Research on Precise Synchronization System for Triple Modular Redundancy (TMR) Computer

Similar documents
DESIGNING AN ECU CPU FOR RADIATION ENVIRONMENT. Matthew G. M. Yee College of Engineering University of Hawai`i at Mānoa Honolulu, HI ABSTRACT

Logic Analyzer Triggering Techniques to Capture Elusive Problems

COPY RIGHT. To Secure Your Paper As Per UGC Guidelines We Are Providing A Electronic Bar Code

Logic Design. Flip Flops, Registers and Counters

The Design of Efficient Viterbi Decoder and Realization by FPGA

An MFA Binary Counter for Low Power Application

Chapter 5 Flip-Flops and Related Devices

Digilent Nexys-3 Cellular RAM Controller Reference Design Overview

FPGA Implementation of DA Algritm for Fir Filter

FLIP-FLOPS AND RELATED DEVICES

Efficient Architecture for Flexible Prescaler Using Multimodulo Prescaler

A Comparison of Literature Classification Schemes in Dewey Decimal Classification and New Classification Scheme for Chinese Libraries

2.6 Reset Design Strategy

Self Restoring Logic (SRL) Cell Targets Space Application Designs

Synchronous Sequential Logic

Faculty of Electrical & Electronics Engineering BEE3233 Electronics System Design. Laboratory 3: Finite State Machine (FSM)

An On-Chip Test Clock Control Scheme for Multi-Clock At-Speed Testing

Figure 1 shows a simple implementation of a clock switch, using an AND-OR type multiplexer logic.

Logic Design for Single On-Chip Test Clock Generation for N Clock Domain - Impact on SOC Area and Test Quality

YEDITEPE UNIVERSITY DEPARTMENT OF COMPUTER ENGINEERING. EXPERIMENT VIII: FLIP-FLOPS, COUNTERS 2014 Fall

AN EFFICIENT LOW POWER DESIGN FOR ASYNCHRONOUS DATA SAMPLING IN DOUBLE EDGE TRIGGERED FLIP-FLOPS

Last time, we saw how latches can be used as memory in a circuit

Guidance For Scrambling Data Signals For EMC Compliance

Chapter 2. Digital Circuits

Available online at ScienceDirect. Procedia Computer Science 46 (2015 ) Aida S Tharakan a *, Binu K Mathew b

Administrative issues. Sequential logic

Automated Verification and Clock Frequency Characteristics in CDC Solution

HIGH PERFORMANCE AND LOW POWER ASYNCHRONOUS DATA SAMPLING WITH POWER GATED DOUBLE EDGE TRIGGERED FLIP-FLOP

EMPTY and FULL Flag Behaviors of the Axcelerator FIFO Controller

Design and FPGA Implementation of 100Gbit/s Scrambler Architectures for OTN Protocol Chethan Kumar M 1, Praveen Kumar Y G 2, Dr. M. Z. Kurian 3.

A Symmetric Differential Clock Generator for Bit-Serial Hardware

CHAPTER 11 LATCHES AND FLIP-FLOPS

EECS150 - Digital Design Lecture 3 Synchronous Digital Systems Review. Announcements

Digital Electronics II 2016 Imperial College London Page 1 of 8

Digital Audio Design Validation and Debugging Using PGY-I2C

A Low Power Delay Buffer Using Gated Driver Tree

The Comparison of Chinese and English Idioms ----from the Perspective of Ethics You Wang 1,2

Chapter 7 Counters and Registers

3D Video Transmission System for China Mobile Multimedia Broadcasting

DIGITAL FUNDAMENTALS

Sequential circuits. Same input can produce different output. Logic circuit. William Sandqvist

Module -5 Sequential Logic Design

Design Of Error Hardened Flip-Flop Withmultiplexer Using Transmission Gates And N-Type Pass Transistors

Introduction. NAND Gate Latch. Digital Logic Design 1 FLIP-FLOP. Digital Logic Design 1

Synchronization Issues During Encoder / Decoder Tests

DESIGN OF A NEW MODIFIED CLOCK GATED SENSE-AMPLIFIER FLIP-FLOP

Jun-Hao Zheng et al.: An Efficient VLSI Architecture for MC of AVS HDTV Decoder 371 ture for MC which contains a three-stage pipeline. The hardware ar

Laboratory 1 - Introduction to Digital Electronics and Lab Equipment (Logic Analyzers, Digital Oscilloscope, and FPGA-based Labkit)

What's the SPO technology?

A NOVEL DESIGN OF COUNTER USING TSPC D FLIP-FLOP FOR HIGH PERFORMANCE AND LOW POWER VLSI DESIGN APPLICATIONS USING 45NM CMOS TECHNOLOGY

SOC Implementation for Christmas Lighting with Pattern Display Indication RAMANDEEP SINGH 1, AKANKSHA SHARMA 2, ANKUR AGGARWAL 3, ANKIT SATIJA 4 1

Universal Asynchronous Receiver- Transmitter (UART)

CS8803: Advanced Digital Design for Embedded Hardware

A MISSILE INSTRUMENTATION ENCODER

Efficient 500 MHz Digital Phase Locked Loop Implementation sin 180nm CMOS Technology

T 2 : WR = 0, AD 7 -AD 0 (μp Internal Reg.) T 3 : WR = 1,, M(AB) AD 7 -AD 0 or BDB

Design of Polar List Decoder using 2-Bit SC Decoding Algorithm V Priya 1 M Parimaladevi 2

BioTechnology. An Indian Journal FULL PAPER. Trade Science Inc.

Debugging of Verilog Hardware Designs on Altera s DE-Series Boards. 1 Introduction. For Quartus Prime 15.1

CS3350B Computer Architecture Winter 2015

CHAPTER 4: Logic Circuits

Metastability Analysis of Synchronizer

University College of Engineering, JNTUK, Kakinada, India Member of Technical Staff, Seerakademi, Hyderabad

RS flip-flop using NOR gate

Long and Fast Up/Down Counters Pushpinder Kaur CHOUHAN 6 th Jan, 2003

SDR Implementation of Convolutional Encoder and Viterbi Decoder

Objectives. Combinational logics Sequential logics Finite state machine Arithmetic circuits Datapath

The XYZs of Logic Analyzers

CS61C : Machine Structures

[Krishna*, 4.(12): December, 2015] ISSN: (I2OR), Publication Impact Factor: 3.785

CHAPTER 4: Logic Circuits

Scan. This is a sample of the first 15 pages of the Scan chapter.

Clock Domain Crossing. Presented by Abramov B. 1

UNIT-3: SEQUENTIAL LOGIC CIRCUITS

More on Flip-Flops Digital Design and Computer Architecture: ARM Edition 2015 Chapter 3 <98> 98

A Modified Static Contention Free Single Phase Clocked Flip-flop Design for Low Power Applications

Chapter 4. Logic Design

Figure 30.1a Timing diagram of the divide by 60 minutes/seconds counter

Notes on Digital Circuits

CSCB58 - Lab 4. Prelab /3 Part I (in-lab) /1 Part II (in-lab) /1 Part III (in-lab) /2 TOTAL /8

Digital Fundamentals: A Systems Approach

Design of a Binary Number Lock (using schematic entry method) 1. Synopsis: 2. Description of the Circuit:

Project 6: Latches and flip-flops

Novel Correction and Detection for Memory Applications 1 B.Pujita, 2 SK.Sahir

Modeling Latches and Flip-flops

POWER AND AREA EFFICIENT LFSR WITH PULSED LATCHES

English-Chinese Translation of Foreign Movie Titles Ying-Ying GU

Hello and welcome to this presentation of the STM32L4 Analog-to-Digital Converter block. It will cover the main features of this block, which is used

Implementation of CRC and Viterbi algorithm on FPGA

Final Exam review: chapter 4 and 5. Supplement 3 and 4

EECS145M 2000 Midterm #1 Page 1 Derenzo

Research Article Design and Implementation of High Speed and Low Power Modified Square Root Carry Select Adder (MSQRTCSLA)

ECE532 Digital System Design Title: Stereoscopic Depth Detection Using Two Cameras. Final Design Report

Design of New Dual Edge Triggered Sense Amplifier Flip-Flop with Low Area and Power Efficient

Experiment 8 Introduction to Latches and Flip-Flops and registers

Flip Flop. S-R Flip Flop. Sequential Circuits. Block diagram. Prepared by:- Anwar Bari

Asian Social Science August, 2009

Automatic Video Security System Based on Face-Recognition and Wireless Communication

FPGA Laboratory Assignment 4. Due Date: 06/11/2012

Design and analysis of microcontroller system using AMBA- Lite bus

Transcription:

ISBN 978-93-84468-19-4 Proceedings of 2015 International Conference on Electronics, Computer and Manufacturing Engineering (ICECME'2015) London, March 21-22, 2015, pp. 193-198 Research on Precise Synchronization System for Triple Modular Redundancy (TMR) Computer Wang Meng, Yue Su-ge, Zhao Yuan-fu, Lan li-dong, and Lu Zhen-lin Beijing Microelectronics Technology Institute, Beijing, 100076, China Abstract: The article presents a sound synchronization system which is composed by three synchronization modules: time-base synchronization module, period synchronization module and state synchronization module. By the principle of drag and wait, the period synchronization precision can reach 10ns. State synchronization precision and synchronization efficiency have also been greatly improved because of the fast hardware voting mechanism on FPGA and the close cooperation between hardware and software. Comprehensive fault detection mechanism also ensures the security of the TMR computer and makes the system more reliable. Keywords: TMR, Reliability, Synchronization Control, Fault detection. 1. Introduction TMR computer, via a vote of 2 out of 3, can put out the right results in the case of a single computer module breaks down, so it can ensure the reliability of the system[1]. Because of its high reliability, there is a strong application demand in the field such as aerospace, aviation, railway and so on [2]. Synchronization technology is one of the core technologies of the TMR fault-tolerant computer. Only when synchronous, the three modules of TMR computer can get the same input signal and transfer the data to the voter at the same time, finally give the correct outputs. However, ensuring synchronization of the three modules is actually difficult because of the clock drift, input delay and so on. The situation becomes more critical as the system operating frequency increases. Synchronization precision and synchronization efficiency have become the key factors that limit the performance of TMR computer [3]. Besides, in order to enhance the TMR system reliability, sound faultdetection mechanism must be built to monitor the system failure. 2. Related Work Many researches have been done on the synchronization of the TMR computer. The patent [4] implements synchronization of the TMR-DSP output data using a clock adjustment module which can record the periodic pulse signals and adjust the frequency and hold time of the input clock. Although it can make the clocks of each module synchronize precisely, it cannot achieve the synchronization of the executing state and the realization is complex. In the patent [5], discrete components are used to vote for the periodic clock from each processor, and give a unified interrupt, then each module responses the interrupt to achieve period synchronization. The design is simple, but the task of software is complicated which will definitely increase the synchronization time and reduce synchronization efficiency. In addition, lack of effective fault-detection mechanism will make the system difficult to detect fault and then recover from failure. The article [1] implements precise synchronization, making the synchronization precision below 30ns through dual state machine. However, it firstly use the traditional task synchronization to achieve rough synchronization, which will also reduce synchronization efficiency, and the low bandwidth will make it worse. This article presents a new technology to implement precise synchronization. The technology sets up a sound system which is composed by three synchronization modules: time-base synchronization module, period http://dx.doi.org/10.17758/ur.ul0315101 193

synchronization module and state synchronization module. The system can not only implement the precise synchronization and improve the synchronization efficiency, but also can rebuild itself soon after detecting the fault. In this paper, the synchronization system is researched in the third section. In the fourth section, the simulation results are given. A brief summary is made to this research in the last section. 3. Synchronization System Implementation Generally speaking, a precise synchronization system must achieve the period synchronization and state synchronization. In this paper, we design the time-base synchronization module and period synchronization module to achieve period synchronization and design the state synchronization module to achieve state synchronization. The synchronization system accomplishes in the FPGA, and the hardware structure in each computer module is completely same. We will explain in detail as follows. 3.1. Time-base Synchronization Module Restricted to crystal accuracy, clock error will continue to accumulate during the work period among the three separate computer modules, which will make the asynchronous degree increase. The time-base synchronization module supplies an adjusted count and timing pulse by the way that two time-base synchronization modules drag the other one. The errors of the three time-base synchronization modules will be no more than one clock, so when the adjusted pulse is used to clock the period synchronization module, the period asynchronous degree can be controlled. The functional block diagram is shown in figure 1. Symbol D presents latch. Fig. 1: Functional block diagram of time-base synchronization module Time-base synchronization is the most critical and basic synchronization of the whole system. Only when time-base synchronizes, can the period synchronization achieve. The signal us_a is called us_count signal generated by the module itself. When counter number counts down from reload number to set number (set by hardware, considering the internal delay of latches, here set number is 4 (decimal)), us_a puts out. Us-count signals us_b and us_c come from the other two modules. The input or output direction of a_start/b_start/ c_start signals are consistent with us-count signals. Fault-detection signals (a_fault/b_fault/c_fault) all come from the fault-detection module. The principle of time-base synchronization is that two modules drag the third one. That is, if any two us-count signals (us_a/us_b/us_c) are detected, all the three modules will put out the signal us_out to its own period synchronization module at the rising edge of next system clock, no matter what number the third one count to. The us_count signals are voted by the us_voter module which is implemented by combinational logic circuits. While putting out the signal us_out, us-count signal register is cleared and timehttp://dx.doi.org/10.17758/ur.ul0315101 194

base counter register is reloaded. As three modules are the same, the asynchronous degree will be no more than one clock when ignoring the error of signal transmission time. Several points that need to emphasize are as follows: 1) The principle of drag is reasonable, because the time-base synchronization module is independent. The time-base synchronization module and period synchronization module can be regarded as external timer. Dragging the slow one will not influence the proper work of three processors 2) Time-base reload register can be written by SPARC V8 processor through the bus. Different reload number will be written for different applications. 3) a_start/b_start/c_start and a_fault/b_fault/c_fault signals are used when single computer module restarts, powers off or powers on for the first time, which can make the system more reliable. 3.2. Period Synchronization Module In the field where real-time system is needed, program runs in fixed period. For TMR computer, three computer modules run independently. If the period does not synchronize, three computer modules will not start at the same time in every period and the output data cannot vote correctly. Period synchronization module just supplies a synchronized period signal. The functional block diagram is shown in figure 2. Symbol D presents latch. Fig. 2: Functional block diagram of period synchronization module The period synchronization module is clocked by the us_out signal generated by time base synchronization module, so the asynchronous degree can be controlled under one clock. Synchronized period signal period_out is the external interrupt signal to the processor. When detecting the interrupt signal, processors enter in the interrupt service program synchronously, then related data are changed and a new period starts. The interrupt signal can only be cleared by processor. The principle of period synchronization is to wait. When counter number counts down from reload number to set number (set by hardware, considering the internal delay of latches, here set number is 2 (decimal)), period_a puts out. If no computer module is in failure, the periodic interrupt signal Period_out will be generated when three period-count signals (Period_a/Period_b/Period_c) all arrive within the setting time. Latches of delay unit and period-count signal register are cleared while periodic interrupt signal triggers the processor. Latches of delay unit set the time to wait. Any two period-count signals arrival will start up the delay unit. It will not be cleared until the third period-count signal arrives within the setting time. If the delay time is full and the third period-count signal still does not arrive, delay unit and the related latches are also cleared. But http://dx.doi.org/10.17758/ur.ul0315101 195

the difference is that period_fault signal will be given and the indication signals (p_a_fault\p_b_fault\p_c_fault) will judge out the error module. The delay unit consisted of several latches is simple and can make the delay time more accurate. Period reload register can also be written by SPARC V8 processor through the bus. Different reload number will be written for different applications. A_fault/b_fault/c_fault signals from the fault detection module are used to monitor the failure of three modules, which makes the system more reliable. 3.3. State Synchronization Module State synchronization ensures the three modules to work at the same pace. Processors transfer the computer data to state synchronization module and get the vote results. Data vote and fault detection are accomplished by hardware, so the process of vote can accelerate. Because of the close cooperation between hardware and software, the vote efficiency highly increases. The functional block diagram is shown in figure 3. Fig. 3: Functional block diagram of state synchronization module At the vote point, data from processor are transferred into vote data register and data_a register, and vote data-arrival signal a_flag turns active immediately. Vote data are transferred to each other through separate 16- bit-buses, so the bandwidth is high. If three data-arrival signals (a_flag/b_flag/c_flag) all arrive, data voter starts to work. Thanks to the hardware and high bandwidth, the process of vote is fast. Vote state and vote results will be read in next two read-cycles of processor. When the asynchronous degree is not too much, the time of state synchronization will only consist of one write-period and two read-periods of processor and the precision can be controlled less than one read-period. If the data from one processor is different from the other two when voting, fault indicators are given to show that error occurs and one processor is in failure. When one module is in failure, 2 out of 3 data vote will be meaningless and state synchronization module will not be written and read. If the third data arrival signal does not arrive over two read-periods, processor will mark this and feedback the error to the fault detection unit. 4. Simulation Results Synchronization module is implemented in FPGA BQV300 designed by Beijing Microelectronics Technology Institute. The system frequency is 100MHz. Synthesis tool is XST and simulation tool is Isim. The language is Verilog HDL. Simulation results are shown as follows. The output will be same when detecting the same inputs for the three computer modules, so we just show the simulation results of one computer module. Ensuring that the input clock frequency of three computer modules is same, the asynchronous degree of output will be less than one clock. http://dx.doi.org/10.17758/ur.ul0315101 196

4.1. Time-base Synchronization Simulation Figure 4 shows the time-base synchronization simulation results. From the waveform, we can find that no matter which two us-count signals arrive, the us_out signal puts out and the reload signal is active. Three modules are all the same. Fig. 4: Time-base synchronization simulation results 4.2. Period Synchronization Simulation Figure 5 shows the period synchronization simulation results. There are three situations. 1) There is no module in failure and period count signals arrive within the setting time. Period_out is active correctly. Three modules are all the same. 2) Module A is in failure and the other two modules arrive. For module A, period_a is inactive and period_out is not given. Because module A is in failure, the period synchronization module should not give the interrupt signal, although two period count signals arrive. The other two modules are shown in situation 3). 3) Two period-count signals arrive and the third one does not arrive within the setting time (Supposed that module B is in failure). As shown, for the normal modules, period_out is given correctly after the setting time. Fault signals are given to indicate the error. Fig. 5: Period synchronization simulation results 4.3. State Synchronization Module Figure 6 shows the state synchronization simulation results. There are also three situations. 1) Data arrival signals all arrive and vote data are same. In this situation, vote results will be given at the rising edge of the third system clock after all three data arrival signals arrive. Vote results (25128) are same to the three vote data and can be read correctly in the second read-period. No fault signal is given. 2) One vote data (360) is different from the other two (25128), the results obey the principle of 2 out 3 and the fault signal is given. The module will report that which module is in failure. 3) The third data-arrival-signal does not arrive in two read-periods. The late module will be judged out by reading the STATE_REG and the outcome will be feedback to the fault detection unit. http://dx.doi.org/10.17758/ur.ul0315101 197

5. Summary Fig. 6: State synchronization simulation results The article presents a sound synchronization system achieving the synchronization of TMR computer. The system can not only implement the precise synchronization and improve the synchronization efficiency, but also can rebuild itself soon after detecting the fault. The period synchronization precision can be about 10ns. State synchronization precision can be about 50ns and the time consumption will be less than 150ns. Workload of software will become much less in cooperation with the synchronization system. The improved synchronization precision and efficiency will make the TMR computer more reliable. 6. References [1] Zhang Wei-gong, Zhang Yong-xiang, Shang Yuan-yuan, Research on Precise Synchronization for TMR Fault- Tolerant Embedded Computer, in Proc. International Conference on Multimedia Information Networking and Security, 2009, pp. 322-325. http://dx.doi.org/10.1109/mines.2009.98 [2] Yang Meng-fei, Guo Shu-ling, Sun Zeng-qi, On-Board Computer Techniques for Spacecraft Control, Aerospace Control, vol. 23, pp. 69-73, Apr 2005. [3] Song Zheng-yu, The synchronization Control Technology in Launch Vehicle Redundant Design, Manned Spaceflight, vol. 19, pp. 11-16, Mar 2013. [4] Tong Jie-wen, Wang Hui-quan, Jin Zhong-he, On-Board TMR System Based on clock synchronization technology, C.N. Patent 103389914 A, Nov 13, 2013. [5] Feng Yan-jun, Li Ren-xin, Qiao Lei, A Periodic Synchronization Mechanism for TMR Fault-Tolerant Computer, C.N. Patent 102053883 B, Aug 22, 2010. http://dx.doi.org/10.17758/ur.ul0315101 198

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback