Fault injection system for FPGA-based space computers

Abstract

Abstract: Simulation of radiation effects in aerospace computers is a key testing and verification component to space operations. Contemporary computer architectures utilizing Field Programmable Gate Arrays (FPGA) requires particular focus in testing the configuration memory of the device for faults that cannot be recovered using traditional strategies. Faults in the configuration memory propagate to the hardware settings of the FPGA, changing the implemented logic circuit functionality. The effects of faults in the configuration memory are unpredictable, limiting the effectiveness of computer simulation and analysis. Therefore, designers of FPGA-based aerospace computers prefer to physically induce faults in the configuration memory to measure their impact. This allows the results of configuration memory fault injection used to classify faults occurring during space operation. The process is difficult to implement as the FPGA configuration memory is large, often undocumented, and the injection process is tedious when done manually. This paper presents the results of the deployment of two FPGA-based aerospace computers payloads to the International Space Station and the subsequently developed process for configuration memory fault injection. The injections are designed to simulate errors caused by radiation strikes to the computer hardware. These injections were performed on duplicate hardware to the RadPC payloads that operated on the ISS and was bombardment by real radiation. This provided the ability to see if the ground-based injection was correlated to real flight data. The developed process is able to inject single bit faults, which represents the majority of faults observed in configuration memory for space applications, and continuous injection, which stress tests the aerospace computer's recovery capability. Depending on the effects of the injected fault, the error is marked as either repairable, nonrepairable and propagating, or nonrepairable and nonpropagating. The result of this testing illustrates the key components in the implemented computer architecture which are vulnerable to faults in the configuration memory. Vulnerable components include the softcores, voter components, and the input logic. The process allows these key components to be isolated for further testing and the comparison of payload results to configuration memory testing on the ground.