Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Simplified Approach to Fault Tolerant State Machine Design for Single Event Upsets Melanie Berg.

Published byBrook Turner Modified over 8 years ago

Similar presentations

Presentation on theme: "A Simplified Approach to Fault Tolerant State Machine Design for Single Event Upsets Melanie Berg."— Presentation transcript:

1 A Simplified Approach to Fault Tolerant State Machine Design for Single Event Upsets Melanie Berg

2 D219/MAPLD 2004SLIDE 2Berg Overview n Presentation describes “Hardened by Design” techniques at a high level of abstraction… FGPA/ASIC logic Design n Background — Definition of Fault Tolerance — State Machines — Synchronous Design Theory n Proposed Method of SEU detection n Proposed Method of SEU correction

3 D219/MAPLD 2004SLIDE 3Berg Definition of Fault Tolerance n Masking or recovering from erroneous conditions in a system once they have been detected n The degree of fault tolerance implementation is defined by your system level requirements… I.e. what actually is acceptable behavior upon error n Questions that must be answered within the system requirements documentation: — Does your system only need to detect an error? — How quickly must the system respond to an error? — Must your system also correct the error? — Is the system susceptible to more than one error per clock cycle?

4 D219/MAPLD 2004SLIDE 4Berg Synchronous Design with Asynchronous Events n This discussion focuses on sequential Single Event Upsets (SEUs) within a synchronous design environment. n The SEU is considered a soft (temporary) error which has occurred due to a DFF being hit by a charged particle. n Configuration or SRAM errors will not be considered n Although the design is synchronous, it is very important to note that the SEU is an asynchronous event… — Generally not taken into account — Metastability and unpredictable events can occur — Can invoke a SEFI

5 D219/MAPLD 2004SLIDE 5Berg Common Fault Tolerant Implementation n Triple Mode Redundancy (TMR) is the most commonly implemented solution of SEU tolerance. — Why …. Because it is a very simple solution n In many cases it is not implemented correctly — Glitches within the TMR voting logic (due to mitigation across separate clock domains or hazardous combinational logic) must be taken into account incase a SEU occurs near a clock edge n TMR can be very area extensive

6 D219/MAPLD 2004SLIDE 6Berg Glitches in TMR Circuitry: Example

7 D219/MAPLD 2004SLIDE 7Berg Glitchy TMR Circuitry Continued

8 D219/MAPLD 2004SLIDE 8Berg Proposed EDAC Methodology n Goal: The proposed EDAC techniques are: — Targeted for synchronous Finite State Machine Designs — Less area extensive than TMR — Glitch Free and synchronous: Reduces the rate of SEFI n Note: Synchronous Design techniques referred to in this presentation are derived from the ASIC industry and are implemented using HDL… — DFF data inputs should not change within the setup and hold of the DFF: Metastability and unpredictable functionality will occur — Within a synchronous design, metastability will only happen at clock domain crossings…Must use metastability filters (synchronizers) to protect against these Asynchronous events — Synchronous design theory minimizes clock boundary crossings — This is a challenge when SEUs can occur at any point in time anywhere in the circuit

9 D219/MAPLD 2004SLIDE 9Berg Synchronous State Machines n A Finite State Machine (FSM) is designed to deterministically transition through a pattern of defined states n A synchronous FSM utilizes flip-flops to hold its currents state, transitions according to a clock edge and only accepts inputs that have been synchronized to the same clock n Generally FSMs are utilized as control mechanisms n Concern/Challenge: — If an SEU occurs within a FSM, the entire system can lock up into an unreachable state: SEFI!!!

10 D219/MAPLD 2004SLIDE 10Berg Synchronous State Machines n The structure consists of four major parts: — Inputs — Current State Register — Next State Logic — Output logic

11 D219/MAPLD 2004SLIDE 11Berg Encoding Schemes n Each state of a FSM must be mapped into some type of encoding (pattern of bits) n Once the state is mapped, it is then considered a defined (legal) state n Unmapped bit patterns are illegal states

12 D219/MAPLD 2004SLIDE 12Berg Encoding Schemes

13 D219/MAPLD 2004SLIDE 13Berg Safe State Machines??? n A “Safe” State Machine has been defined as one that: — Has a set of defined states — Can deterministically jump to a defined state if an illegal state has been reached (due to a SEU). n Synthesis tools offer a “Safe” option (demand from our industry): TYPE states IS ( IDLE, GET_DATA, PROCESS_DATA, SEND_DATA, BAD_DATA ); SIGNAL current_state, next_state : states; attribute SAFE_FSM: Boolean; attribute SAFE_FSM of states: type is true; n However…Designers Beware!!!!!!! — Synthesis Tools Safe option is not deterministic if an SEU occurs near a clock edge!!!!!

14 D219/MAPLD 2004SLIDE 14Berg Binary Encoding: How Safe is the “Safe” Attribute? n If a Binary encoded FSM flips into an illegal (unmapped) state, the safe option will return the FSM into a known state that is defined by the others or default clause n If a Binary encoded FSM flips into a good state, this error will go undetected. — If the FSM is controlling a critical output, this phenomena can be very detrimental! — How safe is this?

15 D219/MAPLD 2004SLIDE 15Berg Safe State Machines???

16 D219/MAPLD 2004SLIDE 16Berg One-Hot vs. Binary n There used to be a consensus suggesting that Binary is “safer” than One-Hot — Based on the idea that One-Hot requires more DFFs to implement a FSM thus has a higher probability of incurring an error n This theory has been changed! — Most of the community now understands that although One- Hot requires more registers, it has the built-in detection that is necessary for safe design — Binary encoding can lead to a very “un-safe” design

17 D219/MAPLD 2004SLIDE 17Berg Proposed SEU Error Detection: One-Hot n One-Hot requires only one bit be active high per clock period n If more than one bit is turned on, then an error will be detected. n Combinational XNOR over the FSM bits is sufficient for SEU detection… even if a SEU occurs near a clock edge n A MUX can be used to transition the current state into a defined “ERROR STATE” if the parity check fails n If the system can not receive Multiple Event Upsets within one clock period, then the circuitry can never flip into a legal state (illegally)!

18 D219/MAPLD 2004SLIDE 18Berg FSM SEU: Error Correction : Using Companion States n There exists many publications on Error Correction theory. n None directly address how to correctly implement FSM fault correction while using current day synthesis tools. — Glitch control: Generally synthesis tools will produce “glitchy” logic — Synthesis “optimization” algorithms will erase the necessary redundancy for EDAC — The user must sometimes hand instantiate logic — The user must place the necessary attributes to avoid redundant logic erasure.

19 D219/MAPLD 2004SLIDE 19Berg Error Correction within One Cycle: Using Companion States n We’ll base the derivation off of a 4 state FSM:

20 D219/MAPLD 2004SLIDE 20Berg Error Correction within One Cycle: Using Companion States n 1. Find an encoding such that the states have a hamming distance of 3 (at least 3 bits must be different from state to state)... — 00000 (state-A), — 11100(state-B), — 01111(state-C), — 10011(state-D). — Five bits are necessary to encode a four-state machine in order to achieve the required hamming distance of three.

21 D219/MAPLD 2004SLIDE 21Berg Error Correction within One Cycle: Using Companion States 2. For each encoding, calculate the companion encodings such that the hamming distance is one… for example: — Companion encoding for state A (00000) is: 00001,00010,00100,01000,10000 — Companion encoding for state B (11100) is: 11101,11110,11001,10100,01100

22 D219/MAPLD 2004SLIDE 22Berg Error Correction within One Cycle: Using Companion States n When implementing the state machine, state A is encoded as 00000 and then (theoretically) “OR-ed” with all of its companion encodings. This covers all possible SEUs n Do the same for all other states n Use the output of the “OR-ed” states to determine next state logic. — Thus if a bit flips… the companion state will catch it and the FSM will be able to correctly determine the next state n Be careful! The “OR” logic is more complex than simply using a string of “OR” gates.

23 D219/MAPLD 2004SLIDE 23Berg Error Correction within One Cycle: Glitch Control n One major issue that is extremely overlooked is SEUs occurring near clock edges n If this occurs, your error checking logic may cause a glitch n Due to routing timing differences, this can cause incorrect values to be latched into the current state registers. n Refer to a Karnaugh Map for glitch-less implementation n The designer may have to hand instantiate the logic if the synthesis tool does not adhere to the VHDL as expected

24 D219/MAPLD 2004SLIDE 24Berg Error Correction within One Cycle: Glitch Control

25 D219/MAPLD 2004SLIDE 25Berg Error Correction within One Cycle: Glitch Control n The designer will have to include the synthesis directives in order to turn off the tools “optimization”: — Preserve_driver — Preserve_signal n Always check the gate level output of the synthesis tool.

26 D219/MAPLD 2004SLIDE 26Berg Conclusion n This presentation proposes methods of Fault Tolerant State Machine implementation due to potential IC SEU susceptibility. n Be aware of potential glitches due to asynchronous SEUs occurring near a clock edge… — Mitigation Techniques must be Glitch Free! — Mitigation may need a synchronization circuit — Due to metastability and routing delay differences, can be more catastrophic than expected n Special directives must be used in order to drive the synthesis tools when implementing fault tolerant redundant logic because the tools are generally focused on area and speed optimization.

Download ppt "A Simplified Approach to Fault Tolerant State Machine Design for Single Event Upsets Melanie Berg."

Similar presentations

Finite State Machines (FSMs)

Finite State Machines (FSMs)
10/14/2005Caltech1 Reliable State Machines Dr. Gary R Burke California Institute of Technology Jet Propulsion Laboratory.

10/14/2005Caltech1 Reliable State Machines Dr. Gary R Burke California Institute of Technology Jet Propulsion Laboratory.
Logic Synthesis – 3 Optimization Ahmed Hemani Sources: Synopsys Documentation.

Logic Synthesis – 3 Optimization Ahmed Hemani Sources: Synopsys Documentation.
Finite State Machine Chapter 10 RTL Hardware Design by P. Chu.

Finite State Machine Chapter 10 RTL Hardware Design by P. Chu.
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &

Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
CS 151 Digital Systems Design Lecture 25 State Reduction and Assignment.

CS 151 Digital Systems Design Lecture 25 State Reduction and Assignment.
Charles Kime & Thomas Kaminski © 2008 Pearson Education, Inc. (Hyperlinks are active in View Show mode) Chapter 6 –Selected Design Topics Part 3 – Asynchronous.

Charles Kime & Thomas Kaminski © 2008 Pearson Education, Inc. (Hyperlinks are active in View Show mode) Chapter 6 –Selected Design Topics Part 3 – Asynchronous.
Embedded Systems Hardware:

Embedded Systems Hardware:
Asynchronous Machines

Asynchronous Machines
Dr. Turki F. Al-Somani VHDL synthesis and simulation – Part 3 Microcomputer Systems Design (Embedded Systems)

Dr. Turki F. Al-Somani VHDL synthesis and simulation – Part 3 Microcomputer Systems Design (Embedded Systems)
ENEE 408C Lab Capstone Project: Digital System Design Fall 2005 Sequential Circuit Design.

ENEE 408C Lab Capstone Project: Digital System Design Fall 2005 Sequential Circuit Design.
Embedded Systems Hardware: Storage Elements; Finite State Machines; Sequential Logic.

Embedded Systems Hardware: Storage Elements; Finite State Machines; Sequential Logic.
ENGIN112 L25: State Reduction and Assignment October 31, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 25 State Reduction and Assignment.

ENGIN112 L25: State Reduction and Assignment October 31, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 25 State Reduction and Assignment.
Lecture 21 Overview Counters Sequential logic design.

Lecture 21 Overview Counters Sequential logic design.
Flip-Flop Applications

Flip-Flop Applications
Sequential Circuits Chapter 4 S. Dandamudi. 2003 To be used with S. Dandamudi, “Fundamentals of Computer Organization and Design,” Springer, 2003.  S.

Sequential Circuits Chapter 4 S. Dandamudi To be used with S. Dandamudi, “Fundamentals of Computer Organization and Design,” Springer,  S.
Lecture 10 Topics: Sequential circuits Basic concepts Clocks

Lecture 10 Topics: Sequential circuits Basic concepts Clocks
1 CSE370, Lecture 16 Lecture 19 u Logistics n HW5 is due today (full credit today, 20% off Monday 10:29am, Solutions up Monday 10:30am) n HW6 is due Wednesday.

1 CSE370, Lecture 16 Lecture 19 u Logistics n HW5 is due today (full credit today, 20% off Monday 10:29am, Solutions up Monday 10:30am) n HW6 is due Wednesday.
12004 MAPLDVHDL Synthesis Introduction Methodologies for Reliable Design Implementation Melanie Berg NASA Office of Logic Design 2004 MAPLD International.

12004 MAPLDVHDL Synthesis Introduction Methodologies for Reliable Design Implementation Melanie Berg NASA Office of Logic Design 2004 MAPLD International.
StateCAD FPGA Design Workshop. For Academic Use Only Presentation Name 2 Objectives After completing this module, you will be able to:  Describe how.

StateCAD FPGA Design Workshop. For Academic Use Only Presentation Name 2 Objectives After completing this module, you will be able to:  Describe how.

Similar presentations

Ads by Google