Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dip. Automatica e Informatica

Published byMuriel Crawford Modified over 6 years ago

Similar presentations

Presentation on theme: "Dip. Automatica e Informatica"— Presentation transcript:

1 Dip. Automatica e Informatica
Reconfigurable FPGAs in radioactive environment challenges and possible solutions Massimo Violante Luca Sterpone Politecnico di Torino Dip. Automatica e Informatica Torino, Italy

2 Politecnico di Torino Leading Engineering School in Italy, founded in 1859 Department of Automation and Computer Engineering 60 faculties, 80 research assistants, 20 staff 100 PhD students Annual budget (~5 M€) Massimo VIOLANTE - CERN

3 Electronic CAD & Reliability Group
Its mission is to support, through techniques, tools, and services, the designer of electronic circuits and systems 7 faculties, 3 research assistants, 6 PhD students Strong cooperation with major industries, agencies, and research centers world-wide Reliable COTS-based embedded systems Prof. Massimo Violante, and Dr. Luca Sterpone 1 research assistant, 2 PhD students Massimo VIOLANTE - CERN

4 Goal To illustrate the challenge in designing with reconfigurable FPGAs in radioactive environment To illustrate possible solutions (design flow) Massimo VIOLANTE - CERN

5 Outline Introduction Xilinx Virtex II & 4 Actel ProASIC Conclusions
Massimo VIOLANTE - CERN

6 Outline Introduction Xilinx Virtex II & 4 Actel ProASIC Conclusions
Massimo VIOLANTE - CERN

7 Introduction A number of reconfigurable FPGAs today available
SRAM-based FPGAs: Xilinx, Altera, SiliconBlue, Atmel, … Flash-based FPGAs: Actel Plenty of experimental data available showing sensitivity to radiations, but Limited support to help designers Some design tools Some application notes Lack of established design flows including: architecture, implementation and validation Massimo VIOLANTE - CERN

8 Activities at Polito Driver: space-related agencies/companies
SRAM-based FPGAs  Xilinx Virtex II & 4 Development of design methods and tools Fault injection: in cooperation with INAF (Milano, Italy), and Univ. of Sevilla (Sevilla, Spain) Radiation testing: in cooperation with Univ. of Padova (Padova, Italy) Flash-based FPGAs  Actel ProASIC Fault injection Radiation testing: in cooperation with ESA (Noordwijk, NL) Massimo VIOLANTE - CERN

9 Outline Introduction Xilinx Virtex II & 4 Actel ProASIC Conclusions
Massimo VIOLANTE - CERN

10 Why Virtex-II & 4? Package qualified successfully for space use
Extensive database concerning radiation effects/device reliability Availability of design tools Newer devices like Virtex-5QV rad-hard are under scrutiny but too new to be adopted without further investigations Package is the biggest issue at the moment Limited availability of radiation/reliability data ITAR Massimo VIOLANTE - CERN

11 Why Virtex-II & 4? Virtex-II & 4 appealing when… SEL, TID However
Need for large device with plenty of resources Need for high performance Need for in-flight reconfiguration capabilities SEL, TID SEL free (LETTH(H.I.)=100 MeV-cm2/mg) TID > 250 krad(Si) ~50.0 rad(Si)/sec (Virtex-4QV) However SEEs are an issue and must be mitigated Design validation is crucial Massimo VIOLANTE - CERN

12 SEE of concern SEU/MCU in the device configuration memory
SEU/MCU in the user memory SEU/MCU in hard-IPs SEFI SET (although difficult to observe) Massimo VIOLANTE - CERN

13 How to approach the design
Proper system architecture is needed Payload FPGA, Configuration memory scrubber, SEFI monitor SEE-aware design goes in the payload FPGA TMR Some vendors provide support for TMR TMRtool from Xilinx, Precision RT from Mentor Graphics, Symplify Pro from Synopsys They allow TMR insertion, safe-FSM encoding Massimo VIOLANTE - CERN

14 Typical architecture Voter Partition TMR Domain D1.1 D1.2 D2.1 D2.2
Massimo VIOLANTE - CERN

15 Observation All design techniques are based on the single-fault assumption (1 SEE = 1 fault in the design) But SEE in the configuration memory may produce multiple faults Massimo VIOLANTE - CERN

16 An example: original circuit
The original netlist The bitstream 1 Massimo VIOLANTE - CERN

17 An example: single effect
The corrupted netlist The bitstream 10 An open circuit is created 1 * Massimo VIOLANTE - CERN

18 An example: multiple effects
The corrupted netlist The bitstream 01 A short circuit is created 1 * Massimo VIOLANTE - CERN

19 SEE-corrupted netlist
Why TMR may fail? Original netlist SEE-corrupted netlist Domain 1 Domain 1 Domain 2 Domain 2 The SEE modifies the same signal in two domains  SEE is producing multiple effects not masked by voters Massimo VIOLANTE - CERN

20 An example Design: X-TMR design
In theory any SEE should be mitigated Fault injection in the device configuration memory Resource Failure LUT 26 Global routing 1,497 CLB Local routing 45 CLB configuration Total 1,568 Massimo VIOLANTE - CERN

21 Where is the bug? Design tools (TMRtool, Precision RT,…) work at HDL-level only Design implementation is done using standard place & route that tend to pack designs tightly Minimize device occupation Minimize delay Slices and switch matrices are shared by different TMR domains  SEE may induce multiple errors affecting different TMR domains at the same time! A SEE-aware implementation flow is needed Massimo VIOLANTE - CERN

22 Open questions How can I predict radiation-effects analysis?
Anticipate analysis before going to beam testing Millions of bit are inside the configuration memory: how many of them are really sensitive? Device cross-section vs design cross-section The bit 0x000c1c00, offset 156 is leading the circuit to fail: which part of the design it refers to? Debug the design quickly and accurately How can I implement my design safely? Avoid SEE effects escaping my architecture Massimo VIOLANTE - CERN

23 The design flow Xilinx standard tools TMR tool PAR Input design
XST synthesis Xilinx standard tools TMR tool Output design PAR bitstream Massimo VIOLANTE - CERN

24 The design flow STAR TMR tool
Input design STAR XST synthesis List of sensitive bits TMR tool Output design Analyze the impact of SEE in FPGA configuration memory without running simulations PAR bitstream Massimo VIOLANTE - CERN

25 Compute robust placement for TMR design
The design flow Input design STAR XST synthesis List of sensitive bits TMR tool VPLACE Output design Robust placement PAR Compute robust placement for TMR design bitstream Massimo VIOLANTE - CERN

26 Place & Route robustly TMR design
The design flow Input design STAR XST synthesis List of sensitive bits TMR tool VPLACE Place & Route robustly TMR design Output design Robust placement PAR RoRA/PAR bitstream Robust bitstream Massimo VIOLANTE - CERN

27 The design flow STAR Workload FLIPPER TMR tool VPLACE PAR RoRA/PAR
Input design STAR Workload XST synthesis List of sensitive bits FLIPPER TMR tool VPLACE Fault coverage Output design Robust placement Analyze the impact of SEE in FPGA configuration memory by means of simulations PAR RoRA/PAR bitstream Robust bitstream Massimo VIOLANTE - CERN

28 STAR Read the place & routed design and build the netlist/bitstream association For each bit of the bitstream: Flip the bit and update accordingly the netlist Is the original netlist corrupted (does the error arrive to outputs)? Yes  the bit is sensitive No  the bit is not sensitive Analysis is done looking at the error propagation path, and it does not consider workload Massimo VIOLANTE - CERN

29 STAR operational modes
Discovery mode: it analyzes the bitstream while neglecting mitigation schemes Lists sensitive bits TMR mode: it analyzes the bitstream while automatically recognizing (X)TMR mitigation scheme Lists bits that violate (X)TMR scheme (domain crossing events) List bits that produce warnings (may lead to domain crossing events in case of accumulation) Massimo VIOLANTE - CERN

30 Domain crossing events
Voter Partition TMR Domain V1 D1.1 V2 D1.2 V3 V1 D2.1 V2 D2.2 V3 V1 D3.1 V2 D3.2 V3 Massimo VIOLANTE - CERN

31 Domain crossing events
One Single Event Upset (SEU) in the configuration memory provokes two circuit modifications in two TMR domains in the same TMR partition  The fault propagates beyond the voter boundary Massimo VIOLANTE - CERN

32 Warnings V1 D1.1 V2 D1.2 V3 V1 D2.1 V2 D2.2 V3 V1 D3.1 V2 D3.2 V3 One SEE in the configuration memory provokes two circuit modifications in two voter partitions  The fault stops at the voter boundary Massimo VIOLANTE - CERN

33 TMR-mode algorithm The algorithm recognizes automatically TMR domains, voters, and voter partitions Forward error propagation: Find all the paths from the fault site to the circuit outputs, or memory elements Is the fault propagating to only one of the voter inputs? Yes  the bit is not sensitive No  the fault propagates to at least two inputs of a voter in the same partition  the bit is sensitive V V Massimo VIOLANTE - CERN

34 The report Detailed report is produced for Xilinx devices
Resource: PIP Block Adr 0 Maj Add 6 Min Add 14 Bit 156 Involved PIP : Y1 -- S2BEG2 FAR: 0x000c1c00 Bit: 156 Net = data_bus_IBUF_TR Massimo VIOLANTE - CERN

35 Supported fault models
Single Cell Upset (SCU) Multiple Cell Upset (MCU) Growing phenomena at each new generation of devices STAR includes layout information about the analyzed device (Virtex II, only) Accumulated SCU Massimo VIOLANTE - CERN

36 CLBs candidate for domain-crossing events
VPLACE Domain-crossing events observed when different TMR domains are packed in on CLB VPLACE avoids them by: Identifying the logic belonging to TMR domains Defining placement constraints (UCF file) to force each domain in dedicated FPGA CLBs CLBs candidate for domain-crossing events Robust placement Massimo VIOLANTE - CERN

37 RoRA Domain-crossing events observed when net of different TMR domains are routed in adjacent CLB RoRA avoids them by: Identifying critical nets Re-routing critical nets To minimize run-time: Xilinx PAR is used to provide an initial solution RoRA reworks the initial solution by attacking critical nets only Massimo VIOLANTE - CERN

38 FLIPPER STAR sensitive bits can become a failure or not depending on the workload Pattern-dependent fault masking FLIPPER is an emulation platform specifically designed for fault injection of SEU in Xilinx FPGA configuration memory Massimo VIOLANTE - CERN

39 Real design Problem: optimize SEE mitigation of a design
Device: Virtex-4 xc4vlx160 Design: XTMR circuit from Thales Alenia Space Sensitive bits according to STAR: 38,392 Sensitive bits after VPLACE/RoRA: 17,385 Improved the robustness w.r.t. SEE by 2x Massimo VIOLANTE - CERN

40 Outline Introduction Xilinx Virtex II & 4 Actel ProASIC Conclusions
Massimo VIOLANTE - CERN

41 Why ProASIC? Package qualified successfully for space use
Extensive database concerning radiation effects/device reliability Availability of design tools Massimo VIOLANTE - CERN

42 Why ProASIC? ProASIC appealing when… SEL, TID However
Need for low-power design Need for simple design Need for limited in-flight reconfiguration capabilities SEL, TID SEL free (LETTH(H.I.)=68 MeV-cm2/mg) TID > 30 krad(Si) ~1.0 rad(Si)/minute (no refresh) TID > 90 krad(Si) ~1.0 rad(Si)/minute (refresh) However SEEs are an issue and must be mitigated Design validation is crucial Massimo VIOLANTE - CERN

43 SEE of concern No SEU/MCU in the device configuration memory
SEU/MCU in the user memory SET Massimo VIOLANTE - CERN

44 How to approach the design
Simpler architecture than for SRAM-based FPGAs Although, if refresh is needed it becomes similar SEE-aware design goes in the payload FPGA TMR/EDAC for user memory SET (possibly) Some vendors provides support for TMR Symplify from Synopsys, Libero from Actel They allow TMR insertion Massimo VIOLANTE - CERN

45 How to approach the design
Current approaches are suitable against SEU, however SETs may happen Rule of thumb: after 50 MHz SET contribution becomes visible Massimo VIOLANTE - CERN

46 How to mitigate SET? Available options: No widely-accepted solution
Global TMR Insertion of SET filters (guard gates) No widely-accepted solution SET-aware design implementation is a possible solution Clever placement of inverting gates allows for SET pulse attenuation Massimo VIOLANTE - CERN

47 Our approach Broadening/attenuation for inverting/not-inverting gates implemented by Actel VersaTile vs fan-out 150 routing segments as fan-out 5 routing segments as fan-out Massimo VIOLANTE - CERN

48 Our approach Empirical approach to attenuate SETs
Place inverting gates as close as possible Place non-inverting gate as far as possible Massimo VIOLANTE - CERN

49 Preliminary results SET pulse of 1.8V with width of 250 ps, 400 ps, and 600 ps Massimo VIOLANTE - CERN

50 Outline Introduction Xilinx Virtex II & 4 Actel ProASIC Conclusions
Massimo VIOLANTE - CERN

51 Conclusions Designing critical applications using reconfigurable FPGA is possible, but it requires Understanding of SEE effects Suitable mitigation techniques Suitable validation strategy In addition to that: Memory scrubbing scheme is needed (SRAM-based) SEFI mitigation scheme is needed (SRAM-based) Massimo VIOLANTE - CERN

52 Cookbook Different “recipes” are possible depending on your “taste”
High dose  SRAM-based FPGAs Low SEE rate  scrubbing only  High SEE rate  scrubbing + TMR  Very high SEE rate  scrubbing + TMR + SEFI  Low dose  Flash-based FPGAs Low frequency  TMR on FFs  High frequency  TMR on FFs + SET filtering  The proper cooking instruments and the chef skills are needed! Massimo VIOLANTE - CERN

53 Acknowledgment Massimo VIOLANTE - CERN

Download ppt "Dip. Automatica e Informatica"

Similar presentations

F T -U NSHADES A design analysis tool based on Emulation Technologies ESA-ESTEC/17540 University of Sevilla-AICIA-ESA.

F T -U NSHADES A design analysis tool based on Emulation Technologies ESA-ESTEC/17540 University of Sevilla-AICIA-ESA.
Survey of Detection, Diagnosis, and Fault Tolerance Methods in FPGAs

Survey of Detection, Diagnosis, and Fault Tolerance Methods in FPGAs
Sana Rezgui 1, Jeffrey George 2, Gary Swift 3, Kevin Somervill 4, Carl Carmichael 1 and Gregory Allen 3, SEU Mitigation of a Soft Embedded Processor in.

Sana Rezgui 1, Jeffrey George 2, Gary Swift 3, Kevin Somervill 4, Carl Carmichael 1 and Gregory Allen 3, SEU Mitigation of a Soft Embedded Processor in.
Scrubbing Approaches for Kintex-7 FPGAs

Scrubbing Approaches for Kintex-7 FPGAs
HPEC 2012 Scrubbing Optimization via Availability Prediction (SOAP) for Reconfigurable Space Computing Quinn Martin Alan George.

HPEC 2012 Scrubbing Optimization via Availability Prediction (SOAP) for Reconfigurable Space Computing Quinn Martin Alan George.
April 30, 2014 1 Cost efficient soft-error protection for ASICs Tuvia Liran; Ramon Chips Ltd.

April 30, Cost efficient soft-error protection for ASICs Tuvia Liran; Ramon Chips Ltd.
DC/DC Switching Power Converter with Radiation Hardened Digital Control Based on SRAM FPGAs F. Baronti 1, P.C. Adell 2, W.T. Holman 2, R.D. Schrimpf 2,

DC/DC Switching Power Converter with Radiation Hardened Digital Control Based on SRAM FPGAs F. Baronti 1, P.C. Adell 2, W.T. Holman 2, R.D. Schrimpf 2,
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &

Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
Implementation of DSP Algorithm on SoC. Mid-Semester Presentation Student : Einat Tevel Supervisor : Isaschar Walter Accompaning engineer : Emilia Burlak.

Implementation of DSP Algorithm on SoC. Mid-Semester Presentation Student : Einat Tevel Supervisor : Isaschar Walter Accompaning engineer : Emilia Burlak.
© 2011 Xilinx, Inc. All Rights Reserved This material exempt per Department of Commerce license exception TSU Xilinx Tool Flow.

© 2011 Xilinx, Inc. All Rights Reserved This material exempt per Department of Commerce license exception TSU Xilinx Tool Flow.
1 FLIPPER SEU Fault Injection in Xilinx FPGAs Monica Alderighi National Institute for Astrophysics, IASF Milano, Italy Computing.

1 FLIPPER SEU Fault Injection in Xilinx FPGAs Monica Alderighi National Institute for Astrophysics, IASF Milano, Italy Computing.
A comprehensive method for the evaluation of the sensitivity to SEUs of FPGA-based applications A comprehensive method for the evaluation of the sensitivity.

A comprehensive method for the evaluation of the sensitivity to SEUs of FPGA-based applications A comprehensive method for the evaluation of the sensitivity.
FPGA IRRADIATION and TESTING PLANS (Update) Ray Mountain, Marina Artuso, Bin Gui Syracuse University OUTLINE: 1.Core 2.Peripheral 3.Testing Procedures.

FPGA IRRADIATION and TESTING PLANS (Update) Ray Mountain, Marina Artuso, Bin Gui Syracuse University OUTLINE: 1.Core 2.Peripheral 3.Testing Procedures.
Ch.9 CPLD/FPGA Design TAIST ICTES Program VLSI Design Methodology Hiroaki Kunieda Tokyo Institute of Technology.

Ch.9 CPLD/FPGA Design TAIST ICTES Program VLSI Design Methodology Hiroaki Kunieda Tokyo Institute of Technology.
ASIC/FPGA design flow. FPGA Design Flow Detailed (RTL) Design Detailed (RTL) Design Ideas (Specifications) Design Ideas (Specifications) Device Programming.

ASIC/FPGA design flow. FPGA Design Flow Detailed (RTL) Design Detailed (RTL) Design Ideas (Specifications) Design Ideas (Specifications) Device Programming.
Lessons Learned The Hard Way: FPGA  PCB Integration Challenges Dave Brady & Bruce Riggins.

Lessons Learned The Hard Way: FPGA  PCB Integration Challenges Dave Brady & Bruce Riggins.
© 2003 Xilinx, Inc. All Rights Reserved For Academic Use Only Xilinx Design Flow FPGA Design Flow Workshop.

© 2003 Xilinx, Inc. All Rights Reserved For Academic Use Only Xilinx Design Flow FPGA Design Flow Workshop.
1 Extending Atmel FPGA Flow Nikos Andrikos TEC-EDM, ESTEC, ESA, Netherlands DAUIN, Politecnico di Torino, Italy NPI Final Presentation 25 January 2013.

1 Extending Atmel FPGA Flow Nikos Andrikos TEC-EDM, ESTEC, ESA, Netherlands DAUIN, Politecnico di Torino, Italy NPI Final Presentation 25 January 2013.
CSE 494: Electronic Design Automation Lecture 2 VLSI Design, Physical Design Automation, Design Styles.

CSE 494: Electronic Design Automation Lecture 2 VLSI Design, Physical Design Automation, Design Styles.
J. Christiansen, CERN - EP/MIC

J. Christiansen, CERN - EP/MIC

Similar presentations

Ads by Google