

#### USE OF COTS PROCESSORS IN SPACE

ADCSS09, ESTEC

MPSA - Micro-Processors for Space Applications round table

C. Monteleone
On Board Computer & Data Handling Section (TEC-EDD)
ESA ESTEC



## **TEC-ED Sections**





#### List of contents

- Definition of COTS
- Concerns using COTS processors in space systems
- Motivations for using COTS processors in space systems
- ESA project "COTS based computer for On Board systems"



# What we mean with COTS components

#### A common definition for COTS:

Commercial off-the-shelf (COTS) is a term identifying software or hardware products that are ready-made and available for sale or license

- Manufacturer's standard products
- Can be found in data books
- Usually fast procurement

There are COTS products also for Rad-Hard processors e.g. TSC695, AT697, AT791

## Additional definition for COTS components for space:

- Components with no pre-requisite specification respect to space environment (thermal, mechanical, radiation aspects)
- Lower cost respect to similar rad-hard components



# Concerns using COTS processors

#### Radiation effects

Availability of Radiation Tests results are often missing

#### Variability

- A COTS manufacturers do not control the technology parameters that condition the radiation hardness
- Process is likely to be modified at anytime, tracing the origin and manufacturing process is difficult
- Processor memories COTS devices has a variability from one manufacturer to another and for a single manufacturer

#### Obsolescence

- COTS suppliers constantly introduce new products while
- hardened OBC have a long development time and a long life cycle

#### Power consumption

- Higher power consumption than High Rel devices
- Power consumption stability vs aging effects

#### Reliability

Reliability data often missing or incomplete

#### No access to the intimate design

Difficulty to fully characterize the design and to develop models



## Motivations for using COTS processors

- High computing performance
- Reduced procurement cost
- Large availability of support tools for SW development and tests
- Large availability of existing software libraries
- Compatibility with ground processors allows developing of low cost test environments and simulators
- Many COTS developed processors technology using sub-100 nm silicon techniques include internal error detection and correction features that can make easier the implementation in computers for space applications of architectural solutions for FDIR.



# On-going ESA activity related to COTS processors in space

#### Title:

COTS based Computer for On board Systems (CoCs)

## Main objective:

Study and design for on-board computing systems based on "Commercial Off The-Shelf" components

## Activity phases:

## 1. The design phase

Defining the COTS computers as well as the methods for their manufacturing and qualification

## 2. The implementation and qualification phase

Manufacturing of EM/EQM breadboards that target real missions.

## 3. The transfer phase

Bridging the gap between R&D and operational use within projects.



# CoCs Activity design phase

#### Main objectives:

- The selection of the COTS components
- The detailed specification
- Models for the CoCs and its building blocks.
- Methods for the prediction and evaluation of the performances.
- The specification of the CoCs Software

## Goal is prototyping 3 COTS based computer architectures:

- The Highly Reliable CoCs (Hi-R)
- The Highly Available CoCs (Hi-V)
- The High Computing Power Payload CoCs (Hi-P)



# **CoCs Activity Contracts**





# Hi-R Computer requirements

Highly reliable computers are used to run functions over a quite long period of time while they can be interrupted from time to time without putting the mission in danger.

- Lifetime: 15 years
- A permanent failure: must not lead to mission loss.
- A survival mode is used as ultimate barrier ensuring satellite safety.
- Tolerated outage: 10 seconds maximum.
- Rate of outage: one outage every 30 days.
- Reliability > 0.95 over 15 years.
- Performance: > 200 MIPS.
- Communication services shall be able to manage at the same time up to:
  - 3 high speed bus (> 300 Mbit/s)
  - 3 low speed bus (of the class 1 Mbit/s)
  - 100 low speed I/O's (few Kbit/s)



# **Hi-V Computer requirements**

Highly available computer shall provide dependable services never interrupted during a limited period of availability

- Lifetime: 15 years.
- A permanent failure must not lead to mission loss.
- Duration of the availability period: 30 consecutive days.
- No outage is allowed during the availability period.
- No survival mode is possible.
- Probability of failure during availability period is 10<sup>-7</sup> per hour.
- Number of availability periods during lifetime: 50.
- Reliability outside the availability period > 0.95 over 15 years.
- Performance: > 200 MIPS.
- Communication services shall be able to manage at the same time up to:
  - 3 high speed bus (> 300 Mbit/s)
  - 3 low speed bus (of the class 1 Mbit/s)



# Hi-P Computer requirements

High Processing Power Payload Computer performance figures shall be the following:

- Lifetime: 15 years.
- Duration of availability period: 10 days.
- Outage allowed during availability period: 10 second.
- Number of outage allowed during availability period: 5.
- Failed computer must go automatically in a safe state.
- Number of availability periods during lifetime: 100.
- Performance: > 500 MIPS or > 500 MFLOPS.
- Communication services shall be able to manage at the same time up to:
  - 3 high speed bus (> 300 Mbit/s)
  - 3 low speed bus (of the class 1 Mbit/s)



## **COTS** processor selection criteria

- Maturity and Stability of the design and manufacturing process
- Rapid Obsolescence / long term availability
- Diffusion in commercial and embedded markets
- Availability and maturity of development tools and SW
- Availability of up-screened versions
- Access to manufacturers data
- No ITAR or other export restrictions
- Use of silicon technologies having intrinsic radiation tolerance capabilities and availability of Radiation tests results
- Internal error detection and correction features
- Power consumption
- Packaging



## **COTS** Processor selected

| Features              | PPC7448 (Freescale)                                     | AT697 (ATMEL)                                              |
|-----------------------|---------------------------------------------------------|------------------------------------------------------------|
| Clock frequency       | 1.3 Ghz                                                 | 100 MHz                                                    |
| Dhrystone 2.1 MIPS    | 3000                                                    | 86                                                         |
| Manufacturing process | 90 nm CMOS SOI                                          | 180 nm ATC18RHA                                            |
| On-chip L1 cache      | 32 Kbyte Icache with parity 32 Kbyte Dcache with parity | 32 Kbyte Icache with parity<br>16 Kbyte Dcache with parity |
| On-chip L2 cache      | 1 Mbyte with tag parity and ECC on data                 | -                                                          |
| Core                  | e600 core (PowerPC G4)                                  | LEON2-FT (Sparc V8)                                        |
| Package               | CLGA 360                                                | MCGA 349                                                   |
| SEU (cm²/device)      | 3.0x10 <sup>-4</sup>                                    | 1.0x10 <sup>-5</sup>                                       |
| Power (mW/MHz)        | 9.2                                                     | 10                                                         |



## Hi-R Computer Architecture





## Hi-R FDIR strategy

- Approach is to maintain to a large extent the architecture, redundancy concept and partitioning of functions in use within typical Platform Control computers.
- All the countermeasures needed to minimize occurrence and to solve transients faults are implemented internally to each module
- In particular in the Processor Module this is achieved by a combination of hardware and software features:
  - Volatile memory protected by ECC code
  - Each volatile memory device powered independently to recover from SEFI
  - Protected volatile memory areas
  - Smart watch-dogs
  - HW scrubbing
  - Time redundancy: tasks are computed twice
- The Reconfiguration Module intervenes only in case of locally unrecoverable situations.



# **Hi-V Computer Architecture**





# **Hi-V Computer System**





# **Hi-P COTS based Computer**

The architecture is based on two main modules: Processor module and Smart-I/O module

#### **Processor Module:**

- It is based on PowerPC-7448
- In case of specific higher performance or lower power consumption needs a DSP based design is used

#### Smart I/O module:

- It is SEU immune and based on a Rad-Hard but lower performance processor (e.g. AT697)
- Can control multiple Processor Modules
- It is in charge to ensures safe instrument control and to format the data before the distribution in the system
- Can perform low performance phases when PM boards are off.



# **Hi-P System Interfaces**



#### PM Module - Smart I/O Interconnection candidates:

- cPCI@33MHz allows 1 Gb/s data rate
- SpaceFiber allows 1- 10 Gb/s data rate
- The Wizard Link (Texas Instrument)