Design of a fault tolerant airborne digital computer. Volume 1: Architecture

This volume is concerned with the architecture of a fault tolerant digital computer for an advanced commercial aircraft. All of the computations of the aircraft, including those presently carried out by analogue techniques, are to be carried out in this digital computer. Among the important qualities of the computer are the following: (1) The capacity is to be matched to the aircraft environment. (2) The reliability is to be selectively matched to the criticality and deadline requirements of each of the computations. (3) The system is to be readily expandable. contractible, and (4) The design is to appropriate to post 1975 technology. Three candidate architectures are discussed and assessed in terms of the above qualities. Of the three candidates, a newly conceived architecture, Software Implemented Fault Tolerance (SIFT), provides the best match to the above qualities. In addition SIFT is particularly simple and believable. The other candidates, Bus Checker System (BUCS), also newly conceived in this project, and the Hopkins multiprocessor are potentially more efficient than SIFT in the use of redundancy, but otherwise are not as attractive

Design of a modular digital computer system

A design tradeoff study is reported for a modular spaceborne computer system that is responsive to many mission types and phases. The computer uses redundancy to maximize reliability, and multiprocessing to maximize processing capacity. Fault detection and recovery features provide optimal reliability

High-level synthesis of triple modular redundant FPGA circuits with energy efficient error recovery mechanisms

There is a growing interest in deploying commercial SRAM-based Field Programmable Gate Array (FPGA) circuits in space due to their low cost, reconfigurability, high logic capacity and rich I/O interfaces. However, their configuration memory (CM) is vulnerable to ionising radiation which raises the need for effective fault-tolerant design techniques. This thesis provides the following contributions to mitigate the negative effects of soft errors in SRAM FPGA circuits. Triple Modular Redundancy (TMR) with periodic CM scrubbing or Module-based CM error recovery (MER) are popular techniques for mitigating soft errors in FPGA circuits. However, this thesis shows that MER does not recover CM soft errors in logic instantiated outside the reconfigurable regions of TMR modules. To address this limitation, a hybrid error recovery mechanism, namely FMER, is proposed. FMER uses selective periodic scrubbing and MER to recover CM soft errors inside and outside the reconfigurable regions of TMR modules, respectively. Experimental results indicate that TMR circuits with FMER achieve higher dependability with less energy consumption than those using periodic scrubbing or MER alone. An imperative component of MER and FMER is the reconfiguration control network (RCN) that transfers the minority reports of TMR components, i.e., which, if any, TMR module needs recovery, to the FPGA's reconfiguration controller (RC). Although several reliable RCs have been proposed, a study of reliable RCNs has not been previously reported. This thesis fills this research gap, by proposing a technique that transfers the circuit's minority reports to the RC via the configuration-layer of the FPGA. This reduces the resource utilisation of the RCN and therefore its failure rate. Results show that the proposed RCN achieves higher reliability than alternative RCN architectures reported in the literature. The last contribution of this thesis is a high-level synthesis (HLS) tool, namely TLegUp, developed within the LegUp HLS framework. TLegUp triplicates Xilinx 7-series FPGA circuits during HLS rather than during the register-transfer level pre- or post-synthesis flow stage, as existing computer-aided design tools do. Results show that TLegUp can generate non-partitioned TMR circuits with 500x less soft error sensitivity than non-triplicated functional equivalent baseline circuits, while utilising 3-4x more resources and having 11% lower frequency

A fault-tolerant multiprocessor architecture for aircraft, volume 1

A fault-tolerant multiprocessor architecture is reported. This architecture, together with a comprehensive information system architecture, has important potential for future aircraft applications. A preliminary definition and assessment of a suitable multiprocessor architecture for such applications is developed

Dependable Embedded Systems

This Open Access book introduces readers to many new techniques for enhancing and optimizing reliability in embedded systems, which have emerged particularly within the last five years. This book introduces the most prominent reliability concerns from today’s points of view and roughly recapitulates the progress in the community so far. Unlike other books that focus on a single abstraction level such circuit level or system level alone, the focus of this book is to deal with the different reliability challenges across different levels starting from the physical level all the way to the system level (cross-layer approaches). The book aims at demonstrating how new hardware/software co-design solution can be proposed to ef-fectively mitigate reliability degradation such as transistor aging, processor variation, temperature effects, soft errors, etc. Provides readers with latest insights into novel, cross-layer methods and models with respect to dependability of embedded systems; Describes cross-layer approaches that can leverage reliability through techniques that are pro-actively designed with respect to techniques at other layers; Explains run-time adaptation and concepts/means of self-organization, in order to achieve error resiliency in complex, future many core systems

Dynamisch partielle Rekonfiguration in fehlertoleranten FPGA-Systemen

Korf S. Dynamisch partielle Rekonfiguration in fehlertoleranten FPGA-Systemen. Bielefeld: Universität Bielefeld; 2017.Die Anforderungen an mikroelektronische Systeme steigen kontinuierlich. Rekonfigurierbare Architekturen bieten einen Kompromiss zwischen der Leistungsfähigkeit anwendungsspezifischer Schaltungen (ASICs) und der Flexibilität heutiger Prozessoren. Sogenannte im Feld programmierbare Gatter-Arrays (engl. Field-Programmable Gate Arrays, FPGAs) haben sich hierbei in den letzten Jahrzehnten besonders etabliert. Die Konfigurationsart dynamisch partielle Rekonfiguration (DPR) moderner SRAM-basierter FPGAs verdeutlicht die gewonnene System-Flexibilität. DPR wird in verschiedensten Anwendungsgebieten aus unterschiedlichsten Motivationen heraus eingesetzt. Die Hauptanwendung der DPR ist die Erstellung eines Systems, welches Veränderungen an der Schaltung auf dem FPGA zur Laufzeit erlaubt. Obwohl viele FPGA-Familien bereits seit zwei Jahrzehnten DPR hardwareseitig ermöglichen, ist die Unterstützung durch die Hersteller-Software und insbesondere die Eigenschaften des daraus resultierenden DPR-Systems verbesserungswürdig. Um das Potenzial der verfügbaren Hardware-Flexibilität ausnutzen zu können, wird in dieser Dissertation ein neuer Entwurfsablauf (INDRA 2.0, INtegrated Design Flow for Reconfigurable Architectures) vorgestellt. Dieser Entwurfsablauf ermöglicht die Erstellung eines flexiblen DPR-Systems mit geringem Speicher-, Verwaltungs- und Wartungsaufwand. Für Anwendungen mit Homogenitätsanforderungen wird mit DHHarMa (Design Flow for Homogeneous Hard Macros) ein Entwurfsablauf vorgestellt, der die Transformation eines zunächst inhomogenen Designs in ein homogenes Design ermöglicht. Bei dieser Design-Homogenisierung ergibt sich die Fragestellung nach möglichen Auswirkungen bezüglich des FPGA-Ressourcenbedarfs und der Leistungsfähigkeit durch die einzelnen Homogenisierungsschritte. Die einzelnen DHHarMa-Softwarekomponenten wurden daher detailliert durch verschiedene Bewertungsmaße analysiert. Hierbei konnte festgehalten werden, dass die Homogenisierungsschritte im Mittel einen, teils deutlichen, positiven Einfluss auf den FPGA-Ressourcenbedarf jedoch teils einen geringen negativen Einfluss auf die Leistungsfähigkeit hat. Die verwendete FPGA-Architektur hat hierbei auf beide Größen einen entscheidenden Einfluss. Zusätzlich wird in Anwendungsgebieten mit Strahlungseinfluss die DPR-Funktionalität in Verfahren zur Abschwächung von durch Strahlung induzierten Fehlern eingesetzt. In der Dissertation wird mit der Readback Scrubbing Unit eine Komponente vorgestellt, welche eine Einbitfehlerkorrektur und Zweibitfehlererkennung im FPGA-Konfigurationsspeicher implementiert. Durch integrierte Fehlerstatistikmechanismen wird eine Analyse des Systems zur Laufzeit realisiert. Zusätzlich ist die Erstellung von Readback Scrubbing Schedules möglich, sodass die Fehlererkennung und -korrektur zum einen autonom und zum anderen zur Laufzeit angepasst werden kann. Zusätzlich wird mit OLT(RE)² (On-Line on-demand Testing approach for permanent Radiation Effects in REconfigurable systems) ein Selbsttest für ein SRAM-basiertes FPGA vorgestellt. Dieser Selbsttest ermöglicht zur Systemlaufzeit eine Überprüfung einer FPGA-Fläche vor der Verwendung auf permanente Fehler in den Verdrahtungsressourcen

First International Conference on Ada (R) Programming Language Applications for the NASA Space Station, volume 2

Topics discussed include: reusability; mission critical issues; run time; expert systems; language issues; life cycle issues; software tools; and computers for Ada

Design Development Test and Evaluation (DDT and E) Considerations for Safe and Reliable Human Rated Spacecraft Systems

A team directed by the NASA Engineering and Safety Center (NESC) collected methodologies for how best to develop safe and reliable human rated systems and how to identify the drivers that provide the basis for assessing safety and reliability. The team also identified techniques, methodologies, and best practices to assure that NASA can develop safe and reliable human rated systems. The results are drawn from a wide variety of resources, from experts involved with the space program since its inception to the best-practices espoused in contemporary engineering doctrine. This report focuses on safety and reliability considerations and does not duplicate or update any existing references. Neither does it intend to replace existing standards and policy