As device dimensions shrink, the likelihood of radiation-induced errors flipping bits and causing incorrect operation or even system lock-up is increasing, especially in dense FPGAs.
Industry standards including DO-254, IEC 61508 and ISO 26262 define functional safety and error-mitigation strategies for building and validating systems that can be shown to offer high reliability despite the possibility of such errors. Applying these approaches is becoming important, and in some cases mandatory, for industrial, medical, automotive, communications, military and aerospace applications.
We’ve written about strategies for achieving functional safety before, and now Synopsys has released a series of eight videos detailing how its Synplify Premier software has been updated to automate the use of industry-standard approaches to mitigating soft errors such as single-event upsets (SEUs).
The eight short videos are hosted as a group here and are also available via the direct links below. They cover the following topics:
- Chapter 1 covers functional safety issues in FPGAs, explaining how single event upsets happen, why FPGAs at advanced nodes are more susceptible than older parts, and the possible impact of such errors on an FPGA’s functionality. It also outlines some basic strategies for mitigating these issues.
- Chapter 2 considers how and where to design in functional safety. It looks at where to focus design effort to get the most protection, which depends in part on the type of FPGA being used (Flash vs SRAM based), the various protection strategies that are available, and how to think about the trade-offs involved in implementing functional safety.
- Chapter 3 expands on some of the techniques introduced in Chapter 2, including the use of triple modular redundancy strategies to safeguard logic, registers, clock routing and I/O circuitry.
- Chapter 4 does a similar job of detailing techniques for safeguarding memories.
- Chapter 5 considers techniques for protecting finite state machines.
- Chapter 6 looks in more depth at protecting I/Os.
- Chapter 7 discusses how to implement monitoring circuitry.
- Chapter 8 summarises the overall strategy.
Synplify Premier has two features that ease the implementation of designs with better immunity to these issues: direct support for SEU error detection and recovery schemes across all FPGA device families from Altera, Lattice, Microsemi and Xilinx; and automated support for the creation of SEU error monitors, enabling software-based error mitigation schemes for controlling, monitoring, recovery and diagnostics of system errors that occurred due to SEUs.
The tool has multiple options for implementing error detection and mitigation circuitry, such as:
- Protecting memory by inferring error-correcting code memory primitives, and by inserting triple modular redundancy (TMR) on Block RAMs to mitigate single-bit errors.
- Safe FSM implementation strategies that force a state machine into a reset state or a user-defined error state so an error can be handled in a specific way. The software can also implement a ‘safe case FSM’ which ensures that, should the FSM enters an undefined state, it will recover, avoiding lock-up.
- Fault-tolerant FSMs with Hamming-3 encoding for detecting and correcting single-bit errors, so that the FSM can then start operating correctly right away.
- Creation of TMR schemes, including:
- Local TMR to protect registers
- Distributed TMR to protect synchronous logic, configuration bits, or external I/Os
- Block TMR to protect synchronous modules, IP, routing and clocks
- TMR-based mitigation of errors in non-flushable circuits that contain synchronous feedback loops
- Physical separation of the triplicates on the FPGA die for additional SEU protection
Synplify Premier can also automatically create error monitors and error flags, and be programmed to create a tap on any internal node, via the FPGA I/O, to facilitate probing or fault injection for verification.