Stefano Baldacci, Francesco Cuzzocrea, Alessandro Donati, and Tommaso Ramacciotti
Kayser Italia Srl. Livorno Italy
Abstract
In the design of space qualified electronic systems reconfigurable FPGAs offer the advantage of considerable reduction of development time and costs. In fact a design error (as trivial as an inverted signal) in an One Time Programming (OTP) FPGA makes this device (once programmed) unusable and a new FPGA has to be programmed. This “trial and error” approach shows to be costly in terms of development time and also in terms of wasted FPGAs and printed circuit boards (note here that space qualification for PCBs allows a maximum of three soldering de-soldering cycles for any given pad). Therefore, employment of reconfigurable FPGAs is highly desirable in this field, because the FPGA configuration can be modified even when the device is soldered onto a PCB. One of the main problems related to the use of reconfigurable FPGAs on board space-orbiting systems is their sensitivity to SEU. In OTP FPGAs an SEU could toggle the state of a Flip-Flop, which, in any case would recover the correct state after a few clock cycles. In this case the entire system sees an SEU as noise without any resulting interruption of functionality.
In the case of circuits containing reconfigurable FPGA instead, an SEU can corrupt the FPGA configuration SRAM content and therefore change the circuit configuration of the FPGA itself and thus its behaviour. One of the most common approach to correct an SEU is the introduction of triple redundancy of a circuitry with a voting system to select the most likely value out of identical circuits. The obvious disadvantage of this solution is that the required number of gates of an FPGA must be three times as many as the original configuration. and in some cases not all of the resources available in a FPGA are tripled migrating from an FPGA to one three times larger (i.e. the global clock lines). Moreover tripling circuitry means tripling dissipated power.
In the framework of the European Union funded project IST-RECONF [1] new software tools and methodology for the design of dynamically reconfigurable FPGA (D_FPGA) are being developed and evaluated [2] [3]. The availability of dynamically reconfigurable FPGA and dedicated design tools would meet the requirements of many space payload developers who have the necessity to shorten and streamline the design cycle of their electronic equipments. The main design constraints faced during development of a space qualified electronic boards are those of power consumption, space occupation, remote re-configurability and fault-tolerance with respect to the possible upsets due to cosmic radiation. The use of dynamically reconfigurable FPGA meets, to different extents, the first three requirements whereas the susceptibility to SEU remains a weak point of SRAM based FPGA.
The re-design of a real space application has been selected to validate the D_FPGA design tools and methodology under development. The application consists of the control electronics of an existing payload that has already flown on space missions on board orbiting rockets. The purpose of this payload is to carry out scientific research on the Heat Transfer Regime Improved by Electrostatic Fields in Liquids in Microgravity conditions. The onboard electronics performs the control of two temperatures, one pressure and one Critical Heat Flux. In the current design the four controlling processes are executed on an 8 bit microprocessor with some auxiliary functions such as memory management, watchdog and AtoD and DtoA converter controls implemented in a non reconfigurable (OTP) FPGA.
The new design foresees the migration of the four processes from the microprocessor into the D_FPGA. The processes can be automatically re-loaded at predefined time intervals into the FPGA. The tools under development in the RECONF project are suitable to overcome the problem posed by the extra resources in terms of FPGA gates required when implementing SEU mitigation technique such as triple redundancy. The main difference between classic reconfigurable FPGA and D_FPGA is that the latter can be partially reconfigured during in circuit operation. A single block of the configuration memory can be unloaded and reloaded at scheduled time intervals or upon a state change of an external line. The reconfiguration time of a single block is less than 1 ms while the internal variables (and the IO states ) of a single block are retained between successive re-configurations. In this case different configuration blocks may be reloaded in the same region of the D_FPGA in successive time slots with the direct advantage of reducing the space required on the D_FPGA for the implementation of a complete system. This space reduction may be exploited in order to compensate for the increment of gates due to the implementation of the triple redundancy to correct an SEU.
If N is the number of different blocks implemented on a single portion of D_FPGA and assuming that the probability of an SEU is proportional to the time a certain configuration remains in the SRAM, then the probability of a SEU occurring to a certain block is reduced by a factor N. Furthermore, the system recovers from the effect of a possible SEU at the next reloading of the configuration bitstream.
References:
- RECONF Dissemination WWW Server, http://www.reconf.org/
- FPL2002 Montpellier, France, "High-Level Partitioning of Digital Systems Based on Dynamically Reconfigurable Devices". Speaker: Rafal Kielbik
- Second Workshop on Reconfigurable Computing and Applications. Almunecar, Spain, "Dynamic Reconfigurable FPGAs". Speaker: J. Manuel Moreno