### SRAM-based FPGAs for Space Applications: Current Projects @INAF

**M. Alderighi**, F. Casini, S. D'Angelo INAF/IASF Milano, Italy

G. Sorrenti Sanitas EG, Italy

INAF

monica@iasf-milano.inaf.it



# ESA initiative for using COTS in space FLIPPER 2

### **CoCs** Computer

- Project: COTS based Computer for On Board systems (CoCs) (2009 - 4Q2014)
- **Objective**: Study and design on-board computing systems based on "Commercial Off-The-Shelf" components

### Activity phase:

- 1. Design phase: defining the COTS computers as well as the methods for their manufacturing and qualification
- 2. Implementation and qualification phase: manufacturing of breadboards that target real missions
- 3 H/W Contracts

- High Availability Computer EADS-Astrium Germany
- High Reliability Computer Thales Alenia Space Italia
- High Performance Computer EADS-Astrium France

# Hi Rel CoCs Project Team

- project management and reporting,
- overall technical coordination
- interface with ESA and the Working Group
- Overall HiRel CoCs detailed specification
- FDIR strategy
- final technology trade-offs and selection
- definition of the CoCs evaluation methods and strategy.

### Dept. of Automation and Computer Engineering of Politecnico di Torino (PoliTo):

- Survey of commercial off the shelf (COTS) processors
- Developing the CoC simulator
- Benchmark SW development

#### INAF

**Prime Contractor:** 

Sub-Contractors:

ISTITUTO NAZIONALE DI ASTROFISICA NATIONAL INSTITUTE FOR ASTROPHYSICS

#### Institute IASF Milano/INAF

- Survey of Reprogrammable Logic Devices
- Hi-Rel CoCs Evaluation Environment & EGSE Definition
- EGSE Development



#### **Department of Electronic Engineering & ULISSE Consortium** of the University of Rome "Tor Vergata":

- Survey of candidate Memory Devices
- DDR-II ECC Development



#### SME company :

- Modeling of Hi-Rel CoCs Building Blocks
- Board and Basic SW Development

M. Alderighi, SEFUW 2014, ESA/ESTEC, September 16-18, 2014, Noordwijk, The Netherlands

#### 4

### Step 1 - INAF Objective

- Evaluation of reprogrammable FPGAs in order to identify suitable candidates for Hi-Rel CoCs
- Guidelines
  - Major players in the market were considered
    - availability, support, information, heritage
    - No specific functionality
- Approach

- Select a preliminary list of candidates
- Measure how well candidates match the required criteria
- Select a few candidates with higher scores

# Preliminary selection (as per 2009)

- Manufacturers
  - ACTEL (FLASH)
  - ALTERA (SRAM)
  - XILINX (SRAM)



LATTICE < 5%

ACTEL 8%

ALTERA 32%



- IGLOO, IGLOO nano, IGLOO PLUS, ProASIC3, ProASIC3 nano, ProASIC3 L, ProASIC PLUS
- ALTERA
  - Arria II GX, Arria GX, Stratix IV, Stratix III, Stratix II, Stratix, Cyclone III, Cyclone II, Cyclone, APEX 20KE, FLEX 10KE, FLEX 10K, ACEX 1K
- XILINX

INAF

 Virtex6, Virtex5, Virtex4, Virtex4 XQ, Virtex-4QV, Virtex II Pr0, Virtex II Pro XQ, Virtex II, Virtex II XQ. Virtex-II XQR, Virtex, QPRO Virtex QML, QPro Virtex Rad Hard, Spartan III, Spartan II, XA Spartan-3A

### Criteria

- Maturity and Stability of the design and manufacturing process
- Rapid Obsolescence / long term availability
- Diffusion in commercial and embedded markets
- Availability and maturity of development tools
- Availability of validated / certified Software (e.g. O.S.)
- Availability of Radiation tests results
- Availability of up-screened versions, for harsh environment applications
- Access to manufacturers data (process, roadmap, reliability data,...)
- No ITAR or other export restrictions
- Use of silicon technologies having intrinsic radiation tolerance capabilities
- Internal error detection and correction features
- Power consumption
- Packaging

### **Candidate selection**



### Top-performers candidate

- 7 out-performers out of 38 devices reviewed
- Space devices were withdrawn  $\rightarrow$  higher purchase cost (~ x10)
- Altera devices were withdrawn due to reported SEL vulnerability

| DEVICE               | TECHNOLOGY    |  |  |
|----------------------|---------------|--|--|
| Actel                |               |  |  |
| ProASIC3             | Flash, 130 nm |  |  |
| IGLOO                | Flash, 130 nm |  |  |
| Xilinx               |               |  |  |
| Virtex 4 XQ/Virtex 4 | SRAM 90 nm    |  |  |
| Virtex 5             | SRAM 65 nm    |  |  |



### **Step 1 - Further activities**

- Analysis of top-performers in the target radiation environment (CGR in L2 orbit)
- Evaluation of candidate expected radiation sensitivity (cross section) on the basis of available data
- Definition of countermeasures for the category of radiation effects on selected devices
- Recommendations of usage
  - Actel ProASIC3 for TC/TMC
  - Actel ProASIC3 for RM
  - Xilinx Virtex 4 for PM

- Xilinx Virtex 4 for fast I/Os
- Actel ProASIC3 for slow I/Os.

# Hi Rel CoCs - Step 2 Objective

- Step 2 started in September 2011
- Activities are focusing on PM development and validation:
  - PM Board and FPGAs detailed design
  - Basic SW

- PM Breadboard Manufacturing
- PM Board EGSE development
- PM Breadboard Verification Test
- Development of benchmark Software
- PM Performances evaluation and Validation (including Faults injection)
- Planned Step 2 activities completion by 4Q2014

### **PM Module - Features**

- CPU based on PPC 7448
- Working memory based on DDR-II
- Use High Speed FPGA (Virtex4) as Bridge
- Virtex4 scrubbing managed by external device
- Combination of SW and HW FDIR strategies
- HW Features specifically supporting SW FDIR
  - Selective Memory Protection
  - Individual Memory power switching to cope with SEFI
  - Smart watch-dog (supervisor) to check program flow
- ESA Standard data Interfaces
  - SpaceWire

INAF

High Speed Serial links

### **SBC PowerPC-7448 product definition**

- It is the new TAS High Performance Processing Module, based on PowerPC 7448 (2300DMIPS@1GHz core clock), offering performances not available from other European Manufacturers.
- Development has been started in the frame of ESA COTS Based Computer and ARPA ASI Technology program.
- Space Qualified version development is going-on
- Envisageable Applications:
  - Optical Observation payloads
  - Radar Payload
  - Scientific Payloads
  - Planetary exploration Computers
  - Any application requiring high Processing performances



SBC PowerPC-7448

© 2014, Thales Alenia Space

ThalesAlenia Space

### FLIPPER 2

### • Second release of our Fault Injection platform for Xilinx FPGAs

- Inject bit-flip faults within the FPGA configuration memory by means of partial re-configuration
- Verify DUT functionality by means of test vector application and comparison
- Major HW improvements
  - Virtex-4 DUT (XC4VSX55-FF1148)
  - DUT hosted by socket
  - 256 bidirectional IOs available
  - 1GbE link (optical/copper)
  - DDR2 SODIMM
- SW

INAF

• CLI-based (GNU/Linux OS)



### What's FLIPPER 2 for

- Quantitative characterization of design robustness
- Workload dependent analysis of sensitive bits
- Comparison of design hardening techniques
- Tuning of design redundancy and protection
- Optimization of radiation ground testing
- Ready to use set-up for radiation ground testing

### Sample design

#### • ESA benchmark design

- FFT: Fourier Transform of a data matrix
- MULT16\_LUT: LUT based multiplier chain
- MULT16\_MULT18: embedded multiplier chain
- FFmatrix: shift register chain
- IOff\_A/B: IO pad chain
- ROMff: read only register

#### Plain and XTMR design variants

| Logic Resource | Plain        | XTMR         |  |
|----------------|--------------|--------------|--|
| Slices         | 12,841 (52%) | 24,574 (99%) |  |
| LUT            | 11,478 (23%) | 42,965 (87%) |  |
| IOB            | 87 (13%)     | 248 (38%)    |  |
| DSP48          | 20 (3%)      | 60 (11%)     |  |
| GCLK           | 1 (3%)       | 3 (9%)       |  |

INAF

### Fault Injection campaign

- Cumulative and single injection analyses
- By frame type and by module type analyses
- Injection at any time
- Typical performance, 100 injection/s
  - Bit flip injection
  - Functional test

INAF

Bit flip correction

# Results (1/4)

• # cycles: 20,000

INAF

 100 cumulative injections per cycle Injection Cumulative Campaign - Design comparison (population 2e+04)





Injection Cumulative Campaign - Design PLAIN (population 2e+04)



INAF

per-module functional error cumulative frequency

Injection Cumulative Campaign - Design XTMR (population 2e+04)



### Results (3/4)

- # cycles: 1,000,000
- I injection per cycle

Single injection error occurrence (population 1e+06)





Single injection per-frame-type error distribution (population 1e+06)



Single injection per-module error distribution (population 1e+06)





### Thank you!

### **Candidate selection**

 Space devices were withdrawn → higher purchase cost (~ x10)



### Upset rate - Conf Mem

### • The largest device for each family was used

| Upset rate/Device                                   | AGL1000                                                      | A3P1000 | XC4VLX200 | XC5VLX330 |
|-----------------------------------------------------|--------------------------------------------------------------|---------|-----------|-----------|
| Upset rate bit-1<br>Day-1 (conf mem)                | Negligible (Configuration bit<br>upsets were never observed) |         | 2.62E-07  | 3.12E-07  |
| Upset rate Day-1<br>(conf mem)                      |                                                              |         | 13.46     | 24.89     |
| Upset rate bit-1<br>Day-1 - Worst day<br>(conf mem) |                                                              |         | 5.67E-05  | 6.77E-05  |
| Upset rate Day-1 -<br>Worst day (conf<br>mem)       |                                                              |         | 2908.48   | 5395.01   |

M. Alderighi, SEFUW 2014, ESA/ESTEC, September 16-18, 2014, Noordwijk, The Netherlands

### Upset rate - FF & User Mem

| Upset rate/Device                          | AGL1000  | A3P1000  | XC4VLX200 | XC5VLX330 |
|--------------------------------------------|----------|----------|-----------|-----------|
| Upset rate bit -1 Day-1 (ff)               | 1.53E-07 | 1.53E-07 | 2.26E-07  | 4.51E-07  |
| Upset rate Day-1 (ff)                      | 3.77E-03 | 3.77E-03 | 0.04      | 0.09      |
| Upset rate bit-1 Day-1 -<br>Worst day (ff) | 3.79E-05 | 3.79E-05 | 4.89E-05  | 9.79E-05  |
| Upset rate Day-1 - Worst<br>day (ff)       | 0.93     | 0.93     | 8.72      | 20.29     |

| Upset rate/Device                                | AGL1000  | A3P1000  | XC4VLX200 | XC5VLX330 |
|--------------------------------------------------|----------|----------|-----------|-----------|
| Upset rate bit-1 Day-1<br>(user mem)             | 2.38E-07 | 2.38E-07 | 8.16E-07  | 1.63E-06  |
| Upset rate Day-1 (user mem)                      | 0.04     | 0.04     | 4.94      | 16.93     |
| Upset rate bit-1 Day-1 -<br>Worst day (user mem) | 5.33E-05 | 5.33E-05 | 1.84E-04  | 3.69E-04  |
| Upset rate Day-1 -<br>Worst day (user mem)       | 7.85     | 7.85     | 1115.39   | 3824.20   |

INAF

# PM Module - Major Requisites

- Outage duration in case of transient failure lower than 10 s
- Mean time between these outages higher than 30 days
- Targeted PM performance: 400 MIPS
- 3 high speed buses (200 Mb/s each), 3 low speed buses (1 Mb/s each), 100 low speed I/O (few kb/s each).
- Lifetime of 15 years

INAF

• Reliability better than 0.95 over 15 years

