Jump to the main text

Hitachi

Hitachi Information & Telecommunication Engineering, Ltd.

Highly reliable FPGA design

Customers demand high reliability for the FPGAs (field-programmable gate arrays) installed on products required for mission-critical usage and for authentication of functional safety specifications.
Hitachi Information & Telecommunication Engineering,Ltd. uses its technical expertise and experience, which have been accumulated over many years, to resolve problems related to FPGA. To firmly support your important systems and business operations that cannot stop, we provide the following services:

Target areas
Industry, automobiles, healthcare, servers, storage systems, communications, broadcasting, transportation, IoT, and security

Issues

1 Soft errors caused by cosmic rays

When data in configuration RAM (CRAM) in an FPGA is inverted due to the effects of cosmic-ray neutrons, the circuit configuration changes, which can cause the device to malfunction. This type of malfunction is called a “soft error”.
When a soft error occurs, the malfunction continues if the power is not turned on again. After the power is turned on, system operation returns to normal. This results in the problem that investigators cannot identify the cause of the malfunction.

For details about FPGA-related soft errors, see the following document:

Soft Errors Caused by Neutrons

2 Error propagation caused by the layout

Failsafe requirements and physical security requirements are required for applications for which safety and reliability are emphasized. To meet these requirements, the propagation of errors must be suppressed.
Normally, the FPGA layout is not arranged on the basis of functional module, unlike the case of ASIC. For this reason, gates and wiring of multiple functional modules might be adjacent to each other. In such a layout, when a physical failure occurs, the error might propagate to multiple functions at the same time.

Solutions

1 Installing functionality against soft errors

Measures and IP (intellectual property) against soft errors are provided by FPGA vendors (Xilinx and Intel). However, the specifications of the IP provided by vendors are difficult to understand, and installation is difficult if the user does not have a good understanding of FPGA.
Our company has been working on measures against soft errors in collaboration with research laboratories of Hitachi, Ltd. since 2010. We can incorporate the vendor-provided IP and install functionality against soft errors based on Hitachi's technology expertise and experience, which have been accumulated over many years. By using this functionality, the inverted-CRAM soft error can be corrected (soft error correction) and system operation can continue. Alternatively, the system can be safely stopped when a soft error is detected (soft error detection).

2 Implementing isolation to reduce error propagation

We can implement isolation for FPGA for products where the propagation of errors must be suppressed.
In an isolation implementation, the layout is divided by functional module. Enclosing gates and wires inside the fences prevent a functional module from being mixed with others, thereby suppressing the propagation of errors.

Implementing islation to suppress error propagation

Features

Unique technology against soft errors

Wrapping IP

To easily incorporate functionality against soft errors, we are developing “wrapping IP” (supports the IP for Xilinx only) based on technologies accumulated over many years. An error injection function is also installed in the wrapping IP, so virtual soft errors can be intentionally generated.

Measures against soft errors: Wrapping IP (SERES*1)

*1: SERES refers to soft error restoration support.

The FPGA vendor provides soft error measures for configuration RAM (CRAM). Figure 1 shows the circuit configuration when IPs (intellectual properties) for soft error measures are used. IP1 to IP3 are to be connected by the user. Furthermore, to control IP3, the user also needs to design and incorporate control logic. Therefore, if the user cannot correctly understand the functions of each piece of IP, the interface, and use method, soft error measures cannot be implemented.

A circuit configuration using IP provided by the vendor to resolve a soft error problem Figure 1: A circuit configuration using IP provided by the vendor to resolve a soft error problem

Our company developed the wrapping IP that combines the IPs provided by the FPGA vendor and IP control logic based on technologies accumulated over many years. (See figure 2) This wrapping IP contains the following functions against soft errors, and simplifies the difficult IP control.

Functions of the wrapping IP:

  • (1) Notification of CRAM 1-bit and 2-bit errors
  • (2) Notification of corrections of CRAM 1-bit errors
  • (3) Notification of CRAM 2-bit errors that cannot be corrected
  • (4) Insertion of CRAM 1-bit and 2-bit pseudo errors
  • (5) Self-failure notification inside the wrapping IP*2
  • (6) Insertion of self-failure pseudo errors inside the wrapping IP*2

*2: A highly reliable original function for this IP

The wrapping IP developed by our company Figure 2: The wrapping IP developed by our company

Soft error logging function:

When a soft error occurs in an FPGA, the FPGA is initialized when the power of the system is turned on. This is why the abnormality cannot be identified. By using the soft error logging function developed by our company, the occurrence of a soft error is recorded even after the system is restarted.

Soft error logging function

To decide whether a soft error is the cause of a system stopping or restarting, the error detected by implementing soft error measures must be clearly recorded. However, when the system restarts, the FPGA is initialized and the result of the detection disappears.

We developed a soft error logging function, so that results of soft error detection can be recorded after a system restarts. The soft error logging function has the following features:

Features of the soft error logging function:

  • (1) Results of soft error detection are recorded even after the system is restarted (after the power is turned on).
  • (2) Information, such as the date and time when the soft error occurred, is also recorded.
  • (3) The location of the soft error can be identified in combination with isolation implementation.
  • (4) When the wrapping IP is used as a soft error measure, failures inside the wrapping IP can also be recorded.

The wrapping IP developed by our company

For know-how regarding soft error measures, see the following document:

Know-how regarding soft error measures:

1. Soft errors might occur even though soft error measures are implemented.

Soft error measures of the FPGA do not suppress the occurrence of soft errors or reduce their frequency. The measures correct the data in the configuration RAM (CRAM) in which data inversion due to neutron rays occurred. Customers need to be aware that soft errors cannot be stopped.

2. System malfunctions might occur even though soft error measures are implemented.

Soft error measures for FPGAs monitor data inversions in the CRAM, and then correct the data at the location where the soft error occurs. For this reason, a malfunction might occur in the period from the time a soft error occurs to the time the data is corrected. To ensure system operation continues without interruption, measures against soft errors at the system level also need to be considered, and not just incorporating soft error measures for the FPGA.

3. Prior consideration of soft error measures are important.

A soft error cannot be intentionally generated in normal circumstances, so it is extremely difficult to check whether the logic incorporated for soft error measures is effective. To check the operation by performing evaluations on an actual machine, a function that generates pseudo soft errors needs to be installed. In addition, the logging function must also be installed to record soft errors after the system restarts because of a soft error. It is important to consider these functions in advance based on your system requirements.

Support for neutron irradiation tests and consulting for soft error measures

As a method for checking the impact of soft errors on products, we, in collaboration with Hitachi,Ltd., provide a neutron irradiation test service that uses particle accelerators owned by universities and other institutions.
We are entrusted with providing support for neutron irradiation tests and for providing consulting and design related to measures against FPGA soft errors.

Overview of device irradiation tests

Planning the test
  • Plan the device test.
  • Create tools used for the test.
Conducting the test and analyzing
  • Perform the device-irradiation test.
  • Analyze the test results.
Taking measures and performing design
  • Provide system design consultations and perform design under contract.
  • Provide FPGA design consultations and perform design under contract.

We are working on QASS (General Incorporated Association Quantum beam Application for Safe and Smart society) activities together with the Research and Development Group of Hitachi, Ltd., which participates in QASS.

Service details

The following table provides an overview of supported FPGAs and services provided by our company.

Overview of supported FPGAs
FPGA vendors Xilinx Intel
Supported devices
  • 7 Series
  • UltraScale Series
  • UltraScale+ Series
  • Stratix10
  • Arria10
  • V Series
  • Cyclone10
  • Max10
FPGA development tools Vivado Quartus Prime
Design language
  • Verilog-HDL
  • VHDL
  • SystemC
Engineering services
Soft error detection Y Y Y
Soft error correction Y Y N
Isolation implementation Y Y Y
Our unique services
Providing the wrapping IP Y N N
Installing the soft error
logging function
Y Y Y
Performing neutron irradiation tests* Y Y Y

Legend: Y: Available N: Not available

*:
Neutron irradiation tests can be performed on various devices (such as FPGA, RAM, ROM, and CPU), not only on a vendor’s devices.

Installation examples

Developing FPGA based on international standards

There are international standards for terrestrial telecommunication equipment. Our company has experience in developing FPGA based on international standards for telecommunication equipment.
Establishment of Soft Error Measures for Telecommunication Equipment and ITU-T International Standards.

Source: News Release of Hitachi, Ltd.

Measurement and evaluation of neutron irradiation, tolerance, and error information

One of the Hitachi’s Lumada customer cases for which services are provided is “Evaluation of the frequency of unreproducible failures in electronic systems caused by neutrons and suggestions on countermeasures based on our know-how”. In this customer case, we measured and evaluated neutron irradiation, tolerance, and error information.
Lumada use case: Evaluation of the frequency of unreproducible failures in electronic systems caused by neutrons and suggestions on countermeasures based on our know-how.

Source: Lumada, Hitachi, Ltd.