for FPGAs   | Jano Gebelein, University of Heidelberg                               |
| 16:00 – 16:15 | TMR schemes                                            | Melanie Berg, NASA Goddard                                            |
| 16:15 – 16:45 | New capabilities for fault tolerance in FPGA synthesis | Dennis Vander Sluis, Darren Zacher,<br>Kamesh Ramani, Mentor Graphics |

Note: final time slots TBC

4





| 16:45 – 17:30 | DEMOs, Part 2                         |
|---------------|---------------------------------------|
| 17:30 – 18:00 | Open discussions and workshop wrap up |

5



### Venue (1/2)



#### How to get to ESTEC: http://www.esa.int/esaCP/SEMO1ZLVGJE\_index\_0.html

Fault-Injection and Fault Tolerance Tools for Re/Programmable FPGAs



### Venue (2/2)

- How to access ESTEC:
  - Proceed to the Security Gatehouse to get the Visitors Badge. ESTEC maps are available under request
  - After getting the Visitor Badge, proceed to the Main Entrance & Reception, passing through the Barrier. You will be asked to show the Visitors Badge and a valid ID. You can pass the barrier either by CAR or on food.
  - After accessing the building through the Main Entrance & Reception, proceed towards the Conference Rooms area: follow the signs towards Newton 2.



### Abstracts (1/8)

- **Reprogrammable FPGAs at Astrium**, Tim Pike, Chris Topping, EADS Astrium
  - This presentation provides general considerations for the future use of reprogrammable FPGA's in space flight hardware. A short summary of on-going activities at Astrium in this area is also be given including the recently awarded ESA contract on "Dynamically Reconfigurable Processing Module"
- **SIRF program overview** Gary Swift, Xilinx
  - Abstract to be included soon



### Abstracts (2/8)

 A Comparison of Xilinx SRAM Based Configuration Scrubbing Methodologies, Molania Para, NASA Coddard

Melanie Berg, NASA Goddard

Conventionally, projects targeted to harsh space environments have utilized expensive Radiation Hardened by Design (RHBD) ICs. In order to reduce cost and increase flexibility, flight-projects are currently examining the efficacy of inserting commercial off the shelf (COTS) devices into space applications. It is important to note that COTS devices are not immune to Single Event Upsets (SEUs) caused by the harsh space-radiation environment.

The general line of Xilinx SRAM Based FPGAs is comprised of COTS components. In order to address the needs of the aerospace industry, the manufacturer has developed a particular line of devices that are Single Event Latch-up (SEL) and Total Ionizing Dose (TID) radiation tolerant. Although the devices are Radiation-Tolerant concerning SEL and TID, they are not Radiation-Tolerant regarding SEUs. Consequently, it is the designer's responsibility to implement the appropriate mitigation that will adhere to the requirements of the targeted critical application.

It has been proven that the most susceptible circuitry of the Xilinx SRAM based FPGA is its SRAM configuration. The prevalent means of mitigation this device is Global Triple Mode Redundancy (GTMR) combined with a configuration memory scrubber.

The scrubber is utilized to correct configuration upsets and reduce the effects of configuration bit error accumulation. This presentation will address various types of scrubbing schemes including their pros, limitations, required frequencies of operation, and radiation test results. In addition, a novel scrubbing scheme developed by NASA Goddard specifically for the Xilinx V5 devices (and future families) will be unveiled with its supporting radiation test results.

9



### Abstracts (3/8)

- ATF280 SRAM based RHBD FPGA: description and SEE test results, Bernard Bancelin, Atmel
  - The talk presents the new ATMEL rad-hard SRAM based reprogrammable FPGA design choices, the SEE (Single Event Effect) and TID test results to illustrate the capability of this product to be used in space, a novel approach for application-oriented SEU sensitiveness analysis and place and route experiments.
- **CNES feedback on the ATF280E FPGA and Space FPGA Designer**, Jean Bertrand/ Pierre Gasnier, CNES
  - In the context of a comparison between two SEE Immune Reconfigurable FPGAs (SIRF / ATF280E), CNES will give its user feedback on the ATF280E and its development tools. After a brief theoretical comparison between Xilinx and Atmel, the ATF280E results of several VHDL designs will be described and the way Atmel tools use logic capacity of the chip will be treated.



### Abstracts (4/8)

- Analysis of SCU and MCU effects in SRAM-based FPGAs, Massimo Violante, Politecnico di Torino
  - Single Cell and Multiple Cell Upsets are radiation-induced persistent errors that designers of space-borne applications have to face when designing using SRAM-based FPGAs. To cope with them, error mitigation techniques are needed, as well as tools able to validate the correctness of the obtained design. In this talk we will present a technique we developed to analyze the possible outcome of SCU/MCU affecting the configuration memory of SRAM-based FPGAs. The technique can be used fruitfully in two different ways: to identify SCU/MCU related issues within a design by relating configuration memory bits with design entities, and to identify cleverly the list of configuration memory bits to attack during fault injection experiments.



### Abstracts (5/8)

• Mitigation of SCU and MCU effects on SRAM-based FPGAs: placement and routing solutions,

#### Luca Sterpone, Politecnico di Torino

Modern FPGAs have been designed with advanced integrated circuit techniques that allow high performant and low power circuits. This makes new FPGA's devices very advantageous for space and avionics based computing. However, larger levels of integration makes FPGA's configuration memory more prone to suffer Single Cell Upsets (SCUs) and Multi Cell Upsets (MCUs). SCUs and MCUs may drastically limits the capability of specific hardening techniques adopted in space-based electronic systems and based on Triple Modular Redundancy (TMR).

In this presentation, we describe the placement and routing solutions we developed in order to mitigate the effects of SCUs and MCUs. In details, we present two tools:

- RoRA Reliability-oriented Routing Algorithm : the tool for hardening circuit's routing versus SCUs and MCUs
- V-Place Versatile Placement Algorithm : the tool for hardening circuit's logic versus SCUs and MCUs and optimizin the performances in terms of frequencies and power consumptions.



### Abstracts (6/8)

#### • FLIPPER,

#### Monica Alderighi, Fabio Casini, INAF

- Field Programmable Gate Arrays based on SRAM (SRAM-FPGAs) have gained a primary role in several application areas due to their high density and unlimited on-field re-configuration capability. Nevertheless when used in high reliability applications and specifically space applications, the Single Event Effects (SEEs) have to be addressed. Single Event Upsets (SEU) are of particular concern, because in SRAM-FPGA they affect not only flip-flops and RAM blocks of the user design, but also the device configuration memory, they can therefore change the logical function of the circuit. Appropriate mitigation has thus to be applied if they are used in space.

The FLIPPER fault injection platform allows testing the efficiency of SEU mitigation schemes. FLIPPER emulates SEU-like faults by doing partial reconfiguration and then applies stimuli derived from HDL simulation, while comparing the outputs with the golden pattern, also derived from simulation. FLIPPER has its Device-Under-Test (DUT) FPGA on a mezzanine board, allowing an easy exchange of the DUT device. In this workshop the main features of the FLIPPER platform are illustrated and examples of its use are given in the demo.



### Abstracts (7/8)

#### • FT-UNSHADES,

#### Miguel A. Aguirre, University of Seville

FTUNSHADES is a tool for designing hardened digital circuits against certain SEE. This tool can evaluate the protection level of a design regardless the technology in which the circuit will be implemented: either ASIC of FPGA. The tool is presented using two approaches, the cycle accurate implementation and the microprocessor case implementation. Also there are results of the reliability of FPGAs.

From methodological point of view the tool open de the concept of protection level, which is based on the possibility of being selective in the protection strategy insertion.

• Xilinx Fault Injection Board,

Gary Swift, Xilinx

Abstract to be included soon



### Abstracts (7/8)

- An approach to system-wide fault tolerance for FPGAs, Jano Gebelein, University of Heidelberg
  - The presentation deals with an approach to the construction of an entire FPGA-based and fault-tolerant computer system spanning all layers of modern computer architecture. This starts with the protection of the fundamental FPGA configuration matrix, continues to the HDL design of multiple hardware components, essentially required to run regular applications on FPGAs, including processor, memory and interfaces and ends up in the implementation of an operating system running radiation hardened software. Joining all these separate layers with their individual approaches to fault tolerance increases the overall radiation susceptibility to a maximum value and enables the use in high-energy physics particle accelerators or space applications. The current design phase is shown exemplary for a fault-tolerant soft core CPU including validation results.
- **TMR schemes** Melanie Berg, NASA Goddard
  - Abstract to be included soon



### Abstracts (8/8)

- New capabilities for fault tolerance in FPGA synthesis, Dennis Vander Sluis, Darren Zacher, Kamesh Ramani, Mentor Graphics
  - Over the past ten years, the programmable logic devices (PLDs) used in aerospace applications have seen process geometries shrink, switching voltages reduced, usage and demand for capacity increase, and clocking rates rise. Together, these changes have resulted in the need for more advanced Single Event Effect (SEE) mitigation techniques such as SEU detecting or correcting FSM encoding, Distributed Triple Module Redundancy (DTMR) and Global Triple Module Redundancy (GTMR). The past ten years have also seen the advent of DO-254, a development process standard aimed specifically at the design of airborne electronic hardware. To meet this standard, the implementation tools used by designers must adhere to stringent design assurance requirements such as requirements tracing, tool repeatability, and messaging. This short presentation is aimed at introducing new capabilities to address the need for more advanced SEE mitigation and for adherence to more stringent design assurance requirements. These capabilities are currently under development in Mentor Graphics' leading FPGA synthesis tool family, Precision® Synthesis.



### Contact

- <u>david.merodio.codinachs@esa.int</u>
  ASIC and FPGA Engineer
  Microelectronics Section (TEC-EDM)
  European Space Agency (ESA)
- Visit the following website:

http://www.esa.int/TEC/Microelectronics/SEMV57KIWZF\_0.html



## **Workshop on Fault-Injection** and **Fault-Tolerance tools for Reprogrammable FPGAs** WELCOME









18

Fault-Injection and Fault Tolerance Tools for Re/Programmable FPGAs

11/09/2009



### Problem

- "New" FPGA technologies ...
  - rad hard?
  - How to use them?









### Tools to design and assess: FI/FT

Fault-Injection and Fault Tolerance Tools for Re/Programmable FPGAs

V3.0



## Objectives

- This workshop is a first get together of:
  - FPGA designers
  - groups that have developed and used these FI/FT tools
  - FPGA vendors (Atmel and Xilinx; Actel in the next edition)
- Tools will be presented, including some demos, to show how they can aid designers to develop and quantify design rad hardness.
- Feedback on users' needs and recent experiences are also expected



### Organization notes

- Presenters:
  - Provide the presentations (preferably during the breaks) or have your laptop ready
  - Do you agree on having it available at the ESA website? (the final version can be provided another day)
- Attendees:
  - Do you agree to distribute your email in the attendees list?



### Useful Info

- Coffee breaks:
  - in the meeting room free coffee
  - Coffee corner
- Lunch:
  - ESTEC main canteen
- Wireless access:

 The following guest unprotected network is available: esa-public



## ENJOY THE WORKSHOP !!!

Fault-Injection and Fault Tolerance Tools for Re/Programmable FPGAs