Protection unit for radiation induced errors in flash memory systems by Bryer, Bevan
Protection Unit for Radiation
Induced Errors in Flash Memory
Systems
by
Bevan Bryer
Thesis presented in partial fulfillment of the requirements for the degree of
Ma.sters of Science in Engineering a.t the University of Stellenbosch
December 2004
Supervisor: Prof. P.J. Bakkes
Declaration
I declare that the contents of this thesis is original and my own work unless otherwise
stated and that it has not, to my knowledge, been published in any part or as a whole at
any other university in order to obtain a degree.
Stellenbosch University http://scholar.sun.ac.za
Synopsis
Flash memory and the errors induced in it by radiation were studied. A test board was
then designed and developed as well as a radiation test program. The system was irradi-
ated. This gave successful results, which confirmed aspects of the study and gave valuable
insight into flash memory behaviour. To date, the board is still being used to test various
flash devices for radiation-harsh environments.
A memory protection unit (MPU) was conceptually designed and developed to morn-
tor flash devices, increasing their reliability in radiation-harsh environments. This unit
was designed for intended use onboard a micro-satellite. The chosen flash device for this
study was the K9F1208XOA model from SAMSUNG. The MPU was designed to detect,
maintain, mitigate and report radiation induced errors in this flash device. Most of the
design was implemented in field programmable gate arrays and was realised using VHDL.
Simulations were performed to verify the functionality of the design subsystems. These
simulations showed that the various emulated errors were handled successfully by the
MPU.
A modular design methodology was followed, therefore allowing the chosen flash device
to be replaced with any flash device, following a small reconfiguration. This also allows
parts of the system to be duplicated to protect more than one device.
Il
Stellenbosch University http://scholar.sun.ac.za
Opsomming
'n Studie is gemaak van" Flash" geheue en die foute daarop wat deur radiasie veroorsaak
word. 'n Toetsbord is ontwerp en ontwikkel asook 'n radiasie toetsprogram waarna die
stelsel bestraal is. Die resultate was suksesvol en het aspekte van die studie bevestig en
belangrike insig gegee ten opsigte van "flash" komponente in radiasie intensiewe omgew-
mgs.
'n Geheue Beskermings Eenheid (GBE) is konseptueel ontwerp en ontwikkelom die "flash"
komponente te monitor. Dit verhoog die betroubaarheid in radiasie intensiewe omgew-
ings. Die eenheid was ontwerp met die oog om dit aan boord 'n mikro-satelliet te gebruik.
Die gekose "flash" komponent vir die studie was die K9F1208XOA model van SAMSUNG.
Die GBE is ontwerp om foute wat deur radiasie geïnduseer word in die "flash" komponent
te identifiseer, herstel en reg te maak. Die grootste deel van die implementasie is gedoen
in "field programmable gate arrays" and is gerealiseer deur gebruik te maak van VHDL.
Simulasies is gedoen om die funksionaliteit van die ontwikkelde substelsels te verifieer.
Hierdie simulasies het getoon dat die verskeie geëmuleerde foute suksesvol deur die GBE
hanteer is.
'n Modulre ontwerpsmetodologie is gevolg sodat die gekose "flash" komponent deur enige
ander flash komponent vervang kan word na gelang van 'n eenvoudige herkonfigurasie.
Dit stelook dele van die sisteem in staat om gedupliseer te word om sodoende meer as
een komponent te beskerm.
III
Stellenbosch University http://scholar.sun.ac.za
Acknow ledgements
The author would like to thanks the following people:
• Prof. P.J. Bakkes (thesis supervisor) for his advice
• Carine Loubser for her support and help in finishing this document
iv
Stellenbosch University http://scholar.sun.ac.za
Contents
1 Introduction
1.1 The Need
1.2 The Rest of the Document
1
1
2
2 Radiation
2.1 Basics
4
4
4
4
6
6
6
8
9
9
9
10
10
10
2.1.1 Definition . . . . .
2.1.2 Types of radiation
2.1.3 Units of radiation.
2.2 Radiation environments
2.2.1 Radiation Belts
2.2.2 Cosmic Rays
2.2.3 Solar Flares
2.2.4 Solar Wind
2.3 Radiation Effects on Semiconductors
2.3.1 Atomic Displacement
2.3.2 Ionization ....
2.3.3 Transient Effects
3 Flash ~ernory
3.1 Introduction.
3.2 How flash works.
3.3 Nand vs Nor ...
3.4 Flash Memory Errors and their Detection.
3.4.1 Single Event Upsets (SEU) .....
3.4.2 Single Event Functional Interrupt (SEFI) .
3.4.3 Single Event Latehup (SEL)
3.4.4 Bad Blocks . . . . . . .
3.5 Radiation Test .
3.5.1 Radiation Board Design
3.5.2 Radiation Test Program
13
13
13
15
16
17
17
19
20
21
22
23
v
Stellenbosch University http://scholar.sun.ac.za
CONTENTS vi
3.5.3 Results.................................. 25
4 Error Detection and Correction
4.1 Hardware vs Software EDAC .
4.1.1 Software EDAC .
4.1.2 Hardware EDAC
4.1.3 Conclusion ....
4.2 Error Correction Codes (ECC) .
4.2.1 Hamming Codes ....
4.2.2 Rectangular Parity Codes
4.2.3 Reed-Solomon Codes .
4.2.4 Convolutional Coding.
4.2.5 Polynomial Codes.
4.3 Conclusion...........
27
28
28
29
29
29
29
30
31
32
33
34
5 Designing the Memory Protection Unit (MPU)
5.1 Specifications Required by Project .
5.2 Developing a Concept Design .
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
Scope and initial problems of design.
The K9F1208XOA Flash Memory Module
System Level Layout .
Concepts for MPU design structure
EDAC system .
SEFI handling. . . . . .
SEL handling . . . . . .
35
35
36
36
38
39
40
43
47
51
52
56
60
5.2.8 Bad Block Management
5.2.9 Error Reporting .....
5.2.10 Overall Concept Design
6 Low Level Design of MPU System
6.1 FPGA and Programming Basics.
6.2 Design Structure ..
6.3 Detail Design .
6.3.1 EDAC design .
6.3.2 SEL and SEFI design .
6.3.3 Bad Block design . . .
6.3.4 Master Controller design
6.3.5 Error Reporting design.
6.3.6 FPGA Choice and Power Calculations
62
62
64
64
64
69
74
79
80
83
Stellenbosch University http://scholar.sun.ac.za
CONTENTS vn
6.4 Simulations . . .
6.4.1 EDAC ..
6.4.2 Bad Block
6.4.3 SEFI ...
6.4.4 SEL and Communication.
84
84
87
88
90
7 Conclusion and Recommendations
7.1 What was achieved
7.2 Recommendations.
91
91
92
A Radiation Test Board
A.1 Design Schematic .
A.2 Printed Circuit Board (PCB) Layout
95
95
96
B MPU Signal Listings
B.1 EDAC Controller .
B.1.1 Input/Output Signals.
B.1.2 Internal Signals .
B.2 Master Controller .
B.2.1 Input/Output Signals.
B.2.2 Internal Signals .
B.3 Communication .
B.3.1 Input/Output Signals.
B.3.2 Internal Signals .
B.4 Watchdog Timer .
B.4.1 Input/Output Signals.
B.4.2 Internal Signals ....
B.5 Analog to digital converter ..
B.5.1 Input/Output Signals.
B.5.2 Internal Signals
98
98
98
100
102
102
104
106
106
107
108
108
108
109
109
109
C VHDL Code
C.1 EDAC Controller . . . . . . . . . . . . . . .
C.2 Master Controller and Bad Block Controller
C.3 Communications .
C.4 Watchdog Timer .
C.5 Analog to digital converter .
110
110
114
124
127
128
Stellenbosch University http://scholar.sun.ac.za
List of Figures
2.1 Trapped-electron radiation belts,plotted contours of equal electron flux of
energy above 1 MeV ([8] Fig. 2.2) . . . . . . . . . . . . . . . . . . . . . .. 7
2.2 Trapped-proton radiation belts, plotted contours of equal proton flux of
energy above 10 MeV ([8] Fig. 2.3) . . . . . . . . . . . . . . . . . . . . .. 7
2.3 The South Atlantic Anomaly.(a)Flux of protons as a function of latitude
and longitude,at an altitude of 600km.The orbit track of the Hubble Space
Telescope is shown. (b )Flux of protons as a function of altitude and latitude
at a longitude of 35°W ([8] Fig. 2.5) 8
2.4 The Earth's magnetosphere in the solar wind, showing the interplanetary
magnetic field and the emanating solar wind particles ([10] Fig. 12.29A) 9
2.5 Transient Disturbance Causing SEU in Conventional Latch ([7] Fig.1 12
3.1 A Typical Flash Cell ([4] Fig.33) 13
3.2 Flash cell during programming using F-N tunneling ([18] Pg.7) . . . . 14
3.3 Flash cell being programmed using Channel Hot Electron injection ([4]
Fig.34) . . . . . . . . . . . . . 15
3.4 NAND vs NOR ([18] Fig.1) . 16
3.5 Bad Block Test Flow Diagram
3.6 Radiation Test Board .....
3.7 Radiation Test Flow Diagram
3.8 Maximum single erase operation duration per cycle vs TID
3.9 Total bad blocks vs TID
21
23
24
25
26
4.1 Rectangular Parity code
4.2 Structure of a Reed-Solomon codeword
31
31
5.1 The K9F1208XOA Memory Array Configuration ([14] Fig.2-1)
5.2 A top-level layout of the relevant peripheral subsystems ....
5.3 Concept design of MPU module inside Mass Memory Unit ..
5.4 Flowdiagram showing all possible error states and suggested mitigation
schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 42
38
40
41
viii
Stellenbosch University http://scholar.sun.ac.za
LIST OF FIGURES IX
5.5 Encoding showing (1) the data symbols being streamed through the en-
coder and (2) the code symbols created following the last data symbols 45
5.6 High-level concept design for EDAC subsystem. 47
5.7 High-level concept design for SEFI subsystem . 51
5.8 Concept design of bad block table structure .. 54
5.9 High level concept design for bad block system. 57
5.10 Concept design of communication system structure 60
5.11 Overall concept design of MPU system . . . 61
6.1 EDAC system implementation in Quartus II
6.2 Power control circuit .
6.3 Analog to digital converter controller
67
70
71
6.4 Current monitoring system. . . . . 72
6.5 Watchdog VHDL entity 72
6.6 SEFI processes and linking signals. . 75
6.7 The bad block table RAMBLOCK implemented in the FPGA 76
6.8 The BBCONTROLLER VHDL block with embedded RAMBLOCK 77
6.9 The bad block processes and linking signals 78
6.10 The master controller processes and linking signals .. 80
6.11 Serial communication interface implemented in VHDL . 82
6.12 Top layer entity for MPU system 83
6.13 Encoder Simulation . . . . 85
6.14 Decoder Simulation . . . . . 86
6.15 Decoder failure Simulation . 86
6.16 Bad Block Table Simulation 87
6.17 Updated Bad Block Table . 88
6.18 Read SEFI Simulation . . . 88
6.19 SEL, Control and Communication simulation. 90
A.1 Radiation Test Board Schematic. 95
A.2 PCB Front Layout . 96
A.3 PCB Bottom Layout . . . . . . . 97
Stellenbosch University http://scholar.sun.ac.za
List of Tables
2.1 Typical Dose Rate in Various Orbits ([6] Tab.3.1) . 11
3.1 Flash Chip standby currents after being irradiated.
3.2 Mitigation solutions for operation failures.
3.3 Erase time results . . . . . . . . . . . . . .
19
21
25
5.1 Comparison of Communication Architectures. 59
6.1 Error reporting code protocol to OBC .
6.2 Command Codes from OBC .
79
80
B.1 General and MPU Report and Control I/O .
B.2 Encoder I/O .
B.3 Decoder I/O .
B.4 Signals linked with Encoder stage
B.5 Signals linked with Decoder stage
B.6 Encoder Control State Types
B.7 Decoder Control State Types
B.8 General and Mise I/O
B.9 Flash device Inputs .
B.10 Bad Block I/O .
B.11 Serial Communication I/O
B.12 Watchdog controller process signals
B.13 Command and Current process signals
B.14 SEFI process signals .
B.15 Latehup and Power process signals ..
B.16 Address handler and bad block handler signals.
B.17 Baudgen I/O ...
B.18 Bintohex.conv I/O ..
B.19 UART I/O .
B.20 Baudgen State Types.
B.21 Bintohex.conv State Types.
98
99
99
100
101
101
102
102
103
103
103
104
104
105
105
105
106
106
106
107
107
x
Stellenbosch University http://scholar.sun.ac.za
LIST OF TABLES Xl
B.22 UART State Types ..
B.23 Watchdog.timer I/O .
B.24 Watchdog State Types
B.25 ADC_Cont I/O ....
· 108
· 108
· 108
· 109
Stellenbosch University http://scholar.sun.ac.za
List of Abbreviations and Acronyms
A
A2D
ASCII
ASIC
CAN
CCD
CHE
COMM
ECC
EDAC
EEPROM
eV
F-N
FET
FIFO
FPGA
G
HDL
Hz
IC
J
k
LEO
LET
M
MMU
MOSFET
MPU
OBC
Ampere, SI-unit for electric current
Analog to Digital
American Standard Code for Information Exchange
Application Specific IC
Controller Area Network
Charge Coupled Device
Channel Hot Electron
Communication
Error Correction Code
Error Detection and Correction
Electrically Erasable Programmable ROM
Electron Volt
FowIer-Nordheim
Field Effect Transistor
First- in First-out
Field Programmable Gate Array
Giga = 109
Hardware Descriptive Language
Hertz = per second
Integrated Circuit
Joule-SI unit for energy
kilo =103
Low Earth Orbit
Linear Energy Transfer
Mega = 106
Mass Memory Unit
Metal Oxide Semiconductor FET
Memory Protection Unit
Onboard Computer
xii
Stellenbosch University http://scholar.sun.ac.za
PC
PCB
RAD
RAM
ROM
RS
SAA
SEFI
SEL
SEU
SRAM
TID
UART
V
VHDL
VHSIC
Personal Computer
Printed Circuit Board
SI-unit for radiation
Random Access Memory
Read Only Memory
Reed Solomon
South Atlantic Anomaly
Single Event Functional Interrupt
Single Event Latehup
Single Event Upset
Static RAM
Total Ionizing Dose
Universal Asynchronous Receiver Transmitter
Volt
VHSIC HDL
Very High Speed IC
xiii
Stellenbosch University http://scholar.sun.ac.za
Chapter 1
Introduction
Designing and building low earth orbit satellites has been an attraction at Stellenbosch
University since 1992. A privileged group of engineers got the opportunity in designing
and building SUNSAT I (Stellenbosch University Satellite) which was launched in 1999.
Following the success of the first satellite engineers at Stellenbosch have been involved
with designing a new improved satellite SUNSAT II. The main purpose of the satellite
project is to train engineers using practical experience.
This chapter starts off by describing the need for increasing the reliability of the flash-
based memory module. The reader is also made aware of the boundaries that exist for
the thesis in defining the scope of the project.
1.1 The Need
SUNSAT II is a micro-satellite being developed by post-graduate engineers at Stellen-
bosch University. The primary use of SUNSAT II is the same as that of SUNSAT I which
is imaging.
The images are acquired by the Pushbroom Imager which scans the earth surface cre-
ating large amounts of data which has to either be sent directly to an earth station or
stored internally in the satellite until required. To store such a large amount of data
requires a fairly large memory module or RAMDISK.
The RAMDISK must be designed and built to meet strict requirements of the satellite
specifications. These include the RAMDISK's power consumption, size, weight, speed
and rigidness. In improving the RAMDISK used in SUNSAT I a smaller, lighter, faster
RAMDISK was required to be designed. The main factor contributing to the size and
weight of SUNSAT I's RAMDISK was the large physical size and number of its memory
1
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 1 - INTRODUCTION 2
chips. The low density of the SRAM (static random access memory) memory modules
resulted in a large number of chips being used to satisfy the memory requirement. There-
fore a memory chip with higher density and smaller size was required to improve upon
the older system. This lead to the replacement of SRAM with FLASH RAM.
Flash ram is a newer, denser type of electronic memory. Electronic meaning no mov-
ing parts. Due to its high density, small size and low power requirements, flash memory
has become the memory type of choice for many new technologies, such as digital cam-
eras, cellular phones and even field-programmable gate arrays (FPGA). Flash memory
chips come in packages with physical dimensions as small as 20mm x 12mm and can have
densities up to 4 Gbit (500 Mbytes). This is extremely dense compared with SUNSAT I's
RAMDISK which was 64Mbytes in total!
However, the high density and complex control circuitry within a flash ram chip makes
it extremely vulnerable to radiation induced errors. The radiation environment that low-
earth-orbit satellites are exposed to is much harsher than that on earth due to the earth
being shielded by the magnetosphere. Therefore flash memory systems will be highly
affected by the radiation and can be damaged and even become defective if not protected.
A completely damaged memory system can render a satellite, such as SUNSAT,. virtually
non-operational due to the fact that images will not be able to be stored onboard the
satellite which will limit image capturing locations to areas in direct view of the ground
station. Therefore measures must be taken to protect the memory system from radiation
induced errors and increase its reliability in space environment operations.
The object of this thesis therefore, was to determine what effects radiation has on flash
memory and develop a system which determines, mitigates and reports the errors that
are caused by those effects.
1.2 The Rest of the Document
Chapter 2 investigates the radiation environment and its effects on semiconductors. This
was done to give an understanding of what radiation stresses the memory module has to
withstand.
In chapter 3 the important aspects of flash memory was investigated. These aspects
include the basic understanding of what flash memory is, how it works, the internal struc-
ture as well as how flash memory reacts to radiation. A radiation test was also performed
which included hardware and software design of a test circuit board. This chapter gives
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 1 - INTRODUCTION 3
an understanding of the vulnerabilities of flash memory to radiation and what issues need
to be protected in order to reduce those vulnerabilities.
Chapter 4 performs a tradeoff analysis deciding which type of error correcting code to
implement and how it should be implemented. As a result, it was decided to implement
a Reed-Solomon coding scheme in hardware, using a field programmable gate array.
The concept design for the memory protection unit was performed in chapter 5. This
is where all the requirements and subsystems for the main system were discussed and
conceptual designs formulated.
Chapter 6 details the low-level design of the MPU. This involves realising the concept
designs in hardware and then verifying them by simulations.
Lastly chapter 7 includes the conclusions and recommendations from this study.
Stellenbosch University http://scholar.sun.ac.za
Chapter 2
Radiation
This chapter investigates the typical environment to which LEO memory system will be
exposed to and the damaging effects that radiation in this environment can have on the
main components of that system.
2.1 Basics
2.1.1 Definition
Radiation is the emission of energy as moving particles or as electromagnetic waves.
Radiation is comprised of high-energy particles and photons [8]. Semiconductors which
are exposed to radiation can be severely damaged.
2.1.2 Types of radiation
Gamma rays and X-rays: These two forms of radiation interact with matter identically.
They are short-wavelength forms of electromagnetic or photon radiation. Their reaction
with matter is lightly ionizing and highly penetrating [8] and leave no activity in the
radiated material. There are two ways in which they originate:
Firstly, when electrons fall into vacancies in the n = 1 or n = 2 levels of an atom, photons
are emitted [6]. These photons carry an energy equal to the difference in energies between
the two levels which act as the start and end point for the electron that falls into that
vacancy. These emitted photons or X-rays are called 'characteristic x-rays'.
Secondly, x-rays are also emitted from a target when it is bombarded by electrons and is
referred to as 'bremsstrahlung'. The deceleration of moving charge causes this radiation.
Unlike characteristic x-rays, bremsstrahlung has a continuous range of energies due to the
fact that deceleration can occur in an infinite number of ways.
X-radiation is an ionizing radiation, see 2.3.2, since charged particles are produced, and
react with atoms in three ways:
4
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 2 - RADIATION 5
1. The photo-electric effect, where a photon strikes an electron and loses all its energy
to it and disappears.
2. The Compton effect, where a photon collides with an electron and is scattered.
3. Pair Production, where a photon, which is in close proximity to a nucleus, disappears
and is replaced by an electron and a positron.
These effects can increase the conductivity of the material through their creation of excess
carriers but in the LEO satellite environment the intensity of x-rays are fairly low and
therefore considered only a minor importance to this study.
Alpha particles: They are the nuclei of helium atoms, therefore comprised of 2 protons
and 2 neutrons giving a mass of 4 and positive charge of 2 units [8]. Alpha particles are
produced as a by product when an unstable heavy atom nuclei decays. These particles
have high energy and are heavily ionizing but have low penetration, (typically 5MeV en-
ergy with a range of 23um in silicon). Due to the low penetration ability of alpha particles,
they are of little concern to LEO satellites.
Beta particles, electrons, positrons: Beta particles have the same mass as an elec-
tron but have either negative or positive charge. They are created inside the nucleus
when a proton becomes a neutron. Because they have very small size and charge they
easily penetrate matter, but are easily deflected and are lightly ionizing due to their high
velocities.
Neutrons: Neutrons have the same mass as a proton but no charge and are therefore
hard to stop. They originate from nuclear reactions and radioactive decay. Due to their
lack of charge, they are the primary form of non-ionizing radiation (atomic displacement
, see 2.1.3). Stopping a neutron results in the emission of a gamma ray. Neutrons can be
classified as either thermal, intermediate or fast, depending on their energy.
Neutron radiation can change the minority carrier densities in bipolar transistors by de-
creasing minority carrier lifetimes [6]. This degrades the current gain of the transistor
and therefore must be taken into account in LEO design.
Protons: The proton is the nucleus of a hydrogen atom and carries a charge of 1 unit.
They originate from radioactive decay and nuclear reactions. It is heavy compared to
electrons and is therefore harder to deflect. The typical penetration range is tens of mi-
crometers in aluminium at energies in the MeV range.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 2 - RADIATION 6
2.1.3 Units of radiation
Energy: The joule( J) is the SI unit of energy but in radiation technology the electron
volt(eV) is more frequently used. 1 eV is the amount of energy gained by 1 electron
accelerating through the potential difference of 1 volt. leV = 1.6 x 10-19 J. Throughout
this thesis, energy will mainly be quoted as MeV (106) or keV (103).
Flux: This is the number of particles flowing through a defined area per unit time [8].
The unit of flux is cm-2s-l. The symbol for the type of particle is normally added.
Fluence: This is the time-integrated flux. Unit is cm2•
Energy Deposition: The RAD is a universal unit of energy deposition. A RAD has
been absorbed by a sample when 100 ergs per gram has been deposited [8]. An erg being
10-7 joules.
2.2 Radiation environments
There are many environments that can have a degrading effect on silicon devices such
as nuclear reactors, space, processing, weapons and controlled fusion. However the space
environment is the one which affects this project the most and will therefore be discussed.
The particles which comprise the space radiation environment are either trapped by the
earth's magnetic belt or passing through the solar system. The main elements are the
radiation belts, cosmic rays, solar flares and solar wind.
2.2.1 Radiation Belts
A broad spectrum of energetic charged particles are trapped in the Earth's magnetic field.
They form what is called the radiation belts or the Van Allen belts.
Particles that approach the radiation belts are either trapped or deflected. The trapped
particles oscillate north-south along the field lines of the magnetosphere. This occurs be-
cause the converging field lines at the magnetic poles act as a magnetic mirror, reflecting
the particles. There are two main radiation belts, the electron and the proton radiation
belts.
The electron belt consists of two zones, the inner and outer zones, where two flux maxima
occur (see figure 2.1). In the electron belt, particles have energies up to 7 MeV with the
most energetic particles occurring in the 'outer zone'. The inner zone extends to about
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 2 - RADIATION 7
2.4 earth radii (1 Earth radii being 6371km) and the outer from 2.8 to 12 earth radii [8].
The contours of the outer zone extend toward the earth in 'horns' of high flux known as
'the polar horns'.
Geomacneuc...~
"
Figure 2.1: Trapped-electron radiation belts,plotted contours of equal electron flux of
energy above 1 Me V ((Bj Fig. 2.2)
The proton belt is simpler in shape than the electron belt (see figure 2.2). Its flux decreases
with distance with the more energetic particles found at lower altitudes. The proton belt
extends to about 3.8 Earth radii.
Goom~netic
_.-.~~--
L (Earth r<ldii)
Figure 2.2: Trapped-proton radiation belts, plotted contours of equal proton flux of
energy above lOMe V ((Bj Fig. 2.3)
An anomaly in the South Atlantic region causes the Earth's trapped radiation belt to
dip, increasing fluxes in that region a hundred fold (see figure 2.3). Therefore satellites
in LEO will experience large increases in radiation when passing through this region. It
is known as the South Atlantic Anomaly (SAA).
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 2 - RADIATION 8
;bj
_J
10' 20 30-' 40"
Latitude (CI&grwS)
Figure 2.3: The South Atlantic Anomaly. (a) Flux of protons as a function of latitude
and longitude, at an altitude of 600km. The orbit track of the Hubble Space Telescope is
shown. (b)Flux of protons as a function of altitude and latitude at a longitude of 35° W
([Bj Fig. 2.5)
2.2.2 Cosmic Rays
The three main sources of cosmic rays are galactic, solar and terrestrial. Galactic cosmic
rays are the main source of cosmic rays and provide a continuous, low flux component of
the radiation environment [8]. These high energy particles are created by fusion reactions
inside distant stars. Galactic cosmic rays comprise mainly of protons (85%) with small
amounts of alpha particles (14%) and heavier nuclei. (1%). The energies of these particles
range from almost 0 to over lOGeV.
Solar cosmic rays, which are produced by solar flairs, produce low and medium energetic
solar material of low atomic weight.
Terrestrial radiation does not effect LEO satellites and is therefore not discussed.
Cosmic rays are heavily ionizing due to their charged radiation ions. An extreme case
of ionization can also be observed when a high energy cosmic radiation particle strikes
an atom. A cascade of particles and secondary radiation is produced which is extremely
disruptive. It is very difficult to shield against cosmic rays to due to their energetic nature.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 2 - RADIATION 9
2.2.3 Solar Flares
Solar flares are caused by variations in the nuclear reactions of the chromosphere of the
sun. Solar flares produce protons (>90%) as well as electrons and alpha particles [6].
Their fluxes and occurrences are hard to predict. Most of the fluence for an 1l year solar
cycle is received in one or two bursts. An 1l year solar cycle can be divided up into
4 inactive years with a small number of events and seven years with a large number of
events. The peak flux occurs between 2 and 24 hours after the burst and decays over a
period of a couple days. These flares have been known to cause single-event upsets in
electronics and damage to solar arrays.
2.2.4 Solar Wind
The solar wind is made up of low-energy protons and high-energy electrons ejected from
the sun [6]. The density and velocity of the solar wind is fairly constant except, however,
during a solar flare where the solar wind intensifies and can remain high for a number of
weeks, see figure 2.4.
Figure 2.4: The Earth's magnetosphere in the solar wind, showing the interplanetary
magnetic field and the emanating solar wind particles (flO) Fig. l2.29A)
2.3 Radiation Effects on Semiconductors
When energetic particles pass through matter, they lose energy through a variety of inter-
actions and scattering mechanisms. This energy transfer from radiation to the material
gives rise to the two main effects of radiation: ionization and atomic displacement. These
effects cause degradation of performance in materials which might or might not be per-
manent.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 2 - RADIATION 10
2.3.1 Atomic Displacement
A collision between an energetic particle and silicon can result in the formation of a
Frenkel defect pair, a displaced atom( Interstitial: 'I') and the vacancy left by it (Vacancy
: 'V'). This is called atomic displacement. The vacancy has a tendency to recombine with
impurities, while the interstitial atom, which is extremely mobile in the lattice, has a
strong tendency to displace an impurity. Because the interstitial easily exchanges charge
with other silicon atoms it can therefore move quickly though the lattice. A 'V' defect
can also encounter another 'V' defect forming a 'divacancy' which has been known to
cause electron-hole recombination which gives rise to 'leakage currents'. Neutron strikes
on semiconductors have been known to produce vacancies and interstitials. A neutron
strike is non-ionizing since neutrons have no charge.
2.3.2 Ionization
Energy loss from high-energy radiation results in the formation of electron-hole pairs.
This a result of the valence band electrons in a solid being excited to the conduction
band. If an electric field is applied then the electrons are highly mobile. Therefore any
solid conducts at a higher level than is normal for that solid. "The positive charged holes
are also mobile, and their production and trapping cause major degradation in bipolar
devices. Only small amounts of energy are required to produce an electron-hole pair (18
eV in Si02) [8]with no momentum transfer to atom required, therefore the energy causing
the ionization is not as critically important as in atomic displacement although the number
of pairs produced depends upon the particle energy. The amount of energy deposited in
a material by ionization is called 'dose' and measured in 'rads'. Normally with ionization
the dose-rate is specified which is the average energy absorbed per unit mass and time
and termed as rads per second. Ionization is often referred to as 'total ionizing dose'
(TID). Therefore TID is a cumulative long-term degradation of a device when exposed to
ionizing radiation. The most serious TID effects in semiconductor devices are:
1. Temporarily lower the insulator film barrier in solid-state devices, which stops charge
motion between two layers of semiconductor or conductor.
2. Freezing charge traveling across oxide into place, resulting in a semi-permanent
charge sheet which effects the conductivity in layers around it.
Typical dose rates for various orbits are shown in table 2.1.
2.3.3 Transient Effects
Local ionization effects on extremely dense electronic devices can lead to a strong transient
electrical response. The electron-hole pair concentration generated by ionization can
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 2 - RADIATION 11
Table 2.1: Typical Dose Rate in Various Orbits ([6) Tab.3.1)
Orbit Height Inclination Dose Rate (per year)
Low Earth 200-l000km < 28 deg 100-lk rad(Si)
Low Earth 200-l000km > 28deg Ik-lOk rad(Si)
Medium Earth 1000-4000km any 100 krad(Si)
High Earth ::::::! 36000km any > 10krad(Si)
Interplanetary n/a n/a 5k-lOk rad(Si)
reach well above the doping densities of most semiconductor elements. This can cause
the junctions to become 'swamped' and results in current flowing in directions which are
normally blocked as well as higher voltages than were being used. These transient effects
lead to a special case called 'single-event effects'.
This is a special case of ionization effect which is common in space electronics, especially in
memory components. The two main classes of single-event effects are single-event upsets
(soft errors) and single-event latehup (hard errors).
Single Event Upset (SEU)
A SEU, is the change of state of a bistable element caused by the impact of an energetic
heavy ion or proton [8]. This change of state is not permanent or destructive and can
be reset or re-written back to the state that it was prior to the upset. The upset is
a result of ionization caused by a single energetic particle, or by the nuclear reaction
products of an energetic proton. The ionization causes a current pulse in the p-n junction
which, if larger than the required charge to change the logic state of the element (critical
charge), will cause the state of the element to change. This change of state is commonly
referred to as a 'bit-flip', which, in memory systems, is often observed as a logic '1'
changing to a logic '0', or vice versa. Single event upsets affect both MOS and bipolar
devices. The evolution in technology towards smaller device sizes leads to a decrease in
the critical charge requirement which in turn increases susceptibility to SEU's. Smaller
device geometries also lead to other problems such as multiple errors as a result of a single
ion strike as well as rupture of oxide layers. Charge deposition is a function of a particles
linear energy transfer (LET) and has the units MeV g-lcm-2. Two parameters define the
susceptibility of a device to SEU:
1. Threshold LET. This is the smallest LET to produce an upset. It corresponds to a
charge deposition of similar size to the critical charge amount, Qe.
2. Saturated Cross-Section. This is when all incident ions are able to produce an upset
and no upset rate increase is observed for an increase in LET. The cross-section has
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 2 - RADIATION 12
the dimension cm2 and is a function of the surface area of the sensitive node.
SEU's can also be caused by particle strikes to combinational logic. These upsets occur
when a particle strikes a combinational logic node and creates a temporary voltage dis-
turbance at that node. If the voltage disturbance propagates to a latch and occurs near
the clock edge then the disturbed state may be loaded into the latch, causing the stored
data to be incorrect just as if the latch itself were struck by a cosmic ray and changed
state [7]. In the example shown in figure 2.5 , the correct state of the D input is a 0, but
a momentary disturbance to the 1 level is latched and causes an SEU.
o
eK
Q
Figure 2.5: Transient Disturbance Causing SEU in Conventional Latch ([7j Fig.l
Single Event Latehup (SEL)
Unlike soft errors, single-event latehup is potentially destructive. In bulk CMOS devices
there are parasitic vertical and horizontal n-p-n and p-n-p bipolar transistors. These
parasitic transistors can form a SCR structure (silicon-controlled rectifier), which under
normal conditions is 'off' and in a high impedance state. An ion strike could turn the
SCR into a low impedance 'on' state which it remains in, due to positive feedback from
the p-n-p-n structure, at low voltage [8]. For latehup to occur there must be certain
conditions:
1. Gain product Bpnp.Bnpn must be greater than 1 for positive feedback to occur.
2. Both emitter-base junctions of the transistors must be forward biased.
3. Power supplied must be able to source or sink enough current to maintain the latch.
Stellenbosch University http://scholar.sun.ac.za
Chapter 3
Flash Memory
3.1 Introduction
Electronic memory comes in many forms to serve many purposes. Flash memory is mainly
used for fast information storage therefore being seen as more as a hard drive than as
a RAM (random access memory). It is considered to be a solid-state storage device
meaning that there are no moving parts, everything is electronic. Flash memory is a
highly dense EEPROM (electrically erasable programmable read only memory) and is
non-volatile. Non-volatile memories retain their data when power is removed where as
volatile memories do not. This is attractive in space applications which have strict power
budgets since power only has to be supplied to the memory during usage.
Figure 3.1: A Typical Flash Cell ({4] Fig.33)
3.2 How flash works
Flash memory has a grid of columns and rows with a cell that has two transistors at
each intersection [19]. The two transistors are separated from each other by a thin oxide
layer, about 100 Angstroms. One of the transistors is known as a floating gate, and the
other one is the control gate (see figure 3.1) . The floating gate's only link to the row, or
wordline, is through the control gate. As long as this link is in place, the cell has a value of
13
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 14
1. To change the value to a 0 requires a curious process called Fowler-Nordheim tunneling.
Tunneling is used to alter the placement of electrons in the floating gate. An electri-
cal charge, usually 12 or 20 volts [15] (depending on the NAND structure), is applied to
the floating gate (see figure 3.2). The charge comes from the column, or bit line, enters
the floating gate and drains to a ground. This charge causes the floating-gate transistor
to act like an electron gun. The excited electrons are pushed through and trapped on
either side of the thin oxide layer, giving it a negative charge. These negatively charged
electrons act as a barrier between the control gate and the floating gate. A special device
called a cell sensor monitors the level of the charge passing through the floating gate. If
the flow through the gate is greater than 50 percent of the charge, it has a value of 1.
When the charge passing through drops below the 50-percent threshold, the value changes
to O. A blank EEPROM has all of the gates fully open, giving each cell a value of 1.
20V
ï
Programming
Figure 3.2: Flash cell during programming using F-N tunneling ((lB) Pg.7)
Not all flash devices use tunneling to program. Instead Channel Hot Electron (CHE)
injection is used (see figure 3.3). For this approach, the source is grounded; the control
gate has the programming voltage applied to it (Vpp) while the drain gets approximately
half the programming voltage applied to it . The voltage on the control gate is capacitively
coupled to the floating gate. This turns the transistor on and allows current to flow from
source to drain. Some of these electrons will have sufficient energy to pass through
the oxide charging the floating gate. Electrons deposited on the floating gate charge it
negatively and turns off the transistor.
Since only 3.3 or 5 volts are applied to most flash devices, the higher internal voltages
required for programming and erasing are obtained using a charge pump.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 15
Figure 3.3: Flash cell being programmed using Channel Hot Electron injection ((4)
Fig.34)
3.3 Nand vs Nor
There are two main flash architectures, namely NAND flash and NOR flash. The differ-
ence between the two is how the memory cells are connected (see figure 3.4). To achieve
random access in flash memories, the memory cells are connected to the bit lines in par-
allel, as in NOR flash. The NAND flash architecture uses groups of cells (normally 16 or
32) that are stacked in series with a common bit line. Therefore NAND flash is more com-
pact since it does not provide contacts to individual source and drain regions. However,
read and write time is inherently slower because cells cannot be accessed individually; the
read path goes through other cells in the stack. In order to deal with this, the device
architecture divides the memory into pages. A page buffer is used to improve read time.
NAND flash uses Fowler-Nordheim tunneling for both erasing and programming where
as NOR flash uses CHE for programming and F-N tunneling for erasing. Because of the
stacked architecture NAND flash uses a slightly higher voltage, 20V, in programming and
erasing compared to NOR flash, 12V. However, the NOR memory cells wear out faster
due to the CHE stress. NOR flash cells are estimated to last for 100,000 cycles where as
NAND cells are estimated to last over 1,000,000 cycles.
From a practical standpoint, the main difference between the two architectures is the in-
terface. NOR flash has a fully memory- mapped random access interface like an EPROM
(erasable programmable read only memory), with dedicated address lines and data lines.
On the other hand, NAND flash has no dedicated address lines. It is controlled using an
indirect I/O-like interface, sending commands, addresses and data through an 8, or 16,
bit bus to an internal command and address register. For example a typical read sequence
consists of the following: writing to the command register the" read" command, writing
to the address register 4 bytes of address, waiting for the device to put the requested data
(typically 528 bytes or more) into the output register, and reading a page of data from
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY
the data register.
The NAND flash memory space is divided as follows :
16
1. The smallest stored element is a byte (8 bits) or word (16 bits) depending on the
bus size.
2. A row of bytes, eg 528, make up a page.
3. A group of pages form a block, eg 1 block = 32 pages. This is the smallest erasable
element.
4. All the blocks together make up the entire memory area.
The two architectures allow flash cells of similar design to be used for two different pur-
poses. The NOR architecture is suitable to be used as random access memory or bootable
memory where as NAND flash is suitable to be used as mass storage memory such as a
hard drive.
NAND NOR
Coli Bit Lin ..
Array
Layo"1
crcse-seenen
Co" silo
BitlirK!
'"~:~fD I~"
I f~<' I
'_i"'"
10P'
Figure 3.4: NAND vs NOR (f18) Fig.l)
3.4 Flash Memory Errors and their Detection
Flash memory is a highly dense and complex semiconductor device. It consists of com-
binational logic elements as well as memory cell elements. These combinational logic
elements make up the control circuitry internal to the flash chip. This circuitry is re-
sponsible for the complex control and timing requirements needed for writing, erasing
and reading from the memory cell elements of the flash chip. Therefore the high internal
complexity and density make flash chips vulnerable to different types of errors, not only
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 17
from induced radiation but also from internal degradation such as wearing out of flash
cells.
The charge pump has been linked to causing most of the failures associated with radiation
dosage according to [lll. It is responsible for supplying the higher voltages required for
erasing, writing or reading, and achieves this by utilizing internal floating-well elements.
The generated output voltage is proportional to the number of charge pump stages and so
when the ionizing dose of radiation shifts the threshold voltage, vte, of each pass transis-
tor, the result is a reduced Vout. Any stage-to-stage increases in leakage would also reduce
the charge pump output. Using an external charge pump would solve this problem but
NAND flash chips do not allow this option and therefore cannot be considered further as
a mitigation solution.
All internal elements of a flash device are exposed to radiation, and can cause differ-
ent types of upsets or errors. The main errors that can occur in flash memory devices are
single event upsets, single event functional interrupts, single event latehup and bad block
development. The resulting effects of these errors and possible mitigation solutions are
investigated below.
3.4.1 Single Event Upsets (SEU)
Due to the transient effects of radiation in semiconductor devices (see 2.3.3), SEU's can
occur in flash memory devices. If left unprotected, these soft errors can corrupt the data
in such magnitude that the data becomes unusable. Therefore measures must be taken
to protect the data stored in the flash memory system.
Since SEU's are soft errors, no permanent damage is done to the physical memory, the
main concern is corrupted data. Data can basically be protected from corruption either
by encoding the data or by storing multiple copies of it. The latter option is unfeasible
for a satellite memory system due to the size and power restrictions that are common in
satellite specifications. Therefore encoding the data is the obvious choice. This entails
taking the received data and encoding it in a way that monitors the status of the data
and if an error occurs the code will detect the error and correct it if possible. The various
schemes and implementations are investigated in section 4.
3.4.2 Single Event Functional Interrupt (SEFI)
Single event functional interrupts are more complex than simple SEU's. SEFI's occur
as a result of transient errors occurring in the control circuitry in the flash chip. This
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 18
causes the flash chip to malfunction and become unpredictable. In SEU's the error can
be identified and corrected and in many cases the upset cross-sections are representative
of the geometrical areas of the sensitive regions. However, in SEFI's, the event is caused
by a SEU at a sensitive section of a microcircuit device to which there is no direct access.
Since the exact location of the area cannot be identified, we can only observe the failure
of the device function.
There are two main types of SEFI's that occur: regular SEFI's and irregular SEFI's.
Regular SEFI's are easier to detect and have some of the following characteristics:
1. Operation of the flash chip suspends.
2. The operating current becomes slightly higher, not as high or as dangerous as
latchup.
3. Can occur with a low linear energy transfer (LET).
With SEFI's the control circuitry on the chip is effected and can cause the memory
chip to malfunction or suspend. These error states can occur during read, write or erase
procedures. The different types of SEFI's and their respective possible mitigation solutions
are as follows [12]:
1. Block erase SEFI : While erasing the flash device's ready signal never exits the
busy state and therefore will not complete the erase which suspends operation. A
suggested mitigation procedure is to reset the power to the flash chip and repeat
the erase.
2. Partial erase SEFI : The block erase procedure suspends at the first address but few
blocks are erased. To mitigate just repeat the intended erase process.
3. Write SEFI : The write operation's complete status suspends, therefore causing the
controlling program, waiting for the complete status, to also suspend. Resetting
power to the flash chip should mitigate the error.
4. Read SEFI : During a read process the sensing circuitry suspends due to a charge
buildup. The next read operation does not clear the errors and will therefore return
corrupt data. By repeating the intended read process or by cycling the power to
the flash chip, the error can be mitigated.
5. Irregular SEFI's : There are two main irregular SEFI's that occur and are:
(a) Irregular Read SEFI : The read operation locks in and endless loop, reading
out the same data over and over which corrupts the intended output. This can
be reset by cycling the power to the flash chip.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 19
(b) Irregular Write SEFI : The write operation stops and suspends. Resetting the
power alone wont initialize the device to a pre-SEFI state until the previous
write operation is restarted.
As mentioned earlier, the current drawn by a flash chip increases when the chip is irra-
diated. The current variations observed for different flash chips [11] are shown below in
table 3.1.
Table 3.1: Flash Chip standby currents after being irradiated
Flash Chip o Krad 12 Krad 16 Krad
Intel 28F320 (biased*) O.275mA O.4mA (non-func)
Intel 28F320 (unbiased**) O.275mA O.3mA O.35mA (non-func)
o Krad 2 Krad 15 Krad
Intel 28F640 (biased) O.25mA 4mA
Intel 28F640 (unbiased) O.25mA 1mA (spec-limit=O.9mA)
o Krad 20 Krad 120 Krad
Samsung km290128 (biased) OmA O.7mA
Samsung km290128 (unbiased) OmA OmA O.55mA (spec-limit=O.05mA)
*Biased meaning static biased, where power is supplied to the chip during irradiation but
no address cycling or data access operations are performed.**Unbiased meaning that all
pins are grounded during testing.
There are obviously two current values to monitor, the operating current and the standby
current. The memory system is only operational while storing images or reading out the
stored images, therefore spending most of the time switched off or in standby mode. The
standby current is therefore a good indication of the total absorbed dose status of the flash
chip. As seen in table 3.1, the standby current increases as the total dose absorbed by
the flash increases. Monitoring this current can help predict SEFI's and other radiation
effects.
3.4.3 Single Event Latehup (SEL)
Single event latehup is the most destructive of flash device errors, see 2.3.3. It is a de-
structive condition that can destroy the device if current is not limited or removed within
allowable time. The operating flash current has been observed to rise from the expected
value , 20mA, to 430mA. The way to detect latehup is to monitor the current into the
flash. The current levels must be distinguished between SEFI's and latehup, however both
errors are treated similarly.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 20
When latehup is detected the power to that chip must be cycled. When reset, the power
levels should return to normal. If the power levels continue to exceed acceptable levels
then power should be permanently removed from the device and its failure reported.
3.4.4 Bad Blocks
Invalid blocks are defined as blocks that contain one or more invalid bits whose reliability
cannot be guaranteed. Invalid blocks have the same AC, DC characteristics as valid blocks
and do not effect the performance of valid blocks. This is because they are separated from
the bitline and common-source line by a select transistor.
Nand-flash devices off-the-shelf can have a certain number of bad blocks. Bad blocks
(invalid blocks) can also develop over time due to radiation or overuse. Using a bad block
could result in invalid information being stored or read. Therefore hardware measures
should be taken into account to mitigate the effects of bad blocks. If a block has become
unreliable and marked as a bad block then it cannot be recovered or used reliably again.
Due to the finite number of cycles which a block can be read/programmed/erased, after
extensive use more and more blocks will become invalid.
Prior to shipping manufacturers usually mark which blocks are invalid on the chip. For
instance, Samsung marks the 6th byte in the spare area of the first two pages of each
block with FFH if valid. If the value of this byte is not FFH then the block is invalid.
Care must be taken on first use because the bad blocks are still erasable and the initial
bad block data could be lost. The device should therefore be checked upon initial use as
shown in figure 3.5 and the data recorded.
Since bad blocks develop during use, they must also be detected. This can be achieved by
reading the status register following an erase or programming operation. Flash devices
provide a status byte of information which is updated after every operation and can be
read from the status register in order to check whether the operation performed was
successful or not. Each bit in the byte represents a certain status check and is flagged
accordingly. Not all flash devices are exactly the same in this regard but are all fairly
similar. If an erasure or program is unsuccessful then the block is likely to be invalid and
should be replaced accordingly, although a verify-after-program status error might only
need ECC correction due to the read error and not the actual program error, see table
3.2. An error following a read operation does not require block replacement and should be
corrected by the implemented error correction code. As mentioned previously, when a new
block is detected as being bad it should immediately be replaced and then prevented from
further use. Block replacement is done by reprogramming the data, initially programmed
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 21
Fail
Pass
Bloei< No. = Bloei< No. + 1 Bad Block
No
End
Figure 3.5: Bad Block Test Flow Diagram
Table 3.2: Mitigation solutions for operation failures
Erase Erase failure block replacement
Program Program failure block replacement(ECC is a verify error)
Read Bit failure ECC correction
into the bad block, into a new block and then continuing the programming process. The
system should then be prevented from again using that bad block. This can be achieved
by creating a bad block table or by using another appropriate scheme.
3.5 Radiation Test
To investigate the effects of radiation on a flash memory device it was decided to design a
test board which would later be radiated. The results of the test would then give insight
on the various requirements of this study.
The test was run over a period of three days, radiating the board with Co-60 ions.
However, the experiment was only run till 5pm each day and then suspended overnight.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 22
This gave an insight as to how the flash devices would react if given time to recover from
the radiation.
Table 2.1 shows that a satellite in LEO can experience a total dose rate of up to 10kRad
per year, therefore a satellite with a lifespan of 3 years can obtain a TID of 30kRad. It
was therefore chosen to radiate the flash devices at a tempo of 2,5 kRad per hour until a
TID of 35kRad was reached. At this value significant results were obtained.
Firstly, in this section, the board design will be discussed, followed by the radiation
test program design and then finally the results obtained by the test.
3.5.1 Radiation Board Design
Since the board was to be radiated and therefore risking permanent damage, it was decided
to design a board which was simple enough to perform the required tasks without being
too expensive. The basic needs of the radiation board was :
• One or more flash devices with which to run the tests on. The actual flash device
chosen was not critical since all flash devices have the same package and pinout,
therefore can be chosen at a later stage.
• An intelligent controller with which to perform the radiation test program and
interface the flash devices. The controller would also have to be able to interface to
a computer to report the results of the test.
• In case of a power cut to the board being radiated, the controller would also have
to be independently reprogrammed with the radiation test program.
From these requirements the following choices were made regarding the radiation test
board:
It was decided to implement two flash devices on separate busses. This enabled both
flash devices to be operated in the radiation test which gave an interesting view on how
exact same model flash devices are effected differently by similar radiation. It was chosen
to use SAMSUNG K9K2G08UOM flash devices since they were the largest flash de-
vices available at the time of testing. These are 256 Megabyte flash devices which actually
consist of two 128 Megabyte flash chips inside the device.
The intelligent controller was realised using an ALTERA CYCLONE EPIC3T144C7
FPGA. This was a suitable decision since this FPGA meets all the requirements: it was
within the price budget, has enough pinouts to interface both flash devices, is large enough
within which to implement the radiation test program and also fast enough to meet any
timing requirements.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 23
An ALTERA EPC2LC20 programming device was implemented to reprogramme the
FPGA immediately as power is applied. This was in case any of the devices stopped
responding and required the power to be removed from the entire board.
A simple serial interface was implemented as external hardware to the board as it was
unsure at the time how communication was going to be implemented. The serial device
was connected to the FPGA via spare input/output pins. The serial interface was mainly
used as a data dump which was logged by the computer for assessment after the entire
test was completed.
Figure 3.6 shows a picture of the board. The schematic of the test board is shown in
appendix A.I and the layout of the printed circuit board is shown in appendix A.2.
Figure 3.6: Radiation Test Board
3.5.2 Radiation Test Program
The main goal of the test program was to test the flash device's operation under a heavy
radiation stress environment. To test a flash device, it must be written to then the results
verified. But in order to write to flash memory, it must first be erased. Another goal
was to monitor when blocks become invalid and to log their position in the flash memory.
This was achieved by implementing a temporary bad block table.
The flow diagram for the test program is shown in figure 3.7. Testing began by first
initializing the temporary bad block table which clears all information from the previous
test cycle. Next the entire chip was erased. While in this state, each single erase process
was timed and the longest erase per cycle recorded. Also while erasing, the status register
of the flash device was constantly checked to verify the operation and detect blocks going
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 24
Start
Initialize bad block
table
record longest
erase cycleErase entire chip ~--1~
Program entire
chip with selected
pattern
record address of
Read entire chip ~--1~ incorrect data
and verify data
Change pattern Record bad block
table and total
number of bad
blocks
y
Both chips
Swop active
N
programmed with
device
same pattern?
Figure 3.7: Radiation Test Flow Diagram
bad. If an operation was unsuccessful then the bad block table was updated. The next
step was to program the entire device with a certain pattern. It was chosen to program a
checkerboard pattern, alternating l's and Q's, to test the flash device. This was suitable
because it checked every single bit during a test. Both chips were programmed with the
pattern then it was changed so that all the previous bits that were programmed to l's
were then set as Q's and vice versa. As with erasing, after each program operation the
status byte was checked to verify the operation. After programming the entire contents
of the flash was then read and verified. The address of any corrupted data was recorded
by the PC. Finally, the contents of the bad block table was outputted and recorded as
well as the total number of bad blocks. Once a test cycle was completed, the active flash
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 25
device was swapped to the other device and the test rerun. If both flash chips had been
run with the same program pattern then the pattern was changed and the test suspended
until signalled to run again. Therefore the test cycle was run twice, one for each chip,
then suspended.
3.5.3 Results
The results for the maximum erase time per cycle versus total ionizing dosage, explained
in 2.3.2, was plotted and shown in figure 3.8. One can see a definite difference in erase
time between the two identical flash chips. As expected, the erase times increase with an
increase in TID. The two vertical blue lines indicate when the experiment was suspended
overnight. A definite decrease in erase time can be seen at the first interval while no
definite effect can be seen at the second. It is apparent that the flash device 'recovers' a
degree from the first round of testing but does not after the second round.
The resulting timing values are shown in table 3.3. Both erase times increased by a small
amount, tens of microseconds. This is not a major increase and therefore shouldn't play
a major role in monitoring the flash device's behavior other than influencing a watchdog
timer value that monitors operation completion.
FLASH Enn Time (ms vs kR ..d)
2.3520
23320
23120
I
"i= 2.2920
2.2720
2.2520
2.2320
0.0 2.5 5.0 7.5 10.0 12.5 15.0 17.5 2110 22.5 25.0 27.5 310 32.5 35.0
kR,llt
Figure 3.8: Maximum single erase operation duration per cycle vs TID
Table 3.3: Erase time results
Begin (ms) End (ms) Increase (us)
chip 1 2.2393 2.2769 36.7
chip 2 2.3023 2.3601 57.8
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 3 - FLASH MEMORY 26
The results for the bad block occurrence are shown in figure 3.9. The figure shows four
graphs, this is due to the fact that each of the two 256 M-Byte devices have two 128
M-Byte chips inside it, as explain in 3.5.1. Si-l and Si-2 represent the two chips in flash
device 1, similarly, Si-3 andSi-4 the two inside device 2. Each 128M-Byte chip has 1024
blocks, non of which were invalid before the test began.
The first bad blocks started occurring at a TID of 16.918 kRad, after which they began to
increase linearly with increased dosage with a maximum tempo of roughly 150 bad blocks
per kRad. As explained in the erase-duration test, the two vertical blue lines indicate
when the experiment was suspended and left over night. The second interval shows a
distinct decrease in the number of bad blocks for 3 of the 4 chips. Si-4, which had already
almost reached total failure at that stage, showed no improvement however the other
three each recovered over 239 blocks that were previously invalid. With resumed dosage,
bad blocks occurred as they had before, at similar rates.
These results confirm the need for a bad block managing system to prevent data loss
which would occur if unprotected. The fact that invalid blocks can become valid again
shows potential for a bad block recovery process. These findings will greatly influence the
concept designs at a later stage.
Bad Blocks
00 2.5 5.0 7.5 100 12.5 15.0 17.5 20.0 22.5 250 27.5 310 325 35.0
kRad
Figure 3.9: Total bad blocks vs TID
Stellenbosch University http://scholar.sun.ac.za
Chapter 4
Error Detection and Correction
Due to the high possibility of soft-errors occurring in the flash memory system, caused by
radiation, it is necessary to implement an error detection and correction (EDAC) system
to decrease or eliminate these errors. The number and position of soft errors occurring in
the flash memory is hard to predict and therefore complicates the choice of EDAC system
and how to implement it.
Most EDAC systems add extra information (redundant bits or bytes), someway, to the
data that is being stored to be able to detect errors if they occur. A greater level of
protection leads to increased amounts of redundant information being created. This re-
dundant data also needs to be stored and protected from soft-errors therefore decreases
the available memory space for actual data. A tradeoff analysis must be done to deter-
mine the minimum level of protection required (eg: 1 bit correctable per byte or 2 bit
correctable per byte, etc) versus the maximum amount of redundancy that is acceptable
(eg: 20% or 33% redundancy).
Different EDAC systems provide different types of protection, such as protecting bits
in a byte or bytes in a word. There are also different ways of implementing each EDAC
system, either as software or as hardware. The main factors that influence the choice of
EDAC implementation are:
1. Required level of protection and redundancy.
2. Speed of encoding or decoding
3. How much data to encode or decode
4. How data is stored and in what medium
5. Cost of EDAC.
27
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 4 - ERROR DETECTION AND CORRECTION 28
Firstly software and hardware EDAC systems will be investigated and then a suitable
EDAC system will be chosen accordingly. Since SUNSAT will be storing raw image data
and is in a low earth orbit, the level of protection required will be assumed to be 1 bit
error per byte correctable and 2 bit errors per byte detectable.
4.1 Hardware vs Software EDAC
The chosen error correction code (ECC) can either be implemented using hardware, soft-
ware or a combination of the two. Hardware being a dedicated hardware device, such as a
field programmable gate array (FPGA) programmed to implement the chosen ECC, and
software being a subroutine run by the on-board computer (OBC). The advantages and
disadvantages of using the above implementations are explored in this subsection and a
suitable implementation is chosen.
4.1.1 Software EDAC
Software implemented EDAC systems can be implemented on pre-designed systems that
do not have hardware EDAC. With a software EDAC, the data is stored unencoded in
memory. The EDAC software routine then accesses the data and creates the corresponding
ECC and stores it in alternate memory or in alternate parts of the same memory. 'Scrubbs'
are then performed periodically and data updates are performed, if required. A'scrubb'
being a check on random data to ensure that the data is correct [16].
The advantages of using software EDAC are:
1. ECC generation can be done after the streaming data is stored therefore does not
have to be generated on-the-fly as the data is captured. This relieves the strict
timing constraints that comes with on-the-fly encoding.
2. No extra hardware is required in implementing the EDAC system therefore software
EDAC is cheaper than hardware EDAC.
The disadvantages of software EDAC are:
1. The requirement of a microprocessor to run the ECC sub-routine means that the
OBC will have to be used. This results in loading OBC which could be needed by
other, more important, processes.
2. The EDAC will not be as reliable as in hardware implementation since only periodic
'scrubbing' is performed.
3. The redundant ECC information has to be stored after the intended data has already
been stored. This could prove difficult to do since flash memory has to be erased
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 4 - ERROR DETECTION AND CORRECTION 29
before writing to it and erasure can only be performed in blocks. Therefore to update
data in the flash memory the entire block has to be temporally stored elsewhere,
updated and then written back to the flash memory.
4.1.2 Hardware EDAC
Hardware EDAC is performed by a dedicated hardware device implemented especially
for that purpose. An EDAC system can easily be implemented using a FPGA or ASIC
(application specific integrated circuit). As the intended data arrives it is passed to the
ECC encoder which performs the EDAC. The encoded data can then be stored in the
memory system as required. On retrieval the encoded data is passed to the decoder which
then outputs the decoded data to the required recipient.
The advantages of hardware EDAC are:
1. No extra processing is required by the OBC therefore not a burden on the rest of the
system. The EDAC system can be seen as being transparent to external processes.
2. Hardware EDAC can cope with the strict speed constraints and therefore on-the-fly
encoding and decoding can be performed.
The disadvantage of hardware EDAC is:
The extra cost, weight, power and design of implementing additional hardware. More
hardware also increases the possibility of radiation errors since there are more susceptible
components to radiation.
4.1.3 Conclusion
Nand-flash memory is the chosen storage medium therefore random access to an individ-
ual memory location is time consuming and tedious. This fact makes software coding
unattractive due to its need to access random bytes. Loading the OBC is also a downside
of using software EDAC since it is desirable to make the EDAC processes transparent to
the rest of the system. These problems can be overcome by using hardware EDAC. The
extra cost and power of implementing the hardware is minimal compared to the benefits
obtained. Hardware EDAC is therefore the obvious choice.
4.2 Error Correction Codes (ECC)
4.2.1 Hamming Codes
Hamming code is a simple parity check code, the hamming rule is d + P + 1 ~ 2P [20],
where d is the number of data bits and p is the number of parity bits. Therefore to
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 4 - ERROR DETECTION AND CORRECTION 30
implement a 1 bit-per-byte correctable hamming code, 4 redundant bits have to be added
per byte. This results in a (12,8) hamming code. The first number, 12, being the total
number of bits in a codeword and the latter, 8, being the number of actual data bits. The
redundancy efficiency of this code is 8/12 x 100/1 = 66%. Therefore 33% of the memory
will be used as hamming check bits which is quite high. The capability of the hamming
code will be 1 bit correctable and 2 bit detectable. This is sufficient to meet the EDAC
requirements. The correctable rate is therefore 1 bit per byte giving 12.5%.
The speed of the incoming data can reach 12 Mbytes per second. Data can be writ-
ten to flash at roughly a maximum speed of 20 Mbytes per second. Therefore since flash
stores information in the form of bytes it would be efficient to combine 2 data bytes'
parity bits (4 bits each) to form a byte and then store that byte after the two data bytes
into the memory. So for every 2 data bytes received, 3 bytes are written to memory.
If the maximum arrival speed is considered, 12 Mbytes per second, a new byte arrives
every 83ns. Therefore the maximum time allowed to write 3 bytes to memory is 166ns, or
55ns per byte. Since the flash can be written to every 50ns and that the hamming check
bits are generated instantly, this hamming technique will be sufficient to meet the tim-
ing requirements. The timing constraints can also be relaxed somewhat by using buffering.
The decoding process will be similar to the encoding. Three bytes will be passed to
the decoder which will output the two corrected data bytes.
The creation of the check bits, or redundant bits, requires parity checking algorithms.
These algorithms are simple to install and can easily be implemented using any standard
FPGA.
4.2.2 Rectangular Parity Codes
This error code creates vertical and horizontal parity bits which protect a code block of
several bits (see figure 4.1). If a bit flip occurs, such as data bit D5, then two parity bits
will be in error, P5 and P2, showing the location of the error bit. This method would not
be practical and wont be pursued further for the following reasons :
1. For the level of protection required, one bit per byte, the redundancy would be too
high( > 100%).
2. The process in which the parity bits are calculated and stored would require random
access to the nand-flash memory. This process would be extremely slow and the
overhead would be too high to make it feasible.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 4 -- ERROR DETECTION AND CORRECTION 31
H
0, 0, DJ D.
Ds 0, 0, D.
0, 010 0" 0"
013 0,. 0" 016
P,
p,
PJ
P.
V Ps p, p, p,
Figure 4.1: Rectangular Parity code
4.2.3 Reed-Solomon Codes
This is a cyclic code which creates blocks of symbols called codewords (see figure 4.2).
The symbols can be any number of bits in length (M), for this project the symbols width
will be chosen to be eight bits wide to correspond with the flash bus width. Reed-Solomon
codewords are specified by the total length of the codeword, i.e. the number of symbols
(N), and the number data symbols (K). The number of redundant check symbols (R) is
therefore equal to N - K. The maximum size of the codeword block is dependent on the
symbol width as follows: Nmax = s'" - 1 [5].
r------------------N---------------- __
r----------K---v--R~
SI 52 S3 SN
Ol
r---
02
r---
DO
r---
D4
I-oe
r---
oe
I-
"I-oe
r
M
Figure 4.2: Structure of a Reed-Solomon codeword
Reed Solomon encoding is done on-the-fly, meaning that the encoding process occurs as
data arrives at the encoder and is passed through. As with other code forms, reed-solomon
codes can only correct up to a certain amount of errors per codeword, but in this case
errors are not bit errors but symbol errors. This means that reed-solomon codes can
correct up to a certain amount of symbols per codeword independent on the number of
errors inside the symbol. So, in this chosen case, whether one bit is in error or all eight
bits are, the entire symbol will be corrected and seen as one corrected symbol. It is easy
to see the benefits of using reed-solomon coding, in that single bit upsets or multiple bit
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 4 - ERROR DETECTION AND CORRECTION 32
upsets can be corrected. The maximum amount of correctable symbols per codeword, (t),
is given by the formula t = (N - K)/2.
As with a hamming code, a reed-solomon encoder-decoder can also be easily implemented
in an FPGA. The reed-solomon encoder-decoder is however more complex and therefore
requires a larger FPGA, depending on the specifications of the chosen code. Creating
and programming a reed-solomon encoder-decoder from scratch in VHDL is outside the
scope of this thesis but can be easily programmed into an FPGA using a megafunction,
explained in 5.2.5, which is available to certain FPGA's such as the Altera Cyclone FPGA.
To compare the implementation of a proposed reed-solomon code to a hamming code
a sample calculation was done as follows:
1. Since the chosen symbol width, M, is chosen to be eight bits wide, the maximum
block size is therefore: Nmax = 28 - 1 = 255 symbols.
2. To compare to the previous hamming code assume a redundancy of 33%. Therefore
R = 33/100 x 255 = 84.15 = 84 symbols. The number of data symbols is therefore
171.
3. The number of correctable symbols is as follows: t = (255 - 171) /2 = 42 symbols.
Therefore 42 of the 171 symbols can be corrected, this gives a correctable rate
of 42/171 x 100/1 = 24.56%, which is better than the hamming correctable rate of
12.5%. However, that is a best-case scenario, if single bit errors occur all in separate
bytes the correctable error rate can drop from 24.56% to as low as 3%.
Comments:Although the correctable rate of this reed-solomon example is higher than
the hamming code example, the hamming code can correct 1 error in every byte where
the reed-solomon code can only correct 1 error in 42 of the 171 code bytes or symbols if
they occur in that manner. So there is a tradeoff between a code that can correct multiple
bit errors or single bit errors.
4.2.4 Convolutional Coding
Convolutional coding creates symbols using shift registers and modulo2 arithmetic. Basi-
cally the encoding process is as follows: for each incoming bit a symbol is created which
is then transmitted and stored. To decode, the symbol stream is retransmitted to the de-
coder where they are temporarily stored and decoded using trellis diagrams and mapping.
The redundancy for convolutional coding is high (50%) because for every bit received
a codeword is created, usually 2 bits. The decoding as also slow and tedious due to the
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 4 - ERROR DETECTION AND CORRECTION 33
trellis diagram generation and mapping. Convolution coding is therefore not suitable for
a high-speed, low redundancy storage medium.
4.2.5 Polynomial Codes
Polynomial codes treat strings of binary information as coefficients of polynomials Xk-l to XO
of degree 'k-L'. Eg: the binary string "101" is represented as lx2 + Oxl + Ixo = x2 + 1.
A generator polynomial, G(x), must also be chosen which has both highest and lowest
order bits as 'Is'. The process for choosing a suitable generator is complicated and not
discussed further.
The encoding process is fairly simple, the information bits to be encoded are placed as
coefficients in a polynomial string, M(x). r zero bits are then appended on the end of
M(x) forming a new polynomial, Q(x) which is then divided by the generator polynomial,
G(x). The remainder is then subtracted from Q(x) to form the codeword C(x) which is
then storable. Therefore all stored codewords are divisible by the generator polynomial.
The degree of protection is controlled by the complexity of the generator polynomial.
Decoding is similar to encoding, the codeword is divided by the generator polynomial and
if no remainder occurs then the data is assumed to be correct. If a remainder occurs then
the data is assumed to be in error and corrected by analyzing the remainder. To compare
the polynomial code to the previous codes an adaptation is done as follows:
1. The data packet size is chosen as 8 bits therefore k must be 8.
2. The position of a possible error in the codeword must be located, knowing that the
possible position of the error is greater than k, due to the redundant bits been added
on. Therefore, setting r as 3 gives only a possible 8 positions, which is not enough,
therefore r must be chosen as 4, giving 16 possible positions.
3. The codeword is now 8 bits + 4 syndrome bits equalling 12 bits in total. This gives
the same redundancy as the hamming code counterpart.
The polynomial code is equal to the hamming code in redundancy and correctable rate.
The problem with this code is in the implementation process. Encoding and decoding
requires polynomial division and to implement it in hardware requires moduloz arithmetic
of a k stage shift register which is too time consuming for the bandwidth required so
therefore not a viable solution. So unless modulo2 arithmetic could be done in parallel
it is too slow for the required purpose but even so, hamming code is easier to implement
and gives the same results and therefore would be better choice.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 4 - ERROR DETECTION AND CORRECTION 34
4.3 Conclusion
The above investigation singles out two error correction codes that meet the requirements
of high-speed, low redundancy storage medium, namely the Hamming Code and the Reed-
Solomon code. Both are easily implementable using minimal extra hardware such as an
FPGA. The adapted hamming code discussed in 4.2.1 gives a correctable error rate of
12.5% with a redundancy of 33.3%. The adapted Reed-Solomon code of equal redundancy
discussed in 4.2.3 gives a correctable error rate of 24.56% which is almost double that of
the hamming code. But the Reed-Solomon correctable error rate is dependant on where
the errors occur and can drop as low as 3% as a worst case scenario. Hamming code can
only correct single bit errors in a byte and detect double bit errors where Reed-Solomon
can correct multiple adjacent bit errors.
Therefore the main factors determining which ECC to implement is what type of bit
flips are expected to occur and if burst errors will be experienced during reading or pro-
gramming with the flash memory.
Hamming error correction code is fairly common among high speed storage medium and
does not present much of a challenge whereas Reed-Solomon coding is far more complex
and has a wider protection possibility and will therefore be chosen as the error correction
code.
A Reed-Solomon coding scheme will therefore be designed and, according to 4.1.3,
implemented in hardware.
Stellenbosch University http://scholar.sun.ac.za
Chapter 5
Designing the Memory Protection
Unit (MPU)
The main errors that can occur in the flash memory were discussed at the end of chapter 3.
The detection, mitigation and reporting of these errors is the main focus of this thesis and
forms the basis from which the memory protection unit will be designed. Throughout the
rest of this thesis the overall system that monitors, detects, mitigates and reports errors in
the flash memory will be referred to as the memory protection unit, or MPU. This design
is focused on monitoring one flash device, although it is known that most memory systems
consists of arrays of devices. Therefore, throughout the study, a modular approach will
be followed so that parts of the overall design can be duplicated to monitor more than
one device.
This chapter begins by discussing the basic requirements of the MPU. Using these require-
ments, decisions are then made concerning the various subsystems and their respective
implementation strategies. Concept designs are then developed for each subsystem which
is later refined, detailed and finally added together to form an overall concept design for
the MPU system.
5.1 Specifications Required by Project
In order to reach a final goal, certain rough estimates concerning the specifications must
be made. The random nature of radiation induced errors in a memory system makes
deciding upon exact specification difficult but imperative to build a framework in which
to design.
The main requirements for the MPU are:
1. The data stored in flash memory must be protected to a minimal level of one bit
correctable per byte stored.
35
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 36
2. The flash memory device must be protected from single event latehup and any other
destructively high current events.
3. The MPU must be versatile to handle any flash device of any size.
4. The CCD camera would provide synchronous 8-bit data at a maximum frequency
of 10 Mbytes per second to be stored in the flash memory. The data would also be
accessed from the memory at up to that same speed. The MPU must therefore be
able to function at that speed.
5. The flash memory device must also be protected from functional errors.
6. The power consumption of the MPU must not exceed 1Watt.
7. Faults and errors must be reported to the OBC even if the flash memory unit is
offline or damaged.
8. The MPU must be modular and independent from the actual mass memory unit
controller and driver.
5.2 Developing a Concept Design
From the requirement analysis, a conceptual design must be created in order to propose a
way to meet and satisfy the needs set out. Evaluating the requirements provides insight
into the challenges ahead and gives ideas on how to solve these issues. Firstly the basic
subsystems that make up the overall system must be chosen, giving structure to the broad
outline. The engineer must then contribute innovations to come up with a concept on
how the system must be built. This modular process is then repeated each time, in more
detail and on a lower level, until the final design is implemented.
In the following subsections, the concept design of each subsystem is investigated and
discussed using the insight acquired from the requirement analysis and from the con-
straints set by the peripheral systems that interact with the mass memory unit.
5.2.1 Scope and initial problems of design
It is important to define the scope of the thesis in order to focus the study on what is
relevant to fulfil the requirements and not on areas that fall outside of the scope. This
study involves the radiation errors associated with flash memory, not the design of a mass
memory flash system itself. Therefore certain aspects of the system must be addressed
such as:
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 37
1. The design of the actual mass memory unit, or RAMDISK, is not part of this study
and therefore not undertaken. This includes aspects such as:
(a) Interfacing with the peripheral subsystems such as the on-board computer,
imager and telecommand systems.
(b) Architecture of the RAMDISK. This includes how the RAMDISK is physically
structured and how the flash memory system is interfaced.
(c) How power is supplied to the RAMDISK.
2. The peripheral subsystems that interact with the mass memory module, such as
the imager, telecommand and telemetry system, and power regulation units were
assumed as given entities which comply to their specifications.
3. The actual type flash chips used in the mass memory module will be assumed to
be NAND flash. This is a logical decision since NAND flash is perfect for the
requirements of a low power high density mass storage medium and NOR flash is
more suitable for random access memory, as discussed in section 3.3.
To be able to begin designing the various subsystems certain assumptions and choices
must be made in order to narrow possibilities and focus on an implementation scheme.
These assumptions and choices are:
1. Choosing and implementing the EDAC code, decided upon from the tradeoff anal-
ysis performed in chapter 4, largely depends on the actual flash ram chip for which
it is being implemented. The operation of different flash chips is fairly similar and
therefore not of great concern. It is the internal architecture of the memory area
in different flash chips that varies considerably. This includes different page sizes
and block sizes which influences how data is stored and how areas are addressed.
These changes greatly influence the codeword size of EDAC codes and are therefore
of great importance.
The K9F1208XOA, made by Samsung, was selected to be the memory chip in the
design. It was chosen due to its high density, low power and sufficient availability.
Although the design will be made specifically for this model, it should be easily
updateable to accommodate a different size of NAND flash chip. This was neces-
sary to ensure the design does not quickly become redundant due to the constant
improvement of flash chips. The K9F1208XOA is discussed closer in subsection 5.2.2.
2. The imager is modeled as a 8-bit data pump which outputs the data bytes at a
maximum speed of ten megabytes per second. The speed of the bytes are however
allowed to fluctuate to any slower speed. The outputted data from the imager is
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 38
accompanied by a strobe line which informs the memory unit of the arrival of a new
byte. No indication of the size of incoming data is given only that it will output
a certain amount and then stop. The imager is assumed to be controlled by the
OBC and that the memory module does not interact with it, merely collects the
outputted data.
3. A regulated 3.3 Volt power supply is assumed to be supplied to the mass memory
module and therefore available to the MPU. A later development required a 1.8 Volt
supply and therefore also assumed available.
5.2.2 The K9F1208XOA Flash Memory Module
The entire thesis is based around flash memory devices. Therefore, in order to under-
stand the device drivers better, it is imperative to have a closer look at the chosen memory
device. This helps make critical decisions when designing subsystems that have to com-
municate with the memory devices in some form.
According to the datasheet [14] the K9F1208XOA is a 528M-bit (64M-byte) non-volatile
flash memory component. The memory is organized as 131,073 rows (pages) by 528
columns, see figure 5.1, with a bus width of 8 bits. The memory array consists of 4,096
separately erasable 16K-byte blocks. Addressing the entire memory space requires a 26
bit address, therefore 4 cycles are required for byte-level addressing.
1 Bba. :,]2 PaJEI'i
=(16K t- 512) 8)113
" PaJfl ;: 6J:6 B~ta
1 nUk;: &28 B~a x 32 Pagas
:;;(lEK. 612) Byte
1 0iNK'.t1 "::52f1J~1967. :!.2~l"$ r.: 40!ï6 EllodI!s
~ :::628 '.tliis
Bt.'
1/00 ~O I 1102 I,'n V04 1,05 1.0 6 1107
IsIC"';' AD AI k A3 A. .. M Ar Column Address
"ndC"". A' A.IO Au A" All Au AIS A.. Row Addreu
:!ld""'. An AlB A" Am k' k, An ""
(Pag@ AddresS)
4I1lC"". A... t, '1 'L " 'I. OL 'I.
Figure 5.1: The K9F1208XOA Memory Array Configuration ((14) Fig.2-1)
Electrically the maximum operating current is 20mA and typical supply voltage is 3.3V.
This gives a low power consumption figure which is favorable. The minimum number of
valid blocks is 4,026 of the 4,096, therefore a maximum of 70 bad blocks, to begin with,
is assured. The first block however, placed at OOhblock address, is fully guaranteed to be
a valid block therefore would be a suitable place to store valuable data.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 39
From these specifications it was noted that:
1. The 8-bit data width of the flash memory coincides with the width of the data
stream outputted from the imaging subsystem which should prove useful in meeting
the timing requirements caused by streaming data.
2. The page size is 528 bytes which will have a large influence in choosing a codeword
size since it would be favourable for each codeword to fit exactly into a page without
wasted space or overflow.
3. Having to send a 4 cycle address each time a specific page is addressed will influence
the addressing scheme due to the extra time required.
4. The non-volatile nature of flash memory allows all power to be removed from it
without losing any of its data. This will prove useful since flash memory is less
susceptible to radiation damage when not powered.
5.2.3 System Level Layout
To begin the design process, a top-level layout was done to depict the systems that in-
teract with the mass memory module, how they are connected and where the memory
system fits in on a satellite, see figure 5.2. Three systems are shown to have access to the
mass memory unit which is shown as a dark box. Figure 5.2 gives no information on the
internal architecture of the mass memory system but shows the surrounding units and
the way they interact with the memory.
Although the MPU will be designed to be a part of the mass memory unit, the over-
all architecture of the memory unit is not important to this study, since some of the
goals of the MPU system was to be modular and independent from it. The mass memory
controller will be modeled as a system which merely inputs and outputs data to the flash
device as well as interfacing the commands to it. This is sufficient because any interface
or controller would have to use the basic command and control structures dictated by the
flash device's datasheet.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 40
Imager
Mass Memory Unit
(Consisting of 64M-byte ram chips, the
control circuitry and the MPU to be
designed)
Onboard
Computer
(OBC)
Downlink
PowarSupplySv,\em
(3.3Vandl.8Vtupp~)
Figure 5.2: A top-level layout of the relevant peripheral subsystems
5.2.4 Concepts for MPU design structure
Now that the external factors to the mass memory system have been realised, the concept
design of the MPU can begin. Figure 5.3 shows a proposed design structure for the MPU.
This figure is an internal section of the Mass Memory Unit shown in figure 5.2.
The MPU encapsulates the control architecture without internally interacting with it.
It therefore remains independent from the control. This gives the MPU the capability to
be added to any control architecture interfacing flash memory which is one of the design
goals.
The thoughts behind this structure was that the incoming data or outgoing data passes
through the MPU layer. This allows the MPU to control what data reaches and exits the
flash interface layer. Having control over the data flow allows the data to be processed,
therefore making the EDAC implementabIe in the MPU layer. The external control sig-
nals to and from the peripheral components, such as the OBC, however, can be directly
passed through the MPU layer therefore making the MPU transparent to the overall sys-
tem which is another of the design goals.
Control over the power supply to the flash chip will also be required by the MPU and
therefore the power rails must also pass through the MPU layer.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 41
Mass Memory Unit
~~" Spe "~
MPU ~Inputted Data KPower supply rail
Source or Outputted y 9Data Sink ~een Externalomponents-, , \,
IMemm)' Bus to-\
FFlash Memory
1System Control
Flash Chip -v
Arch itectu re 2
I Power Supply I h- O,'A 8
v
Figure 5.3: Concept design of MPU module inside Mass Memory Unit
In order to give the MPU, itself, structure, the various requirements of the study must be
realised and assessed. Figure 5.4 is a flowdiagram which gives a description of the various
error states that can occur, according to section 3.4, and suggests a mitigation scheme for
each of them. Each error detection, correction and mitigation scheme that was presented
in section 3.4 can dearly now be seen and development of each scheme can follow. The
entire system design and development will be structured around this diagram since it
depicts all the necessary areas of the study that need to be created and implemented.
The main subsections of the MPU are thus:
1. Error Detection and Correction (EDAC).
2. Single Event Functional Interrupt (SEFI) Handling.
3. Single Event Latehup (SEL) handling.
4. Bad Block Management.
5. Error reporting to OBC.
It can also be seen from figure 5.4 that certain separate error schemes are linked, such as
determining whether a SEFI or SEL has occurred. Both schemes have to check the state
of the current being drawn by the flash chip therefore will probably share hardware and
software resources later in their respective developments.
The fact that in certain mitigation schemes the current process, that became faulty, has to
be rerun means that there has to be a small amount of interaction between the MPU and
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU)
Start Process
Copy data to next
available block
(Block Replacement)
Attempt to recover
bad blocks
Retry process, il
error map out bad
block
Cycle Power
42
>---~Corrected by ECC f------.{
Uncorrecteble
'--------Il0l Data. Invalid Data f---------i
Flag set
Mask out invalid
block to prevent
lurther usage
Determine which SEFI
occured and mitigate
accordingly
Cycle Power Repeat process
Remove power
Irom damaged
chip
Continue process
Report lailure to
aBC
Current
returned to
ccept. leve
Figure 5.4: Flowdiagram showing all possible error states and suggested mitigation
schemes
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 ~ DESIGNING THE MEMORY PROTECTION UNIT (MPU) 43
the Mass Memory controller in order for the latter to be informed of the error. The MPU
is therefore not completely independent from the mass memory controller as previously
believed. The interaction between the two, however, will be kept to a minimum, such as
an error signal with no data transferred.
Concept designs of each of these five sections are completed in the rest of section 5.2.
5.2.5 EDAC system
As data arrives from the peripheral sources, such as the imager, it must be encoded before
it arrives at the mass memory controller where it is sent to the flash memory hardware
for storage. Similarly as data is requested from the memory controller it must be decoded
and corrected before being transmitted to the intended recipient.
The EDAC system must therefore intercept the incoming data before it arrives at the
mass memory controller. Since one of the goals was transparency of the EDAC to the
memory controller, the EDAC system therefore cannot have any control of the data ar-
rival or data retrieval from the external peripheral components. The EDAC system must
therefore be designed to be in a ready mode, waiting for data to arrive from either side,
the data to be encoded and stored or retrieved and decoded.
As external data to be stored arrives it must immediately be passed to the encoder
which in turn transmits the encoded data to the memory controller which stores it in
the flash memory. Similarly as encoded data arrives from the memory controller it must
be sent to the decoder which must perform any needed error correction and then output
the decoded data to the external recipient. This will ensure that the EDAC encoding, or
decoding, occurs as fast as possible to ensure the data rate is maintained. A backlog of
data at the encoder which cannot be maintained would cause the data to be corrupted
or lost, and therefore superfluous, since the data that arrives cannot be retransmitted
(an image is taken while scanning a section of the earth as the satellite rotates around
the orbit, therefore cannot be retaken immediately). A backlog at the decoder would be
less critical but extremely difficult to correct and therefore should be avoided at all costs.
The encoding process, as mentioned in earlier chapters, must occur on-the-fly and at a
suitable speed to ensure no unmaintainable backlog occurs.
In order to design for these requirements, the chosen error correction code, Reed Solomon
code scheme (see section 4.3), must first be examined. This will reveal the complications
or challenges that must be overcome in order to make the EDAC system successful.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 44
Reed-Solomon Concepts
As discussed in section 4.2 a Reed-Solomon code is quite complex and requires a fairly
large amount of computing power to be implemented. The design of the actual low-level
encoding and decoding process is beyond the scope of this thesis, however can still be
implemented. A specific Reed-Solomon encoder/decoder integrated circuit can be pur-
chased and implemented into the design. Xilinx offer a Reed-Solomon ASIC that can
perform the necessary data encoding and decoding, however, to employ an entire hard-
ware component just for a single process, with no other possible usage, would be deemed
overkill and therefore another solution should be sought. A more viable option would be
to implement the Reed-Solomon encoder/decoder in an FPGA. This allows the hardware,
the FPGA, to be used for other purposes besides error detection and correction.
The best way to implement a Reed-Solomon system is by installing a Megafunction in an
ALTERA FPGA. Megafunctions create high-level entities, that can be altered to suit the
required specification, which can be programmed in an FPGA. FPGA's are programmed
using VHDL (very high speed integrated circuit hardware descriptive language). Mega-
functions merely create 'ready made' VHDL entities for ALTERA FPGA's. ALTERA
manufactures many different FPGA's which differ largely in size, capability, speed and
cost. Determining which model of FPGA to choose will be done at the end of the low-level
design phase when all the hardware requirements are known.
The control and operation information of the Altera Reed-Solomon component was ob-
tained in [1]. The important factors of the encoder/decoder that dictate its operation and
influence the system design are:
1. The encoder basically accepts symbols and outputs them on the next clock edge.
This continues until the chosen amount of data symbols per code block have been
accepted. The encoder then outputs the chosen amount of code symbols to complete
the code block and can start a new code block by accepting new data symbols again,
see diagram 5.5.
2. Similarly the decoder accepts the data symbols followed by the code symbols but
unlike the encoder, only starts outputting data symbols once the entire code block
has been read in. A valid flag is set when the outputted data is available and
valid. This flag is cleared if the outputted data is invalid. There is also a waiting
period from when the last block symbol is inputted until the first decoded symbol
is outputted.
3. Encoding and Decoding can operate at speeds greater than 100MHz which is more
than sufficient to meet the requirements.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 45
4. The decoder has a bypass utility that allows the incoming symbols to pass through
unaltered.
I)
ENCODER
2)
ENCODER
Figure 5.5: Encoding showing (1) the data symbols being streamed through the encoder
and (2) the code symbols created following the last data symbols
The design
The previous subsection gave valuable insight into the operation of the chosen Reed-
Solomon encoder and decoder, and what is required to meet the EDAC constraints. Both
the encoder and decoder need controllers, or drivers, to manage their respective opera-
tions, eg: there would be necessary key control signals such as informing the encoder / de-
coder that a new code block is being started or that a new symbol has arrived, etc. A
bypass utility for the encoder should also be implemented in case the encoder becomes
damaged and starts corrupting data. One main control unit would be sufficient in con-
trolling the operations of the two EDAC entities and bypass system.
The code symbol creation and insertion into the symbol stream done in the encoding
process produces latencies into the system. In the decoding process, waiting for the first
decoded symbol to be outputted after the last block symbol has been inputted into the
decoder also creates latencies. These latency problems will cause data to be lost due to a
backlog being formed and must therefore be mitigated.
A solution to this problem is to buffer the data on both sides of the encoder and de-
coder. The data will therefore be fed directly into a first-in-first-out (FIFO) queue and
can easily be monitored by watching its noLempty signal which informs the EDAC con-
troller when data is being queued. The FIFO queue will ensure that the order of the data
stays intact, therefore no corruption can occur. On completion of encoding or decoding,
the data can be sent to an output buffer similar to the previous FIFO queue. From there
the data can be handled in whatever way the next recipient requests.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 46
The size of the various FIFO's will however differ. For example, the input FIFO to
the encoder only has to queue symbols while the code symbols are being outputted there-
fore will have a maximum depth of the number of code symbols created. The input FIFO
to the decoder, however, can end up queueing up to an entire codeword since the decoder
has to input a whole codeword before outputting a single symbol. All this buffering re-
quires a fair amount of memory (An entire codeword can be up to 255 bytes). A solution
would be to use internal RAMBLOCKS that are embedded in certain FPGA's. Luckily
enough the same make of FPGA, ALTERA, that was chosen for the Reed-Solomon coding
implementation also manufactures FPGA's with internal RAMBLOCKS. Therefore the
same hardware can perform both needed tasks.
Another vital aspect is the reporting of errors that could occur in the EDAC system.
They are:
1. The output buffers of either the encoder or decoder could become full due to the
next stage recipients not emptying them.
2. Too many errors occurring in a codeword would cause the decoder to fail and that
data block would become corrupted.
3. Not enough data symbols could arrive at the encoder to fill the last data block.
Therefore not getting encoded which could leave that data vulnerable to any number
of bit upsets
Error number 3 can be overcome by setting a watchdog timer checking the arrival rate of
the data symbols. If the watchdog times out then it can be assumed that the dataflow
has ended and the rest of the final block can be filled by arbitrary data.
The other 2 errors must be reported to a higher level controller which can then handle
the errors and, if needed, report to the OBC.
An overview of the high-level design concept for the EDAC system is shown in figure
5.6.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 47
Encoder Input Buffer
ENCODER
EDAC
tr======~ CONTROLLER Report to main MPU Controller
DECODER .... ~
.. ~
Figure 5.6: High-level concept design for EDAC subsystem
The four FIFO buffers and the respective dataflow directions can clearly be seen. It is
important to notice that the EDAC controller only has control over the two input buffers
but not of the output buffers. The two output buffers only report whether or not they
have become full to the EDAC controller. Their respective controllers are based in their
respective recipient stages.
The EDAC controller reports to the main MPU controller. This was decided upon to keep
the subsystems modular and therefore requires a main top level controller which monitors
and controls all subsystems. The main controller will be designed at a later stage.
This completes the concept design of the EDAC system. The actual low-level design
and implementation was done in 6.3.1.
5.2.6 SEFI handling
The complex nature and behavior of SEFI's was discussed in detail in subsection 3.4.2. It
was concluded that SEFI's could not be prevented therefore the only mitigation scheme
possible was to observe the failure of the flash device and then correct that failure. Cor-
recting SEFI's according to subsection 3.4.2 entails cycling power, or resetting the device,
or restarting the process that the flash was executing when failure occurred. But in order
to choose a mitigation scheme certain information about the flash must be known such
as:
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 48
1. What type of operation was the flash executing at the time of failure?
2. How much electrical current was the flash device drawing during this operation?
3. Were the previous operations, before the device failed, successful?
Most importantly, before any mitigation can take place, the occurrence of a SEFI must
be detected. Using all these facts the SEFI system concept can be designed.
The design
By looking at the required mitigation and monitoring schemes highlighted in subsection
3.4.2, certain devices were required namely:
1. A current monitoring system to report how much current is being drawn by the
flash device.
2. A power control circuit which can control the current supply to the flash device
therefore making power cycling possible and even power removal if necessary.
3. A watchdog circuit which can determine if a SEFI has occurred by monitoring
its operations and timing out when the flash device stops responding.
4. A reset circuit which sends the reset command to the flash device. This command
causes the flash to abort any operation in execution, clearing the command register
and status register.
5. A flash operation monitoring system to monitor what the flash device is doing
at all times.
Similar to the EDAC system, a SEFI controller was decided upon in order to monitor
the 5 SEFI subsystems just discussed. The SEFI controller controls and monitors each of
the subsystems and reports any errors to the main MPU controller just like the EDAC
controller. The discussion of each of the other devices follows.
The current monitoring system must be connected to the power supply rail to the
flash chip in order to analyze the current being drawn by the device. This will require
the monitoring system to be inserted in series with the supply rail. A current sensor is
not implement able using an FPGA since FPGA's have digital logic input/output pins not
analog, which is required. Therefore an external current sensor must be chosen.
Most current sensors operate by inserting a small resistor « 1 ohm) in series with the
current line that is being measured. The tiny voltage that spans across the small resistor
is then amplified to give a current measurement. This current measurement is still an
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 49
analog signal and must be converted to a digital signal in order for an FPGA to analyze.
Analog to digital (A2D) converters perform this task and will therefore be added to the
current monitoring system. The current sensor measurement will therefore be sent to the
A2D converter which in turn will output the digital equivalent value to the current con-
troller implemented inside the FPGA where the current measurement can be analyzed.
The current controller also has to control the operation of the A2D converter, such as its
sampling rate.
A suitable A2D converter and current sensor will be chosen in the low-level design phase.
The main factor of the converter is its resolution. A greater resolution gives a higher
degree of accuracy but will obviously cost more. The radiation hardness of the current
sensor and A2D converter is also a major factor influencing the device choice.
The power control circuit must be able to turn the power supplied to the flash de-
vice on and off with relative high speed. Similar to the current measurement system, the
power control circuit must also be in series with the power supply rail to the flash device.
The flash chip must be supplied with 3.3V when 'on' and DVwhen 'off'. According to [14],
the supply voltage can vary from 2.7V to 3.6V. This allows some leeway in the control
circuit which will be developed in the low-level design phase. The power circuit will be
controlled by the SEFI controller implemented inside the FPGA. Therefore the switching
device must be compatible with a digital input/output pin from an FPGA.
The main aim of the watchdog circuit is to monitor the flash device's operation and
timeout when the flash device·suspends. The non-operation of the flash device cannot be
detected by checking its status byte therefore requiring the use of a watchdog circuit. In
order to monitor the flash device's operation the bus lines connecting the flash must be
monitored. One of the goals of the MPU is to remain independent from the Mass Memory
Controller therefore interfacing with it would not be acceptable. This leaves the latter
as the chosen option. By monitoring the physical bus lines that connect to the flash, all
operations and data being sent or received with the flash chip can be obtained, without
any knowledge of the Mass Memory Controller/interface. This ensures the independence
of the MPU shown in figure 5.3.
A great option would be to send the bus lines to the flash operation monitoring sys-
tem which can then analyze what operation the flash is executing. Therefore as a new
command arrives at the flash device, the flash operation monitor can determine what type
of command it is and in turn inform the watchdog circuit, which can then monitor the
operation accordingly. It is imperative for the watchdog controller to be informed as to
the type of operation being executed by the flash because different operations react in
different ways.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 50
The actual watchdog circuit can either be implemented in an FPGA or by using an ex-
ternal circuit. In order to minimize extra hardware it will be implemented in an FPGA,
which is already required by previous designed devices, along with the watchdog con-
troller. Similarly the flash operation monitoring system will also be implemented in an
FPGA.
The reset circuit poses a problem because, unlike the previous SEFI systems, the reset
circuit has to actively interact with the flash device. This is because the reset command
has to be sent to the flash chip which would entail taking control of the physical bus lines
controlling the flash. In order to take control of these lines would require hardware mul-
tiplexers and control lines. This extra hardware is unwanted and not a suitable solution.
As mentioned in section 5.2.4 a small amount of interaction between the MPU and mass
memory controller is inevitable. A viable solution would be a single reset line between
the MPU and mass memory controller which informs the latter of the SEFI and initiates
a reset command to be sent to the flash device.
Now that all the required systems are in place the SEFI controller, previously mentioned,
has all the information and control devices to perform the necessary mitigation strategies.
The SEFI controller, as with the EDAC controller, will report all necessary activities to
the main MPU controller which, if need be, can report to the OBC. An overview of the
high-level design concept for the SEFI system is shown in figure 5.7.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 51
~ FPGA
From Power Supply
!i::::'ë I
g_.S E
~~ «lo ResetE u
- Circuit ~~,
~ : Reset Controller -, I '\
SEFI
CONTROLLER Current
~~ : Current Controller Monitoringand Analyzer
Circuit );'
II n '" -» , "" ·,·fé.: "-
Watchdog
Flash Operation
Timer and ~ Monitoring System mControl K
I 3.3V power supply rail 9
F ;"
1
•.~~~ 2
I~
0
Mass Memory
BUS LINES TO FLASH DEVICE 8
Controller
FLASH
-. ." '\ 'i:'<. ...;~~
I
Figure 5.7: High-level concept design for BEF! subsystem
Figure 5.7 clearly shows all the subsystem elements inside the FPGA (the grey block) as
well as the necessary added hardware. It is unknown how the mass memory controller /in-
terface is implemented but if it is implemented within an FPGA then the SEFI system
could also be implemented in the same FPGA, therefore sparing the need for extra hard
bus lines to link the original bus, as seen in the figure 5.7.
5.2.7 SEL handling
Single event latehup is a hard error which can cause permanent damage to the flash
memory. The cause of latehup was investigated in chapter 2.3.3, and the resulting effects
caused in flash memories in chapter 3.4.3. Whether or not the current flash memory
process fails due to the latchup, the latehup state must be mitigated immediately in order
to protect the device from physical damage.
Firstly latehup must be detected. The best way to monitor latehup is to monitor the
current being drawn by the flash device. Therefore the current supply rail must be mon-
itored at all times. However, a current monitoring system has already been conceptually
designed in the previous section, section 5.2.6. This monitoring system can be used to
detect latehup as well as SEFI's. So no extra hardware will be needed to detect latchup.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 52
However, in order to detect latchup, much higher currents than originally planned for the
SEFI current system must be monitored. The current monitoring system must therefore
be calibrated to handle a wider range of current values, which will impact on the A2D
converter choice in order to maintain the intended resolution capability.
Mitigating latehup entails removing power from the device and then re-applying power.
The high current levels should then return to acceptable levels. If the current does not
return to an acceptable level then the device can be acknowledged as being permanently
damaged, therefore power should be completely removed from the device and its mal-
function reported to the master MPU controller which must then report to the OBC.
The power to the flash chip must be controllable in order to remove and re-apply power.
As with the current monitoring system, a power control system was already conceptually
designed in the previous section and will therefore not require re-designing. The entire
SEL system can therefore be implemented by enhancing the SEFI system to meet the
SEL requirements as well as its own.
5.2.8 Bad Block Management
Bad blocks, or invalid blocks, were discussed in section 3.4.4. This involved their def-
inition, preliminary facts about their occurrence and reasons for the requirement of a
mitigation scheme. It was realised that a bad block does not affect the surrounding
blocks and can be mitigated by simply not using the bad block in any way. An effective
measure to remove a bad block from usage is to map it out of the addressing scheme.
The address handler will no longer address the block therefore mitigating all the prob-
lems associated with that block. A system must now be developed in order to detect and
manage the occurrence of bad blocks. The main goals of the system are:
1. To detect and record the occurrence of new bad blocks.
2. To store the position of all known bad blocks using as little resources as possible.
3. Quick simple access to the bad block data.
4. Knowledge of the total number of bad blocks.
The design
Preliminary discussion involving the bad block system revealed that the reading/ pro-
gramming/ erasing, and therefore addressing, of data to the flash chip will be done by
the memory controller. As mentioned in the previous section, all interaction with the
memory controller is kept to a bare minimum and therefore the addressing scheme used
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 53
by the controller will be unknown to the MPU. A small amount of interaction between the
two is necessary in order to convey the bad block information to the memory controller.
Therefore the bad block management system must provide a small simple interface to
the controller so that information can be transmitted between the two. How the memory
controller uses the bad block information is inconsequential, the bad block system must
just be able to provide the required information.
Firstly an appropriate storage structure and scheme must be developed. This can dictate
what hardware is required and then the appropriate implementation can follow.
A solution is to record the address value of each of the bad blocks. The addresses would
then be stored in a look-up table which can be externally accessed by the memory con-
troller in order to perform bad block checking. This would entail storing the entire block
address which would require roughly 2 bytes per bad block address since a block address,
according to figure 5.1 (bits A14 to A25), is 12bits wide. This bad block scheme was
found unsuitable because:
1. With only a few bad blocks this form of monitoring would be efficient, but as the
number of bad blocks increase, the lookup table would expand and become extremely
large. For example, if half the flash device's blocks became invalid then the amount
of storage space required by the bad block table would be 4,096 bytes.
2. The amount of memory allocated to implement the lookup table would be unknown
and hard to choose, which could become critical if multiple flash chips were to be
protected requiring multiple lookup tables.
3. A complicated addressing scheme within the table would also be required in order
to arrange the addresses accordingly as they are added to the table, and to keep
track of what addresses are stored.
4. Lookup time would also be variable and increase as the table size increases. For
addressing purposes, the variation in time to check the bad block table is unaccept-
able.
Due to the above reasons a better alternative was investigated. Instead of storing ad-
dresses it was chosen to represent the entire flash memory block address space as a bitmap.
The bitmap being a table of fixed size, in which each block of flash memory is represented
by a single bit, a flag bit. A flag bit can either be set as valid, representing a valid block,
or invalid, representing an invalid block. The flag bits are numbered and stored in order
with their respective flash memory block number, see figure 5.8. Note block 35 being
marked as an invalid block. The advantages of this bad block scheme are:
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 54
1. The exact memory size required by the bad block table is fixed unlike the lookup
table. This allows the designer to make decisions relating to its storage and opera-
tion. According to subsection 5.2.2, the flash chip concerned has 4,096 blocks. The
bad block table will therefore be only 4,096 bits in size. Compared to the lookup
table scheme, a lookup table of equal size would only allow the storage of 256 block
addresses, which is only 6.25% of the total block addresses. The size advantage can
clearly be seen.
2. The exact location of each block in the table is known therefore checking its validity
is instant, requiring no lookup time as with the previous scheme. The only time
delay will be in interfacing with the bad block table which will be kept to a minimum.
3. The addressing scheme for the bad block table will simply be the number of the re-
quested block from the flash memory. Therefore intricate addressing is not necessary
which simplifies the design considerably.
4. An increase of bad blocks does not affect the table size nor does it affect the speed
of the bad block table. This is a major advantage over the previous scheme.
V \I II V II V \I \/ ....
IJ\lVVVVVV
16 "VVVI/VVV
24 VVVIIVVVV
v v II v II IJ
\I V V V V
64 V V V V
58 "V""VVI/II
72 V V II V
v v v v V IJ
Figure 5.8: Concept design of bad block table structure
The table should be initialized using the manufacturer's information mentioned in subsec-
tion 3.4.4 and shown by figure 3.5 so that initial bad blocks will be mapped out immedi-
ately. As new bad blocks occur and are detected the table should be updated accordingly.
This will be a simple process of accessing the respective flag bit and marking it as in-
valid. Detecting new bad blocks was discussed in subsection 3.4.4 which basically involved
checking the flash memory's status register. In order to achieve this a bad block controller
must be implemented which monitors the status byte returned by each operation. If an
error occurs in an operation then the controller must perform the necessary updating of
the bad block table. The bad block controller must therefore monitor:
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 55
1. What address was last used by the flash memory.
2. The status byte returned after each operation.
This can be achieved by monitoring the control and data lines connected to the flash chip.
However, a monitoring system on these lines has already been implemented by the SEFI
subsystem designed in section 5.2.6. Therefore the bad block controller can be imple-
mented in that same FPGA without requiring extra hardware to be added. Within the
controller, an address decoder can be implemented which watches the control lines for an
address to be applied. When this occurs the address is obtained and stored while waiting
for the status of the operation to be returned. A status decoder can also be implemented
within the controller to watch for the status byte. If the returned status byte shows a
successful operation then the address can be discarded otherwise if unsuccessful then it
can be used to update the bad block table.
As with the previous sections, the operations of the bad block system must be reported
to the main MPU controller which in turn will inform the OBC. The bad block controller
will be responsible for reporting to the MPU controller.
Now that the bad block scheme has been chosen it must be implemented. The entire
contents of the bad block table needs to be stored in a non-volatile memory so that when
power is removed the table is not lost. The table also needs to support simultaneous
random access, reading and writing, so that any contents of the table can be accessed as
well as updated at the same time. The possible solutions are:
1. Store the table in the flash itself. This is an option that will satisfy the non-
volatile requirement. But the table requires random access which is not feasible in
NAND flash memory, it would be too time consuming and would require control over
the flash which is not possible due to the independence of the MPU and memory
controller. Updating the table would also be difficult in that flash memory is first
required to be erased, therefore temporary storage of the table will be necessary. The
bad block table checking would be extremely slow since the flash will be occupied
at the same time with the running program. All the above reasons make this an
unattractive option.
2. Store the table in separate non-volatile memory. This is similar to the
previous option but with the table being stored in different non-volatile memory.
The non-volatile requirement is satisfied as well as the random access requirement,
if a suitable type of memory is chosen such as EEPROM. The bad block operations
can be run in parallel with the flash memory operation which will satisfy all timing
requirements. Even though the extra memory required to store the bad block table
is relatively small, extra hardware will still be required to be implemented. This
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 56
is an unattractive option since extra hardware is not sought after. Extra hardware
means extra power, space and possible errors induced by radiation.
3. Store the table in flash and temporarily in an FPGA. Similar to option 1, the
table is stored in the flash memory but before the memory is used, the bad block
table is loaded into RAM where it can be accessed quickly and in parallel with
the flash operations. The table in the RAM can also be updated during normal
operation which is a requirement. Then at the end of flash operations the bad
block table in the RAM can be stored back into the flash if altered. Since flash
blocks can become invalid, the bad block table can be stored in multiple locations
to reduce chances of it being lost. The RAM required to contain the table can easily
be implemented in a RAMBLOCK within certain FPGA's. The FPGA chosen to
implement the EDAC system in has the requirements suitable for the RAMBLOCK
and can therefore be used. This is an attractive feature since no extra hardware will
be needed to implement the bad block system. The only problem will be if power
is lost between bad block storage then any new bad block locations will be lost.
But their occurrence should be detected on the next operation and so should not
prove to be a major problem. Block '0', the first block, on the chosen flash chip is
guaranteed to be valid and is therefore a suitable choice as the primary position of
the table.
Option 3 is by far the most suitable choice and will be implemented in the low-level design
phase. However, this will require the mass memory controller to retrieve and store the
ba.d block table at the correct location, which again requires a small amount of interaction
between the MPU and mass memory controller. A concept design of the bad block system
is shown in figure 5.9.
5.2.9 Error Reporting
In the previous sections, each subsystem controller reported to a master MPU controller
which in turn communicated with the OBC. The subsystem reporting is all internal to
the FPGA and therefore can be achieved by simply linking the various controllers with
internal signals. This does not require external hardware or a communication protocol
to be developed. However, the master MPU controller must communicate with the OBC
which requires external hardware and a communications system to be installed. Since
no exact specification was outlined for communication with the OBC, all viable solutions
will be investigated and the most suitable solution chosen. Firstly the factors influencing
the decision must be outlined.
As errors occur in flash they must be reported to the OBC so that the system is aware of
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 57
FPGA
RAMBLOCK
::2 t _._~
controller
BAD BLOCK
Block 0 where bad
block table is star
CONTROLLER
tL---i' 1Address and Status'<--"> Register Decoder
~f',
~~f, K9~_/"'" F
~
1 ~,\!i
2
Mass Memory 0 1ftl!. BUS LINES TO FLASH DEVICEController 8
FLASH I·
'\. c~, ,"il' '\. '\.' ,>~y" ."
ed
Figure 5.9: High level concept design for bad block system
what is happening in the mass memory system. Reports include all major errors such as
new bad blocks, SEFI's, SEL and EOAC errors. The OBC will then know what state the
mass memory system is in and can therefore make adjustments, or inform the engineers
accordingly. Error reporting must be independent from the working of the memory and
memory controller so that if there is a failure or power reset then the errors can still be
reported. The speed of the error reporting system is quite critical. Influences on the
required speed will be EOAC failure and error detection reporting, bad block occurrence
reporting, SEFI and SEL reporting. For example, while data is being decoded an EOAC
failure would cause all the current data to be corrupted and therefore must be reported
immediately so that the memory system can compensate for the error accordingly, such
as requesting a retransmission of the data. Since the data rate is roughly 10 M-bytes
per second, the reporting rate must be similar in speed. The reported data must contain
information such as:
1. Type of failure.
2. Position of failure in memory (bad block).
3. Nature of failure.
So for a single error, a number of bytes of information has to be sent to the OBC.
Possibilities for the communication system are:
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 58
Serial Communication (RS232)
Serial communication is fairly simple to implement using 3 physical lines. The bit rate
is determined by the clock rate. Each bit is sent separately on the line in blocks of 10
bits, 8 data bits + 1 start bit + 1 stop bit). The overhead is therefore 20%. Serial comm
reaches speeds of 110KHz baud rate. Compared with the 10M-Byte per second transfer
speed, this comm. is rather slow and could result in major bottlenecks. Implementing
a serial comm. system requires a serial transceiver which is an extra piece of hardware.
Only 1 transceiver is necessary so therefore it is not such a burden to the system. The
pro's of using a serial comm. is that it is easy to implement, requiring an interface which
can be implement in an FPGA and a RS232 hardware transceiver. The downside of serial
comm. is its slow speed.
Controller Area Network Bus Communication (CAN Bus)
A controller area network bus (CAN bus) will allow the error reporting system to be
connected to a network at very high speeds. These controller area networks are common on
systems such as satellites where a variety of different hardware types have to communicate.
A CAN bus can reach speeds of 1M-byte per second which will be sufficient to meet the
timing requirements. CAN bus comm. requires 3 physical lines, a CAN bus controller and
a CAN bus transceiver. The controller can be implemented in an FPGA which then sends
and receives data via the transceiver which is separate hardware. Implementing a CAN
bus seems similar to a serial comm. but has certain differences: the controller is much
more complicated and therefore requires more FPGA resources. The CAN bus transceiver
is also far more expensive than the serial counterpart which is also a major influence. The
CAN bus therefore has a higher speed but is far more complex and expensive to implement.
I2C Communication
I2C is a bi-directional 2-wire bus communication for efficient inter-IC control, [13]. Only
two wires are required, a serial data line (SDA) and a serial clock line (SCL). Each device
on an I2C line has a unique address and has a master / slave relationship. The speed
of this comm. ranges from 400K-Bits per second in fast mode to 3.4M-bits per second
in high speed mode. Implementing I2C comm. requires the 2 bus lines and a controller.
Unlike the previous two forms of communication, I2C does not require a transceiver.
The linked IC's however must be I2C compatible. Since I2C can run straight off the
FPGA no extra hardware besides the 2 comm. lines is required which is an attractive
feature. The controller is fairly complex but can be implemented within the FPGA. I2C
communication is therefore fast enough to meet the requirements and is fairly cheap and
simple to implement.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 59
Decision and Design
In order to decide the most suitable solution a comparison was done between the three, see
table 5.1, where each deciding factor is ranked from 1 to 3, 1 being the best and 3 being
the worst. The low cost of 12C is contributed to the fact that no hardware transceiver
Table 5.1: Comparison of Communication Architectures
Cost Speed Implementation
Serial 2 3 1
CAN 3 1 3
12C 1 2 2
is required unlike the other two. Although 12C can achieve a faster speed than the CAN
bus, its average speed is slower and therefore was marked second in speed behind the
CAN bus in the table.
The totals for each solution are: Serial = 6, CAN = 7 and 12C = 5. 12C is there-
fore the most beneficial implementation. However, it was chosen to rather implement
serial communication for the following reason: The communication protocol required by
the OBC is unspecified and merely a conceptual design feature in this study, therefore
choosing one to implement is trivial and should not require lots of resources and time. In
order to implement an 12C interface in a personal computer, to test this system, would
be difficult and time consuming. Serial communication can easily be used in a personal
computer using the serial port and a serial data capture program. The RS232 transceiver
required is also fairly cheap and readily available, therefore not a cost increase over 12C.
So therefore serial communication proved a better option than 12C for testing putposes.
The concept design is shown in figure 5.10.
The peripheral subsystem controllers and their reporting to the master MPU controller
can clearly be seen. The error report control is handled within the MPU controller which
in turn sends the error messages to the serial interface / controller. Here the messages
are converted to the specific protocol and sent on the serial bus to the OBC. The serial
bus can transmit and receive data to and from the OBC by implementing two separate
serial lines. The MPU therefore does not necessarily have to be fully functional all the
time. It can be in a low-power-standby mode until informed by the OBC that data will
be arriving shortly. The necessary subsystems can therefore be brought out of standby
mode just for its required time.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU)
SDA sel
12CInterface and
FPGAController
~r~~
<:== Bad BlockController
e, Master MPU
Controller
<:== SELController
I cil cc
EDAC SEFI
Controller Controller
60
SDA line lo OBC -
SClline from OBC -
Figure 5.10: Concept design of communication system structure
5.2.10 Overall Concept Design
By combining and simplifying the previous concept designs, from 5.2.5 to 5.2.9, an overall
concept design was developed, see figure 5.11. All the subsystems and their relative
positions within the design can be seen. This gives the designer a perspective from which
to begin and plan the low-level design.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 5 - DESIGNING THE MEMORY PROTECTION UNIT (MPU) 61
Tx line to OBC -
Rx line from OBC-
Tx Rx
Serial Interface and FPGA
Controller
~ IMaster MPU
Controller From Power Supply
-;;il' ~
EDAC RAM' SELand SEFI ~
Power
Power Circuit CircuitCONTROLLER BLOCK CONTROLLE ControllerBAD R
BLOCK
CONTR
1 Uncoded Data Encoder I OLLER Address and Walchdog Flash CurrentI Status Operation ControllerDecoder Timer andf Register Monitoring and
~
Current( Decoded Data Decoder Control System Analyzer
r Buffer Mcnitorinq J
~~
Circuit
19 Ii;;~ ~Ii E 3 3V pofr supply rail~ ai~ j ~ £
~
~
~
0; g
K(;
~
iii
I~ -e 9..
I'" ~
Cl
~7 F1
:t~I 20
Mass Memory Controller 1# BUS LINES TO FLASH DEVICE 8
FLASH
'\: 1!lJII~' . >1",~%~;"'Ïi!~
Figure 5.11: Overall concept design of MPU system
Stellenbosch University http://scholar.sun.ac.za
Chapter 6
Low Level Design of MPU System
So far, the detailed concept design was completed in chapter 5. There, each of the re-
quirements for the respective subsystems were analyzed and discussed, forming functional
blocks which had to be implemented. The next step was to realize these blocks using the
necessary hardware and software. The low-level design allowed the design to be explored
on a chip level. This involved component selection and reliability discussions.
This chapter begins with a brief description on how hardware designs were implemented
in a FPGA and simulated using specific software. The next subsections detail how the
major implementations in each design section were achieved. Design sections being: the
EDAC system, the bad block system, the SEL and SEFI system and the error reporting
system. The idea was not to bore the reader with the intricate design of each system
but to highlight and discuss the main concepts and difficulties overcome in implementing
each system. This chapter ends by evaluating the various subsystems by using simulation
software.
6.1 FPGA and Programming Basics
As decided upon in chapter 5, the bulk of the low-level design was to be implemented in
a FPGA. This required a suitable FPGA to be chosen and the respective programming
language to be mastered and implemented. Firstly a brief background to FPGA operation
is given.
Basically a FPGA is a hardware device which can be programmed to perform an infi-
nite number of tasks. It consists mostly of a large number of logic-elements which are
configured upon being programmed by the hardware language. The hardware language
which programmes the FPGA is called VHDL (very high speed integrated circuit hard-
ware descriptive language). The written VHDL code must first be compiled, which is done
62
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 63
by the computer program associated with the chosen FPGA. The compiled code is then
programmed into the FPGA using a separate hardware programmer. Once programmed,
the FPGA will function as the VHDL code instructed.
In order to begin low-level design, a FPGA first had to be chosen so that the required pro-
gramming software could be installed and then used. Choosing a suitable FPGA involved
selecting one with the required features such as:
l. The FPGA must obviously be large enough. This involves having enough input
/ output pins which are needed in transferring data to and from the FPGA. Also
the design must fit into the FPGA, therefore must have enough logical-elements to
implement all the required design logic.
2. The speed of the FPGA is also a major factor. Most manufacturers offer similar sized
FPGA's but with different speed grades, the faster obviously being more expensive.
This leads to the next feature.
3. The FPGA must also be within the allowed cost budget.
4. The FPGA must provide all necessary internal components such as RAMBLOCKS
and phase-lock-loops.
Using the above information, the selection was narrowed down to selecting an ALTERA
CYCLONE FPGA. The new CYCLONE group of FPGA's from ALTERA have all the
features that were required, such as megafunction support and internal RAM, and was
one of the cheapest available FPGA's. The specific model could not be chosen yet un-
til the final design was compiled so that the total number of logical elements required
could be known. However, an important aspect of the low-level design is the frequency of
the system clock supplied to the FPGA. Considering the maximum speed that the flash
memory can operate as well as other hardware, such as the analog to digital converter, a
system clock speed of 50MHz was chosen.
The major subsystems of the MPU were described with VHDL. Throughout the low-level
design phase the VHDL code was compiled and simulated using the ALTERA software
program: QUARTUS II. This is a software development platform available to the stu-
dents from the University of Stellenbosch. QUARTUS II was also used to program the
FPGA via a BYTEBLASTER II hardware programmer which connects the FPGA to the
parallel port of the computer. Quartus II was chosen ahead of the popular Max+Plus II
design platform because the latter was not compatible with the new CYCLONE FPGA's.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 64
6.2 Design Structure
It was important that a structured design approach was followed so that the design could
easily be tested, maintained or expanded upon by other people. Structured design also
promotes reliability which is important for a system that will be used onboard a satellite.
Debugging is also made easier with a structured design set since the problem can be lo-
cated easily and efficiently.
The design of the various VHDL blocks was state machine based. An attractive fea-
ture of state machine based systems is that extra functionality can be added to the design
without any major changes to the design structure. Typically only a few extra states need
to be added to perform the required function.
An important lesson was learned while programming which was to keep the design syn-
chronous where possible. This means most assignments are performed on the rising edge
of the system clock and not on the edge of other signal transitions. Another hard les-
son learnt was to synchronize incoming signals from other hardware. These techniques
promote stability and mitigate the effect of glitches.
6.3 Detail Design
6.3.1 EDAC design
The concept design for the EDAC system was constructed in section 5.2.5 and displayed
in figure 5.6. From the design, three main areas were discussed and would now have to
be implemented, namely: The input / output buffers, the EDAC controller, and the Reed
Solomon encoder and decoder. The following subsections provide a detailed design of each
of these main areas.
Reed-Solomon Encoder and Decoder
The Reed-Solomon encoder and decoder was implemented by using a Reed-Solomon Mega-
Core function from ALTERA. The MegaCore creates an encoder or decoder which can be
altered to meet the required specifications concerning the Reed-Solomon coding scheme.
The encoder and decoder are separate entities but must both be designed to accept and
operate with the exact same Reed-Solomon scheme.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 65
Choosing appropriate scheme Since the incoming data is 8 bits wide it made sense
to set the symbol width to correspond with that width. Therefore, from section 4.2.3, the
maximum codeword size is 255 symbols. This is a convenient choice for the codeword size
since the page size for the flash memory is 512+ 16 bytes, therefore 2 codewords would
fit perfectly onto a single page. The level of redundancy would now have to be decided.
The maximum number of check symbols allowed by the MegaCore feature is 50 symbols.
Choosing 50 check symbols results in a redundancy of 19% which gives a correctable rate,
explained in 4.2.3, of 12.2%. This coding scheme is not acceptable due to the following
factors:
1. The correction rate of 12.2% is lower than Hamming code correction rate of 12.5%.
This is not acceptable even though Reed-Solomon allows multiple bit correction.
2. Implementing the (255,205) Reed-Solomon scheme in an FPGA requires over 5000
logic elements. This is a massive amount of logic and would require a much larger
FPGA than expected.
3. If an error occurred within a large codeword, all the data in that codeword would
be corrupted, therefore by decreasing the codeword size the relative vulnerability of
data would also decrease.
The number of logic elements required to implement the function is linearly dependent
on both the field size and the number of check symbols. Therefore by decreasing the
codeword size, a better Reed-Solomon scheme could be found.
By choosing a codeword size of 64 symbols, or bytes, with 21 check symbols, the hard-
ware resources required would greatly be decreased. The codeword size was chosen to fit
exactly into a page of flash memory, therefore 8 codewords will fit per page. This (64,43)
Reed-Solomon scheme requires <3000 logic elements which is a great improvement. The
redundancy is increased to an acceptable 32% and gives an error correction rate of 24.4%.
Due to these positive factors the RS (64,43) code scheme was chosen and implemented.
Data Buffers
The need for buffering was discussed in 5.2.5. It was concluded that FIFO buffers were
suitable to perform the necessary queuing task. The depth and control of the respective
buffers must now be decided upon and then implemented. A major factor influencing the
buffer depth choice is the frequency of the system clock. A clock speed of 50MHz was
chosen in the previous section.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 66
Encoder Input buffer The purpose of this buffer was to queue bytes arriving at the
encoder while the code symbols are being outputted by the encoder into the data stream.
The depth required by the buffer can be calculated as follows:
1. The 50MHz system clock gives a period of 20ns.
2. The fastest time that is required to generate 21 check symbols and insert them into
the data stream is therefore: 21 x 20ns = 420ns.
3. A new byte arrives every lOOns at the encoder, therefore 420ns/100ns=4.2 bytes will
need to be buffered. By including a safety margin, a buffer of 8 bytes wide should
be sufficient to meet the buffering requirements.
Encoder Output Buffer In the concept design phase it was decided to buffer the
encoded bytes between the encoder and the memory controller. The memory controller
can therefore retrieve the data at its own speed. It was however expected that the memory
controller will operate at higher speeds than the arriving data so therefore the buffer was
only expected to hold a couple of bytes of data as a result of addressing delays and high
speed code word injection. The buffer was chosen to be larger than the input buffer at
32 bytes wide.
Decoder Input Buffer The main concern for this buffer was the arrival rate of bytes
from the memory. This was expected to be controlled by the required download speed
from the recipient device. In order to design, a buffer speed of 10M-bytes per second
was chosen. This speed is near the maximum flash reading speed and therefore a fastest
case scenario. In order to decode at such speed, it was chosen to implement a streaming
decoder. This decoder inputs 3 entire code words before outputting the first symbols of
the first code word. From then on code words are streamed in and streamed out at similar
speeds. Therefore the input buffer can be fairly small. Simulation of this decoder showed
that 2 symbols were the maximum depth required. By adding a safety margin, the total
depth of the buffer was chosen to be 16 symbols.
Decoder Output Buffer Since the recipient of the data is unknown the amount of
buffering will be trivial. The delays from the decoder will cause the outputted data speed
to vary, therefore by buffering the recipient is given more control of the data arrival. Also,
it would be desirable to output the entire codeword as fast as possible from the decoder
once checked and corrected in order to increase the throughput rate to a maximum. This
can be achieved in 1.28us. The buffer allows the data to be extracted from the decoder
at this rate without stressing the timing of the recipient device. The output buffer must
therefore be able to store an entire codeword. Adding a double safety margin, the decoder
output buffer was chosen to be 128 bytes.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM
rsoul[8 .. 1!
inst2
67
!'Sysïéiii3:io'ëk'"
MP"U" r-ësër_Jii£"
!"M~'CJjësBCdëC'<>' .
;"K{PU~)Yi:;~eiïc
't;jp(j~bYP::iiëé
'·{iipifi:.tïA'fli(7: óf
'TNPOIJïAtA~stR"" E_Datarn_str
!·i'NC(jj')EtiJilltTi'(!··· E_Buffer_Rdreq
rËNLëitïË'(5~tlAtl'i(r:iïï D.. Datein[7 ..0]
,t'NcëilïËtYJïAiA~'5rR D_Datain_str
, i O~Dáfa~gijl C5>---'''Ot'r....;..-----;--1 D.Data_get
........ "" _ ,,-
c=>--v't'---t-----+-i elk
C=>--V't'--+----+-i cresetenc
C:=>--"Orl'-'--...'""";----',.-j C_reset_dec
C=>--V¥:'--'-----+-i C_Bypass_snc
C:=>-~r--+---""';'-j C_Bypass_(jer.
C=>--~¥'-""'---""-f E_Datain[7 ..01
C_Err_f>.•lessage[2 ..01
C_Err_M_Slr
E_Butfer_Empty
E_Dateoutl7 Ol
D_DatMut(7 ..0]
D_Data_rdy
t-...---~=J.U..-c=> Ëir::MësiágëITïjï"
1--+ ~.w:1I.L-C=> 'Eïi~M~Slï
J-+- __ ......i'==_C=>···IN~()UlU(rË"f·cE~\"rT
!- __ """"II..Lt:J""--[=:> "ËNC6DËiUiOTPUrrr'oj"
j- .J.ll.ll.tllL-[·:..:..:>····· '6'~biiia;;uirtlij"
1--+---~=llL-C=> 6JïaiajdY
......... -
Inst
svscuc
reset
fsin[8 ti
csfn
dsout
bypass
rsout(8 .. 1]
rdym
outvehd
decteil
nurnerrlê ..1]
instê
Figure 6.1: EDAC system implementation ui Quartus II
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 ~ Low LEVEL DESIGN OF MPU SYSTEM 68
EDAC Controller
The EDAC controller has to monitor and control the encoder, decoder, all the buffers and
report to the master MPU controller. The concept circuit shown in figure 5.6 was realised
in VHDL. Figure 6.1 shows the top-level entity, Edac.Controller, with all the embedded
components within it. These components include the encoder, with its input and output
buffers, and the decoder, also with its input and output buffers. The full set of VHDL
code for this design can be found in appendix C.l.
Within the Edac.Uoniroller block are the control processes which are the heart of
the EDAC subsystem. These processes control all the signals which are connected to
the EDAC_Controller and embedded components. Interaction with the master MPU con-
troller is achieved through all the input and output MPU_ * lines. The MPU can instruct
the EDAC circuit to reset or bypass the encoding or decoding systems by controlling the
following lines: M'Pll.resei.eïic, MPU_reseLdec, MPU_byp_enc, MPU_byp_dec.
Errors are reported to the MPU controller via the MP U_erroLmessage[2 .. OJ and
MPU_err_mes_str lines. It was decided to give each of the possible errors a code which is
then pulsed on these error lines to the MPU which will then react accordingly. The rest
of the internal and external signals from the EDAC controller block are routed to either
the encoder or decoder systems.
The RSEncoder block performs the Reed-Solomon encoding. Basically the encoder
is controlled by initiating a new codeword using the start signal and then pulsing data
symbols on the rsin[8 .. 1j and enable lines respectively. The outputted symbols from the
encoder are then sent through a multiplexer to the output buffer where they become avail-
able to the mass memory controller for storage. The multiplexer is used to bypass the
encoder if required since the encoder does not have a bypass function as with the decoder.
Similar to the encoder, RSDecoder performs the Reed-Solomon decoding. As with
the encoder, data is pulsed into the decoder via its rsin[8 .. 1j and dsin input pins. Out-
putting data is controlled by the dsout signal and is outputted on the rsout[8 .. 1j line.
Unlike the encoder, the decoder has a bypass function which causes the inputted signals
to be transmitted through the decoder without any adjustments. The bypass pin controls
this operation. The rest of the decoder signals inform the controller about the status of
the decoder such as : number of errors found, whether the decoder is ready to accept new
signals, whether the outputted data is valid, and whether the current decoding process
was successful.
The encoding and decoding processes were simulated in section 6.4.1 to confirm their
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 69
functionali ty.
6.3.2 SEL and SEFI design
The necessary concept designs for the SEFI and SEL system was developed in section
5.2.6 and section 5.2.7 respectively. These concepts include the power control circuit, the
current monitoring circuit, the watchdog circuit, and the SEFI controller. Their respective
low-level designs are implemented in the following subsections.
Power control
As mentioned in 5.2.6, the power control circuit must be able to supply and remove the
3.3 volt power rail required by the flash device. This circuit must also be controlled by
the FPGA and implement in as little extra hardware as possible.
This circuit was realised by implementing a simple transistor switch. The characteris-
tics required from the transistor were:
1. Low voltage drop across transistor since the supply voltage to the flash can range
from 2.7V to 3.6V according to [14]. Therefore the voltage drop cannot be more
than O.6V.
2. Control via the FPGA. The current or voltage required to control the switching
of the transistor must therefore be suppliable by the FPGA. According to [2], the
input or output pins of the FPGA have the following absolute maximum ratings:
Source or sink 25mA of current. Minimum and maximum output voltage of 3.0V
and 3.6V respectively.
A small signal P-Channel MOSFET (metal oxide semiconductor field effect transistor)
transistor was therefore chosen to meet these requirements. It was the most suitable
choice since a MOSFET draws very little current from its control (or gate) pin and only
has a small voltage drop across its source and drain pins. The circuit was implemented
as shown in figure 6.2.
When the output pin of the FPGA is at logic level low (OV) the transistor is in an 'on'
state and 3.3V is transferred to the flash device. If the FPGA output pin is brought to
the high logic level (3.3V) then the transistor is switched off and the power rail supplied
to the flash chip is brought down to OV. Control over the power supplied to the flash is
thus achieved.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 70
P-Channel MOSFET
3.3 V Supply Rail Drr-.------i
G K9F120B
Samsung
Flash
Device
n n .3.3V(off)
- U UOV(onl
Cyclone
FPGA
Figure 6.2: Power control circuit
Current Monitoring
As discussed in section 5.2.6, two external hardware devices are needed in order to mon-
itor the current drawn by the flash device, namely an analog to digital converter and a
current sensor. Firstly, a suitable current monitoring device must be chosen:
The MAXIM 4172 high side current-sense amplifier was chosen to monitor the current
due to its availability, low cost and simple design. The chosen implementation circuit for
the current sensor is shown in figure 6.4. As discussed in 5.2.6, the current is measured
by amplifying the voltage across a small resister in series with the power rail. As shown
in figure 6.4, two suitable resistor values must be designed for, namely Rsense andRout·
Their calculations are as follows:
• The differential input VRS+ - VRS-, according to [9], has a maximum value of 0.3V
and a typical value of 0.15V.
• The maximum current required to be measured,Iload(max), is chosen as 100mA.
This is not the highest expected current value due to latehup but a suitable value
to distinguish when latehup is occurring. Therefore Rsense = 0.15Vj100mA = 1.50
• The maximum input voltage to the A2D converter, according to [9], is calculated
from the equation: Vout(max) = V+ - 1.2V therefore 3.3V - 1.2V = 2.1V =
lout (max )Rout.
• The sensor equation is lout = lOmAjV x (Iload X Rsense), therefore using maximum
values becomes: lout(max) = 1 x 10-3 Rsense
• Therefore by substituting the previous two equations, 2.1V = 1 X 10-3 RsenseRout·
Which gives Rout = 1.4KO.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 71
The resistor values of 1.5D and l.4KD were easily obtainable and therefore implemented.
The main factor in choosing an A2D converter is resolution. Since the analog signal
has to be digitized into a binary number, certain inaccuracies occur due to the finite
amount if bits. A higher number of bits gives a more accurate value. The resolution for
an Sbit A2D converter is calculated as follows:
• S bits give 256 possible binary values.
• The voltage range to be measured is DV to 3.3V therefore giving a resolution of
3.3V /256=12.9m V.
• If this value is converted back to the current through Rsense,it gives a resolution of
6l4uA. which can be detected.
The main purpose of the current monitoring system is to distinguish when the flash
device is off, on standby, operating and in failure. The difference in current drawn by
these different states is in the order of milliamps. Therefore a resolution of 6l4uA is
sufficient to distinguish between them. The AD7Sl9 Sbit A2D converter was therefore
chosen.
It has a parallel interface, see figure 6.4, which is good in that the bit stream can be read
without the need for serial to parallel conversion. The detailed operation of this device is
documented in [3] and is controlled by the FPGA, see the VHDL entity in figure 6.3.
Figure 6.3: Analog to digital converter controller
Basically the A2D controller, in the FPGA, signals the A2D converter to begin a con-
version. On completion, the controller is signaled by the converter that the process is
complete and the digital value is then sampled by the controller via the connected bus
lines. The value is then sent to the SEFI controller for any necessary processing. The full
VHDL code for the A2D controller can be found in appendix C.5. The current monitoring
system is shown in figure 6.4. The Vref pin of the A2D converter shown in the figure is the
voltage value that Vin is compared to when digitizing the analog signal. The ratio value
of the latter to the former is equal to the digital output value compared to the maximum
value of 255. In this case Vref is equal to Vcc and therefore connected together.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM
From 3.3V supply
AS- f------'f
Current Sensor
v cx; AS<- f----J_
72
From 3.3V supply
Rsense
To Flash Device
Figure 6.4: Current monitoring system
Watchdog Circuit
The watchdog circuit, as discussed in the concept design section, has to detect when the
flash device has suspended. It was chosen to implement the watchdog timer in the FPGA.
The watchdog entity developed in VHDL is shown in figure 6.5. The full VHDL code can
be found in appendix C.4.
Figure 6.5: Watchdog VHDL entity
The watchdog is basically initiated by keeping the Wen signal high. If kept high for 1.34
seconds then the watchdog will set timeout high, signaling that the current process has
timed out. The timeout period of 1.34 seconds is far longer than any single process time
and will therefore be sufficient.
Control over the watchdog timer was chosen to be handled by a process within the SEFI
controller which follows in the next section.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 73
SEFI Controller
The SEFI controller is at the heart of the SEFI subsystem. In order to simplify the design,
it was chosen to implement the SEFI controller and all the SEFI subsystem controllers as
processes within one master MPU controller VHDL entity. This includes the watchdog
circuit controller, power system controller, current analyzer, latehup monitoring, SEFI
controller, and flash operation monitor. By implementing processes within one VHDL
entity block, the design is simplified, in that extra signals and tri-state buffers linking
the entities are no longer required. It also makes the VHDL design neater and easier to
understand. The full VHDL for all the following processes can be found in appendix C.2.
Current Analyzer The incoming current values from the A2D controller is analyzed
by the process Current-Handler. When the values are strobed in by the A2D controller,
they are categorized into one of five levels: cui.of], standby, operating, high, dangerous.
These current values can then be accessed by any of the processes which require current
state knowledge.
Flash operation monitoring This is one of the most important processes since it
monitors what state the flash device is in. As explained in subsection 5.2.6 this process
monitors the physical control and bus lines connected to the flash device. As a new
command is sent to the flash device, it must be captured and decoded by the flash op-
eration monitor and then the other necessary processes informed, such as: setting the
watchdog timer when an erase procedure begins, etc. This is achieved via the Com-
mand.Haridler process. It categorizes the incoming command into one of seven main
flash activities: readl, readID, reset, pprog, cbprog, erase and status. When categorized,
the necessary states will inform the watchdog controller to monitor the current process.
Watchdog Controller The actual watchdog circuit was already implemented in a sep-
arate VHDL entity. The watchdog controller's duty is to operate the circuit accordingly.
This is achieved via the Watchdog.Handler process. The Watchdog.Handler is con-
trolled by the Command.Handler and also by the bus lines. When informed of a new flash
process that requires monitoring, the watchdog initiates the watchdog circuit and then
monitors that process until its completion. If it times out then the watchdog.handler will
determine where in the current procedure the flash became unresponsive and inform the
SEFI process accordingly.
SEFI controlling The SEFI process, SEFI_Handler, is responsible for determining
what SEFI has occurred and controlling its mitigation. This process is initiated by a
timeout from the watchdog circuit. It then determines which SEFI occurred by analyzing
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 74
what the current flash process was and what the current state is, and then mitigating
the SEFI by either cycling power or resetting the flash device according to the mitigation
solutions mentioned in 3.4.2. As mentioned in 5.2.6, resetting the flash device will be
achieved by sending a reset signal to the mass memory controller, which should in turn
send the reset command to the flash device.
Latehup monitoring The sudden rise of current to a dangerous level will indicate the
occurrence of latchup. The Current.Handler process will detect this dangerous current
level and, due to its destructive nature, inform the Latehup.Handler immediately. The
latehup.handler is responsible for initiating a power cycle to the failing flash device and
then monitoring whether it recovers from the latehup state. If permanently damaged then
the power will be removed permanently from the flash and the master MPU controller
will be informed.
Power system controller As shown in figure 6.2, the power circuit is controlled by an
input / output pin from the FPGA. This was achieved by implementing the POWER
process to control the selected pin. This process is responsible for cycling power to the
flash device as well as permanently removing power to the damaged flash. This also
includes ensuring that the switch is working correctly. Any power errors will also be re-
ported to the master controller accordingly.
The above processes and their respective linking signals and busses are shown in fig-
ure 6.6. Note that the signals with a Flash prefix are from the physical bus lines and
control lines, linking the mass memory controller and the flash device. The Fcpouier
signal from the Pouier.handler controls the MOSFET switching circuit and is therefore
outputted from the FPGA via an input/output pin to the gate pin of the MOSFET. The
Send.reset.to.fiosli signal outputted from the SEFLhandler is the necessary small amount
of communication implemented between the mass memory controller and the MPU sys-
tem. It instructs the mass memory controller to halt all operations and issue the reset
command to the flash device.
Reporting to the master MPU controller is achieved by the Error_message_to_MPU[2 .. OJ
and Error.pouier.suiitcli signals. These signals report which SEFI has occurred and if
there is an error with the power circuit respectively.
This concludes the SEFI and SEL system implementation.
6.3.3 Bad Block design
The concept design for the bad block table was completed in section 5.2.8. Here the main
goals for the system were stipulated and the main design sections were determined. In
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 75
~
~I Flash_Dala[7..01 ~li Cur IN[7 ..0[ Iprocess:
Flash CLE Command_Handler process: ICur in sirFlash WE Current; Handler",""I!i ;iil4:,~. .rlli,"·'~ Q
Start_WD
,;:, 1Danger_currenlQ ~
\
I~ ~
WD EN a .9.
WD_Timout
g" -----v "1"process: 3
Watchdog_Handler Proc complete process:
Flash Ryby Latchup_Handler
I~~ 'Jib b', !liS!
Resel_Wdog WD_error_mes ag [LO[
"" 7-
WD_TimoUI
r-
Cut_power I~process:
Lpower_cycle
~ F_power
SEFI_Handler
process:
Send_reset_to_tlash Power
Spower cycle I
~
Error_Message_lo_MPU{2 ..01 Error_power_swilch
Figure 6.6: SEF! processes and linking signals
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 76
this section the main sections must be realised. These sections are: the RAMBLOCK,
Address and Status decoder, and the Bad Block interface.
RAMBLOCK Design The conceptual layout of the proposed RAM space was shown
in figure 5.8. In order to accommodate all the blocks in the K9F1208 Flash device,
the table was increased to 4096 flag bit positions. As decided in 5.2.8 the table was
implemented in the internal RAM of the Cyclone FPGA. The implemented RAMBLOCK
is shown in figure 6.7 and has the following features:
• 4096 address blocks of 1 bit width. This gives each flag bit a unique address,
therefore allowing instant access.
• Dual read/write ports for simultaneous updates and retrievals. This was necessary
in case the mass memory controller was requesting block information while the table
was being updated. By having one port for reading and one port for writing, access
to the table will be guaranteed. There is the problem of simultaneous access to the
same data, but this should not be a problem since the same block address will never
be read while an update is occurring. This is ensured because updates only occur
after a block has been accessed.
• Dual clocks with clock enable signals. This allows each port to be operated on
without influencing each other and removes any clock skews.
• Registered input and output ports. This ensures synchronous input and output
behavior.
RAlv1409G ~ I
~d~=.~.~[(O~]~ ~~~r---r.~~r--~q~.[O~l
address.11 ..0:=: I-
wren 8
---
~r 2>~ ~1f
d~. brOl ~ CL q brOl
~.d=dr~eS~S~b[~111~0~]~~~~ ~~~~~
wren b I::{]-
Clock 8
~
clock b
~
BIoCeI.: tupe: AUTO
Figure 6.7: The bad block table RAMBLOCK implemented in the FPGA
To encapsulate the RAMBLOCK from the rest of the system and to meet its timing re-
quirements, the RAMBLOCK was embedded as a component within a controlling VHDL
entity, called BBCONTROLLER. This VHDL block provides simple access to the
RAMBLOCK and ensures that reading and writing to it is performed properly. The BB-
CONTROLLER VHDL entity is shown in figure 6.8.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 77
Basically, data can be read by specifying the required address on R_Adr(ll .. OJand puls-
ing RiPuls. The corresponding data will then be pulsed out on KDataaut(O ..Oj and
R_Strout. Similarly data can be stored in the RAM by specifying the address, data and
pulse on W_Adr( 11..OJ, W_Datain and W_Puls respectively. The full VHD L code for
BBCONTROLLER can be found in appendix C.2.
BB_CONTROLLER
elk R_Dataout[O ..D)
~s~ R_~rout
R_A:lr[11..D)
R_Puls
W_A:lr[1 I ..0)
W_Puls
W_Dataio[O ..D)
Figure 6.8: The BBCONTROLLER VHDL block with embedded RAMBLOCK
Address and Status decoder In order to update the bad block table when a new
block becomes invalid, the status register must be read and the address of the current
block must be known. The concept design of these decoders were discussed in subsection
5.2.8 and shown in figure 5.9. It entailed monitoring the physical bus lines connected to
the flash.
It was therefore decided to implement these two decoders as VHDL processes within
the master controller. This decision was made due to the fact that the SEFI processes
(designed in the previous section) , which utilize the same bus line resources, were imple-
mented in this way. Therefore, by extending that design pattern, the overall design is
simplified and all information obtained by the previous processes will be available to these
processes. Furthermore, the BBCONTROLLER (with embedded RAMBLOCK) was also
embedded within the MPU controller, therefore encapsulating the bad block table from
view, which simplifies the design, and allowing easy access to the interface.
The duty of the address decoder is to monitor which block, within the flash memory
space, is currently being used so that if it becomes invalid, the correct flag bit in the bad
block table can be updated. This is achieved by monitoring the Flosii.Al.E, Flash; WE
and Flash_Data(7.. OJlines shown in figure 6.9. The complete address is then made avail-
able to the other processes. The decoder was realised via the Adress.handler process.
Similarly the status decoder reads in the status byte and checks the validity if the op-
eration that was performed. The status decoder uses the information obtained from the
Command.Handler process to determine when a status read has occurred. Although sta-
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 78
tus reads are not compulsory to operate the flash, their utilization is almost guaranteed
since it is the most immediate way to monitor the operation. If an error is detected then
the bad block interface is signalled to perform an update. The status decoder process is
integrated into the bad block interface which is designed next.
Bad Block interface The duty of the bad block interface is to provide table access
to the main memory controller and to perform the necessary updates. External 'read'
access to the table was achieved by directly mapping the required read signals to the
BBCONTROLLER component since no bad block reading is required by the MPU. How-
ever, 'write' access to the table is multiplexed between the external updates from the mass
memory unit and internal updates from the MPU. External updates include loading the
table with the stored table data in the flash, as explained in 5.2.8, and any other updates
required by the mass memory unit. This was achieved by the Bfr.Table.Handler pro-
cess. This process also incorporates the status byte checking mentioned in the previous
paragraph. The actual initiating, loading and storing of the bad block table in the flash
device is controlled by the mass memory controller, since no knowledge of the mass mem-
ory architecture is known. Reporting of invalid blocks is also realised by implementing
a bad block counter process: Bad.Block.Counter. Its function is to count the total
number of bad blocks and report it to the master MPU controller when appropriate.
The bad block processes, their linking signals and the embedded BBCONTROLLER
component are shown in figure 6.9.
I F1ash_DaIa(1 ..0] BBR StmU1
process:
Adress_handler
BBR Dataou 0 ..0
Flash WE -ïI8_cólmfollER'--'"
f- elk R_03laoUl[lLO) ~
- l1I:ld R_Strout ~-
B8\-;tl1..0J :;r- R_A:lr(11..OJ
~:--"'R_PulS~:=:!l1..Dl
,..- W_03Iaiop ..D]
lijfl:Stg
I Cur_Function[2 ..0]
Flash_RE V
I Flauh_Data[7 ..0]
process:
BB_ Table_Handler ~
I BBW_Adr111..01 U process: ~\~BB~W-""~.~2~g~.Blli~~1H>'1 Bad_Block_Counter lIÏum ai_Bad Blocks_ /_ BBWD."" II III
Figure 6.9: The bad block processes and linking signals
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 79
6.3.4 Master Controller design
As shown in figure 5.11, all the subsystems within the FPGA report to the master MPU
controller. The duty of the controller therefore is to provide control to the systems that
require it and to report malfunctions and errors to the OBC via the communications in-
terface. Already the master controller VHDL entity consists of all the processes described
in the previous sections, such as: all the SEFI and Bad Block processes. The MPU con-
troller will therefore also be implemented as a process, or processes, within the entity,
since most of the required linking signals are already available within it.
Reporting to the aBC It was decided to report any errors or failures to the OBC as
soon as they occur. The process: MPU_error_handler obtains all error information
from the subsystems and reports it to the OBC via the serial communication system,
designed in the next subsection: subsection 6.3.5. Reporting to the OBC entails informing
the OBC which type of error occurred and any extra information about the error. The
error codes are shown in table 6.1.
Table 6.1: Error reporting code protocol to GBC
Error Type Error code Extended Code
Bad block 0001 0000
SEFI 0010 read 0001
program 0100
erase 0110
Power Switch 0011 0000
EDAC 0100 Enc.bufin.full 0001
Enc.bufout.full 0010
Dec.decfail 0011
Dec.bufin.full 0100
Dec.bufout.full 0101
SEL 0101 0000
Power removed 0110 0000
The code is a byte in length and consists of the error-type-code as the most significant
four bits and then either extra information or just zeros for the lowest significant four
bits. After the code is sent, further information bytes are sent, such as the block address
of the bad block, or the total accumulated bad blocks. The reporting is then ended by
sending a stop byte, which consists of a byte of zeros.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 80
Commands from OBC Commands can also be accepted from the OBC via the serial
communication system. As with sending, the serial interface detailed in 6.3.5, informs
the MPU that a command has been received from the OBC and the MPU must react
accordingly. The process: OBC_Command_Handler controls the processing of new
commands. Each command is represented by a code byte, shown in table 6.2.
Table 6.2: Command Codes from GBC
Command Code
reset encoder 00000001
bypass encoder 00000010
reset decoder 00000100
bypass decoder 00001000
reset bad block table 00010000
These two processes complete the Master Controller and are shown in figure 6.10.
EDAC &I'1Of_me&&age(I .. 0
~
EOAC Il'Imsg 5Ir
ERROA POWERSWITCH
new bad block
SER OATA[7 ..0]
WD_Tlmeout
Lpower cycle SEA STA
pwr rem process:
MPU_ error_ handlerCUR ADAESS[24 .. 13
Num ol Bad Blocks 15 .. 0
Cur Func;(2._0 .
'\. ·i· ... ':' '''''_'0.'",:",
SEA AX RD
SEA AX DATA[7 ..0) process:
EOAC reset ene
SER RX ROY OBC Command Handler EDAC reset dec_ _
EDACBypu,_.~
EDAC Bypas.& dec..
'- :"~',i,
Figure 6.10: The master controller processes and linking signals
6.3.5 Error Reporting design
As discussed in section 5.2.9 a serial communication architecture is to be implemented.
This entails creating an interface, designing a UART (Universal Asynchronous Receiver-
Transmitter ), and choosing and implementing an RS232 transceiver.
Interface and Uart design Due to the relatively slow speed of the serial communica-
tion compared to the 50MHz clock speed which the FPGA runs off, processes that require
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 81
to send bytes would have to wait in line for their turn. This would slow them down
considerably which is unfavorable. To solve this problem a buffer will be implemented in
which the bytes-to-be-sent can be queued in, which frees the process to continue, unaf-
fected by the serial comm. Similarly when data is received from the OBC, it will be sent
to an input FIFO buffer. The queued data can then be retrieved when suitable. The two
buffer entities are shown in figure 6.1l.
In order to test the serial communication, a personal computer (PC) will be used to
simulate the OBC using a simple serial receive and transmit program. In order to send
bytes to the PC it was deemed necessary to transform the intended binary byte of data
into two bytes of hexadecimal-equivalent ASCII code (American Standard Code for In-
formation Interchange). Therefore sending a binary byte of data results in two ASCII
bytes being sent. This was due to the receiving program being effected by certain ASCII
characters. The VHDL entity, biniohex.conu (shown in figure 6.11), was designed to
complete this task.
The UART was also designed in VHDL. It is responsible for sending the outgoing data
and receiving incoming data. The serial protocol decided upon was: Baud rate: 57600,
Stop bits: 1, Data bits: 8, Parity: none. The bytes-to-be-sent are acquired from the
binary-to-hexadecimal converter and then sent via the TX line to the PC. The UART
also receives the input serial data stream via the RX line, converts it into a data byte
and then sends it to the input buffer. The UART was realised by the VHDL entity:
uart, shown in figure 6.1l. The BAUD rate clock controlling the serial transfer speed
was created by the block: baudgen. The full VHDL code for the component blocks in
figure 6.11 can be found in appendix C.3
RS232 Transceiver Choosing a RS232 transceiver is not a major decision since the
transceiver does not require any control logic and is not very expensive. It was decided
to use the SP3232ECP transceiver from SIPEX due to its availability. The transceiver is
responsible for converting the logic levels to RS-232 voltage levels and vice-versa.
Stellenbosch University http://scholar.sun.ac.za
~
a-q'
~
'"1
('t)
Ol
~~
Cr::!
("I)
;jo
£..
"Cl
;J
;J
.::
;;l
ec .
"i;:>.,...
,,",.
Cl
;;l
,,",.
;;l.,...
("I)
.::t,
i;:>
"("I)
~.
~
;J
("I)
;;l.,...
("I)
i;:>...
~.
~
t:J
t-<
Input_buffer_rd
pnpii(buffë"['''' ." ~ r'ïNgnr
[~;~~:;:::~ :~ :;:; ~.u ~o I
Bufout_NE
... _,
npu _Buffer_SIr detaI7 ..0]
Input_buffer_rd wrreq
sys _elk rdreq
clock
q[7 .. 0J
full
empty
BtH_data[7 ..0J
uart
sys_elk : Input_Buffe~7..0J
BaudPuis ~ elk Data_out[7..0]: nput_twner_str
~ BaudPuis D!Jta_out_str ! SERIAL_OUTPUT
D.t.[7 ..0J SERUIT
DataStrobe
I SERIN
lns12
BtH GB
get_ byte i--+----=-
Dataout[7 ..0]
sys_elk
elk
reset
-:~~ __ ~-I DotolnJ7 ..0J
not_empty
strout SERIAL_INPUT
In5t1
j oaudger
sys_elk
jS=~~~~~~~~~:§ ~&f;jltk::I:~~~N~~~
8audPuis
----i--l elk
puls t
puls2
Inst
o::r:
>-
1:1
>-3
trl
;:0
Ol
R5(REAii'
R<DATAI7..0J
"Ri("RÊÁov 0 •••
t""'
o
::e
r-
trl
<
trl
r-<
t:!
trleno
Z
o
'Tl
~
'"Clc::
Cf1
-<en
>-3
trl
~
00
tv
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 83
6.3.6 FPGA Choice and Power Calculations
Now that all the subsystems are complete, the entire system can be compiled together to
calculate what size FPGA will be required and what power it consumes. The MPU VHDL
entity is shown in figure 6.12. The input pins for all the various systems can clearly be
seen.
ENG_ready
ENC_dataout[7..0]
DEC_ready
DEC_dataout[7 ..0]
BBR_Dataou~O ..O]
BBR_Str
POWER
Reset_nash
ADC_nConvst
ADC_nCSRD
SERIAL_TX
Figure 6.12: Top layer entity for MPU system
Compiling the entire system shows that the following resources are required: 4141 logic
elements, 97 I/O pins, 16768 memory bits. The smallest ALTERA CYCLONE FPGA
to fit this design is the EP1C6Q240C8 and would therefore be the most suitable choice.
Compiling the design for this device gives a maximum clock frequency of 97.67 MHz which
is more than sufficient to meet the 50MHz requirement.
Almost the entire system is implemented using the FPGA. Therefore most of the power
required will be from the FPGA. Estimating the power required from it was achieved
using the Aliera Cyclone Device Power Calculator Spreadsheet Version 2.O. Basically,
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 84
the QUARTUS II software outputs a file which is analysed by the spreadsheet. A toggle
percentage must also be specified, this represents how many pins will be toggling at one
time. In order to calculate a worst case scenario, a toggle percentage of 50% was specified,
which is reasonable considering all the pins which could be toggling. This gave a total
power consumption of 712.36mW which is less than the specified limit of lW. The power
consumption by the FPGA is therefore acceptable.
The other hardware implemented was the A2D converter, the power switch, current sensor
and the serial transceiver. The AD7819 analogue to digital converter typically consumes
1O.5mW of power [3], therefore is not a major influence in the power consumption cal-
culation. The MOSFET switch draws almost zero current and therefore not considered
further. The current sensor draws a maximum of 1.6mA at 3.3V [9] giving a power figure
of 5.28mW. The serial transceiver draws a maximum of 1mA [17] at 3.3V in this case,
giving a power consumption of 3.3mW.
The combined power required is therefore 731.40m W which meets the lW requirement
set out.
6.4 Simulations
In order to verify that each of the designed subsections operate as required, each sub-
system was simulated using the Quartus II simulator. This was achieved by emulating
the operation of the flash device by controlling the return signals from it, such as its
RY /BY (ready jbusy) signal and data returned. Each of the various simulations are
explained and documented to give the reader a fairly simple view of what is happening
in the complicated signal environment.
6.4.1 EDAC
To verify the EDAC operation, firstly it was necessary to test the encoder with data
arriving at 10 M-Bytes per second. Secondly the decoder was tested by using the encoded
data from the previous test and inserting errors into that data stream. Lastly failures
were instigated to test the error reporting capability of the EDAC system.
Encoding The encoding of a single codeword is shown in figure 6.13. A 50 MHz clock
(20ns period) is inputted via the Sustetti.Clock signal. The four signals below it are
control signals from the master controller. As designed for, data is inputted via the
INPUT_DATA and INPUT_DATA_STR lines into the encoder input buffer at a rate of 10
M-Bytesjs. The start of the inputted data is shown at A. In order to make the inputted
data easy to distinguish and to verify, it was chosen represent it as an increasing 8-bit
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 85
rfiM_M:lttH'h.iL
System_Dock
MPU_8yp_dec
MPU_byp_enc
MPU_resel_dec
MPU_reset_enc
[jJ INPUT_DATA
INPUT_DATA_STR
INPUT_BUFFER_EMPTY ~~~~..!::!...!!...!:!...!!....!:!....!!~!...:!....!:!....!:!...!::!....!:!...~~.!!...!:!.~....!::!.2:!~~:!....!:!...!~~~~~===~~~
ENCDDER_RDREQ
[jJ ENCODER_OUTPUT
B
Err_M_Str
[3 Err_Message
D E
Figure 6.13: Encoder Simulation
counter value. The encoder output buffer's read request line, ENCODER_RDREQ, is set
to 'high' therefore making the buffer transparent so its output represents the encoder's
output, which is required. The time delay can be seen by the first inputted data byte
at A and it being outputted from the encoder at B. D shows the code symbols being
inputted into the data stream. As shown, the 21 code symbols are inputted after the last
data byte of the codeword, byte 43. They are inputted at maximum speed to satisfy the
timing constraints. While the codesymbols are being generated, the input buffer fills up
(shown by INPUT_BUFFER_EMPTY signal at C) as it waits for the encoder to request
the data bytes for the next codeword. When the next codeword is begun, shown at E,
the queued data bytes are then sent to the encoder at maximum speed until the buffer is
empty, then returns to the speed dictated by the arriving data. The last two signals show
that no error has occurred.
This verifies that the encoding process meets the timing requirements and its functionality
will be verified by the decoding simulation.
Decoding The decoding process is shown in figure 6.14. The control, error, and clock
signals are the same as per the encoding simulation. Encoded data is created from the
encoder and then fed to a noise generator which corrupts four of the codeword bytes,
shown by the enlargement: A. This was done to verify the decoder functionality. The data
stream, with errors, is then fed to the decoder input buffer at varying speeds (minimum
speed of 10 M-Bytes per second). This tests the decoder's ability to handle data arriving
at different speeds. As explained in the design section, 3 entire codewords must first
be inputted into the decoder before the first bytes are outputted. As with the encoder
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 86
System_Dock
Reset_Noise
MPU_byp_dec
MPU_byp_enc
t-4PU_resel:_dec:
MPU_leset_enc ~IIIIIIIIIIIII'II~III'I=P[3 ENCODED_DATAENCODED_DATA_STR ;===;--F==:;:;--;=;==
D_Data_rdy
D_Data_~et
[!] D_Dat~out
[3 ERROR_COUNT
I±J En_Message
Eu_M_StI
B~
,,
AJ I
Figure 6.14: Decoder Simulation
simulation, the output buffer is made transparent by setting the read request signal to
'high'. The first decoded-bytes outputted on Dulaiaout and are shown by enlargement B.
The four corrupted bytes have been corrected to their original values and the code symbols
have been discarded. The number of corrected bytes are shown by the ERROR_COUNT
signal, in this case 4 symbols are corrected in each codeword. Note that the corrected
symbols from the decoder are outputted at maximum speed (every clock cycle) to meet
timing requirements. After the entire first codeword's data-bytes have been outputted, the
following codewords' data-bytes are outputted at regular intervals, shown by C (codeword
2,3,4 and 5). The D_Data_rdy shows when data is available at the output buffer. This
simulation verifies the decoder functionality.
Syslem_Clotk
Reset_Noise
MPU_bw_dec
MPU_bw_enc
MPU_retet_dec
MPU_reset_enc
[3 ENCODED_DATA
ENCODED_DATA_STR
O_Data_,dy
D_D~a_get
lil D_Dataout
[3 ERROR_COUNT
[i] Err_MessaQe
Err_M_Str
Figure 6.15: Decoder failure Simulation
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 87
To test the error failure reporting of the EDAC system, the number of corrupted symbols
were increased to 11, which exceeds the correcting capabilities. The simulation is shown
in figure 6.15. As with the previous simulation, the outputted symbols are placed on
Duiaioout except now the symbols are uncorrected since the maximum allowed errors
were exceeded. The correct error code is placed on Err.Messaqe and strobed on Err_M_Str
to the master controller. All the other possible errors were tested and verified.
6.4.2 Bad Block
The bad block table was simulated by emulating the signals connected to the flash device.
The simulation entails performing an erase operation to block 2497 then reading the status
byte after completion. In order to view the entire simulation on one page, the block erase
time was radically reduced. This does not influence the outcome since all the involved
state machines merely wait for its completion. The simulation is shown in figure 6.16.
elk
F_ALE
F_CLE
F_RE
F_WE
[3 F_Dat~
F_RdyB,y
IB BB W Ado
BB_Data_in
BB_Woul'
IB SER_DATA
SER_STR
Figure 6.16: Bad Block Table Simulation
Label A shows the signals connected to the flash device. Firstly the erase code 60H
is written on the data line, then the block address 2491 in hexadecimal. The erase
completion is signalled by the low-high transition of the F_RdyBsy line. The status read
is then performed by writing 10H to the flash device then reading in the data, 01H in
this instance, shown by B. This informs that the block erase was unsuccessful. The bad
block table is then updated, shown by C. This involved setting the correct address and
data on the BR W_Adr and Bll Dciair: lines respectively and then pulsing it through on
the BR Wpuls line. The bad block process is then completed by informing the OBC as
mentioned in 6.3.4 via the serial port. The updated section of the table is shown in figure
6.17.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 88
Figure 6.17: Updated Bad Block Table
6.4.3 SEFI
I'" ,pP' 640,On. '1,2!lus " 1.9~", 2.'spus 3,~u. 3,B~ us 4,4~u. 5,'~U$ 5.?? us 61UI' 7,O~u. 76j!.u B,3~ us BS?,
•I
Ê1' elk
~ 1!1 CU/_ln .zu 20 ,
i; cur_in_str D n D: n ~I : n , I '~ :I i I ~ I ~ ~' I ~ I : I' ~ ~ :I ~, ~ :H: ~ ~m:I : ~ ~ '~:~' I '~i~ ~ ~ I 'H I '~
~
F_CLE n In n
F_ALE ~ : ,~ F_WE WWI, U U
~ F_RE 1 : I : , ,~ EI F_D.t. 1000~~R 1010001000 ' :« 0010100010 II : UU IUlJJU
~ F_RdyBsy U~ WD_En ~ ~L_tS- , '~ WD_Timeoul ! :
~ F_POWER_CTRL , 1
~ Aeset_Fl.~sh T , , n ;l , n :
~ EI SER_DATA IOWUUU li UU uuuoo I OOOOOutJ
~ SER_STR 1 n I n-=-
~I r---L EI: :.>A B D
Figure 6.18: Read SEF! Simulation
To evaluate the SEFI handling system it was chosen to emulate a read operation that
causes the flash not to respond. The simulation is shown in figure 6.18, As with the
previous simulation, in order decrease the total time, the watchdog timer was decreased
as well as the power cycle time,
Firstly, shown by A, the read command and address is sent to the flash which causes the
watchdog enable (WD_En) to go 'high', The flash ready-busy line (F_RdyBsy) is then
emulated to go 'low' and get stuck in that state, Then in B, the watchdog timer times
out (WD_Timeout) which causes the SEFI to be detected. The memory controller is
then informed via the Reset.Flash. signal and the OBC is also informed of the read-SEFI
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 89
via the serial port. The reset.flash signal causes the reset command to be sent, see C,
which causes the watchdog to be set again. Since the ready-busy line is still emulated
to be stuck low, the watchdog times out again, see D. Now, the OBC is informed of the
reset-SEFI, shown in D, and then the power to the flash chip is cycled by setting the
F_POWER_CTRl signal 'high' for a required period followed by another reset signal, see
E. The power cycle causes the flash to return to an unstuck state therefore returning the
F_RdyBsy to its 'high' state. The reset command is then sent to the flash chip which
responds accordingly, showing its recovery from the read-SEF!.
This verifies the recovery operation caused by a 'read-suspend-SEFI'. The other types of
SEFI handling were simulated in a similar way and verified.
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 6 - Low LEVEL DESIGN OF MPU SYSTEM 90
6.4.4 SEL and Communication
It was decided to simulate the latehup handling and communication system together since
latehup handling uses the communication system. The baud rate was greatly increased
in order to make the simulation presentable, otherwise it would not have been possible to
clearly show the control signals and the serial lines on the same simulation diagram.
I
1n0", 10.12 ... 2!l~u. 30.9 UI 41.14 ... 51.:j8 ut S1.~1JS 71.1j6U$ 62.1 UI 92.~",
ns
~
RESET
CLOCK
~ RESET_ENe
~ RESET_DEC
~ BYP_£NC I I.f!? BW_DEC
~
SERIN I--TI J
[B CUA_lN ~ux ~ .~
I~ CUR_IN_STR ~II,
~ lil DATA_2Il_SENl~ DATA_2Il_SEN1_S1R
~ SEROUT hLfl'UU l____J LJ LJ l____J~ PO'WER \ ... 1
~ SEND_Ieset \ -,.;..
r---- \ '\/! c
A B
Figure 6.19: SEL, Control and Communication simulation
The simulation is shown in figure 6.19. Firstly, in A, latehup is easily simulated by
inputting high current values from the A2D converter, this in turn results in the power
being cycled and the 'send-reset' signal being pulsed. The OBC is then informed of the
latehup via the correct commands being sent on the serial port. As expected, the four
hexadecimal coded ASCII bytes were sent, shown by the SEROUT line and by marker
C.
To test the serial input and command handler, the bypass-encoder command was sent
to the MPU via the serial input line, SERIN, shown by B. The inputted data is then
analysed and results in the BYP_ENC signal going high, as expected.
The other input commands from the OBC were simulated and their correct operation
verified.
Stellenbosch University http://scholar.sun.ac.za
Chapter 7
Conclusion and Recommendations
In this chapter the achievements of this study are discussed and recommendations for
further study and design are made.
7.1 What was achieved
A radiation test board and program was designed and assembled. This system was then
radiated to investigate the effects of radiation on flash memory. The test yielded success-
ful results which gave valuable insight into the problems that had to be overcome. To
date, the test board and program is still being used to perform radiation tests on different
types of flash memory.
Using the results from the radiation test and by defining rough requirements, a set of
engineering specifications were produced. These specifications went through a thorough
design process which resulted in the memory protection unit (MPU) being realised. The
operation of the various subsystems in the MPU were verified by successful simulations.
This showed that the various possible errors caused by radiation, such as bit flips, stuck
bits, latehup, functional errors and bad blocks, could be detected, maintained, mitigated
and reported. It also verified that 1 bit per byte of data could be protected and that it
could be achieved at a data rate of 10Mbytes per second.
The design methodology allows the MPU to be added to any flash MMU, with mini-
mal reconstruction. This is because it was developed to be almost transparent to the
original memory system, except for a few linking signals. The power required in imple-
menting this system was within the restrictions and therefore showed that it is a feasible
option to use onboard a satellite.
The project went as far as to design the system to monitor one flash device. However, a
91
Stellenbosch University http://scholar.sun.ac.za
CHAPTER 7 - CONCLUSION AND RECOMMENDATIONS 92
modular approach was maintained throughout the study and therefore, certain sections
can easily be duplicated to monitor more than one device.
Different Implementation Settings In order to alter the MPU to protect a different
size flash device, would entail making small changes to the system. This includes altering
the following signals:
• BBadr Width - Bit width of total number of blocks in flash device.
• Adr Width - Bit width of total adress to flash device.
• Page Width - Bit width of page number per block.
And will also require reconfiguring the size of the bad block table within the FPGA
memory. This can be achieved by editing the existing table using the Megafunction Plug-
In Manager found in Quartus II.
7.2 Recommendations
1. This design was evaluated by simulating the proposed systems while emulating the
flash device's behavior, in software. In order to achieve a more accurate and solid result,
it is suggested to implement the design in a PCB and test it, using faulty flash devices or
by emulating a faulty flash device.
2. This study focused on protecting a single flash device, however, most mass mem-
ory systems consist of arrays of memory devices. Therefore it is suggested to duplicate
and expand the MPU to incorporate the entire mass memory system. Certain sections
of the MPU would not require duplication, such as the EDAC system, which would keep
the MPU system small enough to be feasible.
3. A certain amount of interaction between the MPU and mass memory controller was
inevitable. It is suggested to design a mass flash memory storage unit which incorporates
the MPU to achieve a protected MMU.
4. To give the MPU control over the flash device, the bus lines between the MMU
and flash device could be passed through the MPU. This would allow the MPU to ma-
nipulate the signals sent to, and received from the flash. Therefore, the activities of the
flash could be monitored as before, as well as manipulated if required. This would give
the MPU a wider range of protection options and would decrease its dependency on the
mass memory controller.
Stellenbosch University http://scholar.sun.ac.za
Bibliography
[1] ALTERA. ReedSoloman Megafunction for Altera FPGA, 2002.
[2] ALTERA. Cyclone FPGA Family Data Sheet, 2003.
[3] ANALOG DEVICES. +2.7V to +5.5V,200kSPS 8-Bit Sampling ADC, 2000.
[4] BADENHORST, P. J., "Module for the second generation SUNSAT
micro-satellite." Master's thesis, University of Stellenbosch, 1996.
[5] CLARK, G., Error-correction coding for digital communications. New York:
Plenum Press, 1981.
[6] GROBLER, H., "Aspects Effecting the Design of a Low Earth Orbit Satellite
On-Board Computer." Master's thesis, University of Stellenbosch, 2000.
[7] HASS, K. J. et al., "Mitigating Single Event Upsets From Combinational Logie."
7th NASA Sympoaium on VLSI Design, 1998, pp. 4.1.1-4.1.10.
[8] HOLMES-SIEDLE, A. and ADAMS, L., Handbook of radiation effects. Oxford:
Oxford University Press, 2002.
[9] MAXIM. Low-Cost, Precision, High-Side Current-Sense Amplifier, 2002.
[10] MESSENGER, G. C. and ASH, M. L., The Effects of Radiation on Electronics,
second ed.. Van Nostrand Reinhold, New York, 1992.
[11] NGUYEN, D., GUERTIN, S., SWIFT, G., and JOHNSON, A., "Radiation Effects
on Advanced Flash Memories." IEEE Transactions on Nuclear Science,
December 1999, Vol. 46, No.6, p. 1744.
[12] NGUYEN, D. and SCHEIK, L., "SEE and TID of emerging non-volatile
memories." Work carried out by Jet Propulsion Laboratory, California Intitute of
Technology, 2001.
[13] PHILIPS SEMICONDUCTORS. The I2C-bus and how to use it, 1995.
[14] SAMSUNG. K9F1208 64M x 8 Bit, 32M x 16 Bit NAND Flash Memory, 2003.
93
Stellenbosch University http://scholar.sun.ac.za
BIBLIOGRAPHY 94
[15] SCHWARTZ, H., NICHOLS, D., and JOHNSTON, A., "Single-Event Upset in
Flash Memories." IEEE Transactions on Nuclear Science, December 1997, Vol. 44,
No.6, p. 2315.
[16] SHIRVANI, P., NIRMAL, S., and MCCLUSKEY, E., "Software-implemented edac
protection against seus." Stanford University, 1999.
[17] SIPEX. True +3.0V to +5.5V RS-232 Transceivers, 2001.
[18] TOSHIBA. NAND Flash Aplications Design Guide, 2003.
[19] TYSON, J., "How Flash Memory Works."
www.computer.howstuffworks.com/flash-memory.htm/printable. July 2003.
[20] UNIVERSITY, R., "Error Correction with Hamming Codes."
www2.rad.com/networks/1994/err_con/hamming.htm. 1994.
Stellenbosch University http://scholar.sun.ac.za
Appendix A
Radiation Test Board
A.I Design Schematic
&4-=--] .~~'~.
Figure A.I: Radiation Test Board Schematic
95
Stellenbosch University http://scholar.sun.ac.za
CHAPTER A - RADIATION TEST BOARD 96
A.2 Printed Circuit Board (PCB) Layout
Figure A.2: PCB Front Layout
Stellenbosch University http://scholar.sun.ac.za
CHAPTER A - RADIATION TEST BOARD 97
Figure A.3: PCB Bottom Layout
Stellenbosch University http://scholar.sun.ac.za
Appendix B
MPU Signal Listings
The signals used in the MPU system are listed here. This includes the signals name,
width and description. Refer to these descriptions when studying the low level designs
in 6.3, the simulations in 6.4 or the VHDL code in appendix C.
B.I EDAC Controller
B.l.l Input/Output Signals
Table B.I: General and MPU Report and Control I/O
Signal Width/Type Description
clk bit This is the system clock that drives all the state machines.
It is designed for a 50MHz input clock.
Czreset.enc bit This signal from the master controller informs the EDAC
controller to reset the encoder.
C_reseLdec bit " Informs the edac controller to reset the decoder.
Ccbypass.enc bit " Informs the edac controller to bypass the encoder.
Ccbypase.enc bit " Informs the edac controller to bypass the decoder.
C_Err_Message 3 bits The error bus informs the master controller what error,
has occurred.
C_Err_M_str bit Informs the master controller that an error has occurred.
98
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 99
Table B.2: Encoder I/O
Signal Width/Type Description
E_Datain 8 bits Incoming data bus for data to be encoded and then stored
in memory
E_Datain_str bit Indicated when new byte has arrived
E_Buffer _Rdreq bit Signal for memory controller to request byte from encoder
output buffer
E_Buffer_Empty bit Informs memory controller when data is available in
output buffer
E_Dataout 8 bits Output data bus from encoder output buffer to memory
controller
Table B.3: Decoder I/O
Signal Width/Type Description
DiDatain 8 bits Input data bus linking the memory controller and
the decoder input buffer.
D_Datain_str bit Strobe signal indicating new byte has arrived at
decoder input buffer
D_Dataout 8 bits Output data bus linking the decoder and the peripheral
system which requested the data. Decoded data bytes are
sent via this bus
D_Data_rdy bit Ready signal informing peripheral system that decoded
data is available in output buffer
DiData.get bit Request signal for peripheral system to obtain decoded
data from the buffer
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 100
B.1.2 Internal Signals
Table B.4: Signals linked with Encoder stage
Signal Width/Type Description
symboLnum integer counts the number of symbols within the codeword
Bufin.full bit interfaces with input buffer, informing when buffer is full
Bufin.empty bit interfaces with input buffer, informing when bytes are
available
Bufin.rdreq bit interfaces with input buffer, controls reading of data
from the buffer
Bufin.dataout 8 bits data bus between input buffer and encoder
Enc.reset bit links reset input pin to encoder
Enc.enable bit controls inputting of data into the encoder
Enc.start bit signals the beginning of a codeword
Eric.Dataout 8 bit data bus between encoder and multiplexer
Bufout.full bit interfaces with output buffer, informing when buffer is full
BufouLWrreq bit controls writing of data into output buffer
Muxout 8 bit outputs the selected data bus to the output buffer
Muxout.str bit outputs the selected data bus strobe to output buffer
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 101
Table B.5: Signals linked with Decoder stage
Signal Width/Type Description
Dec.reset bit resets decoder
Dec.out bit signal controls the outputting of symbols from decoder
Dec.rdyin bit informs when decoder is ready to accept new symbols
Dec.outvalid bit signals when data is available from the decoder
Dec.decfail bit informs whether the decoding process was successful or not
Dec.numerr 5 bits this data bus shows how many symbols were in error with
the last decoded codeword
Dec.rsout 8 bits data bus linking the decoder and the decoder output buffer
Dec.dsin bit controls the inputting of data into the decoder
Dbufin.rdreq bit controls the reading of data out of the decoder input buffer
Dbufin.ernpty bit signals when data is available from the decoder input buffer
Dbufin.full bit signals when the decoder input buffer is full
Dbufin.q 8 bits data bus linking the decoder and its input buffer
buffer .stro be bit controls data flow between decoder and output buffer.
Discards code symbols from data stream
Dbufout.full bit signals when output buffer is full
rent integer counts outputted symbols in each codeword to inform when
code symbols can be discarded
Table B.6: Encoder Control State Types
statetypen Description
resetO Reset state, all signals are set to their reset values. A reset event or end of a
codeword forces this state.
startO Start state, this state signals the beginning of a codeword to the encoder
sI This state waits for an available byte at the input buffer then sends it to the
encoder. It also checks for the last required data byte for the codeword.
s2 Here the new byte is pulsed into the encoder
s3 The code symbols are outputted from the encoder in this state. The end of
the codeword is also signalled by this state
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 102
Table B.7: Decoder Control State Types
state.type l Description
reset I Here all signals are set to their reset values. A reset event forces this state.
wait.rdy This state waits for data to arrive at the decoder and also for the decoder
to be ready. When both are satisfied, data is requested from the decoder
input buffer
startl Here data is inputted into the decoder
B.2 Master Controller
B.2.1 Input/Output Signals
Table B.B: General and Misc I/O
Signal Width/Type Description
clk bit 50 MHz system clock input pin
ResetBB bit signal to reset state machines in Bls.Controller
component and reset bad block counter
Cur.In 8 bit This data bus transfers the current value between
the ADC and the MPU
cur.in.str bit Informs when a new current value is set
F _POWER_CTRL bit This signal controls the power circuit, either switching
the power to the flash off or on
Reset.Flash bit The reset signal connects to the memory controller,
informing it to send the reset command to the flash
WD_En bit Watchdog enable signal which controls the watchdog
circuit operation
WD_Timeout bit Watchdog timeout signal informs the MPU when the
watchdog has timed out
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 103
Table B.9: Flash device Inputs
Signal Width/Type Description
F_CLE bit command latch enable, signals when a new command is set
F_Data 8 bits data bus to and from flash device
F_RdyBsy bit ready-busy, signals when flash is ready or busy
F_ALE bit address latch enable, signals when an address is being set
F_WE bit write enable, clocks data to the flash
F_RE bit read enable, clocks data out of the flash
Table B.lO: Bad Block I/O
Signal Width/Type Description
BBR_Adr 11 bits read address, sets the required address to be read
BBR_Puls bit signals that address has been set
BBR_Dataout bit read data bus from required address
BBR_Strout bit signals requested data available
BBW_Adr 11 bits write address, set required address to be written to
BBW_Puls bit signals that required address and data has been set
BBW_Datain bit write data bus
Table B.ll: Serial Communication I/O
Signal Width/Type Description
SER_DATA 8 bit serial output data bus
SER_STR bit signal to strobe data into output-send buffer
SER_RX_DATA 8 bit serial input data bus
SER_RX_RD bit read request signal to serial input buffer
SER_R)CRDY bit signal informing serial data has arrived
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 104
B.2.2 Internal Signals
Table B.12: Watchdog controller process signals
Signal Width/Type Description
Fcryby bit synchronized ready jbusy signal
proe.complete bit signal informing when a flash device process was
successful
WD .Error .Message 2 bits error bus to SEFI process informing why timeout
occurred
Table B.13: Command and Current process signals
Signal Width/Type Description
CUR_FUNC 3 bits current function register which is set to a 3 bit code
representing the current, or last executed, flash operation
StarLWD bit this signal informs the watchdog to begin counting
when a new command arrives at the flash device that
requires monitoring
CUR_CURRENT 3 bits current current register which is set to a 3 bit code
representing the last current state inputted by the ADC.
The different states can be seen by the constant
declarations
danger.cur integer counts the number of consecutive high current values.
It is used to distinguish current spikes from latehup
currents
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 105
Table B.14: SEF! process signals
Signal Width/Type Description
send.reset.to.flash bit informs memory controller to send reset command
reset.wdog bit resets watchdog process to idle state
Spower .cycle bit instructs power circuit to cycle power to flash device
Table B.15: Latchup and Power process signals
Signal Width/Type Description
cut.power bit signals power circuit to permanently remove
power from flash device
pwr .rem bit informs error handler that power has been
removed from flash device
Lpower .cycle bit instructs power circuit to cycle power to flash
device
ERROR_POWERSWITCH bit informs error handler that an error has
occurred with the power switch
F_POWER bit holds current state of power switch
Table B.16: Address handler and bad block handler signals
Signal Width/Type Description
CUR_ADRESS 25 bits this data register holds the current, or last used,
flash device memory address
adress 25 bits this register holds the flash address while being
read in
new .bad.block bit reports to the error handler when a bad block
has been detected
Num_oLBad_Blocks 16 bits holds the total number of bad blocks
temp_status bit temporarily holds the status byte before being
checked
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 106
B.3 Communication
B.3.1 Input/Output Signals
Table B.17: Baudgen I/O
Signal Width/Type Description
clk bit 50 MHz system clock
puls bit BAUD rate output signal. This signals controls the UART
puls2 bit a 16x slower baud rate signal
Table B.18: Bitiiohex.cotiu I/O
Signal Width/Type Description
clk bit 50Mhz system clock
reset bit general reset signal to reset state machine
Datain 8 bits input data bus linking output data buffer and Bintohex.conv
not.empty bit signal informing when data is available to be sent
get.byte bit requests data from output buffer
Dataout 8 bits output data bus to UART
strout bit signals UART that new data available
Table B.19: UART I/O
Signal Width/Type Description
clk bit 50Mhz system clock
BaudPuls bit BAUD pulse from Baudgen
Data 8 bits input data bus from Bintohex.conv
DataStrobe bit strobe line from Bintohex.conv
SERIN bit Serial input line
Data.out 8 bits input data bus to input data buffer
Data.out.str bit input data strobe line to buffer
SERUIT bit Serial output line
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 107
B.3.2 Internal Signals
Table B.20: Baudgen State Types
state.type Description
counting this state clears the strobe signals and counts the clock signals until
the baud rate is reached
high this state either outputs a strobe on puls or signals a double pulse
double here a strobe is placed on both the puls and puls2 output signals
Table B.21: Bintotiex.conu State Types
stateetype Description
idle this state waits for a byte to become available from the output buffer
then requests it
getbyte clears request line
getbyte2 this state splits the requested byte up and converts it to an integer
send1 here the two integers are converted to binary equivalent ASCII code
send2 in this state the first of the two bytes is sent to the UART
send3 this state waits for the UART to send the first byte
send4 the second byte is set here on the output bus
send5 this state sends the second byte to the UART
send6 this is a wait state for the second byte to be sent
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 108
Table B.22: UART State Types
state.type., T Description
idle this state wait for a new byte to be strobed to the UART for sending.
xmit this state transmits the serial data packet on the serial output line at
the supplied baud rate.
state.type.R Description
idle here the data received signals are cleared and the serial receive line is
also monitored for arriving data.
rec this state reads in the serial data packet and paralyzes the data bits.
send here the received data byte is sent to the input buffer.
B.4 Watchdog Timer
B.4.1 Input/Output Signals
Table B.23: Watchdog_timer I/O
Signal Width/Type Description
clk bit 50MHz system clock input
Wen bit watchdog enable signal that controls operation of watchdog
timer. The timer counts when this signal is high. When it is
low) the timer is cleared and stays idle
Timeout bit the timeout signal pulses when the watchdog times out
B.4.2 Internal Signals
Table B.24: Watchdog State Types
state.type Description
counting this state is forced when Wen is goes high. It counts the positive clock
edges of the input clock.
timeup this state sets the timeout signal
wait.reset here the timeout signal is cleared and the state remains here until reset
Stellenbosch University http://scholar.sun.ac.za
CHAPTER B - MPU SIGNAL LISTINGS 109
B.5 Analog to digital converter
B.5.1 Input/Output Signals
Table B.25: ADC_Cont I/O
Signal Width/Type Description
elk bit 50MHz system clock input
reset bit global reset signal, resets state machine
nConvst bit Conversion Start. by pulsing this signal, the ADC begins a
conversion process
nCSRD bit Chip Select/ Read. this signal controls reading out the digital
data
busy bit this signals shows when the ADC is busy in the conversion
process
Dein 8 bit data in bus. this bus links the ADC to the controller
Dcout 8 bit data out bus. this bus sends outputs the
digital data to the main controller
Dcout.st bit data out strobe. this signals the main controller when a new
value is placed on the output bus
B.5.2 Internal Signals
The various state types are explained as comments in the actual VHDL and therefore
does not require separate listing.
Stellenbosch University http://scholar.sun.ac.za
Appendix C
VHDL Code
C.I EDAC Controller
LIBRARY i e e e ;
USE ieee s t d c l o g t c c t t n a all;
ieee. std_logic_unsigned. All;
USE ieee. n u m c ri c c s t d .ALL;
entity
port (
Edac_Cont.roller is
elk
Cc r e s c t ce n c
Cc.r e s e t c d c c
Cc B'y p a es cc n c
C_Bypass_dec
Cc.Er r c Me e s a g e
C_Err_M_BLr
E_Dat.ain
E_Datain_l:Il.r
E_Buffer_Rdreq
Ec Hu He r c Em p t y
E_Dal.aoul
D_Dal.ain
D_Datain_str
Dc.De t ao u t
D_Data_rdy
D_Data_gel
) ;
El'n) entity Edac_Controllcr;
in STD..LOGIC;
in STD..LOGIC;
in STD..LOGIC;
in STD_LOGIC;
in STD..LOGIC;
out STD..LOGIC_VECTOR(2 downto 0) ;
out STD_LOGIC;
in STD..LOGIC_VECTOR (7 J:XMNIO 0) ;
in STD..LOGIC;
in STD..LOGIC;
out STD..LOGIC;
out STD..LOGIC-VECTOR( 7 J:XMNIO 0) ;
in STD..LOGIC_VECTOR(7 J:XMNIO 0);
in STD..LOGIC;
out STD..LOGIC_VECTOR( 7 J:XMNIO 0) ;
out STD..LOGIC;
in STD..LOGIC
.ARCEllI"EX::I RTL of Edac_Controller is
-------------COMPONENT~-------------------------------
cx:::tv1PCNENI' Input_Buffer IS
PORT
(
data
wrreq
rdrcq
c loc k
q
fui I
empty
);
END cx:::tv1PCNENI' I n p li L B li Cf cr;
cx:::tv1PCNENI' Output_Buffer IS
PORT
(
dala
wrreq
rd r e q
clock
IN STD..LOGIC_VECTOR (7 J:XMNIO 0) ;
IN STD..LOGIC
IN STD..LOGIC ;
IN STD..LOGIC ;
our STD..LOGIC_VECTOR (7 J:XMNIO 0) ;
our STD..LOGIC
our STD_LOGIC
IN STD..LOGIC_VECTOR (7 J:XMNIO 0) ;
IN STD..LOGIC
IN STD..LOGIC
IN STD..LOGIC
110
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 111
q
fu II
empty
),
END c:x::tv1fQ\lENr 0 li t P li l _B li t t er;
OUT STD..LOGIC_VECTOR (7 IXMNIO 0),
OUT STD..LOCIC
OUT STD..LOGIC
c:x::tv1fQ\lENr RS Ene 0 cl e rIS
PORT (
s y s c l k IN STD..LOCIC,
resel IN STD..LOCIC,
rs i n IN STD..LOGIC_VECTOR
sla r t IN STD..LOGIC,
enable IN STD..LOGIC,
rsa li t OUT STD..LOCIC_VECTOR
(7 IXMNIO 0),
(7 IXMNIO 0)
),
END c:x::tv1fQ\lENr R SEn C 0 cl er;
c:x::tv1fQ\lENr R SOc C 0 cl crI S
PORT (
sysclk IN STD..LOGIC,
reset
r sin
cl si n
d s o u t
by pass
esau l
rdyin
IN STD..LOGIC,
IN STD..LOGIC_VECTOR (7 IXMNIO 0),
IN STD..LOGIC,
IN STD..LOGIC,
IN STD..LOGIC,
OUT STD..LOGIC_VECTOR (7 IXMNIO 0),
our STD..LOGIC,
oulvalid: our STD-.LOCIC;
decfail our STD_LOGIC,
OUT STD..LOGIC_VECTOR (4 IXMNIO 0)
) ,
END o:::t'v1PCNENI' R S0 eco cl er;
c:x::tv1fQ\lENr DEC_inpuLbuffer IS
PORT
(
w rr e q
rd r e q
cloc k
IN STD..LOGIC_VECTOR (7 IXMNIO 0) ,
IN STD_LOGIC
IN STD_LOGIC ,
IN STD..LOGIC ;
OUT STD..LOGIC_VECTOR (7 IXMNIO 0) ,
OUT STD..LOGIC ,
our STD..LOGIC ,
our STD..LOGIC_VECTOR (3 IXMNIO 0)
data
q
fu Il
empty
u sed w
),
END c:x::tv1fQ\lENr DEC_input_buffer;
c:x::tv1fQ\lENr DEC_output-buffer IS
PORT
(
data IN STD..LOGIC_VECTOR (7 IXMNIO 0),
wrreq IN STD..LOGIC
rdreq IN STD..LOGIC ;
c I DC k IN STD..LOGIC ,
q our STD..LOGIC_VECTOR (7 IXMNIO 0),
fu II OUT STD..LOGIC
empty OUT STD..LOGIC
),
END o:::t'v1PCNENI' DEC_output-buffer;
------------------TyPES-------------------------
type s t e t e c t y p e O is (rcselO ,staftO ,51,82,52a,83);
type s t e t e c t y p e I is (resetl, w a l t c r d y , startl );
------------------SIGNALS---------------------------------
--ENCODER--
signal slaleO
signal symboLnum
signal B uri Il_full
signal Burin_empty
signal Bufin_rdreq
signal Bu Ij n c d a t e o u t
signal Ene_resel
signal Errc c.e n a b l e
signal En c c s t a r t
signal En c c Du t ao u t
signal Bufout_full
signal Bufout_Wrreq
signal Watchdog
s t e t e c t y p e O":
integer range 0 to 64;
STD..LOGIC,
STD..LOGIC,
STD..LOGIC,
STD..LOGIC_VECTOR( 7 IXMNIO 0) ,
STD..LOGIC,
STD..LOGIC,
STD..LOGIC,
STD..LOGIC_VECTOR( 7 IXMNIO 0) ,
STD..LOGIC,
STD..LOGIC,
integer range 0 to 2047; --data arrival timeout value
--DECODER---
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE
signal sta te 1
signal Dec_reset
signal De cco u t
signal De c c r d yt n
signal Dec_ouLvalid
signal Oec_decfail
signal De c cn u rne r r
signal Dec_Tsou I.
signal Dec_dsin
signal Dbufio_rdreq
signal Dbufio_cmply
signal Dburin_full
signal Dbufin_q
signal b u If e r c s t r o b e
signal Dbufoul_slr
signal Dbufoul_full
--MULTIPLEXER-
signal MUXQul
signal MuxouLstr
signal Bypass_str
112
a t a t e c t y p e I ;
STD_LOGIC,
STD_LOGIC,
STD..LOGIC,
STD..LOGIC,
STD..LOGIC,
STD..LOGIC_VECTOR( 4 down to 0),
STD-LOGIC_VECTOR(7 downto 0) ,
STD..LOGIC,
STD..LOGIC,
STD..LOGIC,
STD-LOGIC,
STD-LOGIC_VECTOR (7 IXA\NlD 0) ,
STD_LOGIC,
STD_LOGIC,
STD..LOGIC,
STD-LOGIC_VECTOR(7 IXA\NlD 0) ,
STD..LOGIC,
STD..LOGIC,
signal rent. integer range 0 to 63; --used to remove codesymbol.9 at decoder
-------------------BEGIN------------------------------
BEGIN
gl: l n p u t c b u If e r port map(E_Datain. E_Datain_str I Hu Ij n c r d r e q I elk, Bufin_daLaoul, BuCin_full
Bu It nce m pt y ) ;
g2: 0 li t P li t _b li ffcr port map( Muxout , M tlXQU t ca t r , E_B li If'e T_Rd r e q , cl k , E_Dat.aout , B u rou t _ru II
E_Burrer_Empt.y) ;
g3: RSEncoder port map( clk ,Enc_reset. ,BuOn_dat.aout. ,Enc_start ,Ene_Enable) Enc_Dat.aout);
g4: RSDecoder port map( elk, Dcc_reset, Db urt ncq ,Dec_dsin ,Dec_out., Cc.By p a s s c d ec .Ti ecc r s ou t •
De c c r d yt n , Dc c c o u t v al l d ,Dcc_decrail .Tiec cn u m e r r ) :
g5: DEC_inpuLburrer port map(D_Datain I D_Datain_str I Dbufin_rdreq ,elk I Db u ït nc q , Dburin_rull
Db ufi nce m p t y ,TEST _capacity);
g6: DEC_output_burrer port map( Dec_raout, b u f I e r c s t r o b e ,D_Data_get, elk. Dc.De t e ou r , DhurouLrul1
Dc Du t a cr d y ) i
Muxout. <=Enc_dat.aout when Cc.By p as sc Enc = '0' else
Burin_clataout. ;
MuxouLstr<=BurouLWrreq when C_Bypass_Enc='O' else
Bypass_st.r;
Dcc_out <= '1 ";
--bypass encoder when set
--bypass encoder strobe
--output data into the output buffer as soon as
--it i/j avaiLable
burrer_st.robe<=Dcc_out.valid when r c n t <43 else
'0' , --causes only the data symbols to be inputted
--into the output b1J.ffer
--This process controls the encoder I encoder input and output buffers.
e n c o d e c c t r L: p r o ce aa t c t k , Cc r e e e t c e n c )
begin
c n c c r e e e t
if Cc r e s c t c c n c w '1' then
--clears contents of encoder
en c _5 tar t
<='1',
<='0',
st.at.eO<=reset.O;
elsif r l e i n g c e d g e f cl k ) then
--controls symbol input to encoder
Burin_rdreq
e u c c e n a b l e
<='0',
<='0',
Burout_Wrreq<=Enc_cnablc; --writes encoder value into output buffer
By p e s e c e t r -ce Bu f t n c r d r c q : --V--latch with read s t r
CASE st.ateO i8
when resetO =>
s y m bo lcn u m
en c _8 tar t
Watchdog
<=0,
<='0';
<=0,
if Bu rt n ce mp t y etu ' then
e n c c r e s e t
Bu It n c r d r e q
st. a t e 0
<='0',
<='1';
<=start.O;
end if i
when s t a r t O =>
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 113
e n c c a t a r t
e n c c e n a b l e
ay m bol c n u m
slaleD
<='1';
<='1';
<=symboLnum+l; --number oj symbols in codeword
<=81;
when s I =>
e n c c e t a r t <='0';
Watchdog <=Watchdog+ 1;
if watchdog=2047 then
stateO<=s2a;
elsif symboLnum=43 then
stateO<=s3 ;
elsif Bufin_cmpty='O' then
-- L'Ïmout showing end of data stream
-- 43= total codeword - code 3ymbols
Bufin_rdreq
statcO<=s2 ;
<='1 ';
end if;
when s2 =>
e n c c e n a b l e
ey m b o l c n u m
Bl a te 0
<='1 ';
-ceeevrnbo Lnu rn-c t :
<=81;
-- this state fills up rest of codeword
when s2a =>
watchdog <=0;
if symboLnum=43 then
stateO<=s3 ;
e n c c e n a b l e <='0';
else
e o c c e n a b l e
ay m bolc n u m
<='1';
<eeay m bolcn u m-l-L;
end if;
-- this state pulses
when s3 =>
ay m bol cn u m <=symboLnum+l;
if ay mb o lcn u m = 64 then -- codeword complete
the code symbols inLo the data stream
stateO<=reselO;
else
e n c c e n a b l e <='1';
end if;
end case;
end if;
end process e n c o d e c c t rl :
-- This p r o c e ss controLs the decoder, decode.r input and output buffers.
Decade_ctrl: process (clk ,C_rcscl_dec)
begin
if Cc r e s e t cd e c = '1' then
Dec_resct
Dec_dein
<='1';
<='0';
statcl <ee r e s e t I ;
elsif r i e i n g c e d g e (elk) then
Dec_dsin <='0';
Dbufin_rdreq <='0';
CASE s t a t e I is
when r e s e t I =>
Dec_resel <='1';
Slalcl<==waiLrdy;
when w e l t c r d y =>
Dcc_resct <='0';
if Db u rt nce m p t y =='0' and Dec_rdyin ='1' then
--shows Lhat daLa has a r r i u e d and decoder i s ready
Dbufin_rdreq <= 'I'; --geLs symbol from fifo
slatcl <=starll ;
end if;
when slarll=>
Dec_dsin <='1'; --puls symbol inLo decoder
slate I <==waiLrdy;
end case;
end if;
end process Decode_clrl;
--Thi,<j p r o c e s s counts the symbols per codeword when outputted from the decoder
rcmovc_cadesymbals :process(clk, De c c o u t vali d )
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 114
begin
if Dec_out.valid == '0' then
r c n t <=0;
e l s I f r l s i n g c e d g e Icl k } then
r c n t-cee r c n t q-L;
-- this signal is high when data is outputted
end if;
end process r e m o v e c c o d e e y rn b o ls i
--Thi.s process reports La the master controller when an error has occurred
e r r o r c c t r I process(clk, burin_full, b u f o u t c f ul l ,dec_decfail ,Dhufin_full ,Dbufout_full)
begin
if burin_full = '1' then
C_Err_Messagc<="OOl" ;
Cc.Er r cMc s t r <='1';
els i f b ufo ut. _ f u II = '1' then
Cc Er r cMe s s a g e-cee'' 010";
Cc.Er r c Mcs t r < =' 1 ';
elsif Dec_decfail = '1' then
Cc.Er r c Me s s e g e cee" 011" j
Cc Er r cMce t r < =' l ";
elsif Ohufio_full ='1' then
Cc Er r cMes s a g e-cee'' 100" ;
C_Err_M_st.r < = 'I ':
e l s l f DbufouLful1 ='1' then
Cc.Er r c Mes s e g e-cee" 101";
C_Err.M.str <='l'j
else
Cc Er r cMe a s ag e-cev Onn " j
C_Err.M.str <='0';
end if;
end process e r r o r c c t r L:
end architecture rtl;
C.2 Master Controller and Bad Block Controller
LIBRARY i e e e :
USE ieee. a t d c l o g t c c r t ê a . all;
ieee. std.logic.unsigned. All;
USE ieee. n u m e ric c s t d .ALL;
entity Mai n c Co n t is
port ( elk IN STD-LOGIC;
Cur_In IN STD-LOGIC_VECTOR( 7 IXlWNIO 0) ;
cur _i n _8 t r IN STD-LOGIC;
EDAC_reset_enc our STD-LOGIC;
EDAC_reget_dec our STD_LOGIC;
EDAC_Bypass_cnc our STD-LOGIC;
EDAC_Bypass_dec our STD-LOGIC;
F-CLE IN STD-LOGIC;
F _Data IN STD-LOGIC_VECTOR( 7 IXlWNIO 0) ;
F_RdyBsy IN STD-LOGIC;
F_ALE IN STD-LOCIC;
LWE IN STD-LOGIC;
F_RE IN STD-LOGIC;
FYOWER.CTRL our STD-LOGIC;
Re e e t c Ef a s h our STD-LOGIC;
WD.En our STD-LOGIC;
WD_Timcout IN STD-LOGIC;
BBR_Adr IN STD-LOGIC_VECTOR( BBadrWidth -1 downto 0) ;
BBR_Puls IN STD-LOGIC;
BBR_Dataout our STD-LOCIC_VECTOR (0 IXlWNIO 0) ;
BBR_Strout our STD-LOCIC;
BBW..Adr IN STD-LOCIC_VECTOR( BBadrWidth -1 down to 0) ;
BBW_Puls IN STD-LOGIC;
BBW_Dalain IN STD-LOGIC_VECTOR (0 IXlWNIO 0) ;
EDAC_crroLmsg IN STD-LOGIC_VECTOR (2 IXlWNIO 0) ;
EDAC_crrmsg_str IN STD-LOGIC;
SERDATA our STD-LOCIC_VECTOR( 7 IXlWNIO 0) ;
SER..sTR our STD-LOCIC;
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE
SER..RJ{..DATA
SERJlXJlD
SER..RXJlDY
) ,
END entity Mein c Co n t ;
--xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
IN STD-LOGIC_YECTOR( 7 IXJWNIO 0) ;
OUT STD-LOGIC,
IN STD-LOGIC
AROilI'EX::TURE RTL of Ma in c Oo u t is
component BB_CONTROLLER is
port
elk : in STD-LOGIC,
reset : in STD-LOGIC,
R_Adr : in STD-LOGIC_YECTOR( BBad,Width -1 downto 0) ,
R_Puls : in STD-LOGIC,
R_Dat.aoul :out STD-LOGIC_YECTOR (0 IXJWNIO 0) ,
Rc St.r o u t :out STD-LOGIC,
W..Ad, : in STD-LOGIC_YECTOR( B'Bad rWtd t h -1 downto 0) ,
W_Puls : in STD-LOGIC;
W _Datain : in STD-LOGIC_YECTOR (0 IXJWNIO 0)
),
El'n) component BB_CONTROLLER;
constant
constant
constant
BBadrWidlh
AdrWidth
PageWidth
for block address
for flash address
for page address
inleger ,=12, --Nr of bits
i n t e g e r ,=25, --Nr of bit s
inleger ,=5, --Nr of b it li
constant e t d cl o g i c c ee '0 ';
constant af a t d cl o g l c t ee v I ';
----------------CQMMAND HANDLEll------------
constant read! e t d c l o g l c c v e c t o r (2 downto 0):="001";
constant readID e t d c l o g ic c v e c t o r (2 downto 0):="010";
constant reset s t d c l o g l c c v e c t o r (2 downto 0):="011";
constant pp rog e t d c l o g l c c v e c t o r (2 downto 0) :=" 100";
constant c b p ro g s t d c l o g ic c v e c t o r (2 downto 0) :=" 101";
constant s t d c l o g ic c v e c t o r (2 downto 0) :=" 110";
constant stat.us s t d c l o g t c c v o c r o r f z downto 0):="111";
-------------------CURRENT HANDLER--------------------------------
constant c u t c o f f s t d c l o gi c c.ve c t o r (2 downto 0) :="001";
constant s t e nd by a t d c l o gi c c v e c t o r (2 downto 0):="010";
constant o p e r a t in g s t d cl o gi c c v e c t o r (2 downto 0):="011";
constant high s t d cl o g t c c v e c t o r (2 downto 0):=" 101";
constant dangerous a t d cl o g i c c v e c t o r (2 downto 0):="110";
-------------------ERROR MESSACEs---------------------------------
constant
constant
NOJlYBY
RYBY.sUSP
st. d c l o g i c _v e c tor (1 down to 0): =" 0 1" ;
s t.d cl ogi c c v e c to r (1 downto 0) :=" lOll ;
CODES TO OBC----------
s Lcl cl o g i c _v e c lor (3 downto 0): =" 0001" ;
st d cl o g i c _v e c lor (3 downto 0): =" 0010" ;
s t d cl o g l c c v e c Lo r (3 downto 0):="0011";
st d c Log ic _v e c Lor (3 downto 0): =" 0 100" j
-------------------MPU ERROR
constant
constant
constan t
constant
b b c e r r o r
SEFLerror
PS_error
EDAC_error
constant SEL_error e t d c l o g l c c v e c t o r (3 downto 0):="0101";
constant cutofLpwr s t d c l o g ic c v e c t o r (3 downto 0):="0110";
----------------CQMMAND CODES FROM OBC--------------
constant r e s e t c e n c a t d c l o g i c c v e c t o r (7 downto 0):="00000001";
constant b y p c e n c a t d c l o g i c c v e c t o r (7 down to 0):="00000010";
constant r e s e t c d e c s t d c l o g ic c v e c t o r (7 downto 0):="00000100";
constant b y p cd e c s t d cl o g ic c v e c t o r (7 downto 0):="00001000" j
constant reseLBB s t d cl o gl c c v e c t o r (7 downto 0):="00010000";
type s t a t e t y p ec.WD is (idle, running, wa.iL-high ,t.imeout.) j
type slatetype_SEFI is (idle, reset.l ,reset2 ,reset.3 ,erasel ,progi);
type s t a t e t. y p e c l a t c h is(idle ,delay ,BICWAIT,lat.chl ,Jat.ch2);
type s t e t e t y p e c P is (idle 1 po w e r co n , power_cycle, p o w e r c c y cl e ê ,power_cycle3 ,
p o w e r c r e m o v e , p o w e r c r e mo v e ê } :
type sta t e t y p e c A is (idle, stl ,st2, st3, st4, 8l5, st6, 8l7, st.8);
type s t a t e t y p e c BB is (idle, checkl ,check2, updatel , updat.e2 • update3);
type s t e t e t y pe c M is(idle ,edacl ,powerl ,bbl,bb2,bb3,bb4,bb5,sefil ,sell
pwrl ,end_byt.e) ;
type s t a t e t y p e c O is(idle,!:Il)j
-------------------WATCHDOC SIGNAL8-------------------------------
signal Pc r y b y s t d c l o gi c j
signal stateWD e t e t.et y p ec Wff ;
signal p r o c c c o rn p le t e e t d c l o gi c j
signal WD_Error_Message: a t d c l o gi c c v e c t o r (1 downto 0);
115
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE
signal transition s t d cl ogi c :
--------------aJMMAND SIGNAL~-----------
signal CUILFUNC s t d cl o gi c c v e c t o r (2 down to 0);
signal StarLWD s t d cl o g i c :
------------GURRENT SIGNAL~----
signal CUILCURRENT s t d cl o gi c c v e c t o r (2 downto 0);
signal d e n g e r c c u r integer range 0 to 3;
------------SEFI SIGNALS-------------------------
signal State
signal s o n d c r e s e t c t o c Ll a e h
signal r e s e t c w d o g
slalelypc_SEFI;
s t d cl o gi c :
s t d cl o gi c :
signal Spower_cycle s t d cl o gi c :
--------------LATCHUP SIGNALS---------------------
signal st.ateLatch st.alelypc_Lat.ch;
signal c u t c p ow e r ,pwLrem s t d cl o gi c :
signal Lp o w e r c c y c le s t d c l o g i c :
------------POWER SIGNALS---------------------------
signal s t a t e P
sig n a I ERROR..POWERSWITCH
stalclypc_P;
s t d cl o gi c :
signal F_POWER s t d cl o g i c :
-----------------ADRESS SIGNALS-------------------------
signal s t a t e A stalely p e c A ;
signal CUfLADRESS, a d r e s s s t d cl o g l c c v c c t o r (AdrWidth-l downto 0);
-------------BADBLOGK SIGNALS--------------------------
signal 81.at.eBB statetypc_BB;
signal t e rn p c s t a t u s s t d cl o g ic c v e c t o r (7 downto 0);
-------------------BADBLOCK COUNTER SIGNALE8----------------------
signal n e w c b a d c b lo c k s t d c l o g l c ';
signal NlIm_of_Bad_Blocks e t d cl o g i c c v e c t o r (15 downto 0);
-------------------BAD BLOCK CONNECTION SIGNALS--------------------
signal BB_Data_in
signal BB_W_Aclr
signal BBc.Wpuls
: s t d cl o g l c c v e c t o r (0 downto 0) j
: s t d clo g ic c v e c t o r (BBadrWidth-l down to 0) j
: e t d cl o g l c :
signal resetBB : s t d cl o g i c :
-------------------MPU HANDLER SIGNALS----------------------------
signal stateM s t a t e t y p e c M j
-------------------OBC COMMAND HANDLER SIGNAL8--------------------
signal s t a t e O
BEGIN
--XXXXXXXXXXXXXXXXXXXXXXXXXXXXXBEGINNINGXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
: s t a t e t y p e c O";
gl: BB_CONTROLLER port map( elk ,resetBB, BBR_Adr, BBR_Puls, BBR_Dat.aoul I
BBR_Strout I BB_W_Adr, BB_Wpuls I BB_Data_in) ;
F_POWER_CTRL<=£ _POWER;
Rcset_Flash<=send_rcset_io_flash j
-------------------GOMMAND HANDLER--------------------------------------------------
Co mm a nd cHan dle r : process(elk ,F_CLE, f c d a t a ,cur_func)
begin
if r i si n g c e d g e f c l k ) then
if (F-CLE='l' and F-WE='O') then
if (f_data ="00000000" f_data ;:;:"OOOOOOOlu or f_data ;:;:"01010000") then
Gu r c Pu nc-cee read 1 i
Start_WD<;:;:'l'i
elsif Ldata =" 10010000" then
Gu r c Pu nc c e- rcaclID;
StarLWD <= "O":
elsif f_data ="11111111" then
Ou r c Eu nc cï ee reset i
StarLWD<;:;:'I';
elsif Ldata =" 10000000" then
Cur_Func<= PProg;
StarLWD <='1 ':
elsif f c d a t a ="000000111> then
Cu r c Pu nc <= CBProg j
StarLWD<;:;:'l';
e l e i f Ldata ="011000001> then
Cur_Func<= Erase;
StarLWD <='l'j
elsif (Ldata ="01110000" or Ldata ;:;:"01110001") then
Cu r c Pu nc c e- Stat.us j
StarLWD<='O'j
else
cur_func<;:;:cur_func;
StarLWD<='O';
end If;
else
StarLWD<='O';
end if;
116
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 117
end if;
end process Co mm a nd c l-la ndle r :
-------------------CURRENT HANDLER-------------------------------------
Current-Handler: process(clk, c u r c i n c s t r }
begin
if r i si n g c e d g e Lcl k ) and cUf_in_slr='l' then
if Cu r c in < "00000001" then --1
CUILCURRENT <=cuL_off;
da n g e r c c u r <=0;
e l e i f Cu r c t n < "00100001" then --J3
CUILCURRENT <=operat.ing;
da n g e r c c u r <=0;
e l s l f Cur_in < "01000011" then --67
CUR.CURRENT <=high;
d a n g e r c c u r <;:::;0;
e l s i f Cur_in < "11111111" then --67
CUILCURRENT -ceed a n g e r o u a ;
cl ange r _cu r c.eed a n g e r c c u r + 1;
else
CUILCURRENT <=CUILCURRENT ;
end if;
end if;
end process CurrenLHandler;
----------------WATCHDOG HANDLER----------_.:.---------------------------
Wa t c h d o g c He ndl e r : process (cl k , WD_Timeout. ,F .Hy b y , r e e e t c w d o g }
begin
if r e e e t c w d o g ee '1' then
stateWD <ee id l c :
WD..En <='0';
transition <='0';
els i f r i lil ing _c cl ge ( c) k) then
F _ryby<=F_RdyBsy;
st.ateWD is
when idle=>
p r o c c c o m p le t e
WD..En <='0';
--synchronizes ready/busy input signal
<='0'; --just to zero 'complete' pulse
--timer oLlt
WD_Error_Message<=" 00"; -- rese t error message i
if StarLWD =' l' then
stateWD <=running;
trans ilion <='0';
elsif F_Ryby='O' and lransition='1' then --for sequential r01U read
transit.ion <='0';
stateWD <=waiLhigh;
elsif F_Ryby='l' then
t r a n s i t io n <='1';
end if;
when running=>
WD-En < = I 1 ' ;
ifF _Ryby = '0' then
st.ateWD <ee w a it c hi g h ;
e J sif WD_Timeout = 'l' then
WD c Er r o r _Message<=N'O-RYBY ;
--waiting for RyBy to go low
--timer ani
slateWD <=timeout;
end if;
when w a it c h ig h eo-
WD-En <= ' 1 ' ;
ifF _Ryby = '1' then
p r o c c c o m p le t e <='1'; --pulse to inform completion of process
stateWD <=idle;
elsif WD_Timeout = '1' then
WD_Error_Message<=RYBY _SUSP;
--waiting for RyBy to go high
staLeWD -cee tim e o u r :
end if;
when timcout=>
WD-.En <='0';
end case;
end if;
end process Wa t c h d o gc h a n d l e r :
------------------SEFI HANDLER--------------------------------------------------------
SEFLHandler:
begin
process (elk, WD_Timeout ,F-POWER)
if risi n g c e d g e Lcl k ) then
i f F_POWE~af then
r e s e t c w d o g <='1'; --gets wdog out of timeout p tvo:se
send_reset._t.o_flash <='1';
sLaLe<=idle;
else
r e s e t c w d o g <='0';
a e n d c r e s e t c t o c Lla s h <= '0';
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 118
Spower_cycle <='0';
case e t a t e is
when idl e e-> --waits for timeou.t to occur
if WD_TimeouL ;;: '1' then
if Cu r c Pu ncee r e e d I then stat.e<=resetl;
elsif Cu r c lc unce e r a e e then s t a t e cee e r e s e t :
e Is i f (Cur_Func=pprog or Cu r c Pu nce c b p r og ) then
s t a t e <=progl ;
elsif Cu r c.Eu ncee r e s e t
end if;
then s t e t e ces r e e e c t :
end if i
when crasel=> --Check which of the
if WD_Error_Message=RYBY....sUSP then
Spowcr_cycle <= 'I ";
statc<=idlc;
errors occured
--Block_era.~e SEFl
state<=resetl;
--Partial erase SEF!
--rHust repeat erase process;
else
end if;
when progl=>
state<=rcsetl;
when r e s e t I ee>
r e s e t c w d o g <='1';
e e n d c r e s e t c t o c Ll a s h <='1';
sLate<=reset2 ;
when resel2 =>
e t a t e c.ee r e s e t S ;
when r e e e t S =>
if WD_Timeout='l' then --luad for outcome of reset command
-- .'II e t wdog to wait for command
--.!iend8 r es e r command
Sp o w c r c c y cl e <='1'; --either timeout or e u c e e s f u t
r e s c t c w d o g <= '1 'j
state <=id le j
elsif p r o c c.co m p le t e ee t t ' then --if timeout then reset power
state<=idlc j
end if;
end case;
end if;
end if;
end process SEFLhandlcr;
Lu t c b up c Hu n dl e r : process( elk, proc_complete, c u r c c u r r e n t. )
VARIABLE BIGW INTEGER RAl'CE 0 TO 25000000;
begin
if ri si n g c e d g e I cl k ) then
c u t c p o w e r <= '0';
Lp o w e r c c y c l e <='0';
statcLatch is
when id l e ec-
B1GW, =0;
pwr_rcm <='0';
if cur_currcnt.=dangerous and d e n g e r c c u r eeê then --checks for high
current
Lp o w e r c c y c l e <='1';
e t a t e Le t c h-ceed e l a y ; --give time to s us i t c h: off l
end if;
when delay=>
if cur_current=cut_oCf then
a t a t e La r c h <=BIGWAIT ;
end if;
WH!N BIGWAIT=>
B1GW,=BIGW+l;
PURPOSES
IF BIGW=O 'IHEN
STATELA TClk=LATCHl ;
--NEED TO PUT IN DELA Y FOR SWITCHING
--gives time to turn pot !!l
END IF;
when latch 1=>
-- ;./ current turned back on and st i II dangerous then p c w e t- removed
if cur_current=dangerous then
stateLatch<=latch2 ;
p w r cr e m cï ee t L";
--if procedure completes then chip has recovered
elsif p r o c c co m p t e t e ee t L' then
a t a t e Le t c h-cee i die;
end if;
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C ~ VHDL CODE
when la te h 2=>
cut_powcr<='l'j
p w r cr e m <='0';
end case;
end if;
end process l a t c h u p c h a n d l e r :
POWER: process (cl k)
variable p ow e r c c u t
variable cut-time
begin
integer range 0 to 33554431;
integer range 0 to 255;
if r lsl n g c e d g e f c l k ) then
s t e t e P is
when idle=> --allows signals to reset
stateP<=power_on j
when p o w e r c o nec-
ERROlU'OWERSwrrCH< = '0 ' ;
Fc.p o w e r-ceea a n ;
p o w e r cc n t :=0;
c u t c t i rn e :=0;
if cut_power='!' then
stateP<=power_remove i
elsif Lp o w e r c c y cl e ee t L' or Sp o w e r c.cy c l e ee t t ' then
stateP<=power_cycle;
end if;
when p o w e r c c y cl e ec-
F.POWElk:=af;
c u LU m etee cu t _L ime +1;
If c u r c c u r r e n t ee c u t c o Lf then
c u t c t im e :=0;
stateP<=power_cycle2 ;
elsif c u t c t l m e ee O then
ERROlU'OwERSwrrCH< = '1 ' ;
stat.eP<=idle j
--check that power is cut oJJ l
END IF;
when p o w o r c c y cl e ê e->
powe r cc n t:= power cc n t + 1;
If p o w e r c c n t eeO then
statcP<=power_cycle3 ;
--remove power for set time
end if;
when p o w e r c c y cl e See>
c u t c t im e r ee cu t c ti m e +1;
Fc.p ow e r cï eea a n ;
if (cur_current>cut_off) then
s t e t e P <=power_on;
elsif c u t c t im e seIl then
--check power is restored
--check that power is restored!
ERROlU'OWERSwrrCH< = ' 1 ' ;
alaleP<=id le;
END IF;
when p o w e r c r e mo v eec-
F_POWElk:=a f ;
cu t c t im etee cu t _t ime + 1;
if c u r c c u r r e n t eec u t c o Lf then
s t a t e P <eep o w c r c r e m o v e ê ;
elsif c u t c t irn e eeO then
ERROlU'OWERSwrrCH< = ' 1 ' ;
stateP<=idle;
--check that power is cut off!
END IF;
when p o w e r c r e m o v e ê ec-
end case;
end if;
end process power;
Ad r e s s c h a n dl e r
begin
process (elk, FJ..LE,F_WE, a d r e s a )
if F_ALE='O' then
s t a.t eAx e l d t e :
CUR-ADRESS<=adress;
elsif r i s l n g c e d g e Lcl k ) then
case statcA is
when idle=>
if F_WE='Q' then
if Cu r i Pu nce Er a ee then
stateA<=st3 ;
else
statcA<=st 1 ;
end if;
119
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 120
end if;
when stl=>
if F_WE= '1' then
a d r e ee (7 down to O)<=F_Data;
staleA<=st2 ;
end If;
when st.2=>
if F_WE= 'Q' then
st.ateA<=st.3 ;
end if;
when 5L3=>
if F_WE='l' then
a d r e e s (15 downto 8)<=F_Dat.aj
slat.eA<=st4 ;
end if;
when st4;;;>
if F_WE= '0' then
stateA<=st5 ;
end if;
when al5=>
if F_WE='l' then
adress(23 downto 16)<=F_Dataj
staleA<=st6 ;
end if;
when st6=>
if F_WE= 'Q' then
e t a t e A<ees t ? ;
end r r ,
when st. 7=>
if F_WE=' l' then
ad r e s s (AdrWidt.h -1 downto 24 }<=F'_Data « AdrWidt.h -25)downto 0);
stat.eA<=sl8 ;
end if;
when st8=>
CUFLADRESS<=a.dress; --la!lLly set current c d d r e as to collected value
end case;
end if;
end process ad resaLh a ndle r";
B B_T ab Ic_H and Ier
begin
process (elk, Cur_Func, F_RE)
if ris i n g c e d g e f cl k ) then
stateBB is
when id le=>
BBc.Wpu ls <='0';
BB_Data_in<=u Ou j
t e m p c s t a t u s <=(others= > '0');
if Cur_func=status and F_RE='O' then --check status byte
--ensure zero write pulse
staleBB<=check 1 ;
elsif BBW_Puls='1' then
BB_W _Ad,<=BBW .Adr ;
BB_Data_in<=BBW_Datain i
stateBB<=updale2 ;
-- External Update
end if;
when check 1=>
ifF _RE = ' l' then
t e m pc.st a t u s ce-F .De t a :
statcBB<=check2 ;
--read in status byte
end if;
when check2=>
if temp_status(O)='O' then
st.ateBB<=i die;
--check LSB for a 'O'=pass or '1 '=fail
--op sucessful
else
sLaieBB<=updaLe1 ; --op unsuccessful
end if;
update Bad Block table
when updatel =>
BB_W ..Ad,<=CUR..ADRESS( Ad rWtd tb -1 downto (Ad,Widtb-BBad,Widtb»; -- chop,
of 32 page count
BB_Data_in<=" 1u;
sLateBB<=updaLe2 ;
when update2 =>
HBc.Wp ule <='1';
sLateBB<=updaLe3 ;
when u pd ate3 =>
BB_Wpuls <='0';
sLat.eBB<=idle;
--sets flag
--pulses write
end esse;
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 121
end if;
end process BB_Table_Handler;
Bu d c Bf o c k c Co u n t c r
begin
process (elk, ResetSS ,SBW _Puls, SBW .Dut al n )
if ResetBB = '1' then
Num_oLBad_Blocks <=(others = > '0') ;
elsif r is in g c c d g e Lcl k ) then
if (BB_Wpuls = '1' and BB_Data_in(O) = '1 ') then
N u m cof cBe d cBf o c k s c.eN u m co fc Ha d cB locks + 1;
n e w c b a d c b l o c k <= '1 '; --signals report to be sent to OBC
else
new c b a d c bl o c k < = '0';
end if;
end if;
end process Bad_Block_Counter;
MPV c e r r o rLh a n dl c r
begin
process (cl k , EDAC_errmsg_~tr ,ERRORYO\>VERSWITCH)
if r i s l n g c e d g e f c l k ) then
SER..5TR<='O';
s t a t eM is
when icl I e ec-
if EDAC_errmsg_st.r= '1' then
staleM<=edacl;
elsiC ErroT_Powerswit.ch='l' then
stat.eM<=powerl;
elsiC n e w c b e d c b l o c k = '1' then
stateM<=bbl;
elsif WD_Timeout = '1 ' then
statcM<=s e fi 1 ;
elsiC Lp o w e r c c y c l e = 'I' then
stateM<=sell;
elsif pw r cr e m ee '1' then
stateM<=pwrl i
end if;
when edacl=>
SER._I)ATA<=EDAC_error & "0" & EDAC_crroLmsg;
SER..5TR< = '1 ';
s t a t.e M'<eee n d c b y t e :
--send error message
when powerl=>
SER._I)ATA<=PS_error & "0000";
SER..5TR< =' 1';
slateM<=end_byle;
when bbl=>
SER._I)ATA<=bb_crror & "0000" j
SER..5TR< =' 1';
stateM<=bb2 ;
when bb2=>
SERJ)ATA<=CUR...ADRESS(20 down to 13);
SER..5TR< = '1';
stateM <=bb3 ;
when bb3=>
SER..DATA<="OOOO" & CUR...ADRESS(24 downto 21);
SER_STR<='l ';
stateM<=bb4 ;
when bb4=>
SERJ)ATA<=Num_oLBad_Blocks (7 downto 0) ;
SER..STR< =' 1';
stateM<=bb5 ;
when bb5=>
SER._I)ATA<=Num_oLBad_Blocks (15 downto 8) i
SER..5TR< = '1';
s t a t eM'<eee n d c b y t e j
when se fil =>
SERJ)ATA<=S EF Lerror
SER..5TR<= '1 ';
s t a t.e M'<eee n d c b y t e :
& 'Q' & Cu r cPu nc :
when s e l Lec-
SERJ)ATA<=SEL_error & "0000";
SER_STR< = '1 ';
sLaLeM<=end_byLe i
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 122
when pwrl=>
SEELDATA<=cutorr_pwr & "0000";
SER.STR< =' 1';
s t a t.e M'<eec n d c b y t e :
when e n d c b y t e=>
SEILDATA<=(others= > '0');
--send end byte
SER..sTR<='1 ';
stateM<=id le;
end case;
end if;
end process MPU_crror_handler;
OBC_Command_Handler : process (elk ,SER_RX_RDY)
begin
if r lsi n g c e d g e f cl k ) then
SER..RX..RD< = '0';
EDAC_rescLenc <='0';
EOAC_reseL-dec <='0';
resetBS <='0';
case stateO is
when idle=>
If SER..RX..RDY='O' then
SER..RX..RD < = ' 1 ' ;
stateO<=sl;
end if j
when 51=>
SER..RX_l)ATA is
when r e s e t c e n c ee> EDAC_rcset_enc <='1';
EDAC_Bypass_cnc < = 'Q';
when r e e e t c d e c ee> EDAC_reset_dec <='1';
EDAC_Bypass_dec <= '0' j
when b y p ce n c ee>
when by p c d e cee>
EDAC_Bypass_cnc <=' l' j
EDAC_Bypass_dec<='l ";
when r e s e t c b b ec- reset.BS <='I'j
when others=>
end case;
stateO<=idle;
end case;
end if;
end process O'B'Cc.Command c He nd ler ;
END ARCHrI1iX::'IUR RTL;
--Bevan Bryer 04/02/2004
--New Brui Black ContolIer Program to handle
--writing and reading from the dual port ram
--on the cyclone chip
--ver 1.0
LIBRARY i ccc;
USE ieee. s t d cl o g i c c L'l ê a : all;
USE ieee. s t d cl o g Lc c a r I t h .ALL;
entity BB_CONTROLLER I.
port
elk
reset
R_Adr
R_Puls
R_DaLaout
R_Strout
W_Adr
W_Puls
Wc.Du t al n
) ;
END entity BB_CONTROLLER;
in STD-LOGIC;
in STD-LOGIC;
in STD-LOGIC_VECTOR(BBad,Width-l down to 0);
In STD-LOGIC;
out STD-LOGIC_VEGTOR (0 rx:JWNIO 0) ;
out STD-LOGIG;
in STD..LOCIC_VECTOR(BBadrWidLh-l downto 0);
In STD_LOGIC;
In STD-LOGIC_VECTOR (0 rx:JWNIO 0)
ARCHrI1iX::'IUR RTL OF BB_CONTROLLER ie
--RAMBLOCK WITHIN FPGA 1'0 STORE BB TABLE
constant BBadrWidth integer :~12; --Nr oJ bits for block address
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 123
CXMPCNENT RAM2047xl IS
PORr
(
d a t a c a IN STD..LOGIC_VECTOR (0 IXJWNIO 0) ,
IN STD..LOGIC ;= '1',
IN STD..LOGIC_VECTOR (BBadrW;dth-1IXJWNIO 0),
IN STD..LOGIC_VECTOR (0 IXJWNIO 0),
IN STD..LOGIC_VECTOR (BBadrW;dtb-1IXJWNIO 0);
IN STD..LOGIC ' 1 ' ,
IN STD..LOGIC
IN STD..LOGIC
IN STD..LOGIC
'1 "
a d d r e s s c a
d e t a c b
a d d r e e s c b
w r e nc b
cl o c k c a
e n a bl e c a
c l o c k c b
e n a bl e c b
q_a
q_b
IN STD_LOGIC '1 "
our STD..LOGIC_VECTOR (0 IXJWNIO 0) ,
our STD..LOGIC_VECTOR (0 IXJWNIO 0)
),
END CXMPCNENT RAM2047xl,
type Rs t a t e c t y pc is (idle, s t a t e I , slate2 • slale3);
type Ws t a t e c t y pc is (resclW, idle, slalel );
signal Rs t a t.e : Rs t a t e c t y p e :
signal Ws t a t.e : Ws t a t e c ty p e ;
signal Ac Ad r
signal A_Dataout
signal A_Wen
signal Ac Cf k ce n
signal A_Dalain
signal B_Adr
signal B_Dataout
signal a.w-»
signal B_elk_cn
signal Bt.De t aln
BEGIN
STD..LOGIC_VECTOR( BBadrW;dth -1 downto 0) ,
STD..LOGIC_VECTOR (0 IXJWNIO 0) ;
STD..LOGIC,
STD..LOGIC,
STD..LOCIC_VECTOR (0 IXJWNIO 0) ,
STD..LOCIC_VECTOR( BBadrW;dth -1 downto 0),
STD..LOGIC_VECTOR (0 IXJWNIO 0),
STD..LOGIC,
STD..LOGIC,
STD..LOGIC_VECTOR (0 IXJWNIO 0) ,
g f : RAM4096xl port map( A_Dat.aout,A_Wen,A_Adr, Bcd a t a o u t ,B_Adr,
BcWen , elk, A_elk_cn, elk, Bc Cf k ce n , Ac.De t at o ,
B_Dalain) ;
--process that handles read action
Read: process (elk, r c s e t ) is
begin
if resel='l' then
Rs t a t o c. e idle;
Ac.Cf kce n <='0'; --make s u r e during reset nothing b a-pp ews
A_Dataout<="l"; --just to stop warnings
elsif r l e in g c e d g e f c l k ) then
Ac C'l k ce n < ='0';
A_Wen <='0';
Rc.Sj.r o u t <='0';
CASE Rs t a t e is
when
idle =>
A_Dataout<=" 0" ;
if R_puls='l' then
A_Adr<=R_Adr ,
Ac.Cf k cen <= '1 ":
Rstate<=statel;
end if;
when
statel=>
Ac C'l k ce n <='1';
Rstate<=state2 ;
when
slale2=>
Rs t a t e-cee s t a t e S ;
when
state3=>
R_Dataout<=A_Datain;
R_Strout <= '1 ';
Rstate<=idle;
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 124
end CASE;
end if;
end process Read;
--process that handles write action
Write: process (c1k,reset) is
begin
if reset='l' then
Wslale<= resetW;
B_Clk.en<='O'j --make sure nothing happens in reset
e l s t f risi n g c e d g e f c l k } then
B_elk_en <='0';
B_Wen <='1';
CASE Wstale is
when
r e se t W =>
w s t at.e-ce l d l e :
when
id le =>
if W_puls='l' then
B_Adr<=W_Adr;
B_DalaouL<=W _Datain;
B.elk_cn <= '1 ';
Wslale<=stat.el;
end if;
when
statel=>
Bc C'l k ce n <='1';
Wstatc<=idlc;
--leLs 1 clock pulse through
end CASE;
end if;
end process Wri te;
end architecture RTL;
C.3 Communications
LIBRARY ieee;
USE ieee. s t d c t o g t c c t t e e .ALL;
en t i ty baudgen i8
porte elk
pu Is ,
pu 152
,IN STD..LOCIC;
.oor STD..LOCIC);
end baudgen ;
architecture gen of baudgen is
type s t a t.e c t y p e is (counting. high, double);
signal state: s t e t e c t y p e i
begin
process (elk) is
variable c n t inleger range 0 to 869; --counter 1.0 set BAUD rate
variable ent2: integer range 0 to 16;
begin
if risi n g c e d g e (elk) then
CASE state is
when counting =>
puls <= '0';
puls2 <='0';
ent := c n t + 1;
if (ent = 868) then
ent :=0;
slate <= high;
end if;
when hig h =>
if cnl2=15 then
s t a t e <= double;
else puls <= '1 'j
cnt2 := enl2+1j
s t a t e <= counting;
end if;
when do u bie =>
p II Is2 <= ') '; enl2:=O;
p II Is <= '1' ;
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 125
state <= counting;
end CASE;
end if;
end process;
end architecture gen;
--this program inputs 8 bit binary a.nd outputs 2 8 bit
--hex values in ascii, LSB ',9 first, then MSB'd
entity bl n t o b e x c c o n v is
port ( elk IN STD-LOGIC;
IN STD-LOGIC;
IN STD-LOGIC_YECTOR(7 IXJWNIO 0) ;
IN STD-LOGIC;
our STD-LOGIC;
our STD..LOGIC_YECTOR( 7 IXJWNIO 0) ;
our STD-LOGIC);
reset
Datain
n o t ce m p t y
g e t c by t e
Dat.aouL
8 t ra u t
end entity b i n t o h e x c c o n v ;
architecture r tI of bi n t o h e x c c o n v is
TYPE s t a t e c t y p c is (idle ,get.byle ,get.byLe2 ,sendI ,send2 ,scnd3 ,scnd4 ,scndS ,scnd6);
signal st.at.e s t a t e c t y p e :
begin
process (elk, reset, no t ce mp t y } is
variable t emp L, temp2
variable int.l, int2
variable cn t : in t e g e r
: st. d cl o g i c _vee t. 0 r (7 downto 0);
:integer range 0 to 15;
range 0 to 16383;
begin
if res e t = '1' then
s t a t e ereei dl e :
elsif r Lsl n g c e d g e f cl k ) then
s t r o u t <='0';
sta te is
when idle =>
c n t := 1;
if noLemply='O' then --wait for available byte from input buffer
get-byte <='1';
sLate<=getbyte;
else
g e t c b y t e <='0';
end if;
when g e t b y t eec-
g e t c b y t e <='0';
state<=getbyte2 ;
when getbyte2=> --seperates and converts byte
intl:=conv_integer(unsigned(Datain(3 downto 0»);
int2:=conv_integer(unsigned(Datain(7 downto 4»);
state <=send 1 ;
when send 1 => --converts binary to ASCII
if in t I <10 then
temp I:= con v _8 t d c l o g ic _v e c tor ( int 1 +48,8) ;
else
temp 1:= con v _s t d c l o g i c _ve ct 0 r ( int 1 + 55,8) i
end if;
if int2 <10 then
tcmp2:= con v _s t d c l o g l c c v e c tor (in t2 +48 ,8);
else
temp2:=conv_std_logic_vector (int2 +55,8);
end if;
dataout<=temp2 ;
state<=send2 ;
when
send2=> --send first byte
s t r o u t <='1';
state<=send3 ;
when
send3=>
if cnt=9000 then
e t e t e-c-ea e n d ë ;
end if;
c n ti ee c n t q-L;
when
send4=>
dataout<=temp1 ;
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE
end case i
end if;
end process;
end architecture r t L;
entity u a r t is
port ( cl k
BaudPuis
Dal.a
DataSirabe
SERIN
Data_out
Data_out_str
SERUIT
end u a r ï. :
state <=~end5;
cnt:= 1;
when
send5=> --send second byte
strout<='l';
s t e t e ceea e n d ê ;
when
send6=>
if cnL=9000 then
e t a t e x eei dl e :
end if;
c n t t e c n t q-L;
IN STD-LOGIC;
IN STD-LOGIC;
IN STD-LOGIC_VECTOR( 7 iXJ'M'IIO 0) ;
IN STD-LOGIC;
IN STD-LOGIC;
our STD-LOGIC_VECTOR(7 iXJ'M'IIO 0);
our STD-LOGIC;
our STD-LOGIC) ;
architecture trans of uart is
TYPE s t e t o c t y p e c T is (idle ,xmit);
TYPE s t a t e c t y p e c R is (idle ,rec,send);
signal stateT s t a t e c t y p e ; T ;
signal staLeR staLe_Lypc_R;
signal l.empStrobe STD-LOGIC;
signal LxData STD-LOGIC_VECTOR( 9 iXJ'M'IIO 0) ; transmit stream
signal rxData STD-LOGIC_VECTOR( 7 iXJ'M'IIO 0) ; received stream
signal rxCnt in t e g e r range 0 to 7 ;
begin
txData <= '1' & Dat.a & '0'; --adds start and stop bit, and data to create serial packet
transmit: process (elk) is
variable temp integer ra.nge 0 to 9;
va.riable c hk STD-LOGIC;
begin
if r t s i n g c e d g e f cl k ) then
e t a t eT is
when idle =>
Seruit <= '1 ";
if (( tempStrobe
end if;
end process transmit;
receive: process (elk) is
variable chk : STD-LOCIC;
begin
'0') AND (Data.Strobe
stateT <= xmit;
chk:= '0 ';
temp: = 0;
else
tempStrobe <= DataStrobe ;
end if;
when xmit =>
i f BaudPuls = '1' and chk = '0' then
Seruit <= txData(temp) j
ehk:=' 1 ';
if (temp = 9) then
s t a t eT <= idle;
else
temp := temp + 1;
end if;
elsif Baudpuls ='0' then
ehk:='O'j
end if;
end case;
if r lsi n g c e d g e f c l k ) then
stateR is
when idle =>
'1'» then
126
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE 127
Data_out_str <='0';
D'a t a c o u t <=(others= > '0');
if SERIN='Q' and BaudPuis ='1' then
s t e t eR <= ree;
chk: =' 1 'j
rxCnt < = 0;
--seL iL La 'J' so that next sLate wont
--read in sinrt biL
else
cbk,= '0 ';
s t a t e R <= idle;
end if i
when ree =>
--note.- baudpuls could still be 1 when coming from idle sLate
if BaudPuis ='1' and cbk = '0' then
rxData (rxCnt )<=Serin ;
chk:=' 1 'i
if (rxCnt = 7) then
a t a t e R <= send i
else
rxCnt <= rxCnt + 1;
end if;
elsiC Baudpuls ::;'0' then
chk := '0 'j
end if;
when ee n d ee'>
Data_ouL_sLe <='1 ";
Data_out<=rxData;
stateR <= idle;
end case;
end if;
end process receive;
end architecture Lrans;
C.4 Watchdog Timer
LIBRARY i ccc;
USE ieee. s t d c l o g l c c L'l ê d : all;
ieee. s t d cl o gi c c u n s l g n e d . All;
USE ieee. n u m e ric c s t d .ALL;
entity
port (
Wa t c h do g c Tf me r is
elk
Wen
Timeout
IN
IN
our
s t d c l o g i c :
s t d c l o g l c :
s t d c l o g ic
);
El'JD entity We t cb do g c.Tf me r j
ARCHlIECIURE RTL·of We t c hd og c Tf me r is
type s t a t e c t y p e is (counting ,timeup, w ai t c r e s e t ) j
signal state s t a t e c t y p e :
BEGIN
process (elk, Wen)
variable
begin
countcr integer range 0 to 67108863; --25 bit counter;
i r Wen e, '0' then
statc <=counting;
countcr :=0;
Timeout <='0';
e l a i f r iei n g c e d g e f c l k ) then
sta t eis
when counting =>
timeout <='0';
counter r eec o u n t e r +1;
if counter = 0 then
state <=timeup;
end if;
when timcup =>
Timeout <='1';
s t e t e ceew e t t c r e s e r ,
when w a t t c r e e e t ec-
Timeout <='0';
end case;
end l f";
end process;
END ARCHlIECIURE RTL;
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE
C.5 Analog to digital converter
LIBRARY i e e e ;
USE ieee. e t d cl o gi c c Ll ê d . all;
use ieee. s t d cl o g ic c u n s l g n c d . All;
USE ieee. n u rn c ric cs t d .ALL;
entity ADC-Cont is
port ( cl k ,
reset in
n Co n v s t out
nCSRD out
busy in
D_in in
D_oul out
Dc.o u t c s r : out
);
END entity ADC_Conti
s t d c l o g t c :
s t d c l o g t c :
s t d cl o g i c :
st cl c lo g i c ;
s t d cl o g l c c v e c t o r (7 downto 0);
ij t cl cl o g i c _vee t. 0 r (7 downto 0);
s 1 cl c l o g i c
128
signal slate
signal b u s y c t e m p
.AR.a-IITEX:::: RTL 0 fAD C _Con t. i s
type s t a t e c t y p c is (startup ,st.adup2 ,startup3 ,sl ,s2 ,s3 ,83a ,84 ,sS ,56 ,87);
BEGIN
process (elk I reset)
variable delay
variable dclay2
begin
s t a t e c t y p e :
s t d cl o g i c :
integer range
integer range
to 63;
to 18000;
if reset='l' then
statc<=startup;
elsif r l s in g c e d g e f c l k ) then
b u s y ct e m p-ceeb u s y :
CASE state is
when startup =>
nCSRD<='l ';
nConvst<='O';
Dc o u t cs t <='0';
state<=startup2 ;
when s t a r t u p z =>
d e l a y t w d el a y-l-L:
if d e l a y eeO then
state<=startup3 ;
end if;
when star t u p3 =>
nConv!it<='l';
d e l a y r eedelay +1;
if d e le y e-O then
s t e t e x e s I ;
end if;
when s I =>
nConvst<='O';
state <=s2;
when s2 =>
nConvst<='O';
s t a t e cïeee S ;
when s3 =>
nCo n va t <=' l';
if busy_temp='l' then
state<=s3a;
end if;
when s3a=>
1f b ua y c t emp ='0' then
s t a t e c.e s ë ;
end if;
when s4 =>
nCSRD<='O';
state<=s5 ;
when sS =>
Dco u t e.e d c in & '0';
state<=s6 ;
when s6 =>
Dc o u t cs t <='1';
5tate<=s7 ;
when 57=>
Dc o u t ce t <='0';
--synchronize busy signal
--delay so chip power can settle
--low to high transition
--wait Jus (50 pulses)
--high to low transition (2 pulses)
--make sure busy is high or qo es high
--wait for busy to go low
--sample data and pulse it out
--strobe data out
Stellenbosch University http://scholar.sun.ac.za
CHAPTER C - VHDL CODE
end if;
end process;
end architecture rtl;
end case;
nCSRD<='l';
d el a y ê i e d e l a y ê ë-L;
if delay2=lB030 then
delay2 :=0;
s t a t e-cees L:
end if;
129
--18030
Stellenbosch University http://scholar.sun.ac.za
