synthesis of fault tolerant circuits for fsms & rams rajiv garg pradish mathews darren zacher

Synthesis Of Fault TolerantCircuits For

FSMs & RAMs

Rajiv Garg Pradish Mathews

Darren Zacher

MAPLD 2009 - Synthesis of Fault Tolerant Circuits for FSMs & RAMs

Agenda

Introduction Typical FSM Synthesis of Fault Tolerant (FT) FSMs Single Event Upset (SEU) Detect and Recovery Single Event Upset Detection Synthesis tool user options Fault tolerant RAMs Conclusion


Introduction

Single Event Upset (SEU)

noise introduced in circuit operating in extreme conditions of space, military, aircrafts etc

Affects all types of FPGA devices and technology

Results in data corruption , system malfunction or impairment of various circuit components


Contd..

FSMs and RAMs are crucial component of circuit FSMs control design functionality by transitioning

system to new state depending on transition function RAMs are the data storage components of the

circuit Any malfunction to their operation can make the

whole system go unpredictable


Existing Solutions

Triple Module Redundancy (TMR) is the commonly used scheme for SEU. But it is : Area Extensive Only applicable to whole module block

FPGA designers manually write fault tolerant circuits Cumbersome job for RTL designers

There is an absence of complete automated software synthesis solutions in this domain


Typical FSM circuit

FSM circuit has four major components Inputs Current state vectors Next State function Output logic

Present Present StateState

Next State Next State FunctionFunction State State

VectorsVectors

Output Output LogicLogic

InputsInputs

OutputsOutputs

rstrstclkclk


Synthesis of Fault Tolerant (FT) FSMs

Next State Next State FunctionFunction

State State VectorsVectors

Output Output LogicLogic

InputsInputs

OutputsOutputs

clkclk rstrst


StateStateRegistersRegisters

InputsInputs

OutputOutputfunctionfunction

rstrst

Present Present StateStateParityParity

generatorgenerator Parity Parity RegistersRegisters

ErrorErrorCorrectionCorrection

CircuitCircuit

Parity Parity RegistersRegisters

outputoutput

FTFT

FSMFSM

clkclk


Contd..

Synthesis goals Automated Fault tolerant circuit implementation Achieve optimal implementation with minimal

impact on quality of results (area and timing) Extra combinational and sequential logic added Parity generator

Generates logic for parity registers Error corrector

Detects and corrects SEU


SEU detection and recovery Circuit


StateStateRegistersRegistersInputsInputs


rstrst

Present Present StateStateParity Parity

GeneratorGenerator Parity Parity RegistersRegisters


CircuitCircuit


outputoutput

FOR SEU detection and recovery to original state FOR SEU detection and recovery to original state Encoding of State and parity registers such that Encoding of State and parity registers such that

Hamming Distance >= 3 Hamming Distance >= 3

clkclk


Parity generation(Hamming-3)

Extra parity flops added to current state registers to create hamming distance-3

number of parity flops k must satisfy the inequality 2^k >= n+k+1 , n is data flops

n + k flops uniquely detect upset in n data flops Hamming code constructor to generate parity

Error Correction circuit detects upset and recovers to original state

General technique can be applied to any encoding scheme


Contd..

n + k bits uniquely detect for n data bits Consider a message having 4 data bits. We add 3 parity bits

to uniquely determine the single bit error in any of the 7 bits send

Here (3,5,6,7) are data bits and (1,2,4) are parity bits Change in parity bits detect

upset in data bits (1,2) detect upset in 3 (1,4) detect upset in 5 (2,4) detect upset in 6 (1,2,4) detect upset in 7 Upset in any (1,2,4) detect for itself

11

2244

55 33

66

77


Contd..

Asynchronous Events

FSM State registers may have asynchronous set and reset

Any asynchronous set and reset signal will abruptly transition the state of FSM registers

Parity registers needs to be synchronized to FSM registers in case of asynchronous event


Consider hamming-3 for 2 data flops 3 parity registers required for 2 data flops

Calculate rP1,sP1,rP2,sP2,rP3,sP3 (reset and set) of parity registers in terms of rC1,sC1,rC2,sC2 ?

Set/reset have priority associated with them so both cannot be high simultaneously

When one of set/reset high, Q is defined by setQ = set

clkclk

rP2 sP2rP2 sP2

rC2 sC2rC2 sC2

C2C2

rP3 sP3rP3 sP3

rC1 sC1rC1 sC1

rP1 sP1rP1 sP1

C1C1

P1P1

P2P2

P3P3

setset resetreset QQ

00

00

11

00

11

00

No effectNo effect

00

11

Contd..Contd..


Contd..

In case of inferred FSM , any asynchronous event will affect all FSM registers

Given FSM registers , asynchronous event is detected as OR of all set ands resets of FSM registers (rC1 ||

sC1 || rC2|| sC2) => ET (event trigger) Parity registers set /reset calculated as

set = Fn(sC1,sC2) && event trigger Reset = !Fn(sC1,sC2) && event trigger


Cont..

Initial value state registers

Current state registers may have initial values

Parity registers needs to be synchronized to current state registers’ initial value so that these are not considered as upsets

Initial value flops created for parity flops Initial value = Fn( Current state initial values)


Enable Handling

Say at T = t1 , SEU occurs in Cs1 flop

Because of En = low Output at cs1 not corrected in

next clock cycles so circuit no longer remains Fault Tolerant

Now say at T = t1 + next clock cyclesupset also occurs at Cs2

EnEn

EnEn

ErrorError

CorrectorCorrectorNext StateNext State

FunctionFunction

SEU occursSEU occurs

Cs1Cs1

Cs2Cs2

This can be taken care by dissolving enable at Data path of FlopsThis can be taken care by dissolving enable at Data path of Flops

clkclk

clkclk


Cont..

Dissolving Enable mux is put in the data path of flop with enable as select line

Mux sel0 = corrected current state Mux sel1 = next state

Now, after upset in any register, correct state is set at Flip flop output in next clock cycle

EnEn

EnEn

ErrorError

CorrectorCorrectorNext StateNext State

FunctionFunction

Cs1Cs1

Cs2Cs2

muxmux

muxmux

00

11

00

11

clkclk

clkclk


Optimized techniques for 1-hot/1-cold encoding

1-hot/1-cold special encoding schemes Already hamming distance-2 Only single bit is 1 or 0 in whole state Vector

Optimized technique for 1-hot/1-cold are following Binary transformation with parity Full Register duplication scheme


Binary transformation with parity

One HotOne Hot State State

VectorsVectors

BinaryBinary VectorsVectors

Parity Parity Register Register

(P)(P)

1-hot to1-hot toBinaryBinary

Next StateNext State FunctionFunction

ErrorError DetectionDetection

ErrorError CorrectorCorrector

UpsetUpset

Present Present statestate

inputinput

Corrected stateCorrected state

ParityParity

generatorgenerator

Output Output functionfunction

outputoutput

rstrst

1-hot vectors already 1-hot vectors already hamming-2hamming-2

Binary vectors + parity Binary vectors + parity added to create total added to create total

minimum hamming-3minimum hamming-3clkclk


Technique

1-hot encoded Next state will be converted to Binary value vector

Even parity bit (P) will be generated for this binary vector by doing XOR operation of next state Binary vectors.

Error Detection Circuit generates the new even parity bit (P’) using the binary vector state

registers P and P’ are compared to detect the upset If P and P’ differ : an upset has occurred in Binary Registers or parity

Register P and P’ same : no upset has occurred at least in Binary Vector or

parity register


Contd..

Since SEU, upset occurs either in the preset state vector or the binary state vectors and parity

Error Corrector circuit if upset signal is high

no upset in preset state registers Present state set as corrected state

If upset is low no upset in Binary Vector Registers decode binary vector to one hot and set them as

corrected state.


Full Register duplication scheme

1-hot1-hot State State VectorVector

Duplicated Duplicated One Hot One Hot

State State VectorsVectors


inputinput

ErrorError DetectorDetector

ErrorError CorrectorCorrector

upsetupset

OutputOutputFunctionFunction

outputoutput

rstrst


1-hot vectors already 1-hot vectors already hamming-2hamming-2

Duplicated 1-hot vector Duplicated 1-hot vector also hamming-2also hamming-2

So total hamming distance So total hamming distance >=4>=4

clkclk


Technique

All 1-hot state vectors are duplicated as parity registers Error detector circuit

detects the upset in one hot using optimized xnor circuit Since SEU, upset will either occur in present state vector or

duplicated parity registers Error Correction Circuit

If the upset signal is high upset detected then present state (one hot state vectors) passed as

corrected state. If upset is low

no upset, duplicated registers are passed as corrected state.


Comparison of different SEU correct & recovery schemes for 1-hot

AreaArea

(in LUTs)(in LUTs)

0

200

400

600

800

1000

1200

8 16 32 64 128 256

1-hot states

binary transformation withparity

Full Register duplicationscheme

Hamming-3


Results explanation

Hamming-3 Applicable to all encoding schemes Extensive area penalty in case of 1-hot/1-cold optimal for binary (gray etc) encoding

For 1-hot/1-cold binary transformation with parity

Optimizes area usage over hamming-3 Full Register duplication scheme

More prone to SEU Area efficient then both the above techniques logic is simple


SEU detection and correction


StateStateRegistersRegisters

InputsInputs


rstrst

Present Present StateStateParity Parity

GeneratorGenerator Parity Parity RegistersRegisters


CircuitCircuit


outputoutput

FOR SEU detection and Correction to User defined stateFOR SEU detection and Correction to User defined state

Encoding of state and parity registers such thatEncoding of state and parity registers such that

minimum Hamming Distance > =2minimum Hamming Distance > =2

clkclk


Hamming-2 technique

Current Current State State

VectorsVectors

2 parity 2 parity registersregisters

(p0 and p1)(p0 and p1)

Next state Next state FunctionFunction

Error Error detectordetector

Output Output FunctionFunction

Error Error correctorcorrector

ParityParity

generatorgenerator

outputoutput

inputinput

clkclk rstrst 2 parity registers added 2 parity registers added to create Hamming-2 to create Hamming-2 distance in encoded distance in encoded

statesstates


Technique

Parity generator generates two parity bits p0 and p1 p0 and p1 are the odd and even parity respectively of next state

Error detection circuit calculate parity registers p0’ and p1’ using Current state registers Both p0 and P1 compared with p0’ and p1’ respectively If both sets (p0,p0’) and (p1,p1’) differ , an upset in current state

vector Error correction circuit

If Upset detected sets the corrected state to user defined state

If no upset detected current state vector set as corrected state


Optimized detection and correction scheme for 1-hot/1-cold/2-hot

Current Current State State

VectorsVectors(1-hot )(1-hot )

Next state Next state FunctionFunction

Error Error detectordetector

Error corrector(user defined

state)

upsetupset

OutputOutput

functionfunction

outputoutput

clkclk

rstrst

inputinput


1-hot vectors 1-hot vectors already hamming-2already hamming-2

No parity requiredNo parity required


Technique

Error detection circuit implemented using xnor/xor circuit to detect single

event upset Error Corrector Circuit

If upset detected corrected state is set to user defined state

If no upset detected current state vector is set as corrected state


Synthesis tools options for User controls

User options to implement SEU detection or both SEU detection & recovery circuit

Ability to apply different fault tolerant implementation on different FSMs

User attributes on FSM state register specifying FSM encoding scheme

//pragma attribute <state_name> encoding_style <binary/one-hot/gray>

Fault tolerant implementation //pragma attribute <state_name> safe_fsm_type

<seu_detect/seu_correct> Correction State for SEU detection & correction circuit

//pragma attribute <state_name> recovery_state <state_vector>


Contd..

Example : reg [3:0] cst //pragma attribute cst recovery_state 1000

..

S0S0(0001)(0001)

S0S0(0001)(0001)

S1S1(0010)(0010)

S1S1(0010)(0010)

S2S2(0100)(0100)

S2S2(0100)(0100)

Transition to Transition to default statedefault state

????(0101)(0101)

????(0101)(0101)

Invalid stateInvalid state

DefaultDefault

S3S3(1000)(1000)

S3S3(1000)(1000)

States defined States defined for normal for normal FSM operationFSM operation

Recovery StateRecovery State

ResetReset


Fault Tolerant RAMs

Application of TMR to RAMs Triplicates memory elements Can overfill the FPGA Block RAM capacity Can lead to many potential memories in the design

not inferred Hamming-3 is applied to RAMs to detect and

recover from SEU the width of memory word size is increased by

adding error checking bits


Contd..

Memory cell with addition of parity registers

Additional combinational logic added for parity generator and error

corrector

...

RAM

Hamming Code

RAM

...

RAMRAM parityparityGeneratorGenerator

Error Error CorrectorCorrector

address

dataindatain parityparity

dataoutdataout


Conclusion

For safety critical applications automated synthesis solution is good for its following salient features

Designer does not need to write manually Fault tolerant implementations

Generates best Quality of results in terms of timing and area

Is formally verifiable with equivalence checker


Thank you

synthesis of fault tolerant circuits for fsms & rams rajiv garg pradish mathews darren zacher

Documents

fsms ramscontd

new state

fsms ramsseu detection

current state registers

extra parity flops

number of parity flops

data corruption

system malfunction