Evaluating Different Solutions to Design Fault Tolerant Systems with SRAM-based FPGAs

The latest SRAM-based FPGA devices are making the development of low-cost, high-performance, re-configurable systems feasible, paving the way for innovative architectures suitable for mission- or safety-critical applications, such as those dominating the space or avionic fields. Unfortunately, SRAM-based FPGAs are extremely sensitive to Single Event Upsets (SEUs) induced by radiation. SEUs may alter the logic value stored in the memory elements the FPGAs embed. A large part of the FPGA memory elements is dedicated to the configuration memory, whose content dictates how the resources inside the FPGA have to be used to implement any given user circuit, SEUs affecting configuration memory cells can be extremely critics. Facing the effects of SEUs through radiation-hardened FPGAs is not cost-effective. Therefore, various fault-tolerant design techniques have been devised for developing dependable solutions, starting from Commercial-Off-The-Shelf (COTS) SRAM-based FPGAs. These techniques present advantages and disadvantages that must be evaluated carefully to exploit them successfully. In this paper we mainly adopted an empirical analysis approach. We evaluated the reliability of a multiplier, a digital FIR filter, and an 8051 microprocessor implemented in SRAM-based FPGA’s, by means of extensive fault-injection experiments, assessing the capability provided by different design techniques of tolerating SEUs within the FPGA configuration memory. Experimental results demonstrate that by combining architecture-level solutions (based on redundancy) with layout-level solutions (based on reliability-oriented place and route) designers may implement reliable re-configurable systems choosing the best solution that minimizes the penalty in terms of area and speed degradation.     

By-wire cars turn the corner

The basic concept of by-wire sounds simple enough: replace the car's mechanically linked hydraulic systems-steering and braking, for example-with electronic ones. By-wire systems began to be installed well over a decade ago, first in military and then in commercial aircraft. In a “true” by-wire system, there would be no hydraulic backup to the electronic system; therein lies a cause for carmakers' concern. Drivers count on the fact that the brakes and steering work when and how they are supposed to, thanks to hydraulic systems. Car makers just don't know how drivers will react to the wires, computers, and microcontrollers. Another basic hurdle automakers face is that no industry-wide standard exists for a by-wire system. There is no set specification for the electronic control of a safety-critical system like braking or steering. While automakers agree that having such a standard will help both in winning public confidence in by-wire systems and in designing and implementing such systems, they have yet to agree on one. What's more, this standard needs to work for all safety-critical functions under the by-wire umbrella. This paper describes how by-wire systems work in aiding the driver in steering, stabilising and braking the car. The barriers to implementing such systems are outlined     

Thermal Monitoring of Self-Checking Systems

With the increasing power density in integrated systems resulting from scaling down, the occurrence of field failures due to overheating has considerably increased. Faulty operation can be prevented by on-line temperature monitoring. This paper deals with questions of on-line temperature monitoring in safety-critical systems. First the possible temperature sensors are reviewed and basic principles of self-checking systems including such sensors are detailed, then a new temperature sensor cell with extremely good parameters designed especially for DfTT applications is presented. The basic questions of integrating thermal sensors into self-checking systems are also discussed.     

基于协议芯片和工具链的ARINC659总线开发平台

文中研究的平台旨在将ARINC659总线技术应用于高安全性、可靠性要求的飞行控制系统。依照《ARINC659协议》和《IEEE1149.5协议》,研制了协议专用数字芯片;并针对系统时间规划这一应用中的关键环节,研制了一整套开发工具链。软硬件协同运作,实现系统时间的智能规划以及单板级、机箱级的调试与监控,为安全关键控制系统提供了完整、通用的平台。     

Details, tactics, and strategy

As you may have observed, various people in any group bring diverse gifts to a project. Some folks tend to be very strategic in their thinking while others get into the smallest of details. Some engineers are focused necessarily on "making it work," while a manager will be watching the cost through perhaps a more tactical or even strategic perspective. A lot of conflict can occur when one considers the fact that upper management is charged to maximize shareholder value and an engineering team is trying to make it work. Of course, issues can become complicated because the engineering team can well argue that it will most certainly maximize shareholder value if the product works. Therefore, in any company or market-driven project the various points of view coupled with corporate goals need to be recognized, appreciated, and managed. Hence, the need for a chart. A lot of the systems and procedures that companies put in place are designed to manage the various levels and issues even if it is not recognized that this is what is being done. This is why companies end up with very bureaucratic systems where it becomes cumbersome and annoying to everyone at all levels. This paper has introduced the idea that people within the same company see things at different levels: detail, tactics, and strategy. Also introduced are some ideas that will circumvent problems and help people to function together in all three levels. In the next columns, some examples are given on how to implement these ideas and pave the way to synergistic relationships.     

Control of robot arm with virtual environment via the Internet

Many enterprises experience difficulty in training people to work with expensive equipment, which is needed for carrying out profitable work tasks (e.g., production line robots). Similar problems are found when work is of a complex and safety-critical nature (e.g., nuclear environments, explosive placement, surgery). A common problem faced by educational institutions concerns the limited availability of expensive robotics equipment, with which students in the didactic program can work, in order to acquire valuable "hands on" experience. This paper describes a method of education and training involving off-line usage of virtual reality environments for task planning. When tasks are developed to the satisfaction of the trainee, they are exported to remote physical hardware, via the Internet, for real-world execution. Development of the system and the training experiments is discussed, along with some of the issues raised for telerobotics and solutions to the problem of detecting collisions in the virtual world. The approach has been shown to be viable, and increases the education and training possibilities for key workers while maintaining a low cost of ownership. The downtime of mission critical equipment is minimized while the gaining of valuable experience is maximized.     

Design and Realization of a Built-In Current Sensor for IDDQ Testing and Power Dissipation Measurement

Built-in current sensor (BICS) is known to enhance test accuracy, defect coverage of quiescent current (I_DDQ) testing method in CMOS VLSI circuits. For new deep-submicron technologies, BICSs become essential for accurate and practical I_DDQ testing. This paper presents a new BICS suitable for power dissipation measurement and I_DDQ testing. Although the BICS presented in this paper is dedicated to submicron technologies that require reduced supply voltage, it can also be used for applications and technologies requiring normal supply voltage. The proposed BICS has been extended for on-line measurement of the power dissipation using only an additional capacitor. Power dissipation measurement is important for safety-critical applications and battery-powered systems. A simple self-test approach to verify the functionality and accuracy of BICSs has also been introduced. The proposed BICS has been implemented and tested using an N-well CMOS 1.2 m technology. Practical results demonstrate that a very good measurement accuracy can be achieved.     

Annotation and education

Because our research focuses on developing multimedia technologies for educational settings, we begin this article with an exercise. Throughout this article, you will see a number of screen images from programs we are building. Try to understand what these pictures mean without reading the explanatory captions that appear below them. You will probably find this difficult, as you are still unfamiliar with our work. The important thing to realize is that a well-written caption can provide a context for understanding. Our research explores the types of learning that occur when people collaborate to develop explanations of multimedia content. We develop systems to help learners observe digital photographs and video, pose hypotheses about their meanings, and justify their assertions with evidence     

Using formal methods in a design for reliability as applied to an electronic system that integrates software and hardware to perform a function

Formal methods of design are neglected areas with very little current work. At present, requirements analysis and high-level design are rarely treated in a disciplined way by design engineers. Yet errors committed in these stages are most difficult to detect and costly to remove. The paper presents a formal approach to development of systems with high reliability, taking into account safety-critical factors as and when they are relevant. It discusses how formalism may be used to support direct requirements expression and realization.     

Kalman Predictive Redundancy System for Fault Tolerance of Safety-Critical Systems

The dependence of intelligent vehicles on electronic devices is rapidly increasing the concern over fault tolerance due to safety issues. For example, an x-by-wire system, such as electromechanical brake system in which rigid mechanical components are replaced with dynamically configurable electronic elements, should be fault-tolerant because a critical failure could arise without warning. Therefore, in order to guarantee the reliability of safety-critical systems, fault-tolerant functions have been studied in detail. This paper presents a Kalman predictive redundancy system with a fault-detection algorithm using the Kalman filter that can remove the effect of faults. This paper also describes the detailed implementation of such a system using an embedded microcontroller to demonstrate that the Kalman predictive redundancy system outperforms well-known average and median voters. The experimental results show that the Kalman predictive redundancy system can ensure the fault-tolerance of safety-critical systems such as x-by-wire systems.      

基于Flash的猫和老鼠游戏的设计与制作

计算机技术的飞速发展,为人们的日常生活带了巨大的变化,人们已经不仅仅满足于玩游戏了,利用Flash已经可以让人们去制作自己喜欢的小游戏,这极大的满足了人们的需求。Flash是很好的网上制作动画的软件,用它可以将动作、声效动画以及富有新意的界面融合在一起,以制作出高品质的游戏动态效果。在本设计中,利用Macromedia Flash制作了老鼠和猫的小游戏。     

Managing technology development for safety-critical systems

This paper presents a model that determines the optimal budget allocation strategy for the development of new technologies, for safety-critical systems, over multiple decision periods. The case of the development of a hypersonic passenger airplane is used as an illustration. The model takes into account both the probability of technology development success as a function of the allocated budget and the probability of operational performance of the final system. It assumes that the strategy is to consider (and possibly fund) several approaches to the development of each technology to maximize the probability of development success. The model, thus, decomposes the system's development process into multiple technology development modules (one for each technology needed), each involving a number of alternative projects. There is a tradeoff between development speed and operational reliability when the budget must be allocated among alternative technology projects with different probabilities of development success and operational reliability (e.g., an easily and quickly developed technology may have little robustness). The probabilities of development and operational failures are balanced by a risk analysis approach, which allows the decision maker to optimize the budget allocation among different projects in the development program, at the beginning of each budget period. The model indicates that by considering reliability in the R&D management process, the decision maker can make better decisions, optimizing the balance between development time, cost, and robustness of safety-critical systems.     

A design for testability approach for nano-CMOS analogue integrated circuits

Dependability requirements must be considered from the beginning when designing safety-critical systems. Therefore, testing should even be considered earlier, intertwined with the design process. The process of designing for better testability is called design for testability (DfT). This article presents two designs for testability and fault diagnosis techniques using a new design analogue checker circuit in order to improve the testability and the diagnosability of nano-CMOS (complementary metal oxide semiconductor) analogue circuits used in safety-critical applications based on the system-on-chip (SoC) approach design. The testing techniques presented in this work can be done during and after the system fabrication. The checker is implemented in full-custom 65 nm Complementary metal–oxide–semiconductor (CMOS) technology with low supply voltage and small-size capabilities. SPICE simulations of the post-layout extracted CMOS checker, which include all parasitic, are used to validate the technique and demonstrate the acceptable electrical behaviour of the checker.     

A Study of the Techniques of Automatic Abstracting and Knowledge Acquisition Systems

A Study of the Techniques of Automatic Abstracting and Knowledge Acquisition Systems     

Dependability metrics to assess safety-critical systems

Metrics are commonly used in engineering as measures of the performance of a system for a given attribute. For instance, in the assessment of fault tolerant systems, metrics such as the reliability, R(t) and the Mean Time To Failure (MTTF) are well-accepted as a means to quantify the fault tolerant attributes of a system with an associated failure rate, /spl lambda/. Unfortunately, there does not seem to be a consensus on comparable metrics to use in the assessment of safety-critical systems. The objective of this paper is to develop two metrics that can be used in the assessment of safety-critical systems, the steady-state safety, S/sub ss/, and the Mean Time To Unsafe Failure (MTTUF). S/sub ss/ represents the evaluation of the safety as a function of time, in the limiting case as time approaches infinity. The MTTUF represents the average or mean time that a system will operate safely before a failure that produces an unsafe system state. A 3-state Markov model is used to model a safety-critical system with the transition rates computed as a function of the system coverage C/sub sys/, and the hazard rate /spl lambda/(t). Also, /spl lambda/(t) is defined by the Weibull distribution, primarily because it allows one to easily represent the scenarios where the failure rate is increasing, decreasing, and constant. The results of the paper demonstrate that conservative estimates for lower bounds for both S/sub ss/ & the MTTUF result when C/sub sys/ is assumed to be a constant regardless of the behavior of /spl lambda/(t). The derived results are then used to evaluate three example systems.     

大学生人格测试平台的开发应用

随着人们物质生活水平的提高,人们对精神生活的追求越来越注重.然而每个人都有来自各方的精神和心理压力,影响正常的工作学习.但如果能够及时的排解压力,化压力为动力,就会有非常积极的后果.这就需要人们能够了解自我,扬长避短,将自己的潜力发挥出来.本测试平台包括在线人格测试、下载保存测试结果等.本测试平台采取B/S模式,运用ASP.NET动态网站开发技术,结合CSS+DIV界面化语言等技术.     

刍议电建企业政工“四维互动”模式的构建

我国步入全面发展的新时期,社会对于电力能源的需求量也在不断上涨。为了满足人们日益增涨的需求,我国正在扩大电力基础设施的建设规模,为电力建设市场带来了巨大的发展契机。不仅仅是发展的机遇,同时,也是巨大的挑战。我国的电力建设企业如果想要在激烈的市场竞争中占据有利地位,那么就需要不断的加强政工文化建设,促进企业凝聚力、向心力的提升,促进电力建设企业实现可持续发展。本文就是对电建企业政工“四维互动”模式的构建进行深入分析,希望对相关人员有所启示。     

Architectural principles for safety-critical real-time applications

This paper addresses the general area of computer architectures for safety-critical real time applications. The maximum acceptable probability of failure for these applications ranges from about 10^-4 to 10^-10 per hour depending on whether it is a military or civil application. Typical examples include commercial and military aircraft fly-by-wire, full authority engine control, satellite and launch vehicle control, ground transport vehicles, etc. Realtime response requirements for these applications are also very demanding, with correct control inputs required every 10 to 100 ms, depending on the application. These dual goals of ultrahigh reliability and real-time response necessitate computer systems that are quite different from other dependable systems in their architecture, design and development methodology, validation and verification, and operational philosophy. This paper highlights these differences by describing each of these aspects of safety-critical systems. Architectural principles and techniques to address these unique requirements are described     

The Mathematical Foundation of Distributed Interleaved Systems

The distribution and interleaving (D&I) of signals is a common method for ripple attenuation in various engineering applications in such areas as control, communication, and power electronics. Similarities to this technique may also been found in nonengineering fields such as biology and medicine. This paper presents a mathematical exploration of distributed interleaved systems along with a simple frequency-domain model of interleaving. We are hoping that the insights provided by this mathematical framework and the newly proposed model for interleaved systems will lead to enhanced techniques for evaluating D&I processes, and facilitate the design of better systems. In particular, we hope this work results in new approaches to low-pass filtering that will exhibit fast dynamics and very efficient ripple attenuation (in theory, this can produce complete ripple removal in some cases)     

Multiphase Power Converter Drive for Fault-Tolerant Machine Development in Aerospace Applications

This paper describes an experimental tool to evaluate and support the development of fault-tolerant machines designed for aerospace motor drives. Aerospace applications involve essentially safety-critical systems which should be able to overcome hardware or software faults and therefore need to be fault tolerant. A way of achieving this is to introduce variable degrees of redundancy into the system by duplicating one or all of the operations within the system itself. Looking at motor drives, multiphase machines, such as multiphase brushless dc machines, are considered to be good candidates in the design of fault-tolerant aerospace motor drives. This paper introduces a multiphase two-level inverter using a flexible and reliable field-programmable gate-array/digital-signal-processor controller for data acquisition, motor control, and fault monitoring to study the fault tolerance of such systems.