Survey of Soft Error Mitigation Techniques Applied to LEON3 Soft Processors on SRAM-Based FPGAs

Soft-core processors implemented in SRAM-based FPGAs are an attractive option for applications to be employed in radiation environments due to their flexibility, relatively-low application development costs, and reconfigurability features enabling them to adapt to the evolving mission needs. Despite the advantages soft-core processors possess, they are seldom used in critical applications because they are more sensitive to radiation than their hard-core counterparts. For instance, both the logic and signal routing circuitry of a soft-core processor as well as its user memory are susceptible to radiation-induced faults. Therefore, soft-core processors must be appropriately hardened against ionizing-radiation to become a feasible design choice for harsh environments and thus to reap all their benefits. This survey henceforth discusses various techniques to protect the configuration and user memories of an LEON3 soft processor, which is one of the most widely used soft-core processors in radiation environments, as reported in the state-of-the-art literature, with the objective of facilitating the choice of right fault-mitigation solution for any given soft-core processor

Understanding Soft Errors in Uncore Components

The effects of soft errors in processor cores have been widely studied. However, little has been published about soft errors in uncore components, such as memory subsystem and I/O controllers, of a System-on-a-Chip (SoC). In this work, we study how soft errors in uncore components affect system-level behaviors. We have created a new mixed-mode simulation platform that combines simulators at two different levels of abstraction, and achieves 20,000x speedup over RTL-only simulation. Using this platform, we present the first study of the system-level impact of soft errors inside various uncore components of a large-scale, multi-core SoC using the industrial-grade, open-source OpenSPARC T2 SoC design. Our results show that soft errors in uncore components can significantly impact system-level reliability. We also demonstrate that uncore soft errors can create major challenges for traditional system-level checkpoint recovery techniques. To overcome such recovery challenges, we present a new replay recovery technique for uncore components belonging to the memory subsystem. For the L2 cache controller and the DRAM controller components of OpenSPARC T2, our new technique reduces the probability that an application run fails to produce correct results due to soft errors by more than 100x with 3.32% and 6.09% chip-level area and power impact, respectively.Comment: to be published in Proceedings of the 52nd Annual Design Automation Conferenc

Contributions to the fault tolerance of soft-core processors implemented in SRAM-based FPGA Systems.

239 p.Gracias al desarrollo de las tecnologías de diseño y fabricación, los circuitos electrónicos han llegado a grandes niveles de integración. De esta forma, hoy en día es posible implementar completos y complejos sistemas dentro de un único dispositivo incorporando gran variedad de elementos como: procesadores, osciladores, lazos de seguimiento de fase (PLLs), interfaces, conversores ADC y DAC, módulos de memoria, etc. A este concepto de diseño se le denomina comúnmente SoC (System-on-Chip). Una de las plataformas para implementar estos sistemas que más importancia está cobrando son las FPGAs (Field Programmable Gate Array). Históricamente la plataforma más utilizada para albergar los SoCs han sido las ASICs (Application- Specific Integrated Circuits), debido a su bajo consumo energético y su gran rendimiento. No obstante, su costoso proceso de desarrollo y fabricación hace que solo sean rentables en el caso de producciones masivas. Las FPGAs, por el contrario, al ser dispositivos configurables ofrecen, la posibilidad de implementar diseños personalizados a un coste mucho más reducido. Por otro lado, los continuos avances en la tecnología de las FPGAs están haciendo que éstas compitan con las ASICs a nivel de prestaciones (consumo, nivel de integración y eficiencia). Ciertas tecnologías de FPGA, como las SRAM y Flash, poseen una característica que las hace especialmente interesantes en multitud de diseños: la capacidad de reconfiguración. Dicha característica, que incluso puede ser realizada de forma autónoma, permite cambiar completamente el diseño hardware implementado con solo cargar en la FPGA un archivo de configuración denominado bitstream. La reconfiguración puede incluso permitir modificar una parte del circuito configurado en la matriz de la FPGA, mientras el resto del circuito implementado continua inalterado. Esto que se conoce como reconfiguración parcial dinámica, posibilita que un mismo chip albergue en su interior numerosos diseños hardware que pueden ser cargados a demanda. Gracias a la capacidad de reconfiguración, las FPGAs ofrecen numerosas ventajas como: posibilidad de personalización de diseños, capacidad de readaptación durante el funcionamiento para responder a cambios o corregir errores, mitigación de obsolescencia, diferenciación, menores costes de diseño o reducido tiempo para el lanzamiento de productos al mercado. Los SoC basados en FPGAs allanan el camino hacia un nuevo concepto de integración de hardware y software, permitiendo que los diseñadores de sistemas electrónicos sean capaces de integrar procesadores embebidos en los diseños para beneficiarse de su gran capacidad de computación. Gracias a esto, una parte importante de la electrónica hace uso de la tecnología FPGA abarcando un gran abanico de campos, como por ejemplo: la electrónica de consumo y el entretenimiento, la medicina o industrias como la espacial, la aviónica, la automovilística o la militar. Las tecnologías de FPGA existentes ofrecen dos vías de utilización de procesado- res embebidos: procesadores hardcore y procesadores softcore. Los hardcore son procesadores discretos integrados en el mismo chip de la FPGA. Generalmente ofrecen altas frecuencias de trabajo y una mayor previsibilidad en términos de rendimiento y uso del área, pero su diseño hardware no puede alterarse para ser personalizado. Por otro lado, un procesador soft-core, es la descripción hardware en lenguaje HDL (normalmente VDHL o Verilog) de un procesador, sintetizable e implementable en una FPGA. Habitualmente, los procesadores softcore suelen basarse en diseños hardware ya existentes, siendo compatibles con sus juegos de instrucciones, muchos de ellos en forma de IP cores (Intellectual Property co- res). Los IP cores ofrecen procesadores softcore prediseñados y testeados, que dependiendo del caso pueden ser de pago, gratuitos u otro tipo de licencias. Debido a su naturaleza, los procesadores softcore, pueden ser personalizados para una adaptación óptima a diseños específicos. Así mismo, ofrecen la posibilidad de integrar en el diseño tantos procesadores como se desee (siempre que haya disponibles recursos lógicos suficientes). Otra ventaja importante es que, gracias a la reconfiguración parcial dinámica, es posible añadir el procesador al diseño únicamente en los casos necesarios, ahorrando de esta forma, recursos lógicos y consumo energético. Uno de los mayores problemas que surgen al usar dispositivos basados en las tecnologías SRAM o la flash, como es el caso de las FPGAs, es que son especialmente sensibles a los efectos producidos por partículas energéticas provenientes de la radiación cósmica (como protones, neutrones, partículas alfa u otros iones pesados) denominados efectos de eventos simples o SEEs (Single Event Effects). Estos efectos pueden ocasionar diferentes tipos de fallos en los sistemas: desde fallos despreciables hasta fallos realmente graves que comprometan la funcionalidad del sistema. El correcto funcionamiento de los sistemas cobra especial relevancia cuando se trata de tecnologías de elevado costo o aquellas en las que peligran vidas humanas, como, por ejemplo, en campos tales como el transporte ferroviario, la automoción, la aviónica o la industria aeroespacial. Dependiendo de distintos factores, los SEEs pueden causar fallos de operación transitorios, cambios de estados lógicos o daños permanentes en el dispositivo. Cuando se trata de un fallo físico permanente se denomina hard-error, mientras que cuando el fallo afecta el circuito momentáneamente se denomina soft-error. Los SEEs más frecuentes son los soft-errors y afectan tanto a aplicaciones comerciales a nivel terrestre, como a aplicaciones aeronáuticas y aeroespaciales (con mayor incidencia en estas últimas). La contribución exacta de este tipo de fallos a la tasa de errores depende del diseño específico de cada circuito, pero en general se asume que entorno al 90 % de la tasa de error se debe a fallos en elementos de memoria (latches, biestables o celdas de memoria). Los soft-errors pueden afectar tanto al circuito lógico como al bitstream cargado en la memoria de configuración de la FPGA. Debido a su gran tamaño, la memoria de configuración tiene más probabilidades de ser afectada por un SEE. La existencia de problemas generados por estos efectos reafirma la importancia del concepto de tolerancia a fallos. La tolerancia a fallos es una propiedad relativa a los sistemas digitales, por la cual se asegura cierta calidad en el funcionamiento ante la presencia de fallos, debiendo los sistemas poder soportar los efectos de dichos fallos y funcionar correctamente en todo momento. Por tanto, para lograr un diseño robusto, es necesario garantizar la funcionalidad de los circuitos y asegurar la seguridad y confiabilidad en las aplicaciones críticas que puedan verse comprometidos por los SEE. A la hora de hacer frente a los SEE existe la posibilidad de explotar tecnologías específicas centradas en la tolerancia a fallos, como por ejemplo las FPGAs de tipo fusible, o, por otro lado, utilizar la tecnología comercial combinada con técnicas de tolerancia a fallos. Esta última opción va cobrando importancia debido al menor precio y mayores prestaciones de las FPGAs comerciales. Generalmente las técnicas de endurecimiento se aplican durante la fase de diseño. Existe un gran número de técnicas y se pueden llegar a combinar entre sí. Las técnicas prevalentes se basan en emplear algún tipo de redundancia, ya sea hardware, software, temporal o de información. Cada tipo de técnica presenta diferentes ventajas e inconvenientes y se centra en atacar distintos tipos de SEE y sus efectos. Dentro de las técnicas de tipo redundancia, la más utilizada es la hardware, que se basa en replicar el modulo a endurecer. De esta forma, cada una de las réplicas es alimentada con la misma entrada y sus salidas son comparadas para detectar discrepancias. Esta redundancia puede implementarse a diferentes niveles. En términos generales, un mayor nivel de redundancia hardware implica una mayor robustez, pero también incrementa el uso de recursos. Este incremento en el uso de recursos de una FPGA supone tener menos recursos disponibles para el diseño, mayor consumo energético, el tener más elementos susceptibles de ser afectados por un SEE y generalmente, una reducción de la máxima frecuencia alcanzable por el diseño. Por ello, los niveles de redundancia hardware más utilizados son la doble, conocida como DMR (Dual Modular Redundancy) y la triple o TMR (Triple Modular Redundancy). La DMR minimiza el número de recursos redundantes, pero presenta el problema de no poder identificar el módulo fallido ya que solo es capaz de detectar que se ha producido un error. Ello hace necesario combinarlo con técnicas adicionales. Al caso de DMR aplicado a procesadores se le denomina lockstep y se suele combinar con las técnicas checkpoint y rollback recovery. El checkpoint consiste en guardar periódicamente el contexto (contenido de registros y memorias) de instantes identificados como correctos. Gracias a esto, una vez detectado y reparado un fallo es posible emplear el rollback recovery para cargar el último contexto correcto guardado. Las desventajas de estas estrategias son el tiempo requerido por ambas técnicas (checkpoint y rollback recovery) y la necesidad de elementos adicionales (como memorias auxiliares para guardar el contexto). Por otro lado, el TMR ofrece la posibilidad de detectar el módulo fallido mediante la votación por mayoría. Es decir, si tras comparar las tres salidas una de ellas presenta un estado distinto, se asume que las otras dos son correctas. Esto permite que el sistema continúe funcionando correctamente (como sistema DMR) aun cuando uno de los módulos quede inutilizado. En todo caso, el TMR solo enmascara los errores, es decir, no los corrige. Una de las desventajas más destacables de esta técnica es que incrementa el uso de recursos en más de un 300 %. También cabe la posibilidad de que la salida discrepante sea la realmente correcta (y que, por tanto, las otras dos sean incorrectas), aunque este caso es bastante improbable. Uno de los problemas que no se ha analizado con profundidad en la bibliografía es el problema de la sincronización de procesadores soft-core en sistemas TMR (o de mayor nivel de redundancia). Dicho problema reside en que, si tras un fallo se inutiliza uno de los procesadores y el sistema continúa funcionando con el resto de procesadores, una vez reparado el procesador fallido éste necesita sincronizar su contexto al nuevo estado del sistema. Una práctica bastante común en la implementación de sistemas redundantes es combinarlos con la técnica conocida como scrubbing. Esta técnica basada en la reconfiguración parcial dinámica, consiste en sobrescribir periódicamente el bitstream con una copia libre de errores apropiadamente guardada. Gracias a ella, es posible corregir los errores enmascarados por el uso de algunas técnicas de endurecimiento como la redundancia hardware. Esta copia libre de errores suele omitir los bits del bitstream correspondientes a la memoria de usuario, por lo que solo actualiza los bits relacionados con la configuración de la FPGA. Por ello, a esta técnica también se la conoce como configuration scrubbing. En toda la literatura consultada se ha detectado un vacío en cuanto a técnicas que propongan estrategias de scrubbing para la memoria de usuario. Con el objetivo de proponer alternativas innovadoras en el terreno de la tolerancia a fallos para procesadores softcore, en este trabajo de investigación se han desarrollado varias técnicas y flujos de diseño para manejar los datos de usuario a través del bitstream, pudiendo leer, escribir o copiar la información de registros o de memorias implementadas en bloques RAMs de forma autónoma. Así mismo se ha desarrollado un abanico de propuestas tanto como para estrategias lockstep como para la sincronización de sistemas TMR, de las cuales varias hacen uso de las técnicas desarrolladas para manejar las memorias de usuario a través del bitstream. Estas últimas técnicas tienen en común la minimización de utilización de recursos respecto a las estrategias tradicionales. De forma similar, se proponen dos alternativas adicionales basadas en dichas técnicas: una propuesta de scrubbing para las memorias de usuario y una para la recuperación de información en memorias implementadas en bloques RAM cuyas interfaces hayan sido inutilizadas por SEEs.Todas las propuestas han sido validadas en hardware utilizando una FPGA de Xilinx, la empresa líder en fabricación de dispositivos reconfigurables. De esta forma se proporcionan resultados sobre los impactos de las técnicas propuestas en términos de utilización de recursos, consumos energéticos y máximas frecuencias alcanzables

Fault and Defect Tolerant Computer Architectures: Reliable Computing With Unreliable Devices

This research addresses design of a reliable computer from unreliable device technologies. A system architecture is developed for a fault and defect tolerant (FDT) computer. Trade-offs between different techniques are studied and yield and hardware cost models are developed. Fault and defect tolerant designs are created for the processor and the cache memory. Simulation results for the content-addressable memory (CAM)-based cache show 90% yield with device failure probabilities of 3 x 10(-6), three orders of magnitude better than non fault tolerant caches of the same size. The entire processor achieves 70% yield with device failure probabilities exceeding 10(-6). The required hardware redundancy is approximately 15 times that of a non-fault tolerant design. While larger than current FT designs, this architecture allows the use of devices much more likely to fail than silicon CMOS. As part of model development, an improved model is derived for NAND Multiplexing. The model is the first accurate model for small and medium amounts of redundancy. Previous models are extended to account for dependence between the inputs and produce more accurate results

Hardware Considerations for Signal Processing Systems: A Step Toward the Unconventional.

As we progress into the future, signal processing algorithms are becoming more computationally intensive and power hungry while the desire for mobile products and low power devices is also increasing. An integrated ASIC solution is one of the primary ways chip developers can improve performance and add functionality while keeping the power budget low. This work discusses ASIC hardware for both conventional and unconventional signal processing systems, and how integration, error resilience, emerging devices, and new algorithms can be leveraged by signal processing systems to further improve performance and enable new applications. Specifically this work presents three case studies: 1) a conventional and highly parallel mix signal cross-correlator ASIC for a weather satellite performing real-time synthetic aperture imaging, 2) an unconventional native stochastic computing architecture enabled by memristors, and 3) two unconventional sparse neural network ASICs for feature extraction and object classification. As improvements from technology scaling alone slow down, and the demand for energy efficient mobile electronics increases, such optimization techniques at the device, circuit, and system level will become more critical to advance signal processing capabilities in the future.PhDElectrical EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/116685/1/knagphil_1.pd

SABRE: A bio-inspired fault-tolerant electronic architecture

As electronic devices become increasingly complex, ensuring their reliable, fault-free operation is becoming correspondingly more challenging. It can be observed that, in spite of their complexity, biological systems are highly reliable and fault tolerant. Hence, we are motivated to take inspiration for biological systems in the design of electronic ones. In SABRE (self-healing cellular architectures for biologically inspired highly reliable electronic systems), we have designed a bio-inspired fault-tolerant hierarchical architecture for this purpose. As in biology, the foundation for the whole system is cellular in nature, with each cell able to detect faults in its operation and trigger intra-cellular or extra-cellular repair as required. At the next level in the hierarchy, arrays of cells are configured and controlled as function units in a transport triggered architecture (TTA), which is able to perform partial-dynamic reconfiguration to rectify problems that cannot be solved at the cellular level. Each TTA is, in turn, part of a larger multi-processor system which employs coarser grain reconfiguration to tolerate faults that cause a processor to fail. In this paper, we describe the details of operation of each layer of the SABRE hierarchy, and how these layers interact to provide a high systemic level of fault tolerance. © 2013 IOP Publishing Ltd

Autonomous Surveillance Satellite

This paper describes the potential to enhance the performance and reliability of small satellites by using increased levels of digital processing on-board the spacecraft. It describes an architecture, developed by Control Data, that will satisfy its users\u27 needs and provide mechanisms for high reliability. The term SMARTSAT means a small satellite that has significant smarts (processing capability) on-board

Dependable Embedded Systems

This Open Access book introduces readers to many new techniques for enhancing and optimizing reliability in embedded systems, which have emerged particularly within the last five years. This book introduces the most prominent reliability concerns from today’s points of view and roughly recapitulates the progress in the community so far. Unlike other books that focus on a single abstraction level such circuit level or system level alone, the focus of this book is to deal with the different reliability challenges across different levels starting from the physical level all the way to the system level (cross-layer approaches). The book aims at demonstrating how new hardware/software co-design solution can be proposed to ef-fectively mitigate reliability degradation such as transistor aging, processor variation, temperature effects, soft errors, etc. Provides readers with latest insights into novel, cross-layer methods and models with respect to dependability of embedded systems; Describes cross-layer approaches that can leverage reliability through techniques that are pro-actively designed with respect to techniques at other layers; Explains run-time adaptation and concepts/means of self-organization, in order to achieve error resiliency in complex, future many core systems

High-performance hardware accelerators for image processing in space applications

Mars is a hard place to reach. While there have been many notable success stories in getting probes to the Red Planet, the historical record is full of bad news. The success rate for actually landing on the Martian surface is even worse, roughly 30%. This low success rate must be mainly credited to the Mars environment characteristics. In the Mars atmosphere strong winds frequently breath. This phenomena usually modifies the lander descending trajectory diverging it from the target one. Moreover, the Mars surface is not the best place where performing a safe land. It is pitched by many and close craters and huge stones, and characterized by huge mountains and hills (e.g., Olympus Mons is 648 km in diameter and 27 km tall). For these reasons a mission failure due to a landing in huge craters, on big stones or on part of the surface characterized by a high slope is highly probable. In the last years, all space agencies have increased their research efforts in order to enhance the success rate of Mars missions. In particular, the two hottest research topics are: the active debris removal and the guided landing on Mars. The former aims at finding new methods to remove space debris exploiting unmanned spacecrafts. These must be able to autonomously: detect a debris, analyses it, in order to extract its characteristics in terms of weight, speed and dimension, and, eventually, rendezvous with it. In order to perform these tasks, the spacecraft must have high vision capabilities. In other words, it must be able to take pictures and process them with very complex image processing algorithms in order to detect, track and analyse the debris. The latter aims at increasing the landing point precision (i.e., landing ellipse) on Mars. Future space-missions will increasingly adopt Video Based Navigation systems to assist the entry, descent and landing (EDL) phase of space modules (e.g., spacecrafts), enhancing the precision of automatic EDL navigation systems. For instance, recent space exploration missions, e.g., Spirity, Oppurtunity, and Curiosity, made use of an EDL procedure aiming at following a fixed and precomputed descending trajectory to reach a precise landing point. This approach guarantees a maximum landing point precision of 20 km. By comparing this data with the Mars environment characteristics, it is possible to understand how the mission failure probability still remains really high. A very challenging problem is to design an autonomous-guided EDL system able to even more reduce the landing ellipse, guaranteeing to avoid the landing in dangerous area of Mars surface (e.g., huge craters or big stones) that could lead to the mission failure. The autonomous behaviour of the system is mandatory since a manual driven approach is not feasible due to the distance between Earth and Mars. Since this distance varies from 56 to 100 million of km approximately due to the orbit eccentricity, even if a signal transmission at the light speed could be possible, in the best case the transmission time would be around 31 minutes, exceeding so the overall duration of the EDL phase. In both applications, algorithms must guarantee self-adaptability to the environmental conditions. Since the Mars (and in general the space) harsh conditions are difficult to be predicted at design time, these algorithms must be able to automatically tune the internal parameters depending on the current conditions. Moreover, real-time performances are another key factor. Since a software implementation of these computational intensive tasks cannot reach the required performances, these algorithms must be accelerated via hardware. For this reasons, this thesis presents my research work done on advanced image processing algorithms for space applications and the associated hardware accelerators. My research activity has been focused on both the algorithm and their hardware implementations. Concerning the first aspect, I mainly focused my research effort to integrate self-adaptability features in the existing algorithms. While concerning the second, I studied and validated a methodology to efficiently develop, verify and validate hardware components aimed at accelerating video-based applications. This approach allowed me to develop and test high performance hardware accelerators that strongly overcome the performances of the actual state-of-the-art implementations. The thesis is organized in four main chapters. Chapter 2 starts with a brief introduction about the story of digital image processing. The main content of this chapter is the description of space missions in which digital image processing has a key role. A major effort has been spent on the missions in which my research activity has a substantial impact. In particular, for these missions, this chapter deeply analizes and evaluates the state-of-the-art approaches and algorithms. Chapter 3 analyzes and compares the two technologies used to implement high performances hardware accelerators, i.e., Application Specific Integrated Circuits (ASICs) and Field Programmable Gate Arrays (FPGAs). Thanks to this information the reader may understand the main reasons behind the decision of space agencies to exploit FPGAs instead of ASICs for high-performance hardware accelerators in space missions, even if FPGAs are more sensible to Single Event Upsets (i.e., transient error induced on hardware component by alpha particles and solar radiation in space). Moreover, this chapter deeply describes the three available space-grade FPGA technologies (i.e., One-time Programmable, Flash-based, and SRAM-based), and the main fault-mitigation techniques against SEUs that are mandatory for employing space-grade FPGAs in actual missions. Chapter 4 describes one of the main contribution of my research work: a library of high-performance hardware accelerators for image processing in space applications. The basic idea behind this library is to offer to designers a set of validated hardware components able to strongly speed up the basic image processing operations commonly used in an image processing chain. In other words, these components can be directly used as elementary building blocks to easily create a complex image processing system, without wasting time in the debug and validation phase. This library groups the proposed hardware accelerators in IP-core families. The components contained in a same family share the same provided functionality and input/output interface. This harmonization in the I/O interface enables to substitute, inside a complex image processing system, components of the same family without requiring modifications to the system communication infrastructure. In addition to the analysis of the internal architecture of the proposed components, another important aspect of this chapter is the methodology used to develop, verify and validate the proposed high performance image processing hardware accelerators. This methodology involves the usage of different programming and hardware description languages in order to support the designer from the algorithm modelling up to the hardware implementation and validation. Chapter 5 presents the proposed complex image processing systems. In particular, it exploits a set of actual case studies, associated with the most recent space agency needs, to show how the hardware accelerator components can be assembled to build a complex image processing system. In addition to the hardware accelerators contained in the library, the described complex system embeds innovative ad-hoc hardware components and software routines able to provide high performance and self-adaptable image processing functionalities. To prove the benefits of the proposed methodology, each case study is concluded with a comparison with the current state-of-the-art implementations, highlighting the benefits in terms of performances and self-adaptability to the environmental conditions

NASA Capability Roadmaps Executive Summary

This document is the result of eight months of hard work and dedication from NASA, industry, other government agencies, and academic experts from across the nation. It provides a summary of the capabilities necessary to execute the Vision for Space Exploration and the key architecture decisions that drive the direction for those capabilities. This report is being provided to the Exploration Systems Architecture Study (ESAS) team for consideration in development of an architecture approach and investment strategy to support NASA future mission, programs and budget requests. In addition, it will be an excellent reference for NASA's strategic planning. A more detailed set of roadmaps at the technology and sub-capability levels are available on CD. These detailed products include key driving assumptions, capability maturation assessments, and technology and capability development roadmaps