Robust design of deep-submicron digital circuits

Avec l'augmentation de la probabilité de fautes dans les circuits numériques, les systèmes développés pour les environnements critiques comme les centrales nucléaires, les avions et les applications spatiales doivent être certifies selon des normes industrielles. Cette thèse est un résultat d'une cooperation CIFRE entre l'entreprise Électricité de France (EDF) R&D et Télécom Paristech. EDF est l'un des plus gros producteurs d'énergie au monde et possède de nombreuses centrales nucléaires. Les systèmes de contrôle-commande utilisé dans les centrales sont basés sur des dispositifs électroniques, qui doivent être certifiés selon des normes industrielles comme la CEI 62566, la CEI 60987 et la CEI 61513 à cause de la criticité de l'environnement nucléaire. En particulier, l'utilisation des dispositifs programmables comme les FPGAs peut être considérée comme un défi du fait que la fonctionnalité du dispositif est définie par le concepteur seulement après sa conception physique. Le travail présenté dans ce mémoire porte sur la conception de nouvelles méthodes d'analyse de la fiabilité aussi bien que des méthodes d'amélioration de la fiabilité d'un circuit numérique.The design of circuits to operate at critical environments, such as those used in control-command systems at nuclear power plants, is becoming a great challenge with the technology scaling. These circuits have to pass through a number of tests and analysis procedures in order to be qualified to operate. In case of nuclear power plants, safety is considered as a very high priority constraint, and circuits designed to operate under such critical environment must be in accordance with several technical standards such as the IEC 62566, the IEC 60987, and the IEC 61513. In such standards, reliability is treated as a main consideration, and methods to analyze and improve the circuit reliability are highly required. The present dissertation introduces some methods to analyze and to improve the reliability of circuits in order to facilitate their qualification according to the aforementioned technical standards. Concerning reliability analysis, we first present a fault-injection based tool used to assess the reliability of digital circuits. Next, we introduce a method to evaluate the reliability of circuits taking into account the ability of a given application to tolerate errors. Concerning reliability improvement techniques, first two different strategies to selectively harden a circuit are proposed. Finally, a method to automatically partition a TMR design based on a given reliability requirement is introduced.PARIS-Télécom ParisTech (751132302) / SudocSudocFranceF

Concurrent Error Detection Methods for Asynchronous Burst-Mode Machines

Abstract-Asynchronous controllers exhibit various characteristics that limit the effectiveness and applicability of the Concurrent Error Detection (CED) methods developed for their synchronous counterparts. Asynchronous Burst-Mode Machines (ABMMs), for example, do not have a global clock to synchronize the ABMM with the additional circuitry that is typically used by synchronous CED methods (for example, duplication). Therefore, performing effective CED in ABMMs requires a synchronization method that will appropriately enable the checker (for example, comparator) in order to avoid false alarms. Also, ABMMs contain redundant logic, which guarantees the hazard-free operation required for correct interaction between the circuit and its environment. Redundant logic, however, allows some single event transients to manifest themselves only as hazards but not as logic discrepancies. Therefore, performing effective CED in ABMMs requires the ability to detect hazards with which synchronous CED methods are not concerned. In this work, we first devise hardware solutions for performing checking synchronization and hazard detection. We then demonstrate how these solutions enable the development of three complete CED methods for ABMMs. The first method (Duplication-based CED) is an adaptation of the well-known duplication method within the context of ABMMs. The second method (Transition-Triggered CED) is a variation of duplication wherein the implementation cost is reduced by allowing hazards in the duplicate circuit. In contrast to these two methods, which are nonintrusive, the third method (Berger code-based CED) is intrusive since it requires reencoding of the ABMM with check symbols based on the Berger code. Although this intrusiveness may slightly impact performance, Berger code-based CED incurs the lowest area overhead among the three methods, as indicated through experimental results

Fault-tolerant satellite computing with modern semiconductors

Miniaturized satellites enable a variety space missions which were in the past infeasible, impractical or uneconomical with traditionally-designed heavier spacecraft. Especially CubeSats can be launched and manufactured rapidly at low cost from commercial components, even in academic environments. However, due to their low reliability and brief lifetime, they are usually not considered suitable for life- and safety-critical services, complex multi-phased solar-system-exploration missions, and missions with a longer duration. Commercial electronics are key to satellite miniaturization, but also responsible for their low reliability: Until 2019, there existed no reliable or fault-tolerant computer architectures suitable for very small satellites. To overcome this deficit, a novel on-board-computer architecture is described in this thesis.Robustness is assured without resorting to radiation hardening, but through software measures implemented within a robust-by-design multiprocessor-system-on-chip. This fault-tolerant architecture is component-wise simple and can dynamically adapt to changing performance requirements throughout a mission. It can support graceful aging by exploiting FPGA-reconfiguration and mixed-criticality.  Experimentally, we achieve 1.94W power consumption at 300Mhz with a Xilinx Kintex Ultrascale+ proof-of-concept, which is well within the powerbudget range of current 2U CubeSats. To our knowledge, this is the first COTS-based, reproducible on-board-computer architecture that can offer strong fault coverage even for small CubeSats.European Space AgencyComputer Systems, Imagery and Medi