

## FPGAs in Critical Applications and Model Support

Sandi Habinc

**Gaisler Research, Gothenburg** 



## Background

- Capacity and performance of FPGAs suitable for space flight is increasing steadily
- Increase from tens of thousands to millions of system gates
- Application of FPGAs has moved from glue logic to complete subsystems that combine real time functions on a single chip, including microprocessors and memories.
- The potential for FPGA use in space is steadily increasing, continuously opening up new application areas.
- The FPGAs are more commonly being used in critical applications and are replacing ASICs on a regular basis.



### The activity

#### Main objectives:

- Lessons learned from FPGA developments
- Overview of re-programmable FPGAs for space applications
- Development of SEU mitigation technique for reprogrammable FPGAs
- VHDL model support



#### **Documents**

- Lessons Learned from FPGA Developments, FPGA-001-01, Version 0.2, September 2002
- Suitability of reprogrammable FPGAs in space applications, FPGA-002-01, Version 0.4, September 2002
- Functional Triple Modular Redundancy (FTMR), VHDL Design Methodology for Redundancy in Combinatorial and Sequential Logic, FPGA-003-01, Version 0.2, December 2002

All documents available at www.gaisler.com



## **Reprogrammable FPGAs**

- Main provider is Xilinx Inc., USA
  - Xilinx devices have been flown on US missions, e.g. 2003 Mars Exploration Rover
- Actel Corporation, USA, ProASIC FLASH device, small in size and problems with SEL
- Northorp Grumman, USA
- Altera, USA



## **Virtex FPGA features**

- Densities from 50 000 to 10 000 000 system gates
  - Multi-standard interfaces
  - High-performance interface standards
- Built-in clock-management circuitry
  - Dedicated delay-locked loops (DLLs) for clock control
  - Low-skew global clock distribution nets
- Hierarchical memory system
  - Look-up-Tables (LUTs) configurable as 16-bit RAM, 32-bit RAM, 16-bit dual-ported RAM (all named LUTRAMs), or 16bit shift-register
  - Configurable synchronous dual-ported 4k-bit block RAMs (BRAMs)
- Reprogrammable by means of external PROM
- Large configuration memory on-chip (SRAM)



### **Virtex FPGA architecture**

| DLL  |       | DLL  |       |      |
|------|-------|------|-------|------|
| IOBs | BRAMS | CLBs | BRAMS | IOBs |
| DLL  |       | IOBs |       | DLL  |



## **Single Event Upsets**

- Configuration upsets (configuration memory)
  - main cause for functional failure
  - causes loss of logical functionality
- User logic upsets (e.g. block memory, logic-block flip-flops and I/O flip-flops)
  - causes e.g. data failures
- Architectural upsets (e.g. JTAG) (SEFI)
  - causes catastrophic failures



# **SEU** mitigation

- Configuration memory protection
  - i.e. scrubbing
- User logic protection
  - Module redundancy and mitigation
  - Logic partitioning for mitigation
  - Logic duplication and mitigation

Device redundancy and mitigation





## Triple Module Redundancy (TMR)





## Gate level mitigation - register





## **Gate level mitigation - logic**







## **Functional TMR (FTMR)**



current state record





### **Voting options**





### **FTMR** overview





#### **Results - synthesis**

|               |             |              | Con             | figurat          | ion            | Syı            | nthesis       | s re | Perfor | in)          |              |             |            |          |
|---------------|-------------|--------------|-----------------|------------------|----------------|----------------|---------------|------|--------|--------------|--------------|-------------|------------|----------|
| Design        | seq.<br>TMR | comb.<br>TMR | input<br>voters | output<br>voters | clock<br>lines | reset<br>lines | voter<br>type | FFS  | LUTS   | <b>SUFGs</b> | <b>3UFTS</b> | Gate<br>MHz | P&R<br>MHz | ime (m   |
| original      | n/a         | n/a          | n/a             | n/a              | n/a            | n/a            | n/a           | 786  | 1457   | ш<br>1       | 0            | 42          | 44         | <u>н</u> |
| behavioural   | n/a         | n/a          | n/a             | n/a              | n/a            | n/a            | n/a           | 784  | 1454   | 1            | 0            | 40          | 46         | 2        |
| structural    | n/a         | n/a          | n/a             | n/a              | n/a            | n/a            | n/a           | 784  | 2015   | 1            | 0            | 38          | 41         | 11       |
| sequential    | yes         | no           | 0               | 1                | 1              | 1              | logic         | 2352 | 2793   | 1            | 0            | 37          | n/a        | 24       |
|               |             |              |                 |                  |                |                | buffer        | 2352 | 2012   | 1            | 2352         | 36          | n/a        | 15       |
| combinatorial | yes         | yes          | 1               | 1                | 3              | 3              | logic         | 2352 | 7726   | 3            | 0            | 33          | n/a        | 6        |
|               |             |              |                 |                  |                |                | buffer        | 2352 | 6139   | 3            | 4704         | 33          | 23         | 8        |
|               |             |              | 3               | 3                |                |                | logic         | 2352 | 10861  | 3            | 0            | 34          | 30         | 7        |
|               |             |              |                 |                  |                |                | buffer        | 2352 | 6139   | 3            | >100%        | 33          | n/a        | 11       |

#### Synthesis results targeting Xilinx Virtex XCV1000-6



#### **Results - place & route**

| Design      | Configuration |              |              |               |             |             |               |      | P & R results |        |       |       |      |       |     |            |
|-------------|---------------|--------------|--------------|---------------|-------------|-------------|---------------|------|---------------|--------|-------|-------|------|-------|-----|------------|
|             | seq.<br>TMR   | comb.<br>TMR | input voters | output voters | clock lines | reset lines | voter<br>type | FFS  | LUTS          | Slices | BUFTS | GCLKs | IOBs | Gates | MHz | Time (min) |
| original    | n/a           | n/a          | n/a          | n/a           | n/a         | n/a         | n/a           | 785  | 1438          | 1072   | 0     | 1     | 122  | 17686 | 44  | 5          |
| behavioural | n/a           | n/a          | n/a          | n/a           | n/a         | n/a         | n/a           | 783  | 1429          | 1044   | 0     | 1     | 268  | 17640 | 46  | 5          |
| structural  | n/a           | n/a          | n/a          | n/a           | n/a         | n/a         | n/a           | 783  | 1998          | 1049   | 0     | 1     | 268  | 21354 | 41  | 10         |
| combi-      | yes           | yes          | 1            | 1             | 3           | 3           | buffer        | 2352 | 6092          | 5484   | 4704  | 3     | 366  | 78600 | 23  | 126        |
| natorial    |               |              |              |               |             |             |               | 9%   | 25%           | 44%    | 37%   | 75%   | 90%  | n/a   |     |            |
|             |               |              | 3            | 3             |             |             | logic         | 2352 | 10751         | 6540   | 0     | 3     | 366  | 92475 | 30  | 12         |
|             |               |              |              |               |             |             |               | 9%   | 43%           | 53%    | 0%    | 75%   | 90%  | n/a   |     |            |

#### Place & route results targeting Xilinx Virtex XCV1000-6



### Conclusions

- It is possible to write VHDL in a structured yet high level coding style, obtaining the required redundancy
- FTMR provides tuneable level of redundancy
- FTRM only requires a moderate coding overhead
- Logical and sequential redundancy carries a large gate overhead, a factor between 4.5 to 7.5
- Performance reduced by about 50%
- Radiation testing is on-going



#### Contact

#### GAISLER RESEARCH AB Första Långgatan 19 SE-413 27 Göteborg

Sweden

- Tel: +46 31 7758652 (Sandi Habinc)
- Fax: +46 31 421407
- Mail: sandi@gaisler.com
- Web: www.gaisler.com