Reliable State Machines презентация

Laboratory

at least one RAM programmable FPGA
Several ASICs
Many standard parts eg Microprocessor, RAM chips.

an FPGA/ASIC can halt a billion dollar mission
Tight schedules can result in inadequate testing
Inadequate version control can result in the wrong code
First Pass success important for ASIC design

change
Specification is complete
Design will meet the specification and requirements
Testing has covered all possible cases

approach
Formal Reviews to ensure design process is adequate, and to sign off on the design
Documentation for review and archiving
Check-lists to ensure all problems are fixed

which documents all testing
Checking tools e.g. Lint, DRC; all errors, and warnings documented

easily checked and reviewed
Implement most reliable design techniques

single event upsets
State machine should not hang
State machine should always be in a defined state
No asynchronous inputs to state machine
Default state must be specified

into an FPGA or ASIC controls the sequencing of actions in the digital logic
The current state of a machine is held in a state register which is updated on a clock
The next value of the state register (next state) is derived from the current state and the inputs
Outputs from the state machine are decoded from the state register and can also be combined with the inputs

a unique code
The allocation of these binary codes to states is the Encoding
The simplest encoding is Binary
In Binary encoding each state is given the next available binary number in sequence.

equal to the number of states. Each encoded state has just 1 bit in the encoded word set to a 1 (the rest are 0)
The advantage is that when optimized for non-reliable use, the amount of logic needed is less than Binary encoding, and it can be faster. One bit change with a SEU will result in a bad code which can be detected.
The disadvantage is the increased number of bits results in more flip/flops and therefore more targets for SEUs. The SEU advantage is lost when the 1-hot encoding is optimized.

The simplest encoding is Binary
In Binary encoding each state is given the next available binary number in sequence.

chosen so that in the main state-machine sequence only 1 bit changes at a time
No major advantage over binary with this code. Decoded outputs from the state register can make use of the nature of the encoding to simplify producing a glitch free output.

bit to ensure all codes are separated by a Hamming distance of 2. That is, it will take 2 changes in the state register to reach another known state.
The advantage is that it has less bits and so less SEU targets than 1-hot, but retains the fault tolerance of the un-optimized 1-hot encoding.

to ensure all codes are separated by a Hamming distance of 3. That is, it will take 3 changes in the state register to reach another known state.
The advantage is that the SM can be designed such that a single change in the state register has no effect on the state.
The disadvantage is that it requires more logic to implement

were individually synthesized
Finite state machine optimization is turned off
A clock frequency of 50 MHz is used
Target device is a Xilinx Spartan 2, speed grade 6
Error injection circuitry is not included

each state machine executing the same task, plus a reference state machine
The task chosen requires a16-state state machine, to detect a 16-bit pattern in a serial input stream
An error generator injects faults into all state machines except the reference state machine

to the reference output
A set of counters tallies the comparison outputs
2 types of failure are logged for each state machine:
Failure to detect pattern
False detection of pattern (false-positive)

pattern, to increase the likelihood of a false match
Error rate can vary, set to 1:199 clocks in example
Errors are weighted by distributing them pseudo-randomly over 16 bits. A state machine with a word size of n, receives n/16 of the total faults
Synchronous fault injection is before the state register
Asynchronous fault injection is after the state register
All results are from actual implementation of the test circuits in a Spartan 2 FPGA

for small number of states
Second-most sensitive to errors
Generates false-positive errors i.e. reports false pattern matches

small number of states and large number of states
Uses more resources than Binary
Inefficient for large number of states
Worst fault tolerance of all encoding tested
Has 2x the error rate of binary encoding

Fault Tolerance than Binary
More resources needed than One Hot, except for large number of states

and asynchronous errors
Lowest double-fault errors
Most resources used (*)
~2x binary encoding
Slowest speed (*)
(*) Except for large number of states