Space embedded systems - AE4S15
13/02/2023
Dr. Alessandra Menicucci
Why this course?
Embedded systems are everywhere …
But why should we use them in space
engineering? And how?
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
2
Learning objectives
At the end of this course you will be able to:
Explain the basic elements of embedded systems and their characteristics.
Explain the different radiation environments encountered in space and their effects on
electronics components.
Define the embedded system requirements and select the components.
Design and implement (hardware and software) an embedded system based on microcontrollers.
Apply fault tolerance techniques both on software and hardware parts.
Evaluate the performances of the selected components to ensure they satisfy the system
requirements to define and explain the architecture (hardware and software) of space
embedded systems.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
3
Schedule
Week
Date
Day
Hours
Lecturer
Topic
3.1
13 Feb
Mon
13:45–15:30
A. Menicucci
1 – Introduction and background
15 Feb
Wed
13:45–15:30
A. Menicucci
2 – Space Embedded Systems building blocks
20 Feb
Mon
13:45–15:30
A. Menicucci
3 – Space Embedded Systems HW/SW interfaces 1
22 Feb
Wed
13:45–15:45
A. Menicucci
4 – Space Embedded Systems basic SW concepts
21 Feb
Mon
13:45–15:45
A. Menicucci
No lecture (group assignment work)
23 Feb
Wed
13:45–15:45
A. Menicucci
No lecture (group assignment work)
6 Mar
Mon
13:45–15:45
A. Menicucci
5 – Space Embedded Systems HW/SW interfaces 2
8 Mar
Wed
13:45–15:45
A. Menicucci
6 – Space Embedded Systems requirements
13 Mar
Mon
13:45–15:45
A. Menicucci
7 – Space Environment Effects and Radiation Hardness Assurance
15 Mar
Wed
13:45–15:45
A. Menicucci
8 – Exercise 1
20 Mar
Mon
13:45–15:45
A. Menicucci
9 – Fault Tolerant Techniques for space embedded systems
22 Mar
Wed
13:45–15:45
A. Elving
Space embedded system on ESA missions
27 Mar
Mon
13:45–15:45
TBD
Space embedded systems and Artificial Intelligence
29 Mar
Wed
13:45–15:45
A. Menicucci
10 – Exercise 2
13 Apr
Thu
13:30-16:30
N/A
Exam
3.2
3.3
3.4
3.5
3.6
3.7
3.10
Course format
●
Lectures and exercises
per week on-campus
Assessment
Exam
●
Group Assignment
●
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
5
Assessment
Assessment
method
Exam
Group
assignment
Effort
3 (+ 26 prep)
38
Type
Individual
Group
Deliverable
Written exam
prototype/final
report
Weighting score
[%]
40
60
Pass threshold
[#/10]
6
6
Date/Deadline
13/04/2023
To be agreed
21/06/2023 (resit)
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
6
Distribution of effort
3 ECTS = 84 hours in total
Week
3.1
Dates
13-11 20-24
Feb
Feb
27 Feb- 6-10
3 Mar
Mar
13-17 20-24 27-31 3 -7 10-14
Mar
Mar
Mar
Apr Apr
Hours
Lectures
4
4
0
4
4
4
4
0
Hours
studying
1
1
4
2
2
2
6
6
4
4
4
4
6
6
Hours Group
assignment
3.2
3.3
3.4
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
3.5
7
3.6
3.7
3.8
3.9
0
Total
24
24
8
36
Exam format 2023
The exam will assess:
• Your ability to recall and discuss key concepts covered by the
lectures
• Your ability to apply space embedded systems engineering
methods to test cases.
• The exam will be based on content delivered during the lectures.
●
There will be exercise sessions to prepare .
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
8
Group assignment
●
Group of 3-4 students
●
Every student is required to participate
●
Choice between 3-4 different assignments
●
Expected deliverables: prototype + technical report
●
Group assignment will be presented on 22/02/2023.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
9
Recommended literature
●
●
There is no mandatory text book.
Lecture slides are the main source of reference.
However a very good additional reading can be:
●
●
●
●
Peter Marwedel “Embedded System Design: Embedded systems, Foundations of
Cyber-Physical Systems and Internet of Things”, 3rd edition, 2018, Springer (it should
be available from VSV).
G.C. Buttazzo: Hard Real-Time Computing Systems. Springer Verlag, ISBN 978-14614-0676-1, 2011
Edward A. Lee and Sanjit A. Seshia: Introduction to Embedded Systems, A
CyberPhysical Systems Approach, Second Edition, MIT Press, ISBN 978-0-26253381-2, 2017.
M. Wolf: Computers as Components – Principles of Embedded System Design.
Morgan Kaufman Publishers, ISBN 978-0-128-05387-4, 2016.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
10
Introduction to embedded systems
Space Engineering
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
11
What is an embedded system?
Space
Earth
Fault tolerance
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
12
Definitions
Embedded systems are information processing systems embedded
into enclosing products.
(from: Marwedel, P. Embedded System Design, Springer (2017))
Embedded systems (ES) are electronic products, equipment or more
complex systems containing computing devices and special software
that are not externally visible and generally inaccessible by the user.
(from: European Commission)
●
●
●
●
●
Embedded Systems
Programmed to perform a set of specific
tasks well known at design time
Low power
Non-programmable by end-user
Operates in fixed time constraints,
additional features are not valuable
Low size, low cost
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
13
●
●
●
●
●
General Purpose Computing Systems
Intended for a full range of general applications
which might to not be known at design time
High power consumption
Programmable by end-user
In general no time constraints, but faster is
always better
Higher size, higher cost
Cyber-Physical systems
Cyber-Physical Systems are integration of
computation and physical processes
Embedded Systems
Compute
Cyber
World
Cyber-systems gather knowledge about
the physical world through sensors to
elaborate this information and take
decision in order to influence/modify its
dynamic when needed.
Physical
World
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
14
Decide
Handle data
Communicate
Observe
Influence
Sensors
Actuators
Embedded Systems functions
●
●
●
●
Closed-loop control system
–
Monitor a process, adjust an output to maintain desired set point (temperature,
speed, direction, etc.)
Sequencing
–
Step through different stages based on the environment and system needs.
Signal processing
–
Remove noise, select desired signal features etc.
Communications and networking
–
Exchange information reliably and quickly.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
15
Some History
●
The first ‘embedded computer’ is MINUTEMAN (nuclear ballistic missile) embedded
control system D-17 (1961). When the Minuteman II went into production in 1966, the
D-17 was replaced with a new computer that was the first high-volume use of
integrated circuits.
Apollo guidance computer was derived from it.
Until the ‘60 embedded computer were only for space!
●
●
1971: Intel produced the first consumer oriented microprocessor (4004)
●
1976/77: Intel releases the first one-chip microcontroller, the 8048
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
16
Moore`s law
Based on the
observations of Gordon
Moore (co-founder
Fairchild Semiconductor
and Intel) in 1965 and
1975: the number of
components (transistors)
in a Integrated Circuit
doubles every 2 years.
In 2021 still hold (more or
less)!
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
17
Embedded Systems market
Embedded Systems are applied in:
●
●
●
●
●
●
●
●
●
●
●
●
Automotive;
Avionics/ Aerospace;
Industrial Automation;
Transport, water, environmental protection;
Health and Medical Equipment;
Energy consumption point (home/building)
technology;
Communications;
Consumer Electronics;
Energy.
Credits: ARM
Credits: Gibbs/The Guardian
Credits: Ashling
Embedded systems market in 2021 was 86.5 billion USD and will 116.2 billions USD by
2025.
Just an example: 35-50% of the value of a car is due to embedded electronics
The overall industry is expected to grow at a rate of 5.73% in 2021-2028. However, lack
of skilled professionals and security concerns may limit the growth of the market over the
forecast period.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
18
Example 1: bike computer
●
●
●
●
●
Functions
●
Speed and distance measurement
Constraints
●
Size
●
Cost
●
Power and Energy
●
Weight
Inputs
●
Wheel rotation indicator
●
Mode key
Output
●
Liquid Crystal Display
Low performance microcontroller
●
8-bit, 10 MIPS
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
19
Example 2: car
Functions performed by embedded systems include:
•
Headlight position control
•
Engine power flow control
•
Information Navigation
•
Light Failure control
•
Park/reverse assist
•
Dashboard controller
•
Entertainment Headup display
•
Automated Cruise Control
•
Rain sensor
•
Compass
•
Interior Light System
•
Power Window Sensor
•
Stability sensing
•
LED brake light
•
Keyless entry
•
Central Locking
•
Suspension control
•
Seat control Position/Heating
•
Auto toll payment
Volswagen ID3
A modern car typically contains 100-300 micro-controllers or processors, 50+ complex
electronic control units, between 5 and 20 million lines of software code, with miles of
wires connecting these systems. These systems often interact. For example, the steering
system interfaces with the suspension to ensure a smooth ride.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
20
Benefits of Embedded Systems
●
●
●
●
Greater performance and efficiency
●
Being specialized in one task means a minimization of resources (power,
size/mass, data memory utilization, code-size, run-time) while maximizing the
performances on that specific task
Lower cost
More features
●
Many not possible or practical with other approaches
Better dependability
●
The knowledge of the expected behavior and the physical environment at design
time can be used to achieve higher predictability and reliability
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
21
Dependable embedded systems
Dependability is a basic design requirements for Embedded Systems but how much is it needed?
From this
to this
Embedded module for musical
greeting card (courtesy AliBaba)
Embedded on board computer for BepiColombo mission (courtesy ESA)
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
22
Definition of Dependability
Dependability has 3 main components are: reliability, availability and maintainability.
DEPENDABILITY
The extent to which the
fulfillment of a required
function can be justifiably
trusted
According to ECSS-S-ST-00-01C
RELIABILITY
The ability of an item to perform a required function
under given conditions for a given time interval
AVAILABILITY
Ability of an item to be in a state to perform a
required function under given conditions at a given
instant of time or over a given time interval,
assuming that the required external resources are
provided
MAINTAINABILITY
Ease of performing maintenance on a product
NOTE: Dependability shall be considered in conjunction with safety.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
23
Dependability: how is it expressed for
spacecrafts?
•
Qualitative requirements
e.g. “No single failure shall cause the complete loss of the (sub)system capability”
•
Quantitative requirements
e.g. “The (sub)system shall have a reliability of no less than 0.98 over its specified
operational lifetime”
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
24
Dependability: how is it achieved for
spacecrafts?
RELIABILITY
MAINTAINABILITY
Modularity
Accessibility
Failure detection
Tools and skills to perform
maintenance
AVAILABILITY
Optimization of
reliability and
maintainability balance
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
Derating or over-design
Use of redundancy
Design diversity
Effects limitation
25
Dependability: Indicators
Characteristic
Indicator
Name
Reliability
Probability at time (reliability)
Failure rate
Mean time to failure
Mean time between failures
R(t)
λ
MTTF
MTBF
Availability
Probability at time
Mean up time
Mean down time
A(t)
MUT
MDT
Probability at time
Repair rate
Mean time to repair
M(t)
Mu(t)
MTTR
Maintainability
We will get back to these concepts in the
“Fault Tolerance Techniques” Lecture
MTBF → repairable systems
MTTF → not repairable systems
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
26
Dependability: ECSS Standards
Reference
Standard
ECSS-Q-ST-30
Dependability
ECSS-Q-ST-30-02
FMEA
ECSS-Q-ST-30-09
Availability
ECSS-Q-ST-30-11
Derating
Reference
Handbook
ECSS-Q-HB-30-01
Worst Case Analysis
ECSS-Q-HB-30-10
Component reliability data sources
Reference
Technical Memoradum
ECSS-Q-TM-30-12
EEE parameter drifts
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
27
Options for building embedded systems
Option
What it is?
Discrete components
In the past, embedded systems would have been
constructed from discrete components
(transistors, resistors, etc) or small scale
integrated circuits. This approach is now largely
obsolete and not recommended.
--
++
+-
--
?
Microprocessors
General purpose computing device. It needs
external memory and peripherals
+-
-+
+-
++
--
Microcontroller
Computing device for specific tasks. It includes
internal memory and peripherals
++
++
++
++
+-
FPGA
Re-programmable logic component
++
++
+-
++
++
ASIC
Application Specific Integrated Circuit
++
---
++
--
+++
DSP
Digital Signal Processor
++
++
++
++
--
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
Size/
Weight
28
Design
Cost
Unit
Cost
Flexibility
Power
Energy/Power efficiency
Credits: De Man and Philips
From: “Embedded and
Cyber-physical systems in a
nutshell” P. Marwedel
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
29
Microcontroller vs Microprocessor
Microprocessor (uP) :
●
Computing power for general
purpose applications
●
IC with only CPU, it requires
external RAM, ROM, I/O and other
peripherals to be operated.
●
Microprocessors are generally used
for unspecific tasks, like
developing software, games,
websites, photo editing, creating
documents etc. (no input/output
relationship defined).
●
The clock speed of the
Microprocessor is quite high
Microcontroller (MCU) :
●
MCUs are designed to perform specific tasks
●
Since the applications are very specific, they
need small resources like RAM, ROM, I/O ports
etc which can be embedded on a single chip.
●
Specific means applications where the
relationship of input and output is defined.
Depending on the input, some processing needs
to be done and output is delivered.
●
Examples: keyboards, mouse, washing
machine, digicam, pendrive, remote,
microwave, cars, bikes, telephone, mobiles,
watches, etc
●
The use of the microcontroller requires to
develop ad-hoc software code.
Intel Core i7 64-bit
microprocessor
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
Microcontroller
PIC 18F8720 on
a 80-pin TQFP
package.
30
Microcontroller vs Microprocessor
Simplified definition
MCU= CPU + peripherals
Feature
Microcontroller
Microprocessor
Max clock speed
[MHz]
200
4000
Processing
power
[MegaFLOPS]
20
5000
(thanks to
dedicated FPU)
Power
Consumption
[Watt]
0.001
50
Unit cost [$]
0.5
50
# Units sold per
year [x106]
1000
100
MegaFLOPS = 1 million floating point operations per second
MIPS = Million Instructions Per Second
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
31
Microcontroller
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
32
MCU for space use
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
33
Processor – Memory Gap
There is a limit on performance due to the fact that access to external
memory is becoming slower.
Processor-Memory
Performance Gap:
(grows 50% / year)
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
34
Memory Trade-Offs
Large (dense) memories are slow
Fast memories are small, expensive and consume high power
Goal: give the processor a feeling that it has a memory which is large
(dense), fast, consumes low power, and cheap
Solution: a Hierarchy of memories
CPU
Speed:
Size:
Cost:
Power:
L1
Cache
L2
Cache
Fastest
Smallest
Highest
Highest
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
L3
Cache
Slowest
Biggest
Lowest
Lowest
35
Memory
(DRAM)
Summary of microcontroller main advantages
●
●
●
●
●
The size of a circuit can be reduced significantly: one
microcontroller can replace several other ICs.
Allows greater flexibility: it can be reprogrammed to
change its function.
It is generally faster than a general purpose processor
for its specific function, thanks to access to local,
embedded memory and peripherals.
It requires less software to be written, which means
less software to be tested.
Low design and unit cost.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
36
Microcontroller Core: ARM Cortex-M0
●
●
●
●
ARM, (Acorn RISC Machine or Advanced RISC Machine) is a ‘fabless’
company selling IPs of a family of architectures RISC (reduced instruction
set computing) for CPU, which can be configured for different applications.
RISC processors require in general less transistor with respect to CISC (complex
instructions set computing) architectures, although they have less specialized
functions (e.g. accelerators).
ARM chips have proven very suited especially in applications such as portable
devices, lightweight and powered by a battery, smartphones, laptop e tablet
etc.
The ARM Holdings core business is the the development of core IP (ARMv1,
ARMv2, etc), which are licensed to be included in microcontrollers (MCU), CPU
and system-on-chips.
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
37
CPU ARM Cortex-M0
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
38
CPU ARM Cortex-M0
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
39
CPU ARM Cortex-M0
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
40
CPU ARM Cortex-M0
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
41
Target Board:
LPC1115 LPCXpresso Board
32-bit Cortex-M0 Processor Core
LPC1115 in LQFP48 package
50 MHz max clock
64KB Flash/ 8KB RAM
Wide range of peripherals
LPC1115 LPCXpresso Board
$25 (USD)
Peripherals: SSP,I2C,UART,ADC,etc.
Quick and easy breadboard prototyping
Supports various tool chains (with suitable debuggers)
Rich examples, libraries and extra expansion boards
available from Embedded Artists and other third parties
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
42
LPC1115
LPCXpresso
Block scheme
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
43
LPC1115 LPCXpresso Board
LPC-Link side
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
LPC1115 target
side
44
What did you have learn in this
lecture?
•
•
•
•
•
•
We have seen the organization and structure of this course
We have defined embedded system in general
We have introduced the concept of dependability
We have introduced different HW components which could be used to build ES
In particular we have compared microcontroller vs microprocessor.
We seen the example of ARM Cortex M0
In the next lecture we will continue with more option for hardware components and introduce
hardware/software interfaces
13/02/2023 AE4S15 Lecture 01 Dr. Alessandra Menicucci
45
AE4S15- Embedded systems building
Blocks
15/02/2023
Dr. Alessandra Menicucci
What we have done so far
In the previous lecture we have introduced embedded systems in
general.
We have seen that in space dependability is the key requirement
and what makes the design of space embedded systems more
challenging.
We have also made an overview of which architectures (HW/SW)
can be used to build embedded systems.
We discussed in details differences between microcontroller &
microprocessor.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
2
Today`s lecture
We will introduce DSP, ASICs and FPGAs and make comparison
between them.
We will discuss the high level system requirements of space
avionics.
We will have an overview of state-of-the-art and future On-board
data handling systems.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
3
Options for building embedded systems
Option
What it is?
Discrete components
In the past, embedded systems would have been
constructed from discrete components
(transistors, resistors, etc) or small scale
integrated circuits. This approach is now largely
obsolete and not recommended.
--
++
+-
--
?
Microprocessors
General purpose computing device. It needs
external memory and peripherals
+-
-+
+-
++
--
Microcontroller
Computing device for specific tasks. It includes
internal memory and peripherals
++
++
++
++
+-
FPGA
Re-programmable logic component
++
++
+-
++
++
ASIC
Application Specific Integrated Circuit
++
---
++
--
+++
DSP
Digital Signal Processor
++
++
++
++
--
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
Size/
Weight
4
Design
Cost
Unit
Cost
Flexibility
Power
Digital Signal Processor
●
●
●
●
A DSP is an IC designed to process digital signals.
Analog signals are converted to digital via an analog-to-digital
converter before being processed in the DSP. Digital signals
are then output and may be converted back to analog signals
via a digital-to-analog converter.
DSPs are specialized microprocessors which perform certain
actions on the analog signal (such as filter, measure, compress)
using algorithms more efficiently and with less power than a
general purpose processor and within a strict deadline.
DSPs are programmable.
Application of DSPs
●
●
●
●
DSP are mainly used in audio and speech processing
telecommunications; radar, Lidar, sensors; visual
processing, image processing.
Some DSPs are being used for neural networks
processing.
In commercial market multi-cores DSPs are available.
In space engineering, DSPs are key components in
payload data processing.
METOP – NOAA
Instruments
Interface Unit
(based on the
Atmel rad-hard
TSC21020)
Speak and Spell toy 1970
SigC641x for PCI video transcoding and
image processing task with DSP farm
Options for building embedded systems
Option
What it is?
Discrete components
In the past, embedded systems would have been
constructed from discrete components
(transistors, resistors, etc) or small scale
integrated circuits. This approach is now largely
obsolete and not recommended.
--
++
+-
--
?
Microprocessors
General purpose computing device. It needs
external memory and peripherals
+-
-+
+-
++
--
Microcontroller
Computing device for specific tasks. It includes
internal memory and peripherals
++
++
++
++
+-
FPGA
Re-programmable logic component
++
++
+-
++
++
ASIC
Application Specific Integrated Circuit
++
---
++
--
+++
DSP
Digital Signal Processor
++
++
++
++
--
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
Size/
Weight
7
Design
Cost
Unit
Cost
Flexibility
Power
Application Specific Integrated Circuit (ASIC)
Application Specific/Custom design circuits are
needed if high speed and low power are the
driving requirements.
Used for special cases: e.g. mixed
analog/digital signals.
However design cost is very high, it can be
compensated only by selling large numbers.
Manufacturing cost can be reduced by using
less advanced semiconductor fabrication
techniques and/or multi-project wafers
(MPW) .
Lack of flexibility (design errors requires a new
mask set and new tape-out).
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
8
ASIC Development
●
●
●
Developing an ASIC is highly time
consuming task because CAD and
automatized techniques offer a limited
help. Only the skills and continuous
experience of the designer are key to
ensure the all the features needed find
their place in complex fabric of the
semiconductor chip.
Hardware Description Language (HDL) is
a key element to ensure compliance
between the system requirements and
the design implementation.
Verilog and VHDL are the most used in
order to represent the desired HW
functionality as a software program. The
model is then simulated to confirm the
design will work as intended. Any
problems can be corrected in the model,
and simulation will verify the correction.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
“Improving the ASIC and FPGA
Development Process” Cormery, P.
Proceedings of DASIA 2003 (ESA
SP-532).
9
VHDL vs Verilog
●
●
●
●
VHDL is a strongly typed
language and more verbose
than Verilog.
VHDL syntax is non-C-like and
extra coding is required to
convert from one data type to
another.
Verilog is probably the easiest
to grasp and understand, but
VHDL has more features for
high level modelling therefore
mosre suitabl for advanced
users.
Another option is ModelSim, a
multi-language environment
which supports both.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
Example of Verilog
Example of VHDL
Source: https://www.electronicdesign.com/
10
ASIC floorplan
●
●
●
●
●
After the architecture design, a set of functional blocks
and the connections between them are specified in
the netlist.
These functional blocks can be considered as
macrocells in the physical design.
The task of floorplan is to place the macrocells on a
2-D chip: it determines the size of the design cell (or
die), creates the boundary and core area, and creates
wire tracks for placement of standard cells. It is also a
process of positioning blocks or macros on the die.
All this should be done without overlap while also
optimizing design objectives such as timing,
congestion, and maximum single and total wire
length.
This is where experience plays a very important role
but nowadays due to the complexity of modern chips
automated methods are becoming predominant.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
11
Floor plan example
Space ASIC example: IDE3466
The IDE3466 ASIC has been developed for the front-end detector
readout in the Radiation-hard Electron Monitor on-board the ESA
JUICE mission.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
12
Space ASIC example: IDE3466
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
13
Highly Miniaturised Radiation Monitor ASIC
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
Commercially-available 0.18 µm
CMOS Image Sensor
Each HMRM ASIC incorporates a
50×50 APS array with a pixel pitch of
20 µm (total sensitive area of 1 mm2)
All pixels are read out simultaneously
(‘snapshot mode’) and digitised via a
3-bit column parallel ADC with
correlated double sampling (CDS).
Each ADC comparator level is
programmed as a 7-bit threshold
setting, allowing customisable, nonlinear pixel digitisation schemes.
Max. frame rate of ∼10 kHz.
14
Attempt to make ASICs standard
High speed point-to-point SpaceWire
routers
32bit Sparc Microprocessors
Intelligent remote terminal controllers
Telecommand decoding and
telemmetry encoding
Co-processors,
DSP functions,
multichannel space and time mux,
De-modulation in transponders
Autocorrelators,
CCSDS image compression
System-on-Chip hosting sparc
microprocessor, TMTC, data bus
bridges, etc.
DAC and ADC broadband low power
converters
Also called ASSP = Application Specific Standard Product
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
15
Foundries used for space mixed-signal ASICs
Europractice + CMP
TI
Digital Libs exist
XFab
BelGaN
IHP
Infineon
LFoundry
STM
19 Nov 2010
TI
DCIS 2010
AMS
Taiwan
UMC
TSMC
Israel
16
Tower
Options for building embedded systems
Option
What it is?
Discrete components
In the past, embedded systems would have been
constructed from discrete components
(transistors, resistors, etc) or small scale
integrated circuits. This approach is now largely
obsolete and not recommended.
--
++
+-
--
?
Microprocessors
General purpose computing device. It needs
external memory and peripherals
+-
-+
+-
++
--
Microcontroller
Computing device for specific tasks. It includes
internal memory and peripherals
++
++
++
++
+-
FPGA
Re-programmable logic component
++
++
+-
++
++
ASIC
Application Specific Integrated Circuit
++
---
++
--
+++
DSP
Digital Signal Processor
++
++
++
++
--
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
Size/
Weight
17
Design
Cost
Unit
Cost
Flexibility
Power
Field Programmable Gate
Arrays
FPGAs are the most common of
reconfigurable hardware.
These devices can be programmed
“in the field” (after manufacturing)
Each Configurable Logic Block
consist of 2 slices.
Those slices are further divided in 2
logic elements.
Logic elements consist of:
●
4 input lookup Table
●
Full Adder and Mux logic
●
D FlipFlop
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
18
●
●
●
Configurable Logic blocks
I/O Units
Interconnections
Look-Up-Table
●
●
●
●
●
NAND Gate
Input A Input B Output C
0
0
0
0
1
0
1
0
0
1
1
1
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
A Lookup Table, as the name suggests, is an
actual table that generates an output based on
the inputs.
This table is then stored in a small memory.
Inputs A and B are the address pins and C is the
data pin.
When your address pins are changing, they will
be pointing at a different address with different
inputs.
2 inputs means 4 different combinatorial
scenarios. You can increase the number of inputs
and modify accordingly the size of the memory
needed.
19
Flip-Flops
●
●
Flip-flops are devices with two stable states that can be used to store
binary data. The stored data can be changed by applying varying inputs.
The state SET or high Q=1 and State RESET or basso, o stato ‘‘0’’: Q=0
SR flip-flop
JK flip-flop
T flip-flop
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
20
D flip-flop
Programming an FPGA
●
●
●
●
●
Programming an FPGA is NOT like programming a microprocessor
We download a BITSTREAM (in bits as 1s or 0s) to the FPGA not a
program
Programming an FPGA is called configuration.
The bitstream determines the logic functions performed by the
Logic Elements, and the interconnecting switches in order to
connect the different LEs together to make up your circuit
This is done only ONCE at power-on while a microprocessor needs to
be fed these program codes continuously for it to function.
●
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
21
Re-programmable space FPGAs
2 big manufactures
(
)
RTAX FPGA (130nm)
RT Kintex UltraScale FPGA (20nm)
RTG4 FPGA (65nm)
Virtex-5QV FPGA (65nm)
RT Polarfire (42/28 nm)
Virtex-4QV FPGA (90nm)
SRAM based
Flash based
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
22
ASICs and FPGAs in space: how many?
They are used in large (increasing) quantities
in both PLATFORM avionics and PLAYLOAD
instruments.
One example: SENTINEL 2
IC type
ASIC
ASIC
FPGA
FPGA
uP
uP
Std ASIC
Std ASIC
where quantity
P/F
59
P/L
0
P/F
112
P/L
37
P/F
21
P/L
0
P/F
10
P/L
0
TOTAL: 249
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
23
FPGAs also follow Moore's law
KLE = Kilo
Logic Element
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
24
FPGA Evolution
●
●
Capacity ( = logic cell count)
and speed ( = performance in
the programmable logic for
the same function) are
increasing while price and
power are decreasing.
Development tools (e.g.
Vivado for Xilinx) are getting
better and community of
users is growing.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
Xilinx published data
25
ASIC vs FPGA
DESIGN EFFORTS: a qualified design team generates the ASIC or FPGA circuit
design, using very similar development tools. However ASIC presents additional risks.
BASE TECHNOLOGY: both built on Silicon wafers, where circuits are chemically
diffused with lithographic techniques, with very expensive, complex manufacturing tools
and recipes. Usually in CMOS (Complementary Metal Oxide Semiconductor) technology.
Package can be same.
FPGA have Fixed array structure
=> lower performance /size/power
optimizations
ASIC are ad-hoc =>
better speed & power performance
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
26
FPGA vs ASIC
development
Implementation of TOF-PET Systems on Advanced Reconfigurable Logic Devices
By J. Torres, et al. DOI: 10.5772/57123
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
27
System-On-Chip based OBCs
We are now able to squeeze in a single IC functions that few years ago were made with
multiple electronic boards
All our digital electronic is powered by a single 3.3V power source
Besides passives, DCL is populated by an handful of items.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
28
Example: Curiosity (NASA)
Launched on 26 Nov. 2011.
Touched down on 5 Aug. 2012.
It has spent 1969 sols (3000 martian days) since landing.
Has covered 18.13 km until 11 Feb. 2018.
Mass: 889 kg, incl. 80 kg scientific instrumentation.
2.2
m
2.7
m
2.9
m
Case study: Curiosity (NASA)
Curiosity embedded system architecture is based on Wind River's
VxWorks Version 6.7 real-time OS (RTOS) running on BAE Systems
RAD750 processor - a radiation-hardened PowerPC CPU.
Runs at 200 MHz, providing about 400 MIPS.
Fully redundant.
Flight heritage: Mars Exploration Rovers (MERs) Spirit and
Opportunity used an earlier version of VxWorks running on the
RAD750's predecessor, the BAE RAD6000, which offered about 36
MIPS performance.
Curiosity's embedded systems design does not contain much
novelty besides the fact that it is running on another planet!
Some definitions
The on-board data handling (OBDH) of a spacecraft is the
subsystem which carries, elaborates and stores data between
the various electronics units and the ground segment, via the
telemetry, tracking and command (TTC) subsystem.
The Avionics are the various electronic systems making
spacecraft ‘cyber physical system’– some of them are ‘sensors’,
some others are actuators.
Real-time processing – Handling or processing information at
the time events occur or when the information is first created
hard real time => missing a deadline results in system
failure
soft real time => Quality of information degrades after a
deadline
Standard functions performed by OBDH
The OBDH has to perform many functions:
•
•
•
•
•
•
•
•
•
•
•
Reception and execution of commands from Ground
Data collection, formatting and transmission to Ground
Time distribution
Spacecraft health monitoring
Fault detection Isolation and recover (FDIR)
Provision of data storage for program and data
Execution of command schedules
Execution of control algorithms
Security
Data processing/compression
And more depending on the specif mission goal ...
Future challenges for OBDH: autonomy is key
Courtesy: ESA
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
33
ESA space OBDH: Reference Architecture
(SAVOIR)
Application software
Applications
AOCS
Satellite Conf
and Eqpt Mgmt
System FDIR
SSMM Mgmt
Execution platform
Plan/ Autonomy
Framework
Thermal
On board computer
Hardware
System mode
mgmt
Power
Hardware functions
OBT Mgmt
P/L Manager
Buses
Software bus
Libraries:
mathematical,
etc.
PUS specific
PUS
Telemetry
Telecommande
Abstract
component
services
Connector
services
Container
services
OBCP
interpreter
PUS monitoring
Avionics
Equipment
virtual devices
=SOIS DVS
Context
Mgmt
On-board time
=SOIS TAS
Standardized
devices
Communication
services
addressing
physical
distribution
across nodes
= SOIS MTS
Solid State
Mass Memory
CAN
MIL-1553
RAM
CPU
UART
SpW
EEPROM
ESA UNCLASSIFIED – For Official Use
Sensors &
actuators
Intelligent
devices
BSP
CPU
SOIS Layers
Legacy
devices
RTOS
SOIS Subnetwork layer (1553, CAN, SpW)
(including HDSW)
File/
Compress/
Encrypt
Security
Unit
Component
services
Remote Terminal Unit
Remote Interface Unit
SGM
Boot
PROM
OBTimer
HW
watchdog
Computation
Payloads &
Instruments
Application
SOIS Layers
ADCs / DACs
SOIS Layers
Space
Linux
microcontroller
Digital Sensorbus
CPU
Payload
Computer
Onboard Communications H/W (e.g. MIL-STD-1553B, SpaceWire, CAN, UART )
Avionics functions
System
alarms
Enable/
Disable
Log
Safe-Guard
Memory
Platform
TC Segments
Essential
TC
Reconfiguration
Mgmt
Platform
commanding
TC
Segments
Context
data
TC
CLTUs
TC
Segments
Alarms & config
Context data,
Boot report
Telecommand
Processing
TC Segments
X
TM packets,
files & config
FAR
CLCW
Security
TM
CADUs
Time
and
time
tick
Platform
Data Storage
AU
status
Encryption
Platform
Telemetry
TM
packets
TM
frame
sync
Time tick
On-Board
Time
Instruments incl.
ICUs,
Payload I/F Unit
Test
Payload direct monitoring
TM packets
Data
Concentrator
Platform
sensors and
actuators
Sensor and
actuator I/F
Config
Discrete
signals
Essential
TM
Encryption
Trig
Payload control
Platform
synchronisation
Time tick
Time
Time
reference
Payload
Data
Storage
Payload
Telemetry
Sensor and
actuator I/F
X
TM packets
Payload
commanding
Payload
Data Routing
Mission
Data Links
TM packets
& config
Authentication/
Decryption
Payload
Synchronisation
Cmd & Ctrl
Links
Time
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
Hot redundant operation
Hot or cold redundant operation
Cold redundant operation
35
Security
Payload
synchronisation
TM
CADUs
Avionics architecture: some of the variables
System
alarms
- X-strap in harness
- X-strap in OBC
- A mix
- RS-422 or LVDS or
bilevel
Trx
- SpaceWire
- 2 – 12 links
- X-strap in harness
- No x-strap
- No standard protocol
- Analog
- Digital
- Qty from 8 to 36
- Internal or external x-strap
- 28V unreg. power
- 28V reg. power
- 50V ”semi” reg power
- 1 ms, 50 ms or 5 s
power dropouts
P/L
MM
PacketWire
SpaceWire
OBC
Trx
1553/CAN
“Discrete”
I/O system
- 5V, 16 V or 28 V
- 10, 180 or 500 mA
High priority
commands
(on/off)
1553 or
SpaceWire
- 4 – 16 links
1, 2 or 3
buses
P/F
unit
CAN
P/F
unit
- ECSS-E-50-14 with variations
- UARTs (from 2 to 15 lines)
- SDLC/HDLC protocol
- Serial 16 bit
- Serial 32-bit
P/L
router
P/L
unit
P/L
unit
Space computer I (courtesy Airbus Space).
Flown on Alphas
Space computer II (courtesy Thales Alenia
Space)
Also flown on Alphasat
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
38
Open ISAs are now prevalent in the space
Development of space grade
market.
processors is severely limited by:
•
User space
●
ESA’s ERC32 was the most successful
processor ever which sold ~16000
pieces.
●
●
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
39
Access to IP and Foundries:
• We need an open ISA (SPARC ->
RISC-V).
• Non Recurrent Engineering of
<28nm chip is huge (given the
scale above)
• GPUs for SPACE do not exist!
Physics:
• Radiation/soft errors
• Memory (size, speed)
• Thermal issues
• Packaging limitations
• Power supply stability.
RISC-V
●
●
●
●
●
RISC-V is a free and open instruction set architecture
(ISA) enabling a new era of processor innovation
through open standard collaboration.
RISC-V was originally developed by UC Berkley to
support computer architecture research and education
oriented at hardware implementations, because they
could not find a simple and flexible ISA fit for such
purpose.
RISC-V ISA delivers a new level of free, extensible
software and hardware freedom on architecture.
Since implementation is not defined at the ISA level, but
rather by the composition of the SoC and other design
attributes, the chipset can be customized to be big,
small, powerful or lightweight based on what devices
need.
On-going fault-tolerance implementation is key for its
(future) success in space missions!
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
40
SiFive single-board
computer running Linux
RISC-V
●
●
●
ESA is supporting the RISC-V development at Gaisler.
VHDL instantiations of RISC-V implementing Fault Tolerance on-going with adaptations
to specific target technologies.
In short term (1-3 yr) we will see RISC-V as soft core for rad-hard FPGA, and in longer
term as core for dedicated SoC ASICs.
Configuration ISA*
Pipeline
Cache
MMU
PMP
FPU
Note
Availability
TIN32
RV32IM
single issue
no
no
no
no
Tiny configuration
2020-Dec
MIN32
RV32IMAC
single issue
yes
no
yes
no
Minimal 32-bit configuration
2020-Dec
MIN64
RV64IMAC
single issue
yes
no
yes
no
Minimal 64-bit configuration
2020-Dec
GPP32
RV32GCHN
single issue
yes
yes
yes
GRFPU or
NanoFPU
General purpose 32-bit
configuration
2020-Dec
GPP64
RV64GCHN
single issue
yes
yes
yes
GRFPU or
NanoFPU
General purpose 64-bit
configuration
2020-Dec
HPP32
RV32GCHN
dual issue
yes
yes
yes
GRFPU or
NanoFPU
High-performance 32-bit
configuration
2020-Dec
HPP64**
RV64GCHN
dual issue
yes
yes
yes
GRFPU or
NanoFPU
High-performance 64-bit
configuration
Available
Available NOEL-V configurations from Gaisler: see https://www.gaisler.com/index.php/products/processors/noel-v
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
41
Summary of today`s lecture
We have introduced DSP, ASICs and FPGAs and make comparision
between them.
We have discussed high level system requirements of space onboard data handling.
We have discussed the state-of-the-art and future developments in
OBDH.
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
42
Next lecture
●
In the next lecture we will introduce and discuss:
●
Interrupts
●
GPIO
●
Analog to digital conversion
●
Timers
●
Serial communication
15/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
43
Electronic circuit symbols
AE4S15 - Embedded systems HW/SW
Interfaces
20/02/2023
Dr. Alessandra Menicucci
Today`s learning objectives
To define and explain the basics HW/SW interfaces of embedded
systems.
In particular:
●
Interrupts
●
GPIO
●
Analog to digital conversion
●
Timers
●
Serial communication
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
2
Interrupt
●
●
●
An interrupt is a signal to the processor emitted by hardware or
software indicating an event that needs immediate attention.
Whenever an interrupt occurs, the controller completes the execution
of the current instruction and starts the execution of an Interrupt
Service Routine (ISR) or Interrupt Handler.
ISR tells the processor or controller what to do when the interrupt
occurs.
Interrupts can be Hardware or Software:
●
Hardware interrupts are electric signals often created by a input
device (e.g. keyboard, mouse)
●
Software interrupts are caused by either an exceptional condition or a
special instruction in the instruction set (e.g. divide-by-zero exception)
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
3
Example of a system with interrupt
Goal: Change color of RGB LED when switch is pressed
How to interface with GPIO will be explained later
Need to add external switch and LEDs.
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
4
How to Detect Switch is Pressed?
Polling vs. Interrupts
Polling - software continuously monitors the status of other devices to check if
an event occurred
Slow: need to explicitly check to see if switch is pressed
Wasteful of CPU time: the faster a response we need, the more often we
need to check
Scales badly: difficult to build system with many activities which can
respond quickly. Response time depends on all other processing.
Interrupt - use special hardware in MCU to detect event, run specific code (ISR)
in response
Efficient: code runs only when necessary (event-based processing)
Fast: hardware mechanism
Scales well: allows many multi-threaded embedded systems to be
responsive without an operating system (specifically task scheduler)
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
5
Interrupt/Exception Processing
Sequence
Other code (background) is running
Interrupt trigger occurs
Processor does some hard-wired processing
Processor executes ISR (foreground), including return-from-interrupt instruction at end
Processor resumes other code
Main Code
(Background)
Hardwired CPU
response activities
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
6
ISR
(Foreground)
Example Interrupt Code
RGB
LED
SW
ISR
ISR
count
Main
While int main() {
while(true) {
if(bool_flag1 == true) {
lightLED();
bool_flag1 = false;
}
// sleep_mode();
}
}
Task
Global Variable
ISR_1 {
}
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
7
count ++;
bool_flag1 = true;
Interrupt Response Latency
Latency = time delay
Why is it important?
This is an overhead which increases as the interrupt rate rises
This delays our response to external events, which may or may not
be acceptable for certain applications
How long does it take?
Finish executing the current instruction or abandon it if too long
Push various registers on to the stack, fetch vector
If we have external memory with wait states, this takes longer
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
8
Maximum Interrupt Rate
How many interrupts can be handled per second?
FMax_Int: maximum interrupt frequency
FCPU: CPU clock frequency
CISR: Number of cycles ISR takes to execute
COverhead: Number of cycles of overhead for saving state, vectoring, restoring state, etc.
FMax_Int = FCPU/(CISR+ COverhead)
Note that model applies only when there is one interrupt in the system
When an interrupt occurs, the CPU is occupied and cannot execute the other
(main) code
UInt: Utilization (fraction of processor time) consumed by interrupt processing
UInt = 100%*FInt* (CISR+COverhead)/ FCPU
It means that the CPU running the main code at clock speed of (1-U Int)*FCPU
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
9
GPIO Basics concepts
GPIO = General-purpose input and output (digital)
Input: program can determine if input signal is a 1 or a 0
Output: program can set output to 1 or 0
Can use this to interface with external devices or on-board peripherals
Input: switch, button.
Output: LEDs, speaker.
In space CPU GPIO are usually the on/off type.
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
10
LPC1115FBD48 pin-out
4 Ports (PIO0/PIO1/PIO2/PIO3)
Pin0 to Pin11(12 in total)
for Port0/1/2
Pin0 to Pin5(6 in total)0 for
Port3
Not all port bits are available
on the board
Quantity depends on
package pin count and MCU
layout
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
11
GPIO Port Bit Circuitry in MCU
Configuration
Direction
Interrupt
Modes
Mux
Edge or level-sensitive(high-
active or low-active)
interrupt request
Data
Output
Input
Analogue
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
12
Inputs: What’s a One? A Zero?
Input signal’s value is determined
by voltage
Input threshold voltages depend
on supply voltage VDD
Exceeding VDD or GND may
damage chip
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
13
Outputs: What’s a One? A Zero?
Nominal output voltages
Note: Output voltage depends on current
drawn by load on pin
Vout
1: VDD-0.5 V to VDD
0: 0 to 0.5 V
Logic 1 out
Need to consider source-to-drain resistance
in the transistor
Above values only specified when current <
5 mA (18 mA for high-drive pads) and VDD >
2.7 V
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
14
Logic 0 out
Iout
Analog Interface: why it is needed?
Embedded systems often need to measure values of physical parameters
These parameters are usually continuous (analog) and not in a digital form which
computers (which operate on discrete data values) can process
Temperature
Environment monitor
Temperature sensor (is our equipment too hot?)
Thermostat for thermal control
Propulsion nozzle controller
Chemical reaction monitor
Safety (e.g. microprocessor/processor thermal
management)
Digital camera sensor
Sun sensor (for AOCS)
Plasma/radiation sensor
Charging monitor
Rotary position
Attitude sensor
Solar panel movement mechanism
Pressure
Tank pressure monitor
Valve pressure
Propulsion controller
Thrust monitoring
Acceleration
Thrust monitoring
Inertial Platform
Mechanical strain
Housekeepings
Current, Voltages
Battery Monitor
Example Analog sensor: depth gauge
Pressure
V_ref
Analog to
// SW
Digital
Sensor
ADC_Code = ADC0->R[0];
Converter
V_sensor = ADC_code*V_ref/1023;
Air Pressure
Pressure_kPa = 250 * (V_sensor/V_supply+0.04);
Depth_ft = 33 * (Pressure_kPa – Atmos_Press_kPa)/101.3;
V_sensor
ADC_Code
Voltages
V_ref
ADC
Output Codes
111..111
111..110
111..101
111..100
V_sensor
Ground
ADC_Code
000..001
000..000
Sensor detects air pressure and generates a
proportional output voltage V_sensor
2. ADC generates a proportional digital integer (code)
based on V_sensor and V_ref
3. SW routine converts that integer to voltage, pressure
1.
and depth
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
16
Getting From Analog to Digital
A Comparator tells us “is Vin > Vref?”
Compares an analog input voltage with an
analog reference voltage and determines
which is larger, returning a 1-bit number
E.g. Indicate if depth > 100 ft
Set Vref to voltage pressure sensor returns with
100 ft depth.
An Analog to Digital converter [AD or ADC]
tells us how large Vin is as a fraction of Vref.
Reads an analog input signal (usually a voltage)
and produces a corresponding multi-bit number
at the output.
E.g. calculate the depth
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
17
Comparator
Vin
0
Vref
A/D Converter
Vref
0
1
Vin
Clock
0
1
Digital to Analog Conversion
In some cases an analog voltage or current
as an output signal needs to be generated
E.g. audio signal, video signal brightness.
DAC: “Generate the analog voltage which is
this fraction of Vref”
Digital to Analog Converter equation
D/A Converter
n = input code
N = number of bits of resolution of converter
Vref = reference voltage
0
1
Vout = output voltage.
0
Vref
• Vout = Vref * n/(2N) or
• Vout = Vref * (n+1)/(2N)
(The offset +1 term depends on the internal
configuration of the DAC. It can be found in
the datasheet of the component)
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
1
18
Vout
Digital value
Waveform Sampling and Quantization
time
A waveform is sampled at a constant rate – every Dt
Each such sample represents the instantaneous amplitude at the instant of
sampling
“At 37 ms, the input is 1.91341914513451451234311… V”
Sampling converts a continuous time signal to a discrete time signal
The sample can now be quantized (converted) into a digital value
Quantization represents a continuous (analog) value with the closest discrete
(digital) value
“The sampled input voltage of 1.91341914513451451234311… V is best
represented by the code 0x018, since it is in the range of 1.901 to 1.9980 V which
corresponds to code 0x018.”
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
19
A/D – Flash Conversion
A multi-level voltage divider is
used to set voltage levels over
the complete range of
conversion.
A comparator is used at each
level to determine whether the
voltage is lower or higher than
the level.
The series of comparator
outputs are encoded to a binary
number in digital logic (a
priority encoder)
Components used
1V
7/8 V
6/8 V
5/8 V
4/8 V
3/8 V
2/8 V
2 resistors
2N-1 comparators
N
1/8 V
V in
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
20
R
Comparators
+
R
R
+
+
+
R
1
Encoder
-
0
+
R
R
1
-
R
R
1
-
0
+
0
+
-
0
3 bits
ADC - Successive Approximation
Conversion
The Successive Approximation Register
(SAR) ADC Successively approximate
input voltage by using a binary search and
a DAC. It performs
●
●
●
●
Sample and hold of the analog signal.
For each bit, the SAR logic outputs a
binary code to the DAC that is
dependent on the current bit under
scrutiny and the previous bits already
approximated.
The comparator is used to determine
the state of the current bit.
Once all bits have been approximated,
the digital approximation is output at the
end of the conversion (EOC).
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
21
ADC Performance Metrics
Linearity measures how well the transition voltages lie on a straight line.
Differential linearity measure the equality of the step size.
Conversion time: between start of conversion and generation of result
Conversion rate = inverse of conversion time
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
22
Sampling Problems
Nyquist criterion: the sampling rate must be at least twice the highest analog
frequency component F max or
Fsample >= 2 * Fmax frequency component
Frequency components above ½ Fsample are aliased, distort measured signal
In the real world filters are not perfect (especially COTS) therefore so we have to
choose a sampling frequency high enough that our filter attenuates aliasing
components adequately
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
23
ADC Inputs
Differential
Use two channels, and compute difference between them
Very good noise immunity
Some sensors offer differential outputs (e.g. Wheatstone Bridge)
Multiplexing
Typically share a single ADC among multiple inputs
Need to select an input, allow time to settle before sampling
Signal Conditioning
Amplify and filter input signal
Protect against out-of-range inputs with clamping diodes
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
24
Sample and Hold Devices
Some A/D converters require
the input analog signal to be
held constant during
conversion, (e.g. successive
approximation devices)
In other cases, peak capture or
sampling at a specific point in
time necessitates a sampling
device.
This function is accomplished by
a sample and hold device as
shown to the right:
These devices are incorporated
into some A/D converters
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
25
Sampling
switch
Analog Input
Signal
Cc
Output
Signal
Hold
Capacitor
Timer/Counter Peripheral Introduction
•
•
•
•
•
Events
Reload Value
or
Clock
Presettable
Binary Counter
Reload
Current Count
÷2 or RS
PWM
Interrupt
Embedded microcontrollers usually include several elaborate timers that allow to
capture the current time or time differences, triggered by hardware or software events,
generate interrupts when a certain time is reached (e.g. stop watch, timeout),
generate interrupts when counters overflow,
generate periodic interrupts, for example in order to periodically execute tasks (e.g.
scheduler)
• generate specific output signals, for example PWM (pulse width modulation)
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
26
LPC111x Timer Peripherals
●
●
●
●
2 16-bit counter/timers with a
programmable 16-bit prescaler
(CT16B0/1)
2 32-bit counter/timers with a
programmable 32-bit prescaler
(CT32B0/1)
System tick timer(SysTick)
Windowed WatchDog and Watchdog
Timer
●
Restart MCU when accidential unknown
problems occur
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
27
16/32-bit Timer/Counter
Reload Value
Reload
Clock
TIMx_CNT
TIMx_PSC
Current Count
TIMx_ARR
Interrupt
ISR
16-bit timer and 32-bit timer are similar besides the resolution
CT16B0 and CT16B1 are identical besides the base address
CT32B0 and CT32B1 are identical besides the base address
4 general purpose timer in total which can be configurated as timer or counter
Periodic interrupt source
Counting
Pulse Width Demodulator
Pulse Width Modulator
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
28
Resume
16/32-bitTimer/
Counter Block
Diagram
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
29
Timer as a periodic Interrupt Source
Match Value
Reload
Clock
TMR32Bx_TC
TMR32Bx_PC
TMR32B0_MCR
Interrupt
ISR
Resume
Current Count
One of the basic function of the timer is to cause independent and
periodic interrupts
Best for regularly repeating some certain small tasks
Take 32-bit timer as an example
Can be clocked by the peripheral clock (PCLK) or externally supplied
clock
4 match registers
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
30
Serial communications
Why Communicate Serially?
Native word size is multi-bit (8, 16, 32, etc.)
In many applications it is not feasible to send all the word bits at the
same time
Cost and weight: more wires needed, larger connectors needed
Mechanical reliability: more wires => more connector contacts to fail
Timing Complexity: some bits may arrive later than others due to
variations in capacitance and resistance across conductors
Circuit complexity and power: may not want to have 16 different radio
transmitters + receivers in the system
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
31
Example System
Peripheral
write lines between MCU and
each peripheral
Fast, allows simultaneous
Data
Rd Wr
Peripheral
transfers
Requires many connections,
PCB area, scales badly
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
32
Peripheral
Rd Wr
Parallel data lines, read and
MCU
Data
connections
Data
Peripheral
Dedicated point-to-point
Data
Rd Wr
Wr Rd
Parallel buses
Select
Peripheral
MCU
Wr Rd
Data
Select
Peripheral
Wr Rd
Data
Select
Peripheral
Wr Rd
Data
Select
Peripheral
Wr Rd
Data
All devices use buses to share data, read and write signals
MCU uses individual select lines to address each peripheral
MCU requires fewer pins for data, but still one per data bit
MCU can communicate with only one peripheral at a time
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
33
Synchronous Serial Data Transmission
D3
D
D2
Q
Parallel Data In
D1
D
Q
D0
D
Q
D
Q
Serial
Data Out
Clk
Serial
Data In
D
Q
D
Q
D
Q
D
Q
Clk
D3
D2
D1
Parallel Data Out
Receiving Device
Transmitting Device
Clock
Serial Data
Data Sampling Time at Receiver
Use shift registers and a clock signal to convert between serial and
parallel formats
Synchronous: an explicit clock signal is along with the data signal
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
34
D0
Synchronous Full-Duplex Serial Data Bus
Select
Select
Peripheral
MCU
Peripheral
Clk DIn DOut
DIn DOut
Select
Peripheral
DIn DOut
Select
Peripheral
DIn DOut
Now can use two serial data lines - one for reading, one for
writing.
Allows simultaneous send and receive full-duplex
communication
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
35
Synchronous Half-Duplex Serial Data Bus
Select
Select
Peripheral
Peripheral
MCU
●
●
Clk
c Clk
Data
Data
Select
Peripheral
Clk
Data
Select
Peripheral
Clk
Data
Share the serial data line
Doesn’t allow simultaneous send and receive - is half-duplex
communication
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
36
Asynchronous Serial Communication
Data
bits
Tbit*10.5
Tbit*9.5
Tbit*8.5
Tbit*7.5
Tbit*6.5
Tbit*5.5
Tbit*4.5
Tbit*3.5
Tbit*2.5
Tbit*1.5
Time Zero
Data Sampling
Time at Receiver
Eliminate the clock line!
Transmitter and receiver must generate clock locally
Transmitter must add start bit (always same value) to indicate start of each data
frame
Receiver detects leading edge of start bit, then uses it as a timing reference for
sampling data line to extract each data bit N at time T bit*(N+1.5)
Stop bit is also used to detect some timing errors
20/02/2023 AE4S15 Lecture 03 Dr. Alessandra Menicucci
37
Next lecture
Next lecture will explain and discuss software paradigms for
embedded systems
AE4S15 - Embedded systems basic
software
22/02/2023
Dr. Alessandra Menicucci
Outline of the lecture
●
●
●
Introduction to embedded software programming
●
Concurrency
●
Scheduling
●
Real-time
Guidelines for embedded system co-design
Presentation of the group assignments
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
2
Embedded Programming
Embedded programming is more difficult than traditional programming for many
reasons:
●
●
●
●
●
●
HW/SW are much closer to each other and we must co-design.
Real-time issue.
Concurrency (multiple threads, scheduling, deadlocks).
Limited resources (power, memory size, computing capability).
Event-driven programming using interrupts.
You cannot learn embedded programming in one lecture but you can learn the
basics principles, in particular concurrency, scheduling and real-time
operating system.
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
3
Concurrency
Definition
In computer science, concurrency is a property of systems
in which several computations are executing simultaneously, and potentially
interacting with each other.
A process is a unit of execution in concurrent programming.
T0
T6
Process 1
Process 2
Process 3
P2 ends
P3 ends
P1 ends
Example of concurrency with time slicing. Only one process is executed at any given time
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
4
Threads and Processes
Thread is an execution unit that is part of a process. A process can have multiple
threads.
Multithreading is a technique which allows a CPU to execute many tasks of one
process at the same time. These threads can execute individually while sharing their
resources.
Abraham Silberschatz,
Greg Gagne, and Peter
Baer Galvin,
"Operating System
Concepts, Ninth
Edition ", Chapter 4
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
5
MCU HW & SW for Concurrency
CPU executes instructions from
one or more thread of
execution
Hardware peripherals add
dedicated concurrent
processing
Watchdog timer
ADC
Timers
Communications with other
devices
Detecting external signal
events
Power management
Peripherals use interrupts to
notify CPU of events
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
6
Concurrent HW & SW Operations
Hardware
Software
Hardware
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
Software
Embedded
systems rely
on both
MCU
hardware
peripherals
and
software to
get
everything
done on
time
Time
Software
7
Foreground – background (Super-loops)
Simple systems are usually
designed as foregroundbackground or super-loops.
Foreground is also called
interrupt level;
background is called task
level.
Source: https://doc.micrium.com/
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
8
Scheduling Approaches
●
Rely on CPU’s hardware interrupt system to run the right
code
●
●
Event-triggered scheduling with interrupts
Use software to schedule CPU’s time
●
Static cyclic executive
●
Dynamic priority
●
Without task-level preemption
●
With task-level preemption
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
9
Why CPU Scheduling
●
Interrupts provide a basic scheduling approach for CPU in an eventtriggered approach:
●
●
●
More complex systems need to support multiple concurrent
independent threads of execution
●
●
●
“Run this subroutine every time this hardware event occurs”
It is adequate for simple systems
Use task scheduler to share CPU
Different approaches to task scheduling
Main goal of the scheduler is to make the CPU responsive
●
How can the CPU make the right things at the right times?
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
10
Definitions
TRelease
Other
process
Scheduler
Latency
Response Time
●
●
●
●
●
Ttask or TISR
Task or ISR Code
Scheduler
Time
TRelease(i) = Time at which task i (or interrupt) requests service/is released/is ready to run
TLatency (i) = Delay between release and start of service for task i
TResponse(i) = Delay between request for service and completion of service for task i
TTask(i) = Time needed to perform computations for task i
TISR(i) = Time needed to perform interrupt service routine i
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
11
Event-Triggered Scheduling using
Interrupts
Basic architecture, useful for simple low-power devices
Very little code or time overhead
Uses built-in task dispatching of interrupt system
Can trigger ISRs with input changes, timer expiration, UART data reception,
analog input level crossing comparator threshold
Function types
Main function configures system and then goes to sleep
◦ If interrupted, it goes right back to sleep
Only interrupts are used for normal program operation
Example: bike computer
Int1: wheel rotation
Int2: mode key
Int3: clock
Output: Liquid Crystal Display
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
12
Bike Computer Functions
Reset
Configure timer,
inputs and
outputs
cur_time = 0;
rotations = 0;
tenth_miles = 0;
while (1) {
sleep;
}
ISR 1:
Wheel rotation
rotations++;
if (rotations>
R_PER_KM/10) {
tenth_km++;
rotations = 0;
}
speed =
circumference/
(cur_time – prev_time);
compute avg_speed;
prev_time = cur_time;
return from interrupt
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
ISR 2:
Mode Key
ISR 3:
Time of Day Timer
mode++;
mode = mode %
NUM_MODES;
return from interrupt;
cur_time ++;
lcd_refresh--;
if (lcd_refresh==0) {
convert tenth_km
and display
convert speed
and display
if (mode == 0)
convert cur_time
and display
else
convert avg_speed
and display
lcd_refresh =
LCD_REF_PERIOD
}
13
A More Complex Application
GPS-based Pothole Alarm and Moving Map
Sounds alarm when approaching a pothole
Display’s vehicle position on LCD
Also logs driver’s position information
Hardware: GPS, user switches, speaker, LCD, flash memory
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
14
Application Software Tasks
Dec: Decode GPS signal to find current vehicle position.
Check: Check to see if approaching any pothole locations. Takes
longer as the number of potholes in database increases.
Rec: Record position to flash memory. Takes a long time if it needs
to erase a block.
Sw: Read user input switches. Run 10 times per second
LCD: Update LCD with map. Run 4 times per second
Dec
Check
Rec
Sw
LCD
Time
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
15
How do we schedule these tasks?
Task scheduling: Deciding which
task should be running now
Two fundamental questions:
Do we run tasks in the same
order every time?
Dec
●
Check
Rec
●
Can one task preempt another,
or must it wait for completion?
• Yes: Preemptive
• No: Non-preemptive
(cooperative, run-to-completion)
Sw
LCD
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
Yes: Static schedule (cyclic
executive, round-robin)
No: Dynamic, prioritized schedule
16
Static Schedule (Cyclic Executive)
Dec
Check
Rec
Advantage:
Sw
LCD
Dec
while (1){
Very simple
Dec();
Disadvantages:
Check();
Always run the same schedule, regardless of
Rec();
changing conditions and relative importance of
Sw();
tasks.
All tasks run at same rate. Changing rates
LCD();
requires adding extra calls to the function.
}
Maximum delay is sum of all task run times.
Polling/execution rate is 1/maximum delay.
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
17
Static Schedule Example
GPS Data Arrives
Checking
complete
Response Time
Rec
Sw
LCD
Dec
Check
What if we receive GPS position right after Rec starts running?
Delays
Have to wait for Rec, Sw, LCD before we start decoding position with Dec.
Have to wait for Rec, Sw, LCD, Dec, Check before we know if we are
approaching a pothole!
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
18
Dynamic Scheduling
It allows schedule to be computed on-the-fly
Based on importance
Prioritization means that less important tasks don’t delay more
important ones
How often do we decide what to run?
Coarse grain – After a task finishes. Called Run-to-Completion (RTC) or
non-preemptive
Fine grain – Any time. Called Preemptive, since one task can preempt
another.
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
19
Dynamic RTC Schedule
GPS Data
Arrives
Checking
complete
Response Time
Rec
Dec
Check
What if we receive GPS position right after Rec starts running?
Delays
Have to wait for Rec to finish before we start decoding position with Dec.
Have to wait for Rec, Dec, Check before we know if we are approaching a
pothole
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
20
Task State and Scheduling Rules
Scheduler chooses
among Ready tasks for
execution based on
priority
Scheduling Rules
If no task is running,
scheduler starts the
highest priority ready task
Once started, a task runs
until it completes
Tasks then enter waiting
state until triggered or
released again
Task is released
(ready to run)
Waiting
Task completes
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
21
Ready
Start
highest
priority
ready task
Running
Dynamic Preemptive Schedule
GPS Data
Arrives
Checking
complete
Response Time
Dec
Check
Rec
What if we receive GPS position right after Rec starts running?
Delays
Scheduler switches out Rec so we can start decoding position with Dec
immediately
Have to wait for Dec, Check to complete before we know if we are
approaching a pothole
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
22
Comparison of Response Times
Static
Rec
Sw
LCD
Dec
Check
Dynamic Run-to-Completion
Rec
Dec
Check
Dynamic Preemptive
●
Dec
Check
Preemption: Pros and Cons
●
Preemption offers best response time +
●
It allows to do more processing (support more potholes, or higher vehicle
speed) +
●
Requires more complicated programming, more memory ●
Introduces vulnerability to data race conditions -
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
23
Common Schedulers
●
Cyclic executive: non-preemptive and static.
●
Run-to-completion: non-preemptive and dynamic.
●
Preemptive and dynamic
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
24
Run-To-Completion Scheduler
●
●
Follows a “run-to-completion” model
●
A task’s execution is not interrupted by any other task
●
Only ISRs can interrupt a task
●
After ISR completes, the previously-running task resumes
Priority is typically static, so can use a table with highest priority tasks first for a fast,
simple scheduler implementation.
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
25
Round-Robin Scheduler
●
●
●
An example of cyclic and preemptive scheduler is the Round-Robin
scheduler
It employs time-sharing and assigns to each process the same time
slot or quantum.
It is a pre-emptive algorithm as the scheduler forces the process out
of the CPU once the time quota expires.
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
26
What’s an RTOS?
What does Real-Time mean?
A real-time system can calculate and guarantee the maximum response time
for each task and interrupt service routine
Soft and Hard-real-time systems (which have deadlines which must be met)
are both possible.
What does an RTOS privide?
Task Scheduler
●
Preemptive, prioritized to minimize response times
●
Interrupt support
Core Integrated RTOS services
•
Inter-process communication and synchronization (safe data sharing)
•
Time management
Optional Integrated RTOS services
◦ For example:
●
●
●
●
I/O abstractions?
memory management?
File system?
networking support?
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
27
Embedded Software Lifecycle
Coding is the most visible part of a software development process but is not the
only one!
Before we can code, we must know
What must the code do? Requirements specification
How will the code be structured? Design specification
◦ (only at this point can we start writing code)
How will we know if the code works? Test plan
Best performed when defining requirements
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
28
Requirements
●
Ganssle’s Reason #5* for why embedded projects fail: Vague Requirements
●
Types of requirements
●
●
●
●
Representations
●
●
●
Functional - what the system needs to do
Nonfunctional - emergent system behaviors such as response time, reliability, energy
efficiency, safety, etc.
Constraints - limit design choices
Text – Liable to be incomplete, bloated, ambiguous, even contradictory
Diagrams (mode charts, flow charts, etc.)
Traceability
●
Each requirement should be verifiable with a test
*Jack Ganssle in an internationally-recognized embedded systems engineer, author and speaker.
See http://www.ganssle.com/articles/jackstoptenlist.htm for more on this. “Perfecting the art of bild embedded systems”.
SMART = Specific Measurable Achievable Realist Traceable
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
29
Design Before Coding
Architectural
Design
●
●
●
Coding
Test the
Code
Ganssle’s reason #9: Starting coding too soon
Underestimating the complexity of the needed software is a very
common risk
Writing code locks you in to specific implementations
●
●
Detailed
Design
Starting too early may paint you into a corner
Benefits of designing system before coding
●
●
●
Get early insight into system’s complexity, allowing more accurate effort
estimation and scheduling
Can use design diagrams rather than code to discuss what system should do
and how. Ganssle’s reason #7: Bad Science
Can use design diagrams in documentation to simplify code maintenance
and reduce risks of staff turnover
22/02/2023
AE4S15 Lecture 04 Dr. Alessandra Menicucci
●
30
Embedded systems programming
Embedded Systems programming requires
HW Design Path
Phase 6: Acceptance testing
Phase 4:
HW/SW
Detailed
Design
Phase 5: HW/SW Integration
Phase 3: Prototype
Phase 2: HW/SW Partition
Phase 1: Requirements analysis
co-design and cannot follow the classical
waterfall approach
Delivery
SW Design Path
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
31
Architectural (High-Level) Design
●
Architecture defines the structure of the system
●
●
●
●
Components
Externally visible properties of components
Relationships among components
Architecture is a representation which allows the designer to:
●
●
●
Analyze the design’s effectiveness in meeting requirements
Consider alternative architectures early
Reduce down-stream implementation risks
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
32
Detailed Design
●
Describe aspects of how system behaves
●
●
●
●
Graphical representations very helpful
●
●
Flow charts for control or data
State machine diagram
Event sequences
Can provide clear, single-page visualization of what system component
should do
Unified Modeling Language (UML)
●
●
Provides many types of diagrams
Some are useful for embedded system design to describe structure or
behavior
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
33
Flowcharts
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
34
Approaches to Testing
●
Incremental Testing
●
●
Code a function and then test it (module/unit/element testing)
Test then a few working functions together (integration testing)
●
●
Incremental testing requires extra code for the test harness
●
●
●
●
Continue enlarging the scope of tests as you write new functions
A driver function calls the function to be tested
A stub function might be needed to simulate a function called by
the function under test, and which returns or modifies data.
The test harness can automate the testing of individual functions to
detect later bugs
Big Bang Testing
●
●
Code up all of the functions to create the system
Test the complete system
●
Plug and pray
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
35
Why Test Incrementally?
●
●
●
Finding out what failed is much easier
●
With Big Bang, since no function has been thoroughly tested,
most probably have bugs
●
the question is “Which bug in which module causes the failure I
see?”
●
Errors in one module can make it difficult to test another module
●
Errors in fundamental modules (e.g. kernel) can
appear as bugs in other many other dependent
modules
Clear root cause tracing
●
It’s clear who made the mistake, and it’s clear who needs to fix it
Better automation
●
Drivers and stubs initially require time to develop, but save time
for future testing
22/02/2023 AE4S15 Lecture 04 Dr. Alessandra Menicucci
36
Group Assignment
There are 4 projects:
1)Smart Battery Control
2)Flexible Telecommand Decoder
3)Intelligent Sun Sensor electronics
4)Solar Panel Drive Mechanism
Final Deliverables: presentation/demo and prototype (hardware & software) .
Grading criteria:
●
Understanding of the requirements
●
Engineering approach
●
Functionality and usability of the deliverable
●
Planning
●
Creativity
●
Independence
22/02/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
The grade will be finalized
only when you return the
hardware!
37
1 – Smart Battery Control
What You Will Need
●
●
●
●
●
MCU development board
Temperature sensor, current and voltage control, rechargeable battery
In many applications, getting an accurate state of charge (SOC) estimation for the battery can be critical to
operations. Usually, the power is estimated using the battery’s known relation between voltage, current and
capacity. However, this capacity is highly dependent on the temperature of the battery, the current being drawn
and the age of the battery.
The goal of this project is to design and verify a capacity estimation method which takes into account voltage,
current and temperatures measurements through discrete sensors connected to the MCU, which improves the
accuracy of estimation only based on voltages.
An empirical multi-variable model can easily be trained on ground and then resulting inference can run on the
microcontroller. It can also be achieved through Machine Learning using TensorFlow Lite.
Requirements
●
●
Safety mechanisms (current limitation and temperature limitation) shall be implemented.
The system shall be failure tolerant, with no single point failure (a failure in any of its components shall not
compromise its operations).
22/02/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
38
2 - Flexible Telecommand Decoder
What You Will Need
●
●
MCU development board
Wired and wireless communication port to input generated telecommands
using a standard format.
Physical layer using laser
Requirements
The subsystem shall take commands (a command interface shall be defined) via a communication port connected
to a computer (e.g. USB serial)
●
The Packet Telecommand Decoder (PTD), shall hande (at least) 1 TC input channels, and process the following
layers:
●
Coding Layer (mandatory)
●
Transfer Layer (optional)
●
Segmentation Layer (optional)
●
Authentication Layer (optional)
●
Some of these layers have a telemetry reporting mechanism (USB serial can be used for TM reporting).
●
The system shall be failure tolerant, with no single point failure (a failure in any of its components
shall not compromise its operations).
22/02/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
39
3 - Intelligent sun sensor electronics
What You Will Need
●
MCU development board
In order to detect the intensity of light or darkness, you will use a sensor
called a LDR (Light Dependent Resistor).
Requirements
●
The subsystem shall read LDRs placed on a representative microsat structure
(a wooden/paper box) and derive the ‘sun vector’.
●
The attitude determination consists of three main operations:
1) Verify if all sensor values in the processed data are above a detection
threshold.
2) Determine the incidence angles on all the surfaces.
3) Combine the incidence angles with the knowledge of what surface they
correspond to in order to determine the sun vector with respect to the
local frame of reference.
●
Determime the number of LDRs to use based on the selected architecture
and sun vector accuracy.
●
The system shall be failure tolerant, with no single point failure (a failure in
any of its components shall not compromise its operations).
●
22/02/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
40
4 - Solar panel Drive Mechanism
What You Will Need
●
●
●
●
●
MCU development board
stepper motor
U2004 Darlington Array (if using a unipolar stepper)
SN754410ne H-Bridge (if using a bipolar stepper)
Power supply appropriate for your particular stepper
Requirements
●
●
The subsystem shall receive a command to set the solar panel at a certain angle, implement it
through the stepper motor and give feedback to the MCU.
The system shall be failure tolerant, with no single point failure (a failure in any of its components
shall not compromise its operations).
22/02/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
41
5 – Autonomous Thermal Control
What You Will Need
●
●
●
●
●
●
Arduino/ARM development board
Temperature sensor – e.g. a TMP36, a cheap single package device
Relay, RC plug switches or a power MOSFET
Screw terminals
Box to trap the heat
Heating element or incandescent bulb and fixture (or both) (e.g. old car headlights)
Requirements
●
●
●
●
The subsystem shall take commands (a command interface shall be defined) via a serial port connected to a
computer (The USB serial is OK, you can use a terminal program for command and control).
It shall be possible to set temperature setpoints and the system shall command heating (or cooling) in the most
power efficient way.
Safety mechanisms (current limitation and temperature limitation) shall be implemented.
The subsystem shall be FAILURE TOLERANT, a single failure in any of its components shall not compromise its
operations.
22/02/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
42
4 - Solar panel Drive Mechanism
What You Will Need
●
●
●
●
●
MCU development board
stepper motor
U2004 Darlington Array (if using a unipolar stepper)
SN754410ne H-Bridge (if using a bipolar stepper)
Power supply appropriate for your particular stepper
Requirements
●
●
The subsystem shall receive a command to set the solar panel at a certain angle, implement it
through the stepper motor and give feedback to the MCU.
The system shall be failure tolerant, with no single point failure (a failure in any of its components
shall not compromise its operations).
22/02/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
43
Group assignment kick-off
●
●
●
On Brightspace you will find videos of the previous years projects in order
to get a better idea about what could the end deliverable.
By 06/03/2023, each group (3-4 persons) should communicate to me the
top 2 preferred assignments, the timeline (start and end dates) and
distribution of tasks within the group.
By 13/03/2023 you will receive the confirmation of the topic you will be
working on and you can make an appointment to pick the first
components.
22/02/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
44
AE4S15 – Space Embedded systems
HW/SW Interfaces 2
08/03/2023
Dr. Alessandra Menicucci
Today`s Learning objectives
You will be able to explain the characteristics of memories and in
particular:
●
EPROM/Flash/SRAM/DRAM
●
Memory Map
You will be able to explain the most used Input and Output protocols:
●
UART Protocol
●
Memory Mapped Device Access
●
SPI Protocol
Development boards options for the group assignment.
We will practice concepts learned in Lecture 4 “Basic Software”.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
2
Space OBC (Thales Alenia Space)
SDRAM
SRAM
EEPROM
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
3
(Space) Embedded Systems Memories
Fixed
●
The content of the memory is physically fixed by the structure of the
memory element.
●
Examples: core rope memories (wire wound through or around a core, used
in Apollo) or antifuse-based PROMs.
Erasable
●
The contents of the memory is non-volatile, but the contents can be
changed. In many cases this involves an erase operation and then a write.
●
Examples: core, plated wire, electrically erasable programmable read only
memories (EEPROM), erasable read only memories (EPROM), ferroelectric
memories, and flash.
Volatile
●
The content of the memory is volatile: these memories do not retain
content either after the cycling of power or during “brown out” conditions.
●
Examples: SRAM, DRAM, and SDRAM
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
4
Programmable Read-Only Memories
●
●
●
PROMs are used in digital electronic devices to store permanent data, usually
low level programs such as firmware.
Each bit contains both a fuse and an antifuse and is programmed by triggering
one of the two.
Difference between ROM and PROM is that data are written into ROM at
manufacturing while PROM are programmed once after manufacturing.
ROM in a gameboy
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
5
Erasable Memories
●
●
●
PROM, EPROM, EEPROM and flash are the types of ROM.
The main difference between PROM and EPROM is that the PROM can
be programmed just once whereas EPROM is erasable (=it can be
reprogrammed or rewritten).
EPROM is erased using Ultra violet rays whereas, EEPROM can be
erased using electric signals.
STMicroelectronics 32 KB EPROM
Memory
PROM
EPROM
EEPROM
Meaning
Programmable Read
Only Memory
Erasable Programmable Read Only
Memory
Electrically Erasable
Read-Only Memory
Programmability
The chip is one-time
programmable only.
The chip is reprogrammable
The chip is
reprogrammable and
Erasing
Cost
Cheap
Expensive
Expensive
Packaging
PROM is encased in a
plastic covering.
A transparent quartz window covers
EPROM.
Encased in opaque
plastic case
Storage
Endurance
High (PROM are not
affected by radiation)
EPROM are guaranteed for 10 yrs,
however radiation and electric noise
can affect the storage stability
Same as EPROM
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
6
Boot Memories in space
●
In space designs boot memory architecture have been kept unchanged since
the early times of ERC32.
●
We have PROMs (mostly 32k) + EEPROMs, all with 8 bit access.
●
In years we have seen an accelerating increase of installed size.
Boot Memory installed capacity in ESA missions
70000
60000
Capacity (kbit)
50000
40000
30000
20000
10000
0
1985
1990
1995
2000
2005
Launch Year
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
7
2010
2015
2020
2025
Flash memories
●
●
Electrically modifiable, non‐volatile storage
Principle of operation:
●
●
The data are stored by removing or putting
electrons on its floating gate.
Charge on floating gate affects the threshold
of the memory element.
●
●
●
When electrons are present on the floating
gate, no current flows through the
transistor, indicating a logic-0.
When electrons are removed from the
floating gate, the transistor starts
conducting, indicating a logic-1.
This is achieved by applying voltages
between the control gate and source or
drain.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
8
From: http://www.eeherald.com/
●
2 different tecnologies:
NAND and NOR.
NAND and NOR
●
●
●
NAND Flash cell was designed with a very
small size to enable a low cost-per-bit of
stored data, and has been used primarily as
a high-density data storage medium for
consumer devices.
NOR Flash cell is bigger, but more robust,
but has typically been used for code storage
and direct execution in portable electronics
devices, such as mobile phones.
NAND is accessible in PAGES, while NOR
allows RANDOM access.
* F is the feature size and is determined by the lithographic tool
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
9
NAND or NOR?
Use of NAND vs. NOR Flash in embedded systems is an important trade off.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
10
FLASH Memories market
The market is dominated by NAND but NOR
has its niche especially in embedded
systems
8MB NOR
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
8GB NAND
11
Flash memories vs EEPROM?
●
Flash is just one type of EEPROM.
●
Flash uses NAND-type memory, while EEPROM uses NOR type.
●
Flash is block-wise erasable, while EEPROM is byte-wise erasable.
●
Flash is constantly rewritten, while other EEPROMs are seldom rewritten.
●
Flash is used when large amounts are needed, while EEPROM is used when only small amounts are
needed.se of NAND vs. NOR Flash in embedded systems is an important trade off.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
12
Volatile memories
●
●
●
●
Random Access Memory (RAM) are volatile memories: retains the data bits
in its memory as long as power is being supplied.
RAM is a semiconductor device internal to the integrated chip that stores data
or machine code.
There are 2 main types: DRAM (Dynamic Random Access Memory) and
SRAM (Static Random Access Memory).
The Random-Access allows to read/write in the same amount of time
irrespective of the physical location of the data inside the memory.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
13
Static Random Access Memory (SRAM)
●
●
●
●
Single bit is stored in a bi-stable circuit
SRAM does not need to be refreshed
periodically.
SRAMs provide fast access to the data.
Almost all the ‘on chip’ volatile memories
in microcontrollers and processors (like
caches and register file within the
processor core) are made with SRAM
allowing high performances and lower
power consumption (against a lower
density)
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
14
Cell with 6 transistors
Dynamic Random Access Memory
(DRAM)
●
●
●
●
●
The Dynamic Random Access Memory is a type of RAM
module that stores each bit of data within a separate
capacitor. The level of charge on the memory cell
capacitor determines whether that particular bit is a
logical "1" or "0" (charge present = logical "1" and
charge absent = logical "0").
This is an efficient way to store the data in memory
because it requires less physical space to store the data.
It is also very simple and as a result it can be densely
packed on a silicon chip and this makes it very cheap.
A particular size of DRAM can hold more amounts of
data than a SRAM chip with the same size.
The capacitors in DRAM need to be constantly recharged
to keep their charge. This is the reason why DRAM
requires more power.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
15
SRAM vs SDRAM
●
●
●
●
●
●
●
SRAM are very robust and have low (static) power consumption.
SRAM devices can be found in large variety of of capacities and organizations
(from very small to rather large).
SRAMs typically have very low latency and high performance.
SRAM memory can be designed and interfaced very easily compared to other
memories
DRAM storage capacity is very high (more than 10x SRAM)
DRAM is a low cost/bit device
Although random access is not fast it can be ‘pipelined’ to access adjacent
blocks in very efficient way.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
16
Technology trend in space systems:
Mass Memories
Trends:
Hubble
Rosetta
GAIA
Sentinel 2
SARah2-3
1990
2003
2012
2013
2021
1 Gbit
4 Gbit
800 Gbit
2.4 Tbit (FLASH)
12 Tbit (FLASH)
20 Mbps
100 Mbps
(7*40Mbps SpW ch)
2.5 Gbps
12.5 Gbps
Input data rates will increase up to 30Gbps , while downlink will reach 10 Gbps.
TerraSAR-X
MMU (Astrium)
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
ISSR
(Astrium)
17
GAIA PDHU
(Syderal)
Memory mapping
●
●
●
Memory mapping is a common technique for interfacing a
peripheral to a processor.
With memory mapping a set of functions or settings are broken
out and mapped to a set of values that are selected by a given
address.
Example: the PORT registers of an ATmega microcontroller
(used in Arduino).
●
If in the code you write something like PORTB = 0xAA, this will
set the 8 IO pins designated to PORTB to the value 0xAA.
●
PORTB is a pointer to a special memory address. This address
in memory maps to an IO peripheral that takes the value and
outputs it to the IO pins.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
18
Memory mapping in ARM Cortex M0
hexadecimal
representation
of a 32 bit
binary number;
each digit
corresponds
to 4 bit
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
19
Embedded Systems Communication
Protocols
●
●
In Lecture 3 we have seen the difference between asynchronous and synchronous
communications.
Different communication protocols are available for embedded systems such as:
●
●
●
●
UART (Universal Asynchronous Receiver-Transmitter)
SPI (Serial Peripheral Interface Bus)
I2C (Inter-Integrated Circuit)
USB (Universal Serial Bus)
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
20
Universal Asynchronous ReceiverTransmitter
●
●
●
Serial communication of bits via a single signal, i.e. UART provides parallel-to-serial
and serial-to-parallel conversion.
Sender and receiver need to agree on the transmission rate.
Transmission of a serial packet starts with a start bit, followed by data bits and
finalized using a stop bit:
https://developer.electricimp.com/
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
21
SPI (Serial Peripheral Interface Bus)
●
●
●
●
●
●
SPI is used typically to communicate across short
distances.
Characteristics:
●
4 logic signals which are synchronised
●
SCLK: Serial Clock (output from master)
●
MOSI: Master Out Slave In (data output from
master)
●
MISO: Master In Slave Out (data output from
slave)
●
SS: Slave Select (often active low, output from
master)
SPI supports one single master and multiple
slaves
always full-duplex: it communicates in both
directions simultaneously
a speed of several Mbps can be achieved
transfer data in 4 to 16 bit serial packets
One master - one slave
One master - 3 independent slaves
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
22
SPI Timing
●
In addition to setting the clock frequency, the master
must also configure the clock polarity and phase with
respect to the data
●
CPOL determines the polarity of the clock which can
be converted
●
CPOL=0 is a clock which idles at 0, and each cycle
consists of a pulse of 1. That is, the leading edge is a
rising edge, and the trailing edge is a falling edge.
●
CPOL=1 is a clock which idles at 1, and each cycle
consists of a pulse of 0. That is, the leading edge is a
falling edge, and the trailing edge is a rising edge.
●
CPHA determines the phase of the data bits relative
to the clock pulses.
●
CPHA=0 cycle consists of a half cycle with the clock
idle, followed by a half cycle with the clock asserted.
●
CPHA=1 cycle consists of a half cycle with the clock
asserted, followed by a half cycle with the clock idle.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
23
Red lines = clock leading edges
blue lines = trailing edges
SPI Pros and Cos
●
●
●
Fully duplex
good signal integrity and high speed
Higher throughput than I²C. Not limited to any
maximum clock speed, enabling potentially high
speed
●
Flexibility on the bits transferred: arbitrary
choice of message size, content, and purpose
and not limited to 8-bit words.
●
Extremely simple hardware interfacing
●
Typically lower power requirements than I²C
due to less circuitry (including pull up resistors)
●
Slaves use the master's clock and do not need
precision oscillators.
●
Transceivers are not needed - unlike CAN-bus
●
Uses only four pins (or wires) much fewer than
parallel interfaces.
●
Signals are unidirectional allowing for easy
galvanic isolation
●
Simple software implementation
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
●
●
●
●
●
●
24
Requires more pins on IC packages than
I²C
No hardware slave acknowledgment
Typically supports only one master
device
No error-checking protocol is defined
Only handles short distances compared
to RS-232, RS-485, or CAN-bus
Many existing variations, making it
difficult to find development tools
Embedded Systems Architectures
●
●
●
In this course you will have the possibility to
implement a simple but smart application
which features fault detection and
mitigation.
The available platforms are:
1)Xilinx Pynq (limited to 5 boards)
2)Arduino Mega
3)LPCXpresso Board for LPC11U14
Other architectures should be discussed
and “approved”.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
25
Zynq-7000: PS and PL
●
The Zynq-7000 SoC architecture
consists of two major sections
– PS: Processing system
●
Dual ARM Cortex-A9
processor based
–
●
●
–
Single core versions
available
Multiple peripherals
Hard silicon core
PL: Programmable logic
●
Uses the same 7 series
programmable logic
–
–
Artix™-based devices: Z7010, Z-7015 and Z-7020
(high-range I/O banks only)
Kintex™-based devices: Z7030, Z-7035, Z-7045, and
Z-7100 (mix of high-range
and high-performance I/O
banks)
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
26
PS Components
●
The Zynq SoC processing system
consists of the following blocks
●
●
Application processing unit (APU)
I/O peripherals (IOP)
●
Multiplexed I/O (MIO), extended
multiplexed I/O (EMIO)
●
●
●
●
Memory interfaces
PS interconnect
DMA
Timers
●
●
●
●
Public and private
General interrupt controller (GIC)
On-chip memory (OCM): ROM and
RAM
Debug controller: CoreSight
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
27
Zynq Architecture Built-in Peripherals
●
Two USB 2.0 OTG/Device/Host
●
Two Tri- Mode GigE (10/100/1000) Ethernet
●
Two SD/SDIO interfaces
●
Memory, I/O and combo cards
●
Two CAN 2.0Bs, SPIs , I2Cs, UARTs
●
Four GPIO 32bit Blocks
●
●
Multiplexed Input/Output (MIO)
●
●
54 available through MIO; other available through EMIO
Multiplexed pinout of peripherals and static memories
Extended MIO
●
Maps PS peripheral ports to the PL
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
28
Zynq-7000 SoC Block Diagram
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
29
Zynq-7000 PL
The PL of the Zynq SoC consists of
configurable logic blocks (CLBs) which
contains two slices. Each slice contains four
look-up tables (LUTs), eight Flip-flops (FFs),
and an accompanying switch matrix. There
are also Block RAMs and DSP slices.
• Slice: Each slice consists of resources to
implement the combinatorial and sequential
circuits.
• Look-up Table (LUT): To implement a logic
function of up to six inputs, RAM, ROM or
shift registers, the LUTs are used.
• Flip-flop (FF): For implementation of 1-bit
register with reset functionality, this
sequential element is used.
• Switch Matrix: It provides the connections
among the different parts within and
between the CLBs, as well as other parts of
the PL.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
30
Embedded Design Architecture in Zynq
Embedded design with Zynq is based on:
●
Processor and peripherals
●
●
●
●
●
Software platform for processing system
●
●
●
●
●
Dual ARM® Cortex™ -A9 processors of Zynq-7000 SoC
AXI interconnect
AXI component peripherals
Reset, clocking, debug ports
Bare Metal Applications or OS’s (e.g. Linux, FreeRTOS)
C language support
Processor services
C drivers for hardware
User application
●
Interrupt service routines (optional)
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
31
Pynq Interfaces
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
32
Arduino
●
●
●
Arduino is an open-source physical
computing platform based on a simple
I/O board and a development
environment that implements the
Processing/Wiring language.
Arduino Mega (or equivalent) is base on
the ATmega2560 which is a low-power
CMOS 8-bit microcontroller based on the
AVR enhanced RISC architecture.
It has 54 digital input/output pins (of
which 14 can be used as PWM outputs),
16 analog inputs, 4 UARTs (hardware
serial ports), a 16 MHz crystal oscillator,
a USB connection, a power jack, an
ICSP header, and a reset button.
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
33
AE4S15 – Exercise
We will practice
concepts learned in
Lecture 4 “Basic
Software”
08/03/2023 AE4S15 Lecture 05 Dr. Alessandra Menicucci
34
Exercise 1: the stopwatch
The stopwatch has the following hardware:
●
●
●
3 buttons for start, stop and clear functions.
●
Pressing Start starts the stopwatch
running. If pressed multiple times,
stopwatch continues running without
resetting elapsed time.
●
Pressing Stop stops the stopwatch from
counting.
●
Pressing Clear zeroes out the elapsed time
if the stopwatch is not running. If it is
running, the clear button is ignored.
A timer which triggers an interrupt every 1 ms.
The timer drives a counter which counts
milliseconds since system start-up, and can
be read as elapsed_time_counter.
A display to show elapsed time with 1 ms
resolution. The display must be updated 10
times per second.
Exercise 1
●
●
●
●
Write pseudocode for the software using event-triggered scheduling with interrupts.
Assume that each button can generate an interrupt.
Use a variable called state to indicate whether the stopwatch is stopped or running
Use a variable called elapsed_time to track how much time has elapsed since the
start button was pressed.
Use a variable called display_delay to track how many milliseconds remain until
the display needs to be updated again.
You have 15 min for this!
Solution 1
●
●
●
The display has 1 ms
resolution.
The display must be updated
10 times per second.
The timer ISR is called every 1
ms.
Main thread:
state = stopped
display_delay = 100
elapsed_time = 0
Start ISR:
state = running
Timer ISR:
if state == running
elapsed_time += 1 ms
display_delay -= 1
if display_delay == 0 {
display_delay = 100
display elapsed_time
}
Stop ISR:
state = stopped
Clear ISR
if state == stopped
elapsed_time = 0
Exercise 2
Now design pseudocode for the software using a static scheduler without using
any interrupts. Assume that the timer updates a hardware register called
elapsed_time_register every millisecond.
●
Use a variable called state to indicate whether the stopwatch is stopped or running
●
Use a variable called start_time to record when the start button was pressed.
●
Use a variable called stop_time to record when the stop button was pressed.
●
Use a variable called next_display_update to indicate when the display needs to
be updated next.
You have 10 min for this!
Solution 2
state = stopped
display elapsed_time_counter
next_display_update = elapsed_time_counter + 100
while (1) {
if start switch pressed {
if state == stopped {
start_time = elapsed_time_counter
state = running
}
}
if stop switch pressed {
if state == running {
stop_time = elapsed_time_counter
state = stopped
}
}
if clear switch pressed {
if state == stopped {
start_time = stop_time
}
}
if elapsed_time_counter > next_display_update {
if (state == running)
display elapsed_time_counter - start_time
else
display stop_time – start_time
next_display_update = next_display_update + 100
}
}
Exercise 3
Consider a system with 3 Tasks. We wish to minimize the response time for task C. For
each type of scheduler, describe the sequence of processing activities which will lead to
the minimum and the maximum response times for task C. Assume that each task is
ready to run and there are no further task releases.
1) Static, non-preemptive scheduler
2) Dynamic, non-preemptive scheduler
3) Dynamic, preemptive scheduler
Task
Duration
A
3
B
1
C
2
You have 5 min for this!
Solution 3
Static, non-preemptive scheduler
Dynamic, non-preemptive scheduler
Dynamic, preemptive scheduler
Task
Duration
A
3
B
1
C
2
a)Best Case: Task C starts immediately (at time 0). Tr = 0 + 2 = 2
Worst Case: Task A and Task B run first. Tr = 0 + 3 + 1 + 2 = 6
b)Best Case: Task C starts immediately (at time 0).
Worst Case: Longest task (A) just started running ε time units ago, so C won’t run until
it finishes. Tr = 0 + 3 – ε + 2 = 5 – ε
c) Best Case: Task C starts immediately (at time 0).
Worst Case: Longest task (A) just started running ε time units ago, but it is preempted
by C. Tr = 0 + 2 = 2
AE4S15 – Space embedded systems
architectures.
10/03/2023
Dr. Alessandra Menicucci
Lecture outline
• Communication protocols:
– I2C
– USB
• Real-Time Operating Systems
• Architecture synthesis: how can a complex embedded system
be modeled?
• Exercise on ADC/DAC and (briefly) how to read a datasheet.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
2
Inter-Integrated Circuit (I2C)
●
●
●
●
●
I2C is a synchronous communication
protocol => an explicit clock signal shared
between sender and receiver.
In addition to a clock signal, called SCL, an
I2C bus has a data signal called SDA.
The bus is considered idle when both
SCL and SDA lines are high.
To initiate communication the bus
master sends a start condition.
which means driving SDA low while
SCL is high.
When the bus master has completed
its interaction with the slave device,
the bus master asserts a STOP
condition, pulloing the SDA line high
while the SCL line is high.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
Pull-up resistors:
they pull lines to VDD
Source: Wikipedia
3
Pros and Cos of I2C
●
●
●
●
●
Flexibility The I2C protocol supports multimaster, multi-slave communication which can
add functionalities to the embedded system.
Addressing feature It is easy to add
components to the bus without any complexity.
Simplicity It requires only two bidirectional
signal lines to establish communication among
multiple devices and the pin count is low as
well.
Error handling mechanism Error detection
and correction relies on ACK/NACK feature
(ACK stands for Acknowledgement whereas
NACK means No Acknowledgement).
Adaptable The I2C protocol is adaptable in the
sense that it can work well with both slow ICs
and fast ICs.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
4
●
●
●
Conflicts Due to chip
addressing.
Slower speeds I2C protocol uses
pull-up resistors rather than the
push-pull ones used by its peers.
Due to the open-drain design, the
speed is limited.
Requires more space The pullup resistors on which the protocol
is based require quite some
space.
Universal Serial Bus (USB)
●
●
●
●
A USB system consists of a host with one or more downstream
ports, and multiple peripherals.
USB device communication is based on pipes (logical
channels).
A pipe is a connection from the host controller to a logical
entity within a device, called an endpoint.
There are two types of pipe: stream and message.
●
A message pipe is bi-directional and is used for control
transfers. Typically used for short, simple commands to the
device, and for status responses from the device.
●
A stream pipe is a uni-directional pipe connected to a unidirectional endpoint that transfers data using:
●
Isochronous transfer: real-time data such as audio and
video which require fixed bandwidth.
●
Interrupt transfer: used when data is sent regularly, for
example for status updates.
●
Bulk transfer: used to send data where timing is not
important, for example to a printer.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
5
What is a RTOS?
Definition:
A real-time operating system is an operating system that supports the
construction of real-time systems [Takada, 2001].
Soft and Hard real-time systems depending on how strict have to be the
deadlines which must be met.
3 key requirements:
1) The timing behavior of the OS must be predictable.
●
For each service of the OS, an upper bound on the execution time
must be guaranteed.
2) OS must manage the timing and scheduling.
●
OS has to be aware of deadlines and should have a mechanism to
take them into account in the scheduling
●
OS must provide precise time services with a high resolution
3) OS must be fast: in addition to being predictable, the OS must be
capable of supporting applications with deadlines that are fractions of a
second.
“Embedded System Design” Peter Marwedel (2006)
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
6
Why do we need a RTOS?
• A desktop OS is not suited because:
1) It is designed to serve general purpose use and therefore
offers too many features which are not needed for
embedded systems which have very specific scopes.
2) These extra features/services take too much memory
space and computation time.
3) The timing uncertainty is too large for mission-critical
applications.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
7
Configurability
• One of the key features of a RTOS for embedded systems is its
configurability: it must be possible to remove not used components
since unnecessary overhead is unacceptable.
• Examples:
1) Remove unused functions/libraries (for example by the linker).
2) Use conditional compilation (using #if and #ifdef commands in
C, for example)
Kernel configuration in VxWorks
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
8
Embedded OS
•
Device drivers are typically handled directly by tasks instead of drivers that
are managed by the operating system:
–
This architecture improves timing predictability as access to devices is
also handled by the scheduler
–
If several tasks use the same external device and the associated driver,
then the access must be carefully managed (shared critical resource,
avoid race-condition)
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
9
Functions of a RTOS
The most important function of a RTOS is Task management:
• Execution of quasi-parallel tasks on a processor using processes or threads (lightweight
process) by maintaining process states, process queuing, allowing for preemptive tasks (fast context
switching) and quick interrupt handling
• CPU scheduling (guaranteeing deadlines, minimizing process waiting times, fairness in
granting resources such as computing power)
• Inter-task communication (buffering)
• Support of real-time clocks
• Task synchronization (critical sections, semaphores, monitors, mutual exclusion)
– In classical operating systems, synchronization and mutual exclusion is performed via semaphores and
monitors.
– In real-time OS, special semaphores and a deep integration of them into scheduling is necessary (for
example priority inheritance protocols).
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
10
Task States
●
A RTOS task usually has the following main
states:
–
Running State: the task’s code is
currently being executed by the CPU.
–
Ready State: the task is ready to be put
into the running state. In the ready state,
the task does not consume any CPU
cycles.
–
Blocked State: the task is in this state
when it waits for the occurrence of some
event. In this state, the task does not
consume any CPU cycles.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
11
Open4Tech.com
Classes of RTOS
• Class 1: Fast proprietary kernels
• Examples: FreeRTOS, QNX, eCOS, RT-LINUX, VxWORKS, LynxOS.
• For hard real-time systems, these kernels are tricky to use
because they are designed to be fast, rather than to be
predictable in every respect but they have been successfully
used in many NASA missions including: Mars 2020, Mars
Reconnaissance Orbiter, Curiosity, Sojourner, Spirit,
Opportunity, Clementine, Phoenix Mars lander, Deep Impact
space probe, Mars Pathfinder and Juno.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
12
Classes of RTOS
• Class 2: Extensions to Standard OSs
• Real-time extensions to standard OS:
–
Attempt to exploit existing and comfortable main stream
operating systems.
–
A real-time kernel runs all real-time tasks.
–
The standard-OS is executed as one task
SpaceX Dragon SW engineers on Reddit
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
13
Example: RT Linux
RT-Linux runs the
standard Linux kernel (or
sub-kernel) as the lowest
priority task in a simple
real-time operating
system.
C. Wang et al. “Improving Real Time Performance of Linux
System Using RT-Linux” 2019, Journal of Physics Conference
Series, DOI: 10.1088/1742-6596/1237/5/052017
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
14
Classes of RTOS
• Class 3: Research Systems
• Research systems try to avoid limitations of existing real-time and embedded
operating systems.
• Examples include L4, seL4, NICTA, ERIKA, SHARK
• Typical Research questions:
– How to implement memory protection with low overhead.
– How to use cache memories in RTOS
– How to develop a RTOS for on-chip multiprocessors (i.e. hypervisors)
– How to provide quality of service (QoS) control
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
15
RTEMS
•
•
•
•
The Real-Time Executive for Multiprocessor Systems or RTEMS is an open
source Real Time Operating System (RTOS) that supports open standard
application programming interfaces (API) such as POSIX.
Chosen by ESA since it supports multiple microprocessors developed for use
in space including SPARC, ERC32 and LEON, MIPS Mongoose-V, Coldfire, and
PowerPC architectures, which are available in space hardened version.
Used in all ESA missions since 2006 and also many NASA (e.g. Mars
Reconnaissance Orbiter, Dawn Orbiter, Fermi Gamma-ray Space Telescope,
James Webb telescope)
Recently ported to support Xilinx Zynq UltraScale+ MPSoC.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
16
Embedded Systems Architecture
Synthesis
The scope of an architecture synthesis is to determine a hardware
architecture that efficiently executes a given algorithm.
Major tasks of architecture synthesis are:
●
allocation (determine the necessary hardware resources)
●
scheduling (determine the timing of individual operations)
●
binding (determine relation between individual operations of the algorithm
and hardware resources)
Classification of synthesis algorithms
●
heuristics or exact methods
Synthesis methods can often be applied independently of granularity of
algorithms, e.g. whether operation is a whole complex task or a single operation.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
17
Embedded Systems Design Flow
From P. Marwedel “Embedded System Design”
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
18
Which language to use to specify
embedded systems?
Requirements are often written in a natural language (i.e. English, Dutch, Italian etc.)
however this is not the best way to assure completeness and consistency of
specifications.
We need a specification language, a formal-machine readable language which
describes the system at a higher level than a programming language.
Specification languages are not directly executed, they describe the what and not the
how.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
19
Embedded Systems Features (1)
●
Hierarchy:
●
●
●
●
●
●
Behavioral hierarchies (system described by states/events)
Structural hierarchies (system described by physical components)
Timing behavior.
State oriented behavior (easy to implement but needs to be complemented by
timing and hierarchy)
Event handling: the reactive nature of embedded systems requires the capability
to recognize events which might be external or internal.
Exception oriented behavior / Exception handling.
From P. Marwedel “Embedded System Design”
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
20
Embedded Systems Features (2)
●
●
Component based design: it should be possible to derive the behavior of a system
from the behavior of its components
Concurrency: embedded systems are typically composed by distributed and
concurrent components.
●
Synchronization and communication: management of common resources.
●
Usability of programming languages.
●
Portability and flexibility: requirements should be as independent as possible from
specific hardware platform
●
Support for the design of dependable systems.
●
Appropriate model of computation.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
21
Models of Computation
The Von Neumann architecture does not describe fully an embedded system!
Models of Computation (MoC) describe the mechanism used to perform computations. It
defines how a set of inputs is computed to obtain a certain set of output.
Models of computation define:
●
●
Components: organization of computation in different components (Procedures,
processes, functions, finite state machine.
Communication protocols: methods for communication between components.
Relations between components can be captured in graphs where computations are represented
as processes or tasks.
An obvious type of relation between computations is their casual dependence (for example a
computation can be only executed after an another computation has been completed).
These dependencies are captured in dependence graphs.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
22
Models of Computation
Non Von-Neumann Architecture
Von-Neumann Architecture
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
23
Dependence graphs
These simple graphs should evolve
in task graph which include also:
●
●
●
●
●
●
Timing information
input/output
Access to resources
Periodic scheduling
Hierarchical nodes
...
From P. Marwedel “Embedded System Design”
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
24
Organization of computations
●
●
●
●
●
Communicating Finite State Machines (CFSMs): based on a finite set of state
machines communicating with each other (i/o and transitions between states).
Discrete event model: event carry a time stamp and are processed from a
event queue sorted by time.
Differential equations/polynomials: used for modeling analog circuits and
physical systems.
Asynchronous message passing: processes communicate by sending
messages which can be buffered. The sender does not need to wait for the
receiver to be ready. There different implementations for example Dataflow
program where the availability of data triggers the possible execution of
operations → risk of overflows.
Synchronous message passing: processes communicate in a instantaneous
actions called rendez-vous. The process which reaches first the point of
communication has to wait for the second to complete.
Designs starting from non-Von-Neumann models are also called model-based designs where
the key idea is to have some abstract mode of the system under design.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
25
Finite State Machine example
●
●
●
From P. Marwedel “Embedded System Design”
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
26
Circles are states. The system
can only be in one of its states.
Arrows represent state transition
Labels on the arrows represent
“events”
Model of communication
Shared memory: communication is performed by accessing the
same memory from all components. In shared memory if write
operations are involved, mechanisms for exclusive access must be
provided (e.g semaphores, monitors, spin-locks etc.).
Message passing: messages are sent and received by the different
components. Generally slower than shared memory.
●
Asynchronous message passing or non-blocking
●
Synchronous message passing or blocking communication
●
Extended rendez-vous, remote invocation: the sender is allowed to
continue only after receiving an acknowledgment from the recipient.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
27
Exercise
We will practice concepts learned in
Lecture 3 (ADC and DAC)
We will see how to read a datasheet
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
28
Exercise 1: Digital to Analog Converter
In Lecture 3 we have seen the Digital to Analog
Converters (DAC). From slide 18:
D/A Converter
0
DAC: “Generate the analog voltage which is
1
this fraction of Vref”
0
Digital to Analog Converter equation
1
Vref
n = input code
N = number of bits of resolution of converter
Vref = reference voltage
Vout = output voltage.
• Vout = Vref * n/(2N) or
• Vout = Vref * (n+1)/(2N)
(The offset +1 term depends on the
internal configuration of the DAC. It can be
found in the datasheet of the component)
1) Consider a 12-bit DAC with a reference
voltage of 3.3 V. What input code will
result in an output of 1.43 V?
2) Consider a 10-bit DAC with a reference
voltage of 2.7 V. Given that the input
code is 0x104, what is the output
voltage?
3) What is the output voltage resolution of
an 8-bit DAC with a reference voltage of
3.0 V?
You have 10 min for this!
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
Vout
29
Solutions Exercise 1
1) Input code = 1773 = int(1.43 / 3.3 * 4096 - 1)
2) Vout = 0.68818359375 = (2.7*(260 + 1))/1024
3) Voltage resolution = Vref/2Nbits = 0.01171875
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
30
Exercise 2: Analog to Digital
An Analog to Digital converter [AD or ADC]
tells us how large Vin is as a fraction of Vref.
Reads an analog input signal (usually a voltage)
and produces a corresponding multi-bit number
at the output.
Nbits
ADC (output) = Vin∗2
Vref
A/D Converter
Vref
0
1
Vin
0
1
Clock
Lecture 3 slide 17
1)Consider a 12-bit ADC with a reference voltage of 3.3 V operating in single-ended mode.
Given an input voltage of 0.92 V, what will the output code be?
2)Consider an 8-bit ADC with a reference voltage of 2.7 V operating in single-ended mode.
What input voltage range will lead to an output code of 0x34?
3)Consider a 12-bit ADC with an unknown reference voltage operating in single-ended mode.
What is the reference voltage if sampling the 1.0V band gap results in a code of 0x513?
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
You have
10 min for this!
31
Solutions Exercise 2
1) Output code = 1142 = (0.92 * 4096)/3.3
2) Vin min = 0.5431640625 = (52 -0.5) * 2.7/256
3)Vin max = 0.5537109375 = (52 +0.5) * 2.7/256
4) Vref = 3.153194765204 = 1 /4096 * 1299
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
32
How to read a datasheet?
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
33
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
34
Data Sheets contain detailed and controlled information and
they are a very precious engineering tool.
A data sheet is not a brochure or a catalog, it is not made to
“sell” a product.
A data sheet is not even a User guide/manual that deals more
with the step-by-step usage of a component.
Data sheets are detailed technical specifications: an explicit set
of functional performances that are satisfied by the component.
the
Check !
date
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
35
To understand typical Data Sheet “language” have a look at the “Absolute Max Ratings” section.
The component manufacturer guarantees only operation as described in data sheet. If you use it outside its design and
test boundaries you are in “uncharted territory”.
If it is not in the data sheet, it was not designed for it (one example for all: radiation)
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
36
ATMega basic info
ATMega comes in a 64-pin
package
Only 53 of those can be
used as Programmable
I/O Lines
The other are “service pins”
needed for operation.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
37
ATMega block diagram
Block diagram describes microcontroller
peripherals
IO pin group (port)
ADC
MCU peripherals
MCU, Arithmetic and Logic Unit
SERIAL comm controllers
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
38
ATMega registers
Each block is configured through registers. Registers are
writable memory areas, with fixed address that change
behavior of a defined HW block.
MCU peripherals
MCU, Arithmetic and Logic Unit
SERIAL comm controllers
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
39
ATMega registers
In appendix there is a full list of all the
registers.
This is commonly defined as the “I/O
space”
To exercise each HW function registers
need to be written, read, changed with
specific timing and order (described in
manual).
This is normally done by the low level
“drivers” that simplify function use for an
high level language.
ARDUINO IDE provides a complete set of
drivers and abstraction for all the MCU
functions.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
40
ATMega registers: USART example
A complex block as the USART is
controlled by several configuration
registers
e.g. UBRR controls the
transmission bit-rate, since USART
has to be initialized before any
communication can take place. The
initialization process normally
consists of setting the baud rate,
setting frame format and enabling
the Transmitter or the Receiver
depending on the usage.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
41
Memory map
ATMega128 has ONLY internal memory (as common for MCUs
unlike larger processors) with a fixed memory map.
– 128Kbytes of In-System Self-programmable Flash program
memory are used to retain the program when MCU is OFF
– 4Kbytes Internal SRAM are used as program memory
– Up to 64Kbytes Optional External Memory Space are possible
(rarely used in applications, though)
ARDUINO IDE writes your program in FLASH, resets your device
and uses one of the UARTs to monitor program execution.
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
42
Summary
Today we have seen:
●
I2C and USB
●
What is a RTOS and why we need it.
●
how to specify the characteristics of embedded
system with a specification language. This concludes
the overview of basic elements of (space) embedded
systems.
●
We have also practiced ADC/DAC and the reading of
a datasheet.
●
Next week we will cover space environment effects and
radiation hardness assurance and we will do more
exercises.
●
10/03/2023 AE4S15 Lecture 06 Dr. Alessandra Menicucci
43
AE4S15 – Space radiation environment
and effects on embedded systems.
13/03/2023
Dr. Alessandra Menicucci
Lecture Outline
•
•
•
•
What is radiation
Ionizing and non-ionising
Interaction of radiation with matter
Radiation environment in space
– Solar particles
– Trapped particles
– Cosmic Rays
• Radiation effects
– Cumulative effects
– Single Event Effects
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
2
Electromagnetic spectrum
Energy of one
photon in eV
10-9
10-8
10-7 10-6
10-5
10-4 10-3
10-2 10-1
Non-ionising
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
100
10
102
103
104
105
Ionising
3
106
Elementary Particles
-
-
+
+
+
+
-
Hydrogen
Helium
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
-
+
++
+
+
-
-
Carbon
4
Ionization
Electron released
-
Ionization occurs when
after the passage of a
radiation particle, the
atom or molecule loses
an electron and become
positively charged.
Radiation
-
-
+
+
++
+
+
-
12
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
-
-
C6+
5
Interaction of ionizing radiation with
matter
The ionization process depends on the type and energy of the
incident radiation and the characteristics of the material traversed.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
6
Displacement Damage
A small portion of energy can be lost in non-ionizing processes
which cause atoms to be removed from their lattice sites and
form permanent electrically active defects (e.g. interstitial defects) in
semiconductor materials.
NIEL (non-ionizing energy loss) is that part of the energy
introduced via both Coulomb (elastic), nuclear elastic, and
nuclear inelastic interactions which creatss these defects.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
7
NIEL calculation
Where
• NA is Avogadro’s number;
• A is the atomic weight;
• θmin is the scattering angle for which the recoil energy equals the
threshold for atomic displacement
• dσ/dΩ is the total differential cross section (elastic and inelastic) for
atomic displacements
• T is the recoil energy of the target atoms
• L(T) is the so called partition factor which partitions the energy into
ionizing and nonionizing events.
The units of NIEL are typically MeV/cm or MeVcm 2/g.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
8
NIEL vs particle energy and type
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
9
Particle range
• The range is the mean distance traveled in a material by a
charged particle before coming to rest.
• The path of heavy charged particles is almost straight, while
electrons due to scattering processes are not at all straight.
β (e-)
α
ranges
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
10
Radiation in space
Cosmic Rays
Three main sources of
radiation in space:
• Trapped particles
• Solar energetic
particles
• Cosmic Rays
Solar Particles
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
Radiation Belts
11
Charged particles motion in the Earth
magnetic field
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
12
Van Allen radiation belts
●
●
The radiation belts
Outer belt
are layers around a 10000-65000 km
planet, trapped by
its magnetic field.
Earth has 2 belts
discovered by Van
Allen in 1958.
Van Allen Probe A and B
330000-435000 km (MEO)
●
●
●
Galileo (GPS)
330000-435000 km (MEO)
International Space Station
330-435 km (LEO)
The outer belt consists mainly of high energy (0.1–
10 MeV) electrons.
Altitude: 13000 - 60000 km (3-10 Earth radii (RE))
Highest intensity: ~ 4–5 RE.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
Inner belt
1000-6000 km
●
●
The inner belt consist mainly of
high energy protons.
Altitude: 1000 - 6000 km (0.2 to 2
Earth radii (RE))
13
South Atlantic Anomaly
• The South Atlantic Anomaly (SAA) is an area
where the Earth's inner Van Allen belt comes
closest to the Earth`s surface, as low as 200 km.
• It is due to the fact that the Earth’s magnetic field
is not perfectly aligned with its geographic center
and poles (offset tilted and distorted dipole). Over
SSA the Earth`s magnetic field is weakest.
PAMELA measurements: http://pamela.roma2.infn.it/
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
14
The Sun
Sunspots are temporary phenomena on the Sun's
photosphere that appear as spots darker than the
surrounding areas. They are regions of reduced
surface temperature caused by concentrations of
magnetic field flux that inhibit convection.
The sunspot activity
follows a cycle of 11
years.
We are in the 25th solar cycle which started in
December 2019.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
15
Solar flares and CME
Both solar flares and CMEs are energetic events which occur on the Sun associated with
high energy particles.
Solar
Flares
Coronal Mass
Ejection
A solar flare is a sudden flash of brightness
In coronal mass ejection, coronal
observed near the Sun surface. Solar flares are
material in the form of huge amount
of plasma and electromagnetic
classified based on their X-ray intensity
radiation is ejected into space at high
measured in units of power per area, or Watts
speeds.
per meters squared.
Key differences:
Solar
Flare
Classification
●
•
spatial scale: flares are local events as compared to CMEs
which are much larger eruptions of the corona.
●
speed: while Solar Flare are very fast, CMEs are usually
relatively slow.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
16
Cosmic Rays
•
•
•
•
Cosmic rays are very high-energy heavy particles,
mainly originating outside the Solar System.
They produce showers of secondary particles that
penetrate and impact the Earth`s atmosphere.
Low flux
The Earth`s magnetic field shields us significantly
and also the solar activity reduces the flux (GCR min
at solar max)
Primary cosmic rays are composed
primarily of protons and alpha
particles (99%), with a small
amount of heavier nuclei (~1%)
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
17
Space radiation type and energy range
Radiation
Belts
Electrons
eV ~ 10 MeV
Protons
keV ~ 500
MeV
Solar events
Protons
KeV ~ 500
MeV
Ions
1 to few 10
MeV/n
Protons and
ions
Up to several
GeV.
Max flux at ~
300 MeV/n
Galactic
Cosmic Rays
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
18
Space radiation and orbit
LEO (ISS)
Inner radiation belt (protons) and solar particles.
LEO (polar)
Inner radiation belt (protons), solar particles and GCR over
the poles
MEO and GEO Outer radiation belt (electrons), solar particles and GCR.
Interplanetary
Solar Particles and GCR. Trapped particles only during the
passage through the belts
Jupiter
Jupiter radiation belts, solar particles and GCR.
The radiation analysis of a space mission begins always with its orbit!
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
19
Effects
Environment
Space Environment and effects
Courtesy of ESTEC TEC-EES
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
20
Space Environment Modeling tools
• The SPENVIS provides
standardized access to models
of the Space Environment
through a user-friendly WWW
interface.
• OMERE is another free software
developed by TRAD with CNES
support
http://www.spenvis.oma.be/spenvis/
http://www.trad.fr/en/space/omere-software/
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
21
Radiation effects in electronics
Cumulative effects
Total Ionizing dose
Displacement Damage
Single Event Effects
Hard errors/Non-recoverable
SEB
SEGR
SEL
Soft errors/Recoverable
SEFI
SET
SEU
SEU: Single Event Upset
SEB: Single Event Burnout
SEGR: Single event Gate Rupture SEFI: Single Event Functional
Interrupt
SEL: Single Event Latch-up
SET: Single Event Transient
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
22
Radiation Dose Units
• TID is the energy deposited by the ionizing particles
• It is measured in Gray (IS) or rad
• 1 Gray = 100 rad
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
23
Total Ionising Dose in MOS devices
Basic mechanics:
1. electron-hole pairs
Positive bias
creation (e.g. in MOS
gate/field oxides)
2. A fraction of the holes
will be transported to the
silicon/silicon-dioxide
interface
3. Deep hole trapping near
the interface
4. Interface traps within Si
bandgap
T.R. Oldman and F.B. MacLean “Total ionizing dose effects in MOS
oxides and devices” IEEE TNS Vol. 50 Issue 3, June 2003
These defects will change the characteristics of the device
(Modification of threshold voltage and mobility of the gate and
field-oxide)
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
24
Radiation induced charging of gate
oxide in N-Channel MOSFET
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
25
Radiation effects on bipolar devices
Process similar to MOS devices:
Charge trapping + Interface States
β = IC/IB
Main effects
• Increase of IB
• Gain degradation (β or hFE)
• Leakage
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
26
Post irradiation recovery
Schematic timedependent postirradiation threshold
voltage recovery of a
floating gate transistor
T.R. Oldman and F.B. MacLean “Total ionizing dose effects in MOS
oxides and devices” IEEE TNS Vol. 50 Issue 3, June 2003
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
∆VTH is not fixed after radiation
exposure.
●
When VGS>0 V, holes are
trapped into the oxide due
to the radiation effect.
●
These trapped holes shifts
the operation of the FGT
“OFF” to “ON” state even
when VGS= 0 V.
27
Fractional yield by particle type
T. R. Oldham and J. M.
McGarrity, IEEE TNS,
1983.
T. R. Oldham and F. B.
McLean, IEEE TNS, 2003.
Fractional yield of holes generated in SiO2 as a function of electric field in the
material
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
28
Dose rate
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
29
Enhanced Low Dose Rate Sensitivity (ELDRS)
• ELDRS is a complex
phenomenon for which the
underlying physics mechanics
is not fully understood
• First observed in early 1990s.
• Amount of total dose
degradation at a given total
dose is greater at low dose
rates than at high dose rates
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
30
TID induced degradation in a power
MOSFET
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
31
Typical TID per different orbits
Courtesy of Hugh Evans (ESA)
The total TID depends on the amount of shielding
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
32
Radiation effects in electronics
Cumulative effects
Total Ionizing dose
Displacement Damage
Single Event Effects
Hard errors/Non-recoverable
SEB
SEGR
SEL
Soft errors/Recoverable
SEFI
SET
SEU
SEU: Single Event Upset
SEB: Single Event Burnout
SEGR: Single event Gate Rupture SEFI: Single Event Functional
Interrupt
SEL: Single Event Latch-up
SET: Single Event Transient
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
33
Mechanism for heavy ions and protons induced SEE
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
34
Soft Single Event Effects
Name
Definition
Destructive?
Single
Event
Upset
SEUs may occur in a digital circuit when a particle strike causes
data to change states in a storage element such a flip-flop, latch or
memory bit
No. It can be
recovered by a soft
reboot.
Single
Event
Functional
Interrupt
SEFIs are interrupts caused by a single particle strike which lead to
a temporary non-functionality (or interruption of normal operation) of
the affected device. SEFIs occur in a register that controls
configuration in, for example, processors, FPGAs or SDRAMs
No. It can be
recovered by hard or
soft reboot.
Single
Event
Transient
SETs are voltage glitches in circuits caused by single ions. This
single event occurs on non-latched elements such as combinatorial
logic and clock line or global control lines. The voltage transient
generated by this phenomena can propagate any significant
distance through the combinatorial logic depending of the width of
the transient pulse and the capacitance of the transistor
No but the technology
scaling causes the
combinatorial circuit to
be more sensitive to
transient pulses. The
width of the SET is
one of the main
factors that
determine whether an
SET will result in an
upset (fault) or not.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
35
Hard Single Event Effects
Name
Definition
Destructive?
Single
Event
Latchup
SEL is an abnormal high-current state in a device caused
by the
passage of a single energetic particle through sensitive
regions resulting in the loss of
device functionality.
Yes. If power is not
removed quickly, catastrophic
failure may occur due to
excessive heating or bond wire
failure.
Single
event
Gate
Rupture
SEGRs are events in which a single energetic-particle
strike results in a breakdown and subsequent conducting
path through the gate oxide of a MOSFET.
Yes. A SEGR is manifested by
an increase in gate leakage
current and can result in either
the degradation or the complete
failure of the device.
Single
Event
Burnout
SEBs occur when a single energetic-particle strike
induces a localized high-current state in a device.
Yes. If not rapidly quenched, the
resultant high current causes the
device to go into thermal
runaway resulting in destructive
failure.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
36
Calculation of the upset rate
• Measure σ vs. LET
– Testing at high-energy accelerator
– Cross-section determined from
circuit response
• Integrate with LET spectrum
• Determine the sensitive volume
– Requires knowledge of the chip
manufacture otherwise
assumptions have to be made
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
37
In-orbit SER methodology
Sensitivity
Environment
&
SPENVIS,
OMERE
software,
etc…
Source: V. Gupta,
“Analysis of single
event radiation
effects and fault
mechanisms in
SRAM, FRAM and
NAND Flash.
Application to the
MTCube
nanosatellite
project”, PhD
manuscript.
6.64 x 10-7 error/day/bit (average value)
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
38
ECSS-E10-12A
Technologies susceptible to total
ionising dose effects.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
39
Single-event vs component technology
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
40
Spacecraft anomalies related to
radiation
“Overview of In-Orbit Radiation Induced Spacecraft Anomalies”
R. Ecoffet, IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 60, NO. 3, JUNE 2013
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
41
SEU rate vs mission profile
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
42
SOHO SEU rate
R. Harboe-Sorensen, E. Daly, F. Teston, H.
Schweitzer, R. Nartallo, P. Perol, F.
Vandenbussche, H. Dzitko, and J. Cretolle,
“Observation and analysis of single event effects
on-board the soho satellite,” in Proc. RA Conf.,
Dec. 2001, p. 37.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
43
Degradation of SOHO solar cells
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
44
Hitomi
Names
ASTRO-H
New X-ray Telescope
Mission type:
X-ray astronomy
Commissioned
by:
JAXA
Mission
duration
Planned: 3 years
Launch mass
2,700 kg
Dimensions
Length: 14 m
Power
3,500 watts
Launch date:
17 February 2016
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
45
Hitomi failure
• Hitomi costed ~ 270 M$
• Its scientific objective was to
explore with unprecedent accuracy
the hard X-ray band above 10 keV.
• First scientific publication published
in Nature:
http://dx.doi.org/10.1038/nature186
27
• It disintegrated after only 37 days
and 16 hours
What happened?
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
Image of the Perseus cluster taken by Nasa's
Chandra X-ray satellite, overlaid with data taken by
Hitomi, outlined by an orange box, showing X-rays
emitted by iron and nickel in hot gas between the
galaxies
46
Hitomi failure timeline
•
•
•
•
•
•
February 28 deployment of the Extensible Optical Bench.
After this deployment was completed, issues arose when attempting to acquire the
sun using the Sun Sensor.
Hitomi finished a re-orientation manoeuvre at 18:22 UTC on March 25, slewing from
observing an Active Galactic Nucleus to the next target
Hitomi’s flight control system after reading IRU decided to activate the reaction
wheels. Momentum on reaction wheels started to build up and almost reached
saturation.
Hitomi automatically switched to Safe Mode in which the vehicle is programmed to use
its Sun Sensor to determine the solar vector and then correct its attitude using the
thruster system in order to point the solar arrays to the sun for power generation.
Thrusters started firing and increased the momentum. Thrusters settings were
updated because the centre of mass of the satellite changed after EOB deployment
The satellite control system activated a reaction wheel to stop a non-existing spin, which created a real spin.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
47
Summary of today`s lecture
• We have defined radiation in ionising and non-ionising.
• We have seen the different space radiation sources (sun, trapped particles
and galactic cosmic rays).
• We have seen that radiation can cause cumulative and single event effects.
• We have seen the different conditions in different orbits in term of radiation.
• We have seen the differences between destructive and non-destructive SEE.
• We have seen that radiation effects represent an important cause of failure
in satellites.
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
48
Bibliography
1.
2.
3.
4.
5.
IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 50, NO. 3, JUNE
2003 “Total Ionizing Dose Effects in MOS Oxides and Devices” T. R.
Oldham, and F. B. McLean.
A. Holmes-Siedle, L. Adams. “Handbook of Radiation Effects” , Oxford
University Press
ECSS E-ST-10-12C, “Methods for the calculation of radiation received
and its effects, and a policy for design margins” , http://www.ecss.nl/
ECSS-E-HB-10-12A “Calculation Of Radiation And Its Effects And
Margin Policy Handbook” http://ecsswiki.esa.int
“Overview of In-Orbit Radiation Induced Spacecraft Anomalies” R.
Ecoffet, IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 60, NO. 3,
JUNE 2013
13/03/2023 AE4S15 Lecture 07 Dr. Alessandra Menicucci
49
AE4S15 – Fault-tolerant design
techniques
20/03/2023
Dr. Alessandra Menicucci
Lecture outline
• Fault Tolerance definition and basic concepts.
• Dependability: attributes, means and
impairments
• Redundancy:
–
Hardware (passive, active, hybrid)
–
Software
• Radiation hardness assurance testing
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
2
Fault-tolerance definition
Fault tolerance is the ability of a system to continue performing its intended
function in spite of faults.
Source: “Fault Tolerant Design” Elena Dubrova, 2013, Springer.
Copyright: Getty
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
3
Dependability
Availability
Reliability
Safety
Attributes
Fault tolerance
Dependability
Fault prevention
Means
Fault removal
Fault forecasting
Faults
Errors
Impairments
Failures
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
4
Fault, failure and error
Fault
Fault latency
act
iva
tion
Fault: deviation of at least
one characteristics property
(feature) of the system from
the acceptable, usual,
standard condition.
A fault might be present and
latent in the system.
Examples:
• broken wire
• SW bug
Physical World
Error latency
Error
pro
pag
at
Error: deviation from
correctness or accuracy in
computation. Discrepancy
between obtained
value/condition and the true and
correct value/condition.
Examples:
●
incorrect value computed
●
incorrect information received
Information World
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
5
ion
Failure
Failure: a permanent
interruption of a system’s ability
to perform a required function
under specified
operating conditions.
Example:
●
satellite radio not transmitting
anymore
External/End-user World
Malfunction
A malfunction is an
intermittent irregularity in
the fulfillment of a
system’s desired function.
A Fault pro­gresses into a
failure if the interruption of
a system’s required
performance is
permanent and into a
malfunction is the
interruptions of a system’s
required performance is
temporary.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
Dubravko Miljković. Fault detection methods: A literature survey. MIPRO 2011 ­34th International
Convention on Information and Communication Technology, Electronics and Microelectronics ­
Proceedings
6
Dependability
Availability
Reliability
Maintainability
Safety
Fault tolerance
Attributes
Dependability
Fault prevention
Means
Fault removal
Fault forecasting
Faults
Errors
Impairments
Failures
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
7
Reliability
Reliability is the ability of a system to perform a required function under
stated conditions, within a given scope, during given period of time.
A reliable system is able to perform a function for a certain period of time
without any failures.
One way to quantify the reliability of a system is the Mean Time To Failure
1
MTF=
λ
where λ is the amount of failures per unit time.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
8
Availability
●
Availability A(t) of a system at time t is the probability that the system is functioning
correctly at the instant of time t.
T
A(T )=
1
A (t)dt
∫
T 0
A system can be highly available yet having frequent periods of being nonoperational
as long as the duration of each period is extremely short
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
9
Maintainability and Safety
●
●
Maintainability is the measure of the ability of an item
to be retained in or restored to a specified condition
when maintenance is performed.
Safety is the probability that a system will either
perform its function correctly or will discontinue its
operation in a safe way
Example: Fault tolerance techniques can improve safety by
turning a system off if a certain failure is detected
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
10
Reliability vs. Fault Tolerance
●
Fault tolerance is a technique that can improve reliability, but
– a fault tolerant system does not necessarily have a high reliability
– a system can be designed to tolerate any single error, but the probability
of such error to occur can be so high that the reliability is very low
Fault tolerance can improve a system’s reliability by keeping the system
operational when hardware or software faults occur
– a computer system with one redundant processor can be designed to
continue working correctly even if one of the processors fails
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
11
System reliability
Input
Processor
Bus
Memory
0.99
0.95
0.99
Output
Rs = 0.99 · 0.95 · 0.99 = 0.893475
What is the reliability of a system composed by 100 components each with 0.99 reliability?
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
12
Dependability Tree
Specifications mistakes
SW faults
Implementation mistakes
External factor
errors
HW faults
Components defects
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
13
System failure
Common-mode fault
●
A common-mode fault is a fault which occurs simultaneously in two or more redundant
components.
• Caused by phenomena that create dependencies between components.
●
Examples:
●
common communication bus
●
shared environmental conditions
●
common source of power
●
design mistake
• Design diversity is the implementation of one or more variant of the redundant component.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
14
Hardware faults
Fault duration specifies the length of time that a fault is active:
●
●
●
permanent fault
➔
remains in existence indefinitely if no corrective action is taken (stuck-at fault)
transient fault
➔
can appear and disappear within a very short period of time (ionizing radiation)
intermittent fault
➔
appear, disappears and then reappears repeatedly (weak solder joint)
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
15
Software faults
Software faults differ from hardware faults in several
aspects:
Do not age or wear out
●
Cannot be deformed or broken
●
Cannot be affected by environmental factors
●
if deterministic, it always performs the same way
under the same circumstances
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
16
Error processing
Error processing consists in:
●
●
●
●
●
●
Error detection: identification of erroneous state(s)
Error diagnosis: damage assessment
Error recovery: error-free state substituted to erroneous state
Backward recovery: system brought back in state visited
before error occurrence
Recovery points: (checkpoint)
Forward recovery: Erroneous state is discarded and correct
one is determined without losing any computation.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
17
Dependability
Availability
Reliability
Safety
Attributes
Fault tolerance
Dependability
Fault prevention
Means
Fault removal
Fault forecasting
Faults
Errors
Impairments
Failures
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
18
Fault prevention
The objective is to avoid occurrence or introduction of faults
• Implement quality control methods to avoid specification or
implementation mistakes and component defects by for example:
●
design reviews
●
component screening
●
testing
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
19
Fault removal
Performed during the development stage as well as during the
operational life of a system:
●
development stage→ verification, diagnosis and correction
●
operational stage→ corrective and preventive maintenance
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
20
Fault forecasting
●
Capability to estimate faults including present and
future rates and
consequences:
Qualitatively (search for causes of faults)
●
Quantitatively (estimation of failure rate, time to
failure, time between
failures)
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
21
Fault tolerant Strategies
●
●
●
Fault tolerance in embedded system is achieved in most cases
through redundancy in hardware, software, information, and/or time.
Such redundancy can be implemented in static, dynamic or hybrid
configurations.
In general fault tolerance can be achieved by the following
techniques:
●
●
Fault masking is any process that insures that faults in a system
do not introduce errors.
Example: Error correcting memories and majority voting.
Reconfiguration is the process of eliminating faulty component
from a system and restoring the system to some operational state.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
22
Reconfiguration approach
Fault detection is the process of recognizing that a fault
has occurred. Fault detection is often required before any
recovery procedure can be initiated.
●
Fault location is the process of determining where a fault
has occurred so that an appropriate recovery can be
initiated.
●
Fault containment is the process of isolating a fault and
preventing the effects of that fault from propagating
throughout the system.
●
Fault recovery is the process of regaining operational
status via reconfiguration even in the presence of faults.
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
23
Redundancy
Redundancy is the addition of information, resources, time that would be
unnecessary in a fault-free environment:
●
●
●
●
Hardware redundancy is the addition of extra hardware, usually for
the purpose either detecting or tolerating faults.
Software redundancy is the addition of extra software, beyond what is
needed to perform a given function, to detect and possibly tolerate
faults.
Information redundancy is the addition of extra information beyond
that required to implement a given function; for example, error
detection codes.
Time redundancy uses additional time to perform the functions of a
system such that fault detection and often fault tolerance can be
achieved. Transient faults are tolerated by this approach.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
24
Hardware Redundancy
Passive techniques use the concept of fault masking.
These techniques are designed to achieve fault tolerance
without requiring any action on the part of the system.
Relies on voting mechanisms.
●
Active techniques achieve fault tolerance by
detecting/locating the fault and performing some action
to remove the faulty hardware from the system.
●
Hybrid techniques combine features of both the
passive and active approaches.
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
25
Hardware redundancy Examples
From: Disanzo. University of Rome La Sapienza
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
26
Passive HW Redundancy
Triple Modular Redundancy (TMR)
Input 1
M1
Input 2
M2
Input 3
M3
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
Voter
Output
Triple Modular Redundancy (TMR)
●
3 active components, fault masking by voter
●
Problem: voter is a single point of failure!
27
N-Modular Redundancy (NMR)
Generalization of TMR employing N modules rather than
only 3.
●
N must be a odd number for majority voting.
●
The advantage is that if N>2f, up to f faults can be
tolerated.
●
For example a 5MR allows tolerating the failures of two
modules
●
But this introduces higher overhead/cost
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
28
HW voter vs SW voter
The decision to use hardware voting or software voting depends on:
●
●
●
●
●
●
The availability of processor to perform voting.
The speed at which voting must be performed.
The criticality of space, power, and weight limitations.
The flexibility required of the voter with respect to future changes
in the system.
Hardware voting is faster, but at the cost of more hardware.
Software voting is usually slow, but no additional hardware cost.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
29
Problem with the voter
●
●
●
It is assumed that in fault-free operation the outputs are equal.
However in practical applications the three results may not
completely agree:
●
Sensors even when coming from the same batch typically give
slightly different readings (therefore calibration is always
necessary).
●
Analog-to-digital converter might give outputs which differ only in
the least significant bits
The problem can be solved by:
●
mid-value select approach: among the three available values in
the TMR system the value that lies between the remaining two is
selected.
●
The least-significant bits of data are ignored.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
30
Hardware redundancy options
From: Disanzo. University of Rome La Sapienza
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
31
Duplication with comparison
Two identical modules perform the same computation in
parallel and their results are compared
M1
agree/
disagree
comparator
M2
The duplication concept can only detect faults, not tolerate them. It is not
possible to determine which module is faulty.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
32
Active redundancy: Stand-by pairing
In standby sparing, one module is operational and one or more
modules serve as standbys or spares.
●
If a fault is detected and located, the faulty module is removed from the
operation and replaced with a spare.
●
Two possible implementations:
●
Hot standby sparing: the standby modules operate synchronously
with the online modules and are prepared to take over any time.
●
Used in applications such where the reconfiguration time needs to be
minimized.
●
Cold standby sparing: the standby modules are un-powered until needed
to replace a faulty module. This involves momentary disturbance in the
service.
●
Used in applications where power consumption is extremely important.
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
33
Pair-and-a-Spare Technique
●
●
●
●
Pair-and-a-Spare technique combines the
standby sparing and duplication with
comparison.
Two modules are operated in parallel at all
times and their results are compared to
provide the error detection capability.
A second duplicate (pair, but it could be
more modules in case of pair and k-spare)
is used to take over in case the working
duplicate (pair) detects an error.
A pair is always operational. The system
does not halt while running diagnostic
procedure upon fault occurrence.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
34
Watchdog
The concept of a watchdog timer is that the lack of an
action is an indication of a fault.
●
A watchdog timer is a timer that must be reset on a
repetitive basis.
●
The fundamental assumption is that the system is fault
free if it possesses the capability to repetitively perform a
function such as setting a timer.
●
The frequency at which the timer must be reset is
application dependent.
●
A watchdog timer can be used to detect faults in both the
hardware and the software of a system.
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
35
Watchdog
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
36
Multistage Watchdog
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
37
Hardware redundancy Examples
From: Disanzo. University of Rome La Sapienza
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
38
Hybrid redundancy
It combines passive redundancy and active
redundancy.
●
Very reliable approach but very expensive.
●
It could be used when reliability is critical:
e.g. human spaceflight
●
From: Disanzo. University of Rome La Sapienza
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
39
NMR with spares
●
●
The idea is to
provide a basic core
of N modules
arranged in a form
of voting
configuration and
spares are provided
to replace failed
units in the NMR
core.
Spares are not
active.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
40
Hybrid vs passive redundancy
●
●
NMR with spares
●
e.g. 5 units
●
3 in TMR mode
●
2 spares
●
all 5 connected to a switch that can be reconfigured
If we compare it with a 5MR scheme:
●
5MR can tolerate only two faults whereas the hybrid scheme
can tolerate three faults that occur sequentially
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
41
Self-purging redundancy
●
●
Self-Purging Redundancy is similar to NMR with spares except that
all the modules are active.
Moreover, each module has a capability to remove itself from the
system if its faulty.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
42
Sift-Out Modular Redundancy
●
●
●
●
●
Like NMR N identical modules are active
It uses comparators, detectors, and
collectors.
The comparator compares each module's
output with remaining modules' outputs.
The detector determines which
disagreements are reported by the
comparator and disables a unit that
disagrees with a majority of the remaining
modules.
To be done carefully: some failures are
transient therefore purge a module only if it
produces incorrect outputs over a sustained
period of time.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
43
Software Redundancy to Detect
Hardware Faults
●
●
●
●
Consistency checks use a priori knowledge about the characteristics of the
information to verify the correctness of that information. Example: Range
checks, overflow and underflow checks.
Capability checks are performed to verify that a system possesses the
expected capabilities. Examples: Memory test - a processor can simply write
specific patterns to certain memory locations and read those locations to
verify that the data was stored and retrieved properly.
ALU tests: Periodically, a processor can execute specific instructions on
specific data and compare the results to known results stored in ROM.
Testing of communication among processors, in a multiprocessor, is
achieved by periodically sending specific messages from one processor to
another or writing into a specific location of a shared memory.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
44
Information Redundancy
●
●
Guarantee data consistency by exploiting additional information
to achieve a redundant encoding.
Redundant codes permit to detect or correct corrupted bits
due to faults (e.g. radiation induced single event upset):
●
Error Detection Codes (EDC)
●
Error Correction Codes (ECC)
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
45
Error Detection and Correction
EDAC Method
Capabilities
Parity
Single Bit Error Detection
Cyclic Redundancy Check Detect if any error has occurred in a given
(CRC)
structure
Hamming Code
Single Bit correct, double bit detect
Reed-Salomon Code
Correct multiple bits
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
46
Calculating Hamming Code [7,4]
●
●
It encodes four data bits (d1, d2, d3, d4) into
seven bits by adding three parity bits (p1, p2, p3).
Parity check bits are all the bit positions 2i for all i
≥ 0.
1
2
3
4
5
6
7
P1
P2
D1
P3
D2
D3
D4
P1: check 1, skip 1, check 1, skip 1, check 1, skip 1, check 1 = 1,3,5,7
P2: check 2 bits, skip 2 bits, check 2 bits, skip 2 bits = 2,3,6,7
P3: check 4 bits, skip 4 bits = 4,5,6,7
●
●
Errors are detected by checking the even or uneven parity of the parity bits.
If the parity differs, the weighted sum of the parity bits itself marks the location of the error.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
47
Radiation hardening for space
electronics
●
●
●
Physical Radiation Hardening Techniques: use various physical
means, such as using insulating substrates, utilizing bipolar
integrated circuits, adopting radiation-tolerant SRAM, etc., to realize
the hardening purpose.
Logical radiation-hardening techniques: error correcting memory,
redundancy, implementing watchdog timers etc.
Shielding: shielding is provided at unit level (e.g. box) or component
level (e.g. local shielding)
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
48
Radiation Hardening Assurance (RHA)
C. Poivey
RADECS
Short
Course
2011
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
49
Radiation facilities
There are 2 types of radiation sources:
Image credit: http://www.imagesco.com/
Image credit: CERN
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
50
Radioactive sources
The radioactive decay is the process
by which unstable nuclei loose energy
by emitting radiation (alpha, beta,
gamma).
Every atom type and isotope is
characterized by the half-life is the
length of time after which there is a
50% chance that the atom will have
undergone a radioactive decay.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
51
Different Radioactive Sources
Isotope
Primary
radiation
Secondary
Radiation
Energy [keV]
Half-life
Cobalt - 60
Gamma (γ)
β
γ: 1173.2, 1332.5
β: 317.9
5.27 yrs
Strontium-90
Beta (β)
-
546
28.5 yrs
Cesium-137
Gamma (γ) &
Beta (β)
Multiple
Radiation Types:
(γ) & (β)
γ: 32, 661.6
β: 511.6, 1173.2
30.1 yrs
Californium252
Alpha (α) and
Spontaneous
fission
fission fragments α: 6118, 6076
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
52
2.645 yrs
Particle accelerator
A particle accelerator is a machine where
charged particles by means of electromagnetic
fields are accelerated and confined in beam
configuration.
●
Electrostatic accelerator (Van der Graaf)
●
Synchrotron
●
Cyclotron
Key elements:
●
Radiofrequency (RF) cavity: a metallic
chamber that contains an electromagnetic field.
●
Dipole/Quadrupole magnets: bending and
focus of the particle beam
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
53
Image credit: CERN
Radiation Facilities in Europe
Co60 ESTEC
(The Netherlands)
KVI Groningen
UCL (Belgium) (The Netherlands)
PSI/PIF (Switzerland)
GSI/FAIR (Germany)
GANIL (France)
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
54
JYFL (Finland)
Radioactive source or accelerator?
Pros
Radioactive Source
●
●
●
●
●
Accelerator
●
●
●
●
●
Cons
Can be placed in local
Labs → portable
Low cost
Easier safety handling
TID testing
High Flux
Monochromatic energy
Higher energy
Beam only on DUT
SEE testing
●
●
●
●
●
●
●
●
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
55
Lower efficiency
(particles emitted at 4π)
Lower energy
Energy spectrum
Representativity of
space environment?
Expensive access and
limited availability
Mostly faraway from
development Labs
Safety is critical
Activation of samples
Radioactive sources energy spectra
http://scielo.sld.cu
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
56
Total Ionizing Dose testing
1.E+10
JGO mission baseline, incl G shielding
1.E+09
No Callisto, 2 Eu flybys, incl. G shielding
GEO 18 years
Dose (rad)
1.E+08
LEO 8 years
1.E+07
~200 krad
behind
10mm Al
1.E+06
1.E+05
1.E+04
1.E+03
1.E+02
0
5
10
15
Al shielding (mm)
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
57
20
After [Ch. Erd,
“Laplace
environment
specification,
14 June 2011]
Summary of Single Event Effects
Single Event Upset (SEU)
corruption of the information
stored in a memory element
Memories, latches in logic
devices
Multiple Bit Upset (MBU)
several memory elements
corrupted by a single strike
Memories, latches in logic
devices
Single Event Functional
Interrupt (SEFI)
corruption of a data path
leading to loss of normal
operation
Complex devices with builtin state machine/control
sections
Single Event Transient (SET)
Impulse response of certain
amplitude and duration
Analog and Mixed Signal
circuits, Photonics
Single Event Latchup (SEL)
high-current conditions
CMOS, BiCMOS devices
Single Event Burnout (SEB)
Destructive burnout due to
high-current conditions
BJT, N-channel Power
MOSFET
Single Event Gate Rupture
(SEGR)
Rupture of gate dielectric due Power MOSFETs, Nonto high electrical field
volatile NMOS structures,
conditions
VLSIs, linear Devices.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
58
Terms
➔
➔
➔
➔
➔
Linear Energy Transfer (LET) is a measure of the energy transferred to the device
per unit length as an ionizing particle travels through a material. The common unit is
MeV*cm2/mg of material (Si for MOS devices).
LET threshold (LETth) is the minimum LET to cause an effect.
Cross section (σ) is the device SEE response to ionizing radiation. For an
experimental test for a specific LET, sigma = #errors/ion fluence. The units for cross
section are cm2 per device or per bit.
Asymptotic or saturation cross section (σsat) is the value that the cross section
approaches as LET gets very large.
Sensitive volume: refers to the device volume affected by SEE-inducing radiation.
The geometry of the sensitive volume is not easily known, but some information is
gained from test cross section data.
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
59
Heavy ions SEU rate calculation
Integral LET Spectra at 1 AU (Z=1-92) for Interplanetary orbit
100 mils Aluminum Shielding, CREME96
KM44V16104BS-50, 64Mbit DRAM from SAMSUNG
1.0E-07
1.00E+06
1.00E+05
1.00E+03
LET Fluence (#/cm 2-s)
1.00E+02
1.00E+01
1.00E+00
1.00E-01
1.00E-02
1.00E-03
1.00E-04
1.00E-05
1.0E-08
Xsection (cm 2/bit)
SPE Average Over Peak
SPE Average Over Worst Day
SPE Average Over Worst Week
GCR solar maximum
GCR solar maximum
1.00E+04
1.0E-09
1.0E-10
1.0E-11
# SEU/ion/cm
1.0E-12
1.00E-06
# ions/cm2/s
1.00E-07
1.00E-08
1.00E-09
1.0E-13
0
1.00E-10
1.00E-11
1.00E-03
SN1 all1
SN2 all1
SN1 all0
SN2 all0
2
10
20
30
40
50
60
70
80
LET (MeVcm2/mg)
1.00E-02
1.00E-01
1.00E+00
1.00E+01
1.00E+02
1.00E+03
LET Energy (MeV-cm2/mg)
Sensitive
Volume
Mission +
Shielding
SEU rate/s
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
60
90
Summary
• We have introduced fault tolerance concepts.
• We have defined dependability in attributes, means
and impairments.
• We have discussed the different redundancy
approaches:
– Hardware (passive, active, hybrid)
– Software
• We have introduced the concept of radiation
hardness assurance and discussed different
approaches for testing (accelerators vs. radioactive
sources).
20/03/2023 AE4S15 Lecture 08 Dr. Alessandra Menicucci
61
