Data and results of a laboratory investigation of microprocessor upset caused by simulated lightning-induced analog transients by Belcastro, C. M.
NASA Technical Memorandum 85821
NASA-TM-85821 19840019308
DATA AND RESULTS OF A LASORATORY
INVESTIGATION OF MICROPROCESSOR UPSET
CAUSED BY SIMULATED LIGHTNING -INDUCED
ANALOG TRANSIENTS
CELESTE M. BELCASTRO
JUNE 1984
LIBRARY COpy
:" . (', "ln84
'.'; I .1 '-..-' ~J)
NI\S/\
National Aeronautics and
Space Administration
Langley Research Center
Hampton, Virginia 23665
J.A.I'-lGLEY RESEARr,1' ,;reNTER
LIBRARY, NASA
HAMPTON, VIRGIN!A
https://ntrs.nasa.gov/search.jsp?R=19840019308 2020-03-20T22:59:54+00:00Z

1
1
--_.._._----......_----
r·.l CDl ..........J e.c. .... -) "'l
L!l ._~! Lr1! "__.oj." ::::.. .:.
~~4h}27376=:;-~*
r·1l-.- (.'1-. .....'-:)1
.:. = .1 ,_!: L~"-..L~L 1
RP1*: ~A5A-TM-g5821 NA5
UNCLAS51F1ED DOCUMENT
VTTL= Data and results of a 1aboratorY ~nvestj9atjon of m~croprocess0r upset
'-',', "I'-, l \ ldT 1 C'n ':' n.:. L = !~: l __~
toA/-.. lC.
~·;n··_",,-!= /*ANALOG 51MULATION/*EXPECTANCY HVPOTHE515/*LIGH1NING/*MATHEMATICAL 1 ("'c ,-- 1 .-.L·__'"·,:-";.!-·_"
MIN5= / COMPUTER5/ EQUATIONS OF STATE/ EXCITATION/ STOCHASTIC PROCESSES
of a computer sYstem onboard an o1rcraft flYlng through a ljghtn1ng
studjed: The upset tests lnvolved the random jrput of analog tranS1ents
which model lightn1ns jnduced sjgnals onto lnterface lines of an 8080
based m1crOCOffiPuter from Wh1Ch upset error data was recorded: The program
code on the ffi1croPfocessof during tests is designed to exerc1se all of tIle
machine cycles and memory addreSS1ng technlQUeS 1mplemented ~n the 8080
possib1e corre1atl0ns are estab1lshed between
occurrence and trans}ent 319031
CldTCD.
LP1! z....=~.. =

DATA AND RESULTS OF A LABORATORY INVESTIGATION
OF MICROPROCESSOR UPSET CAUSED BY SIMULATED
LIGHTNING-INDUCED ANALOG TRANSIENTS
by
Celeste M. Belcastro
NASA Langley Research Center
Hampton, Virginia 23665
ABSTRACT
Advanced composite aircraft designs will include fault-tolerant
computer-based digital control systems with high reliability requirements for
adverse as well as optimum operating environments. Since aircraft penetrate
intense electromagnetic fields during thunderstorms, onboard computer systems
may be subjected to field-induced transient voltages and currents resulting in
functional error modes which are collectively referred to as digital system
upset. A methodology has been developed for assessing the upset susceptibility
of a computer system onboard an aircraft flying through a lightning
environment. Laboratory tests were performed to study upset error modes in a
general-purpose microprocessor. The upset tests performed involved the random
input of analog transients which model lightning-induced signals onto interface
lines of an 8080-based microcomputer from which upset error data was recorded.
The program code being executed on the microprocessor during tests was designed
to exercise all of the machine cycles and memory addressing techniques
implemented in the 8080 central processing unit. For specific processing
states and operations, correlations are established between upset occurrence
and transient signal inputs. The application of Ma~kov modeling to upset
susceptibility estimation is discussed and a stochastic upset susceptibility
model for the 8080 microprocessor is presented to demonstrate stochastic model
development.
INTRODUCTION
LIGHTNING STRIKES TO AIRCRAFT CAUSE transient voltages and currents to be
induced on internal electrical cables throughout the aircraft. These transient
signals can propagate to interface circuitry, power lines, etc., of onboard
electronic equipment despite shielding and protection devices. Advanced
composite aircraft provide less shielding than all metal aircraft and will
utilize computer-based digital control systems that are inherently sensitive to
transient voltages and currents. Since these digital systems will be
performing flight-critical functions, highly reliable performance must be
maintained in adverse environments such as thunderstorms. Therefore,
techniques for assessing the susceptibility, performance, and reliability of
digital systems when subjected to analog electrical transients must be
developed.
Digital system upset collectively refers to functional error modes without
component damage in digital computer-based systems and can be caused by
lightning-induced electrical transients. An upset test methodology was
developed and described in detail in (1)* along with initial data and results.
In this paper, more extensive data and results of upset tests performed using
t' is methodology are presented. The purpose of these tests is to statistically
investigate the upset susceptibility of a general-purpose microcomputer
executing an application program in a simulated lightning environment. The
objective of the statistical analysis is to identify correlations between the
occurrence of upset and the processing activity of the system
(which includes software as well as hardware) that is in progress when input of
an analog transient signal occurs. In addition, the analysis serves
* Numbers in parentheses designate References at end of paper.
2
to demonstrate the application of upset susceptibility assessment techniques.
These techniques could be used as an aid in identifying system weaknesses that
could be hardened to upset but may be especially useful during the design phase
of system development. The application of Markov modeling to upset
susceptibility prediction for an upset tolerant system is discussed viewing
upset caused by lightning as a random process and using test observations as a
basis to demonstrate the development of an upset susceptibility model for the
general-purpose microcomputer.
UPSET TEST METHODOLOGY
The upset test methodology is based on the comparison-monitoring of two
synchronized Intel Intellec 8/Mod 80 microcomputers (~Cs) executing identical
program code concurrently. The Intellec 8 Mod/80 is a modular system based on
the 8080 microprocessor (~P) and is configured for 8K bytes of random access
memory (RAM), 4K bytes of programmable read-only memory (PROM)~ 4 input ports,
and 4 output ports. The comparison monitor compares the 8-bit data bus, 16-bit
address bus, and eight control lines from each Intellec 8 microcomputer and
indicates that an error has occurred if a difference on any line is detected.
One of the microcomputers is designated as the ~C under test (~C UT) and
the other microcomputer serves as a reference (REF ~C) on which the comparison
is made. A third microcomputer provides input data to the ~C UT and REF ~C,
initiates interrupt requests, and is referred to as the I/O ~C. The upset test
hardware configuration is shown in figure 1.
The ~C UT is perturbed by an analog transient signal. The analog
electrical transient is a 1 MHz damped sinusoid of negative polarity, and was
designed to model an electrical signal that could be induced by electromagnetic
fields associated with lightning discharges. The waveshape of the transient
signal is an approximation of a waveform recommended for lightning-induced
3
effects testing (2): The analog transient is directly coupled through a
normally open relay onto a single line within the ~C UT and its amplitude~
therefore, is restricted to the damage threshold of components within the test
unit. Input of the transient signal occurs pseudo-randomly in that it is
controlled using the output of a counter that is initialized with a
pseudo-random number generator. Randomness is desired so that the transient •
signal input is not synchronized with processing activity of the test unit.
This establishes a more realistic laboratory simulation of the random process
that might take place in the actual lightning environment than inputting
transient signals during a processing activity that is established a priori.
Therefore, data recorded from upset tests in which transient signal inputs
occurred randomly during program execution, rather than by an a priori
determination, should provide the best solution to a Markov upset
susceptibility model.
Two types of data are obtained during each upset test--error data and the
error detection time. Bit patterns from the data bus, address bus, and control
lines of the ~C UT are acquired with a Tektronix 9103 Digital Analysis System
(DAS), which is triggered when the analog transient is input to the ~C UTe If
tc~ comparison monitor indicates that an error occurred, the acquired error
data is stored on magnetic tape. The DAS is then reset for another data
acquisition. The error detection time is determined by counting the number of
clock cycles that occur in the Intellec ~C's from the input of the transient
signal to the detection of an error. Since the Intellec ~C's have a 2 MHz
clock, the number of clock cycles is mUltiplied by 500 ns to obtain the error
detection time. The error detection time is a function of the processing delay
times within the system under test as well as the speed and efficiency of the
comparison monitor, or error detector. Although there is very little
literature on upset testing, work has recently been done on the development of
monitors for upset detection (3):
4
UPSET TEST DESCRIPTION AND DATA SUMMARY
The program being executed on the ~C UT and REF ~C during upset tests was
stored in PROM and a flow chart of this program and that of the I/O~C is shown
in figure 2. The ~C UT and REF ~C set the stack pointer, initialize variables,
output a preset constant to an I/O port, and input an 8-bit data word from the
I/O ~C. This 8-bit word is checked to see if it lies within a certain range.
If the data word is not within the range, it is stored in memory and another
8-bit word is input to be checked. If the 8-bit word is in the range, it is
divided by a constant and stored in memory. During these upset tests, the
8-bit data word was a constant within the desired range. The ~C UT and REF ~C
then output another preset constant to an I/O port, retrieve from memory the
8-bit word resulting from the division, subtract a constant from it, and store
this final value in memory. A loop in which no operations are performed is
then executed until the I/O ~C initiates an interrupt request which causes an
RST 6 instruction (single-byte jump to memory location 0030) to be executed.
The interrupt routine causes the final 8-bi t value to be output to an I/O port.
Once this is done, the ~C UT and REF ~C halt until the I/O ~C initiates a
second interrupt request which causes an RST 7 (single-byte jump to location
0038) to be executed. The second interrupt routine causes the ~C UT and REF ~C
to reexecute the test program Which, therefore, operates in a continuous loop.
This test program was not written for efficiency or to perform some real
application but to be representative of a typical application program and
include instructions from all five 8080 instruction groups (table 1) that
collectively require all ten 8080 machine cycles (table 2) and utilize all four
memory addressing modes available in the 8080 (table 3).
5
The analog transient signal was input to the memory data input bus of the
~C UT a total of 120 times--30 times each on the four least significant lines
of the input data bus from memory (MDIO, MDI1, MDI2, MDI3). The memory data
input bus is mUltiplexed onto the bidirectional data bus of the 8080 CPU (along
with input data from the 1/0 ports and interrupt instructions from a peripheral
device) and was chosen as the transient signal input site because transient
signal inputs on this bus resulted in a large number of errors during the upset
tests reported in (1). The specific lines within the bus as well as the number
of transient signal injections per line were arbitrarily selected. Each of the
120 transient signal injections to the ~C UT produced either upset or benign
errors. Benign errors caused no divergence from correct flow between the main
program and subroutines but included incorrect values read from or written to
memory, repeated or erroneous states within an instruction cycle, and could be
a potentially serious anomaly. For these tests, any divergence from correct
program flow was classed as upset whether or not correct program execution was
reestablished. Upsets recorded during testing occurred as a result of program
execution returning from a subroutine to the wrong memory location, which in
some cases was the second or third byte of a multi byte instruction. In some
iri~tances, program execution continued to the location at which the return
should have occurred, and correct program flow resumed with or without benign
errors for the duration of the data acquisition. In other cases, program
execution went b~ck and forth between two routines in an erroneous loop that
was not exited within the time frame of the data acquisition. These findings
are consistent with the upset characterization described in (~). The number of
upsets and benign errors that occurred as a result of transient signal inputs
at each of the four injection points is shown in table~. Tables 5-7 show the
number of upsets and benign errors that resulted from transient signal inputs
during processing of the various instructions within each of the instruction
6
groups, the various memory addressing modes, and the various 8080 machine
cycles, respectively.
STATISTICAL ANALYSIS
A statistical analysis was performed to identify processing modes of the
8080 ~p that contain some types of activity which may be more critical than
other types to the overall susceptibility of the ~C system to upset caused by
analog transients. A hypothesis test for each processing mode was performed in
which the hypothesis being tested was that upset and benign errors occur with
equal probability regardless of the processing activity underway when the
transient signal is input to the ~C UT. This hypothesis is tested by arranging
in tabular form the number of observed upsets and benign errors resulting from
transient inputs during each processing activity under consideration. A
calculation of the expected value for each entry, assuming the hypothesis is
true, is then performed which enables the chi-square statistic of the sample
population to be calculated. If the calculated chi-square statistic is less
than the actual value of an appropriate chi-square distribution, then the
hypothesis is true. Otherwise, the hypothesis is not true and must be
rejected.
Tables 8-10 show the observation tables, associated joint probabilities
and conditional probabilities, and chi-square statistics for several
instruction groups, addressing types, and machine cycles, respectively. Since,
in each of these tables, the calculated chi-square statistic exceeds the value
of the chi-square distribution, the hypothesis being tested in each of these
cases must be rejected. This means that differences in the indicated
probabilities are statistically significant rather than being due to chance.
That is, it cannot be assumed that upset and benign error occurrences are
equiprobable for transient signal inputs during execution of the various
7
instruction type, addressing modes, or machine cycles. The data base accrued
during these tests is insufficient to identify which instruction groups,
addressing modes, and machine cycles are most critical to upset vulnerability.
This is because of the diversity in the relative frequency with which
activities in each processing mode occurred during execution of the test
program. There were activities in each processing mode that occurred so
infrequently that they were underway few or no times when the transient signal
was input to the ~C UT. Identification of critical activities in each mode
could be accomplished by additional tests using one or more specially written
programs in which the relative frequencies of occurrence are more uniform.
To test the hypothesis that upset and benign error occurrences are
equiprobable for transient signals injected on each of the four least
si gnificant lines of the memory data input bus, the chi-square statisti c shown
in table 11 was calculated. Since the calculated chi-square statistic is less
than the value of the chi-square distribution, the hypothesis cannot be
rejected. That is, upset and benign error occurrences are equally probable
regardless of the line (among the four least significant bits of the input data
bus from memory) on which the transient signal is injected.
The overall performance of the BOBO-based microcomputer can be
conveniently summarized in a Markov chain of discrete states as shown in
figure 3. The state transition probabilities are defined as
Sij = P{i +j Istate 1) = Nij <1>
Ni
where Nij is the number of observed transitions from state i to state j
and Ni is the number of times state i was observed. - The quantities eij
represent the probability of transition along the indicated path and do not
represent state probabilities or provide information regarding transition
sequence.
Q
STOCHASTIC MODELING
In order to obtain a probabilistic time history of the 8080-based system
response to the analog transient, a stochastic Markov model could be
constructed consisting of discrete states in continuous time. The states and
transi tion paths would be the same as those shown in figure 3. However, the
transition paths would be defined in terms of transition rates Aij rather than
probabilities 8 ij' If constant transition rates were assumed, AijWOUld be
the inverse of the mean transition time from state i to state j, Which would
have to be determined experimentally or using computer simulation (5).
Transition time between states could be evaluated by counting the elapsed
number of clock cycles and dividing by the clock frequency. Transition rates Aij
could also be estimated with the 8ij by solving the simultaneous equations:
A
A12
x x = 8 12 <2>
A12 + AU
A
A13
A A e13 <3>
Al2 + A 13
A
A21
A A = 8 21 <4>
A21 + A1 3
A
A23
x x 8 23 <5>
A21 + A23
A
A31
A A e 31 <6>
A31 + A32
A
A32
x x 832 <7>
A31 + A32
9
Once all transi tion rates have been determined, a transition rate matri x Q
would be formulated:
A 13 ]
A23
-031 + A32 )
<B>
The transition rate matrix Q would then be used to determine the probability,
Pij (t), of occupying state j at time t given that the process was in state i.
This probability is the solution to the following system of differential
equations (6):
with initial conditions
<9>
{01 if i = jif i 'I j <10>
The time-varying state probabilities Pij(t) for the Markov model constructed as
in figure 3 represent a characterization of the upset susceptibility of the
BOBO-based microcomputer. Since this system was not designed for upset
tolerance, upset detection and recovery states cannot be added to the model for
a reliability characterization. However, stochastic modeling could be used to
characterize the susceptibility of the digital system to upset.
SUMMARY AND CONCLUSIONS
A laboratory experiment was conducted, using a general-purpose
microcomputer, to investigate upset caused by analog electrical transients
similar to those that could be induced by lightning. Data was obtained from
120 tests in which 85 upsets and 35 benign errors were detected. Error modes
involving a divergence from correct program flow was classed as upset. Benign
errors caused no divergence from correct flow between the main program and
subroutines but included incorrect values read from or written to memory,
10
repeated or erroneous states within an instruction cycle, and could be a
potentially serious anomaly. A statistical analysis was performed in which it
was determined that upset and benign error occurrences are not equiprobable for
transient signal inputs during execution of the various instruction types,
addressing modes, or machine cycles. Additional testing would have to be
performed to identify which instruction groups, addressing modes, and machine
cycles are most critical to upset vulnerability. This type of analysis could
be used as an aid in identifying system weaknesses that could be hardened to
upset but may be especially useful during the design phase of system
development. A stochastic model, based on upset test data, was defined for the
general-purpose microcomputer assuming constant transition rates. Solution of
this model would provide time-varying state probabilities that represent an
upset susceptibility characterization of the test system. Thus, the
application of stochastic modeling for upset susceptibility prediction seems
very promising. However, the optimum transition rate distribution must be
determined.
11
REFERENCES
1. Celeste M. Belcastro, "Digital System Upset - The Effects of Simulated
Lightning-Induced Transients on a General-Purpose Microprocessor."
NASA TM 84652, 1983.
2. "Test Waveforms and Techniques for Assessing the Effects of
Lightning-Induced Transients." AE4L Committee Report AE4L-81-2, Society of
Automotive Engineers, December 1981.
3. A. Davidoff, M. Schmid, R. Traff, G. Masson; "Monitors for Upset
Detection and Computer Systems." Proceedings of the International Aerospace
and Ground Conference on Lightning and Static Electricity, DOT/FAA/CT-83/25,
June 1983.
4. Gerald M. Masson, Robert E. Glaser, "The Containment Set Approach to
Digi tal System Tolerance of Lightning-Induced Transient Faults." Proceedings
of the International Aerospace Conference on Lightning and Static Electricity,
vol. I, March 1982, p.66-1 to C6-8, 84A18524.
5. Victor A. Carreno, "Upset Suscepti bili ty Study Employing Circuit
Analysis and Digital Simulation." NASA TM-85822, 1984.
6. D. R. Cox and H. D. Miller, "The Theory of Stochastic Processes."
Chapman and Hall, New York, 1965.
12
..
,..--
RST 6BB
~ U ... ARST 7 U '"
I/O Il-C F JiC UT Ff- r-V F v'
"
F ~
E E
R R
'- ~ >- '--- ./:1- ~ L..---
~- TEKTRONIX AV 32 v DAS9103 '\f
PSEUDO-RANDOM a~10- 161=f a I---
TRANSIENT SIGNAL
INJECTOR ~). ~} ~~
CRYSTAL DATA ADDRESS
CONTROL
asc. BUS BUS
. LINE
MONITOR MONITOR MONITOR
aU 16j.{ aft:
~v 1---32
.----
,17 .---
B RST 6 B
L.-l\ U 3ST 7
U
F
"- REF J.LC F "F K Fv E -v "l E "l
R R
'--- -
DATA REQUEST I CODES
HLDA, INTE, INTA
FIGURE 1: UPSET TEST HARDWARE CONFIGURATION
(
<.
98Z
FIGURE 2: FLaW CHART OF UPSET TEST _C PROGRAMS
I/0 /_P /_CUT/REF /_C
' OUTPUT IO0 IOUTPUICONSTANT
, +
NO _
STORE I
I OUTPUTINT. REQ] DIVIDE ' I ' _
_z # IOUTPUTCODE
oo,_o,_T_I IOUTPO,COO_I "
4, #
_ INPUT INTE I I SUBTRACT
€
ENABLE INT ]
#
NO WAITFOR INT
r°u_°_'e"_0t---- "J'N_°P_"'_
_..tu_PUTv,,_4,
OUTPUT RST7 I 4Z
] I ENABLE ,NIT
4z
HALT
.
POP STACKJ
14
-----~-----------~---
STATE 1: SYSTEM IS FAULTED BY TRANSIENT SIGNALS
STATE 2: UPSET HAS OCCURRED
STATE 3: BENIGN ERRORS HAVE OCCURRED
812 = 0.017
813 = 0.983
821 = 0.024
823 = 0.224
831 = 0.153
832 = 0.606
FIGURE 3: STATEM:>DEL FOR INTELLEC 8/MJD 80 SYSTEM RESPONSE
RESPONSE TO ANALOG TRANSIENT SIGNAL
TABLE 1: 8080 INSTRUCTION GROUPS
GROUP DESCRIPTION
DATA TRANSFER MOVE DATA BETWEEN REGISTERS
OR BETWEEN REGISTERS AND
MEMORY
ARITHMETIC ADD, SUBTRACT, INCREMENT,
DECREMENT DATA IN REGISTERS
OR MEMORY
LOGICAL AND, OR, EXCLUSIVE-OR,
COMPARE, ROTATE, COMPLEMENT
DATA IN REGISTERS OR MEMORY
I-'
'" BRANCH CONDITIONAL/UNCONDITIONAL
JUMP, SUBROUTINE CALL,
RETURN
STACK, I/O, AND INPUT, OUTPUT, MAINTAINING
MACHINE CONTROL STACK AND INTERNAL CONTROL
FLAGS
't
MACHINE CYCLE
INSTRUCTION FETCH
MEMORY READ
MEMOR Y WRITE
STACK READ
STACK WRITE
INPUT READ
OUTPUT WRITE
TABLE 2: 8080 MACHINE CYCLES
DESCRIPTION
READ INSTRUCTION FROM MEMORY;
INCREMENT PROGRAM COUNTER;
DECODE INSTRUCTION
READ BYTE FROM MEMORY;
INCREMENT PROGRAM COUNTER
WRITE BYTE TO MEMORY
READ BYTE FROM STACK;
INCREMENT STACK POINTER
WRITE BYTE TO STACK; DECREMENT
STACK POINTER
READ BYTE FROM INPUT PORT
WRITE BYTE TO OUTPUT PORT
INTERRUPT ACKNOWLEDGE
HALT ACKNOWLEDGE
INTERRUPT ACKNOWLEDGE
WHILE HALTED
READ INSTRUCTION ON DATA BUS;
DECODE INSTRUCTION
CPU ENTERS HALT STATE
READ INSTRUCTION ON DATA BUS;
DECODE INSTRUCTION
TABLE 3: 8080 ADDRESSING MODES
M09E DESCRIPTION
DIRECT BYTES 2 AND 3 OF THE
INSTRUCTION CONTAIN THE EXACT
ADDRESS OF DATA
REGISTER THE INSTRUCTION SPECIFIES THE
REGISTER OR REGISTER-PAIR
CONTAINING DATA
REGISTER INDIRECT THE INSTRUCTION SPECIFIES THE
REGISTER-PAIR CONTAINING
ADDRESS OF DATA
......
00 IMMEDIATE THE INSTRUCTION CONTAINS THE
DATA ITSELF
"
• •
TABLE 4: NUMBER OF UPSETS AND BENIGN ERRORS THAT OCCURRED
PER INJECTION POINT
•
INJECTION NO. OF NO. OF NO. OF
POINT INJECTIONS UPSETS BENIGN ERRORS
MDIO 30 22 8
MOl 1 30 25 5
MDI2 30 21 9
MDI3 30 17 13
120 85 (71%) 35 (29%)
.....
\0
TABLE 5: NUMBER OF UPSETS AND BENIGN ERRORS THAT OCCURRED
?:R INSTRUCTION GROUP
INSTRUCTION NO. OF NO. OF
GROUP UPSETS BENIGN ERRORS
DATA TRANSFER 7 3
ARITHMETIC 3 4
LOGICAL 0 2
BRANCH 52 14
STACK, I/O, AND 23 12
MACHINE CONTROL
N
0
TABLE 6: NUMBER OF UPSETS AND BENIGN ERRORS THAT OCCURRED
PER ADDRESSING MODE
• •
ADDRESSING NO. OF NO. OF
MODE UPSETS BENIGN ERRORS
DIRECT 4
REGISTER 2
REGISTER INDIRECT 15 6
IMMEDIATE 47 12
NONE 21 11
N
....
TABLE 7: NUMBER OF UPSETS AND BENIGN ERRORS THAT OCCURRED
F~rt MACHI~~ CYCLE TYPE
TYPE OF NO. OF NO. OF
MACHINE CYCLE UPSETS BENIGN ERRORS
INSTRUCTION FETCH 27 10
MEMJRY READ 36 8
MEMOR Y WRITE 4
STACK READ 2
STACK WRITE 5 2
N INPUT READ 0 0
N
OUTPUT WRITE 0
INTERRUPT ACKNOWLEDGE 0 0
HALT ACKNOWLEDGE 10 9
INTERRUPT ACKNOWLEDGE 0 4
WHILE HALTED
•
TABLE 8: STATISTICS FOR UPSET AND BENIGN ERROR OCCURRENCE
PER INSTRUCTION GROUP
C1 C2 C3
BRANCH STRK, I/O, MC OTHERS TOTAL
BENIGN ERRORS 14 12 9 35
UPSET 52 23 10 85
--
TOTAL 66 35 19 120
--
PROBABILITY THAT A CATEGORY i INSTRUCTION IS BEING EXECUTED WHEN THE
UPSET/BENIGN ERROR-CAUSING TRANSIENT SIGNAL IS INPUT
N
W
PB(C 1) = 0.117
PU(C 1) = 0.433
PB(C 2) = 0.100
PU(C2) = 0.192
PS(C3) = 0.0750
PU(C3) = 0.0833
P(B, U/C.):
1
PROBABILITY OF UPSET/BENIGN ERROR OCCURRENCE GIVEN THAT A CATEGORY i
INSTRUCTION IS BEING EXECUTED DURING TRANSIENT SIGNAL INPUT
P(B/C1) = 0.212
P(U/C1) = 0.788
P(B/C2) = 0.343
P(U/C2) = 0.657
P(B/C3) = 0.474
P(U/C3) = 0.526
CALCULATED CHI-SQUARE STATISTIC: X2 = 5.51
(TABLE VALUE: 2\= 0.10 =4.61)
TABLE 9: STATISTICS FOR UPSET AND BENIGN ERROR OCCURRENCE
PSR ADDRESSING MODE
C1 C2 C3
IMMEDIATE NONE OTHERS TOTAL
BENIGN ERRORS 12 11 12 35
UPSET 47 21 17 85
TOTAL 59 32 29 120
--
PROBABILITY THAT THE CATEGORY i ADDRESSING MODE IS BEING EXECUTED WHEN THE
UPSET/BENIGN ERROR-CAUSING TRANSIENT SIGNAL IS INPUT
PB(C 1) = 0.100
PU(C 1) = 0.392
PB(C 2) = 0.0917
PU(C 2 ) = 0.175
PB(C3) = 0.100
PU(C3) = 0.142
PROBABILITY OF UPSET/BENIGN ERROR OCCURRENCE GIVEN THAT THE CATEGORY i
ADDRESSING MODE IS BEING EXECUTED DURING TRANSIENT SIGNAL INPUT
P(B/C1) = 0.203
P(U/C1) = 0.797
P(B/C2) = 0.344
P(U/C2) = 0.656
P(B/C3) = 0.414
P(U/C3) = 0.586
CALCULATED CHI-SQUARE STATISTIC: X2 = 4.72
(TABLE VALUE: x2
CL= 0.10 4.61)
'.
.,
TABLE 10: STATISTICS FOR UPSET AND BENIGN ERROR OCCURRENCE
PER MACHINE CYCLE TYPE
.. ...
C1 C2 C3
INST. F MEM. R. OTHERS TOTAL
BENIGN ERRORS 10 8 17 35
UPSET 27 36 22 85
-
TOTAL 37 44 39 120
--
PB U(C.): PROBABILITY THAT THE CATEGORY i MACHINE CYCLE IS BEING EXECUTED WHEN THE
, 1 UPSET/BENIGN ERROR-CAUSING TRANSIENT SIGNAL IS INPUT
PB{C 1) = 0.0833
PU{C 1) = 0.225
PB(C 2) = 0.0667
PU{C2) = 0.300
PB{C3) = 0.142
PU{C3) = 0.183
P{B, U/C.): PROBABILITY OF UPSET/BENIGN ERROR OCCURRENCE GIVEN THAT THE CATEGORY i
1 MACHINE CYCLE IS BEING EXECUTED DURING TRANSIENT SIGNAL INPUT
P{B/C1) = 0.270
P{U/C1) = 0.730
P{B/C2) = 0.182
P{U/C2) = 0.818
P{B/C3) = 0.436
P{U/C3) = 0.564
CALCULATED CHI-SQUARE STATISTIC: X2 = 6.51
2(TABLE VALUE: X~= 0~05 = 5.99)
TABLE 11: S7ATISTICS FOR UPSET AND BENIGN ERROR OCCURRENCE
PER TRANSIENT SIGNAL INPUT POINT
C1 C2 C3 C4
MDIO MOl 1 MOl 2 MOI3 TOTAL
BENIGN ERRORS 8 5 9 13 35
UPSETS 22 25 21 17 85
TOTAL 30 30 30 30 120
--
PB,U(C i ): PROBABILITY OF UPSET/BENIGN ERROR OCCURRENCE GIVEN THAT THE INPUT POINT OFTRANSIENT SIGNAL BELONGS TO CATEGORY i
PB(C 1) = 0.267
Pu(C,) = 0.733
PB(C2) = 0.'67
PU(C2) = 0.833
PB(C3) = 0.300
PU(C3) = 0.700
P(B/C4) = 0.433
P(U/C4) = 0.567
CALCULATED CHI-SQUARE STATISTIC: x2 = 5.28
(TABLE VALUE: x~ 0.10 = 6.25)
,t .. •

1. Report No.
NASA TM - 85821
I2. Government Accession No. 3. Recipient's Catalog No,.
4. Title il)Q Sl,abtltle
DATA'AND RESULTS OF A LABORATORY INVESTIGATION OF
MICROPROCESSOR UPSET CAUSED BY SIMULATED LIGHTNING-
INDUCED ANALOG TRANSIENTS
7, Author(s)
Celeste'M. Belcastro
9. Performing Organization Name and Address
NASA Langley Research Center
Hampton, Virginia 23665
12. Sponsoring Agency Name and Address
National Aeronautics and Space Administration
Washington, DC 20546
15. Supplementary Notes
5. Report Dite
June 1984
6. Performing Organization Code
505-34-13-34
8. Performing Organization Report No.
10. Work Unit No.
11. Contract or Grant No.
13. Type of Report and Period Covered
Technical Memorandum
14, Sponsoring Agency Code
16. Abstract
Advanced composite aircraft designs will include fault-tolerant computer-based
digital control systems with high reliability requirements for adverse as well as
optimum operating environments. Since aircraft penetrate intense electromagnetic
fields during thunderstorms, onboard computer systems may be SUbjected to
field-induced transient voltages and currents r~sulting in functional error modes
which are collectively referred to as digital system upset. A methodology has been
developed for assessing the upset susceptibility/reliability of a computer system
onboard an aircraft flying through a lightrying environment. Laboratory tests were
performed to study upset error modes in a general-purpose microprocessor. The upset
tests performed involved the random input of analog transients which model
lightning-induced signals onto interface line~ of an BOBO-based microcomputer from
which upset error data was recorded. The program code being executed on the
microprocessor during tests was designed to exercise all of the machine cycles and
meliJoJ'v addressing techniques implemented in the 8080 central processing uni t. A
__ sta\"istical analysis is pr.esented in which possible correlations 8!'e established
between the probability of upset occurrence and transient signal inputs during
specific prvcessing states and operations. A stochastic upset susceptibility model
for the B080 microprocessor is presented. The susceptibility of this microprocessor
to upset, once analog transients have entered the system, is determined analytically
by calculating the state probabilities of the stochastic model.
17. Key Words (Suggested by Author(s))
Reliabili ty
Stochastic Model
Transition Probability
State Probability
Hypothesis Test
18. Distribution Statement
Unclassified - Unlimited
Subject Category 47
19. Security Caujf. lof this report)
Unclassified
20. Security Classif. (of this pagel
Unclassified
21. No. of Pages
27
22. Price·
A03
• For sale by the National Technical Information Service, Springfield, Virginia 22161


