CN112306726A - Single-particle-upset-resistant system and method - Google Patents

Single-particle-upset-resistant system and method Download PDF

Info

Publication number
CN112306726A
CN112306726A CN202011123992.9A CN202011123992A CN112306726A CN 112306726 A CN112306726 A CN 112306726A CN 202011123992 A CN202011123992 A CN 202011123992A CN 112306726 A CN112306726 A CN 112306726A
Authority
CN
China
Prior art keywords
industrial
starting
processing chip
fpga
grade
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011123992.9A
Other languages
Chinese (zh)
Other versions
CN112306726B (en
Inventor
任涛
毛佳佳
阮翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 52 Research Institute
Original Assignee
CETC 52 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 52 Research Institute filed Critical CETC 52 Research Institute
Priority to CN202011123992.9A priority Critical patent/CN112306726B/en
Publication of CN112306726A publication Critical patent/CN112306726A/en
Application granted granted Critical
Publication of CN112306726B publication Critical patent/CN112306726B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • G06F11/0757Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1004Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • G06F12/0238Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
    • G06F12/0246Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory in block erasable memory, e.g. flash memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)

Abstract

The invention discloses a single event upset resistance system and a single event upset resistance method, wherein the system comprises an industrial-grade FPGA, an industrial-grade processing chip, an industrial-grade watchdog circuit, a group of industrial-grade SPI FLASH memory chips and two groups of OTP PROM memory chips; the method comprises the steps that an industrial-level watchdog circuit monitors the running state of an industrial-level FPGA by receiving a dog feeding signal output by the industrial-level FPGA, and controls the industrial-level FPGA to reset and restart when the running state of the industrial-level FPGA is abnormal; an internal watchdog circuit arranged in the industrial-level FPGA monitors the running state of the industrial-level processing chip by receiving a dog feeding signal output by the industrial-level processing chip, and controls the industrial-level processing chip to reset and restart when the running state of the industrial-level processing chip is abnormal. The invention considers the single event upset and recovery conditions of the memory chip, the processing chip and the FPGA, and reduces the dependence on the frequent erasure of the memory chip.

Description

Single-particle-upset-resistant system and method
Technical Field
The application belongs to the technical field of environmental radiation resistance, and particularly relates to a single event upset resistance system and a single event upset resistance method.
Background
It is well known that particle radiation from charged particles in the upper atmosphere and outer space can have a severe impact on electronic devices. With the development of microelectronic processes, small-sized, high-density and low-voltage devices are increasingly applied to environmental radiation conditions such as aerospace and the like. Researchers have paid more attention to the safety problem caused by the single event upset effect. In order to resist the single event upset effect, various single event upset resisting systems are designed and applied to different fields. Meanwhile, with the rapid development of commercial aerospace, the requirements of a low-cost and high-reliability single event upset resistant system are gradually highlighted.
Generally, the conventional single event upset resistant system design comprises: 1 aerospace level processor (ARM or DSP, etc.), 2 PROMs, 1 large-scale service FPGA, 1 antifuse FPGA, and buffer (SDRAM, DDR, etc.). Although the traditional single event upset resistant system can obtain higher system reliability, the defect is obvious, and the huge hardware cost brought by applying a large number of anti-radiation and anti-fuse devices to the system can not be borne by most common users.
There are also low-cost single event upset resistant systems implemented using industrial and military grade chips. The main implementation scheme is to use a plurality of industrial-grade memory chips for redundancy backup. In a common low-cost single event upset resistant system, a FLASH chip with low reliability is used as a key data storage chip, and a long-term reliable data source is unavailable. Although a plurality of FLASH chips are used for redundancy design, the probability of simultaneous failure of the redundancy design is gradually increased along with the increase of the chip capacity, the abrasion of the chip and the limitation of the error correction capability of the algorithm. In the redundancy backup scheme, after data errors, correct data synchronization is realized by means of erasing operation on the FLASH, and the erasing operation itself wears a storage chip, so that the service life of the chip is shortened. Meanwhile, the reliability of an industrial chip added in the system design as a protection measure cannot be ensured in a general low-cost single event upset resistant system, and the system design is lack of a reliable basis.
Disclosure of Invention
The application aims to provide a single event upset resistance system and a single event upset resistance method, which consider the single event upset and recovery conditions of a memory chip, a processing chip and an FPGA and reduce the dependence on frequent erasure of the memory chip.
In order to achieve the purpose, the technical scheme adopted by the application is as follows:
a single event upset resistance system, the single event upset resistance system comprising: the system comprises an industrial-grade FPGA, and an industrial-grade processing chip, an industrial-grade watchdog circuit, a group of industrial-grade SPI FLASH memory chips and two groups of OTP PROM memory chips which are connected with the industrial-grade FPGA;
an internal watchdog circuit is arranged in the industrial-level FPGA, monitors the running state of the industrial-level processing chip by receiving a dog feeding signal output by the industrial-level processing chip, and controls the industrial-level processing chip to reset and restart when the running state of the industrial-level processing chip is abnormal;
the industrial-grade watchdog circuit is used for monitoring the running state of the industrial-grade FPGA by receiving the dog feeding signal output by the industrial-grade FPGA, and controlling the reset and restart of the industrial-grade FPGA when the running state of the industrial-grade FPGA is abnormal;
the group of industrial SPI FLASH memory chips comprise one or more industrial SPI FLASH memory chips which are arranged in parallel, and each industrial SPI FLASH memory chip is used for independently storing a configuration file and a check code required by starting of the industrial processing chip;
in the two sets of OTP PROM memory chips, the first set of OTP PROM memory chips is used for storing the configuration file and the check code required by the starting of the industrial processing chip, and the second set of OTP PROM memory chips is used for storing the configuration file required by the starting of the industrial FPGA.
Several alternatives are provided below, but not as an additional limitation to the above general solution, but merely as a further addition or preference, each alternative being combinable individually for the above general solution or among several alternatives without technical or logical contradictions.
Preferably, one of the two sets of OTP PROM memory chips includes one or more OTP PROM memory chips, the other set includes one or more OTP PROM memory chips, and the plurality of OTP PROM memory chips in the set having the plurality of OTP PROM memory chips are cascaded.
The application also provides a single event upset resistance method, which is realized based on the single event upset resistance system, and the single event upset resistance method comprises an operation monitoring stage, wherein the operation monitoring stage comprises the following steps:
the industrial-grade watchdog circuit monitors the running state of the industrial-grade FPGA by receiving the dog feeding signal output by the industrial-grade FPGA, and controls the industrial-grade FPGA to reset and restart when the running state of the industrial-grade FPGA is abnormal;
and an internal watchdog circuit arranged in the industrial-level FPGA monitors the running state of the industrial-level processing chip by receiving a dog feeding signal output by the industrial-level processing chip, and controls the industrial-level processing chip to reset and restart when the running state of the industrial-level processing chip is abnormal.
Preferably, the industrial-level watchdog circuit controls the reset and restart of the industrial-level FPGA when the operating state of the industrial-level FPGA is abnormal, and the reset and restart control method includes:
outputting a reset signal to the industrial-level FPGA, wherein the reset signal is used for resetting and restarting the industrial-level FPGA, and the resetting and restarting of the industrial-level FPGA comprises the following steps: and the industrial-grade FPGA reads the configuration file in the second group of OTP PROM memory chips for starting.
Preferably, the controlling reset and restart of the industrial-level processing chip when the operating state of the industrial-level processing chip is abnormal by the industrial-level FPGA includes:
outputting a reset signal to the industrial-grade processing chip;
controlling an industrial level processing chip to start based on a preset mode;
the preset mode comprises a normal starting mode, a refreshing starting mode and a safe starting mode, wherein:
the normal start mode includes: controlling an industrial-grade processing chip to read a configuration file and a check code in an industrial-grade SPI FLASH memory chip for starting;
the refresh enabled mode includes: updating the configuration file and the check code stored in the industrial SPI FLASH storage chip, and controlling the industrial processing chip to read the configuration file and the check code in the industrial SPI FLASH storage chip for starting;
the secure boot mode comprising: and reading the configuration file and the check code in the first group of OTP PROM memory chips, and providing the configuration file and the check code for the industrial processing chip for starting.
Preferably, the method for resisting single event upset further includes a power-on start phase, where the power-on start phase is implemented in the industrial FPGA, and includes:
reading a configuration file in a second group of OTP PROM memory chips for starting;
outputting a dog feeding signal to the industrial watchdog circuit;
controlling an industrial level processing chip to start based on a preset mode;
the preset mode comprises a normal starting mode, a refreshing starting mode and a safe starting mode, wherein:
the normal start mode includes: controlling an industrial-grade processing chip to read a configuration file and a check code in an industrial-grade SPI FLASH memory chip for starting;
the refresh enabled mode includes: updating the configuration file and the check code stored in the industrial SPI FLASH storage chip, and controlling the industrial processing chip to read the configuration file and the check code in the industrial SPI FLASH storage chip for starting;
the secure boot mode comprising: and reading the configuration file and the check code in the first group of OTP PROM memory chips, and providing the configuration file and the check code for the industrial processing chip for starting.
Preferably, the method for resisting single event upset, the controlling starting of the industrial-level processing chip based on the preset mode, includes:
detecting whether a safe starting mark is set or not, and starting an industrial-level processing chip based on a safe starting mode if the safe starting mark is set; if the safe starting mark is not set, starting based on a normal starting mode;
identifying a dog feeding signal after a preset time m, and if the dog feeding signal is identified, starting successfully; if the dog feeding signal is not identified, detecting whether a refreshing starting mark is set;
if the refresh start flag is not set, setting the refresh start flag and starting the industrial-level processing chip based on the refresh start mode; if the refresh start flag is set, setting a safe start flag and starting the industrial-level processing chip based on the safe start mode;
identifying a dog feeding signal after a preset time m, and if the dog feeding signal is identified, starting successfully; if the dog feeding signal is not recognized, whether the safety starting mark is set or not is detected again.
Preferably, after the industrial-level processing chip is successfully started, the industrial-level processing chip sends a one-time dog feeding signal at an interval of preset time n, the industrial-level FPGA identifies the one-time dog feeding signal at an interval of preset time q to monitor the operation of the industrial-level processing chip, wherein the time units of m, n and q are the same, and m > q > n.
Preferably, the reading the configuration file and the check code in the first set of OTP PROM memory chips and providing the configuration file and the check code for the industrial processing chip to start includes:
reading a configuration file and a check code in a first group of OTP PROM memory chips;
performing corresponding segmented storage on the configuration file and the check code according to the number of times of data burst reading and the address in the starting configuration process of the industrial-grade processing chip;
and sequentially providing the data stored in the segments to an industrial-grade processing chip for starting.
According to the single event upset resistant system and the single event upset resistant method, the reliable storage of key data (such as configuration files, check codes and the like) is realized by adopting the OTP PROM memory chip, the long-term correctness and effectiveness of data sources are ensured, and the condition that the system cannot continue to work normally due to the simultaneous failure of redundant chips is overcome; the single event upset fault recovery of the processor and the FPGA is further considered, the processor and the FPGA are monitored in real time in a two-stage watchdog mode, and the processor and the FPGA are ensured to recover in time after single event upset occurs; 3 starting modes are configured based on the system, rapid and reliable starting and fault recovery are realized, the provided safe starting mode only carries out data reading operation, the dependence of the conventional single event upset resisting system on frequent erasing of a FLASH chip and data error correction realization of programming operation is avoided, the application has no abrasion on the storage chip, and the service life of the system is favorably prolonged.
Drawings
FIG. 1 is a schematic structural diagram of a single event upset resistant system according to the present application;
FIG. 2 is another schematic structural diagram of the single event upset resistant system of the present application;
FIG. 3 is another structural schematic diagram of the single event upset resistant system of the present application;
fig. 4 is a flowchart of a method for resisting single event upset in embodiment 1 of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It will be understood that when an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
Single Event Upset (SEU) is a phenomenon in which a memory cell undergoes bit upset due to spatial particle radiation, and single event upset has a serious influence on the normal operation of electronic equipment, so that the demand of each field on the design of resisting single event upset is increasing.
As shown in fig. 1, the present embodiment provides a single event upset resistant system, which includes: the system comprises an industrial-grade FPGA, and an industrial-grade processing chip, an industrial-grade watchdog circuit, a group of industrial-grade SPI FLASH memory chips and two groups of OTP PROM memory chips which are connected with the industrial-grade FPGA.
Compared with the traditional single event upset resistant system, the system does not adopt high-grade and high-cost electronic devices such as aerospace grade and anti-irradiation, and the hardware cost of the system is greatly reduced.
The industrial-level FPGA of the embodiment is internally provided with an internal watchdog circuit, the internal watchdog circuit monitors the running state of the industrial-level processing chip by receiving a dog feeding signal output by the industrial-level processing chip, and controls the industrial-level processing chip to reset and restart when the running state of the industrial-level processing chip is abnormal. For convenience of description, the watchdog between the industrial-scale processing chip and the industrial-scale FPGA is referred to as the level 2 watchdog.
In the single event upset resistant system of the embodiment, the industrial processor can meet various application requirements such as control and scheduling through custom program design. The normal operation of the processor and effective fault recovery measures are key to ensuring reliable operation of the system. Therefore, the running state of the industrial processor is monitored in real time through the level 2 watchdog, the industrial processor sends out periodic dog feeding signals to feed back the normal running state of the industrial processor through running a dog feeding process after being started, and the dog feeding signals are closed in an active or passive mode under abnormal conditions to cause the system to reset and restart the industrial processor.
The industrial-level watchdog circuit connected in the system monitors the running state of the industrial-level FPGA by receiving the dog feeding signal output by the industrial-level FPGA, and controls the reset and restart of the industrial-level FPGA when the running state of the industrial-level FPGA is abnormal. And taking a watchdog between the industrial-level FPGA and the industrial-level watchdog circuit as a level 1 watchdog.
The industrial-level FPGA in the system realizes the functions of reset control of the processor, watchdog feeding state monitoring, system safe starting and the like through logic programs. Meanwhile, the system monitors the running state of the industrial-grade FPGA in real time through the 1 st-grade watchdog, under the normal running state, the fault monitoring of the FPGA is realized by the watchdog feeding signal output inside the industrial-grade FPGA, and under the fault state, the industrial-grade FPGA can be refreshed again through the external industrial-grade watchdog circuit.
The watchdog circuit (the industrial watchdog circuit and the internal watchdog circuit of the industrial FPGA) is internally provided with a fixed minimum dog feeding time parameter in a monitoring state, the input condition of a dog feeding signal is continuously monitored at the time interval, if the condition that the time interval from power-on starting to the first dog feeding signal or the time interval between two dog feeding signals exceeds the internal minimum dog feeding time parameter occurs, the situation that the industrial processing chip or the industrial FPGA has single event upset or abnormal operation is judged, and the reset restart of the industrial processing chip or the industrial FPGA is controlled.
FLASH memory chips are often used as storage media for boot files, operating systems, and applications (hereinafter, briefly described as configuration files of a processor) of a processor. However, the single event upset effect affects the radiation environment, the bit upset phenomenon of the FLASH memory chip is aggravated, and when the number of error bits exceeds the error correction capability of the system, the critical information (such as configuration files and check codes of the processor) will be invalid, and the normal operation of the electronic device will be seriously affected.
Therefore, the embodiment is provided with the FLASH memory chip and the OTP PROM memory chip at the same time. The group of industrial-grade SPI FLASH memory chips provided in this embodiment includes one or more industrial-grade SPI FLASH memory chips arranged in parallel, and each of the industrial-grade SPI FLASH memory chips is used for independently storing a configuration file and a check code required for starting the industrial-grade processing chip.
In the two sets of OTP PROM memory chips, a first set of OTP PROM memory chips (OTP PROM (processor)) is used for storing the configuration file and the check code required by the starting of the industrial-level processing chip, and a second set of OTP PROM memory chips (OTP PROM (FPGA)) is used for storing the configuration file required by the starting of the industrial-level FPGA.
The OTP PROM memory chip (one-time burning ROM memory) is used as a nonvolatile memory device, only allows one-time writing, and is internally provided with an antifuse structure, so that the single event effect is immune. Compared with a common memory chip, after the OTP PROM is written in once, the stored data can not generate single event upset under the irradiation environment, so that the safe and effective storage of key information can be ensured, and the reliability of the system is improved.
Since the OTP PROM memory chip with low cost and large capacity is usually a common serial port or parallel port, and does not have an SPI or IIC interface directly accessible by the processor, and does not have an address line, and cannot perform addressing, the embodiment uses the SPI FLASH memory chip as a memory chip for the processor configuration file and the check code. For the data error condition caused by bit inversion which may occur in an SPI FLASH memory chip, the read and refresh process of the backup data of the OTP PROM (processor) is completed through an industrial-grade FPGA, and the data correction is completed.
In the embodiment, the reliable storage of key data (such as configuration files, check codes and the like) is realized by adopting the OTP PROM memory chip, the long-term correctness and effectiveness of data sources are ensured, and the condition that the system cannot continue to work normally due to the simultaneous failure of redundant chips is overcome.
When only one industrial SPI FLASH memory chip is arranged, the industrial SPI FLASH memory chip and the OTP PROM memory chip are matched to provide a long-term stable data source for an industrial processing chip; as shown in fig. 2, when the industrial-level SPI FLASH memory chip has multiple chips, the redundant design of the multiple industrial-level SPI FLASH memory chips can implement error refresh of the industrial-level SPI FLASH memory chip itself, and the industrial-level SPI FLASH memory chip can also be selected as a primary and secondary memory chip, increasing the erasable times of the whole system; and the plurality of industrial-grade SPI FLASH memory chips are matched with the OTP PROM memory chip, the condition that the system is paralyzed due to the fact that all redundancy designs are overturned can be effectively avoided, the flexibility of the use of the system is improved through the matching of the redundancy designs and the OTP PROM memory chip, and the reliability of the operation of the system is improved.
According to the method and the device, the condition that the single event upset is sent by the SPI FLASH storage chip is not only considered, but also the running states of the industrial processor and the industrial FPGA are monitored through two stages of watchdog, and the single event upset is guaranteed to be recovered in time. The priority of the 1 st level watchdog is higher than that of the 2 nd level watchdog, and meanwhile, the number of industrial level watchdog circuits connected with the system is reduced to 1 in a cascading mode, so that the overall cost of the system is effectively controlled.
As shown in fig. 3, since the OTP PROM memory chip has higher capacity and a cascade function, the storage capacity of the system can be expanded according to actual conditions, thereby meeting more complex system requirements. In one embodiment, two sets of OTP PROM memory chips, one set including one or more OTP PROM memory chips and the other set including one or more OTP PROM memory chips, are cascaded, with multiple OTP PROM memory chips in the set of multiple OTP PROM memory chips.
The OTP PROM memory chip takes an XQ17V16CK44M chip as an example, the memory capacity of a single chip is 2MB, chip cascade is supported, theoretically infinite cascade can be realized, and the file memory requirement of any size is met.
The SPI FLASH memory chip described in this embodiment is a FLASH memory chip whose interface is in the form of an SPI, and the FLASH memory chip itself is a NOR FLASH type memory chip. The SPI FLASH memory chip in the present application is a preferred memory chip, but is not limited to that the memory chip in the system is only an SPI FLASH memory chip, and for example, NAND FLASH and NOR FLASH are common storage media for a processor to store an operating system and an application program. Wherein the NAND FLASH interface is a special access interface supporting ONFI protocol and has special interface timing. NOR FLASH has an SPI serial interface and a BPI parallel interface.
Compared with the traditional single event upset resistant system, the invention does not adopt high-grade and high-cost electronic devices such as aerospace grade, anti-irradiation and the like, so that the hardware cost of the system is greatly reduced. The method is different from the conventional general industrial chip-based single event upset resistant system realized by redundancy, check refreshing and other modes, and a reliable storage mode is adopted. Meanwhile, a single event upset fault recovery way of a processor and a programmable logic device (FPGA) is provided, and the system reliability is further improved.
The model of the low-cost electronic component applicable to the single event upset resisting system is shown in the table 1.
TABLE 1 electronic Components model number
Serial number Name (R) Specification, model Number of Manufacturer of the product
1 Industrial grade processing chip AM3358ZCZD72 1 TI
2 Industrial-grade FPGA XC2V1000-4FG456I 1 XILINX
3 SPI FLASH S25FL256SAGMFI00 1 SPANSION
4 Industrial grade watchdog circuit MAX706RESA 1 MAXIM
5 OTP PROM XQ17V16CK44M 2 XILINX
Based on table 1, it can be seen that the electronic component can achieve excellent anti-interference performance based on low cost, has high practical value, and can be applied to electronic instrument equipment in radiation interference environments such as aviation and aerospace.
In another embodiment, a single event upset resistance method is further provided, and the method is implemented based on the single event upset resistance system described in any one of the above embodiments.
The single event upset resistant system is mainly used for monitoring and recovering the operation of an industrial processor. The system mainly has the functions of ensuring the normal operation of the industrial-level processing chip and completing system recovery under the condition that the industrial-level processing chip has faults such as single-particle upset and the like, meanwhile, the industrial-level devices are easily influenced by the irradiation environment to have single-particle upset, and the normal operation of the industrial-level devices is ensured by adding recovery measures.
Therefore, the method for resisting single event upset of this embodiment includes an operation monitoring phase, and the operation monitoring phase includes:
the industrial-grade watchdog circuit monitors the running state of the industrial-grade FPGA by receiving the dog feeding signal output by the industrial-grade FPGA, and controls the industrial-grade FPGA to reset and restart when the running state of the industrial-grade FPGA is abnormal.
And an internal watchdog circuit arranged in the industrial-level FPGA monitors the running state of the industrial-level processing chip by receiving a dog feeding signal output by the industrial-level processing chip, and controls the industrial-level processing chip to reset and restart when the running state of the industrial-level processing chip is abnormal.
In the existing single event upset resistance, normal starting and fault recovery of a processing chip are generally realized only through an FPGA (field programmable gate array), and operation monitoring of the FPGA is often ignored, so that the processing chip cannot be normally started or recovered when the FPGA sends a single event upset or fault, and system operation paralysis is caused. According to the method and the device, through two-stage monitoring, fault recovery is set for the FPGA and the processing chip, and the reliability of single event upset resistance is effectively improved.
Wherein industrial level watchdog circuit controls industrial level FPGA to reset and restart when the running state of industrial level FPGA is unusual, include:
outputting a reset signal to the industrial-level FPGA, wherein the reset signal is used for resetting and restarting the industrial-level FPGA, and the resetting and restarting of the industrial-level FPGA comprises the following steps: and the industrial-grade FPGA reads the configuration file in the second group of OTP PROM memory chips for starting.
The industrial-grade FPGA is a main component in the single event upset resisting system and plays a crucial role in the single event upset resisting method, so that the independent monitoring restart structure designed for the industrial-grade FPGA is convenient for quick recovery when the industrial-grade FPGA is abnormal. Therefore, in the system operation monitoring process, the watchdog priority between the industrial-level FPGA and the industrial-level watchdog circuit is higher than that between the industrial-level processing chip and the industrial-level FPGA.
How the industrial-grade FPGA selects the OTP PROM memory chips to read the configuration files for self starting depends on the connection of ports, two sets of OTP PROM memory chips are connected to different ports of the FPGA, the second set of OTP PROM memory chips are connected with the configuration ports when the industrial-grade FPGA is started, and the first set of OTP PROM memory chips are connected with the common ports of the industrial-grade FPGA.
In this embodiment, the controlling reset and restart of the industrial-level processing chip by the industrial-level FPGA when the operating state of the industrial-level processing chip is abnormal includes:
outputting a reset signal to the industrial-grade processing chip;
and controlling the starting of the industrial-level processing chip based on the preset mode.
In order to increase the success rate of starting the industrial-level processing chip, the preset modes are set in this embodiment to include a normal starting mode, a refresh starting mode, and a secure starting mode. The starting with high reliability is completed by selecting or matching the 3 starting modes.
A normal start-up mode comprising: and controlling the industrial-grade processing chip to read the configuration file and the check code in the industrial-grade SPI FLASH memory chip for starting.
A refresh enable mode comprising: and updating the configuration file and the check code stored in the industrial SPI FLASH storage chip, and controlling the industrial processing chip to read the configuration file and the check code in the industrial SPI FLASH storage chip for starting.
A secure boot mode comprising: and reading the configuration file and the check code in the first group of OTP PROM memory chips, and providing the configuration file and the check code for the industrial processing chip for starting.
In this embodiment refreshes the start mode, the update to industrial level SPI FLASH memory chip has multiple forms, when only setting up a slice of industrial level SPI FLASH memory chip in the anti-single event upset system, the update to industrial level SPI FLASH memory chip can be: and the industrial-grade FPGA erases the industrial-grade SPI FLASH memory chip, reads the configuration file of the industrial-grade processing chip and the check code from the first group of OTP PROM memory chips and writes the check code into the SPI FLASH memory chip.
When a plurality of industrial-grade SPI FLASH memory chips are set in the single-event upset resistant system, the update of the industrial-grade SPI FLASH memory chips may be: the content in the industrial-grade SPI FLASH memory chip with the single event upset is corrected by using the content in the industrial-grade SPI FLASH memory chip without the single event upset, and the industrial-grade SPI FLASH memory chip can be corrected by directly using the configuration file and the check code in the OTP PROM memory chip. The selection is made according to the actual system architecture and the refresh requirements.
For the three startup modes provided by this embodiment, one or more startup modes can be selected for use in practical application, and when multiple startup modes are used in combination, the normal-refresh-safe startup modes can be sequentially executed in the order, or other execution orders can be defined, so that the present application can be applied to multiple different environments, and has the best startup efficiency and startup reliability in each environment.
The method of the embodiment is used for solving the possible faults in the starting process: for example, the startup modes of three different levels are set, such as the storage information overturn of the SPI FLASH, the fault or failure of the SPI FLASH and the like. Normally, in an abnormal-free state, the system is started based on a normal starting mode, when an SPI FLASH memory chip is influenced by an irradiation environment and an internal storage information bit is turned over, so that a kernel fails to start or fails to check in a process of loading and configuring a processor, the processor passively or actively gives up calling a dog feeding process, an FPGA cannot receive a dog feeding signal of the processor within a fixed time limit, and the system enters a refreshing starting mode.
Whether the SPI FLASH memory chip is refreshed successfully or fails in the refreshing starting mode, the processor is reset by the FPGA to finish reloading and checking of the processor, and the system is started after the processor is checked to be normal. If the SPI FLASH memory chip still has the error which can not be corrected or the fault is invalid, the starting failure condition still occurs after the refreshing starting mode is acted, and the system can enter the safe starting mode.
In the starting process of the safe mode, if the processor is influenced by the single event upset and fails to start, the system can repeatedly carry out the safe starting mode until the starting is successful. More importantly, the repeated safe starting mode only relates to the reading operation of the OTP PROM (processor), has no abrasion to the chip and does not influence the service life of the chip.
In order to better realize the switching judgment of the three startup modes, in an embodiment, a relevant mark is added to ensure the orderliness and the fluency of the startup, that is, in this embodiment, the startup of the industrial-level processing chip is controlled based on a preset mode, which includes:
detecting whether a safe starting mark is set or not, and starting an industrial-level processing chip based on a safe starting mode if the safe starting mark is set; and if the safe starting mark is not set, starting based on a normal starting mode.
Identifying a dog feeding signal after a preset time m, and if the dog feeding signal is identified, starting successfully; if the dog feeding signal is not recognized, whether a refresh start flag is set is detected.
If the refresh start flag is not set, setting the refresh start flag and starting the industrial-level processing chip based on the refresh start mode; and if the refresh start flag is set, setting a safe start flag and starting the industrial-level processing chip based on the safe start mode.
Identifying a dog feeding signal after a preset time m, and if the dog feeding signal is identified, starting successfully; if the dog feeding signal is not recognized, whether the safety starting mark is set or not is detected again.
In the embodiment, the switching execution of the three starting modes in the whole starting process is controlled through the safe starting mark and the refreshing starting mark, so that the best starting mode is executed in a proper environment, the starting is completed by using the simplest process under a normal condition, and the starting reliability and efficiency are considered.
The setting of the security initiation flag and the refresh initiation flag may be to change the flag field from 0 as a default value to 1, or to change the default property of the flag field, and the flag field is restored to the default value each time power is turned on.
Considering that the system may not only have a single event upset phenomenon in the operation phase, but also may have a single event upset phenomenon directly in the power-on start phase, the method for resisting single event upset of this embodiment further includes a power-on start phase, and the power-on start phase is implemented in the industrial FPGA, and includes:
and reading a configuration file in a second group of OTP PROM memory chips for starting.
And outputting a dog feeding signal to the industrial watchdog circuit so as to facilitate the industrial watchdog circuit to monitor the industrial FPGA in time.
And controlling the starting of the industrial-level processing chip based on the preset mode. Similarly, the preset mode here also includes three startup modes, and for the selection execution of the three startup modes, reference may be made to the selection execution manner in the operation monitoring stage, which is not described herein again.
The single event upset resistant method provided by the embodiment not only realizes single event upset recovery operation in the power-on starting stage, but also monitors the running processor and the running FPGA so as to recover in time when single event upset is sent, and ensures normal running of the system in the whole process.
And in the power-on starting stage, the processor and the FPGA are normally powered on and started, and enter the operation monitoring stage after being started, if the processor or the FPGA has abnormal operation caused by single event upset in the operation monitoring stage, the processor or the FPGA is restarted, and the operation monitoring stage is continued after the processor or the FPGA is restarted, so that the sustainable and normal operation of the whole system is ensured.
Because the power-on start or restart time of the processor is long, the 2 nd level watchdog is set in the embodiment to have time self-adaptation, that is, after the industrial level processing chip is successfully started, the industrial level processing chip sends a one-time dog feeding signal at a preset time interval n, and the industrial level FPGA identifies the one-time dog feeding signal at a preset time interval q to perform operation monitoring on the industrial level processing chip, wherein the time units of m, n and q are the same, and m > q > n.
And m is usually set to be 60 seconds, namely, the time interval for detecting the dog feeding signal for the first time when the processor is powered on and started or restarted by the industrial-grade FPGA is set to be longer so as to reserve enough waiting time and avoid entering a state of circularly starting the processor. After 60 seconds, the industrial-level FPGA can receive the dog feeding signal output by the processor, and the processor sends the dog feeding signal every 3 seconds (that is, n is 3 seconds), so the embodiment sets that the industrial-level FPGA detects the dog feeding signal every 5 seconds (that is, q is 5 seconds) after 60 seconds, and monitors the operation of the processor.
It should be noted that, on the premise that m > q > n is satisfied, the specific time lengths of m, n, and q may be adjusted according to the characteristics of the processor and the detection performance of the industrial-grade FPGA. The 1 st level watchdog can adopt a time self-adaptive detection mode similar to the 2 nd level watchdog; the time can also be fixed, namely a fixed time detection mode, and any mode is applicable because the industrial-grade FPGA is started quickly.
The OTP PROM memory chip is a low-cost anti-fuse device and is generally taken as a storage medium of an FPGA configuration file, and the access mode of the OTP PROM memory chip is directly adapted to the FPGA. The application further uses an OTP PROM memory chip as a configuration file storage medium of the processor. The FPGA is used for starting the safety mode in the middle, the processor which cannot be directly matched originally and the OTP PROM are butted through internal logic of the FPGA, and the problem that FLASH is limited by FLASH erasing times when single event upset is solved by erasing FLASH in the prior art is solved.
In the safe starting mode, the industrial-level FPGA directly controls the industrial-level processing chip to read the configuration file and the check code from the OTP PROM storage chip so as to ensure normal starting. Because the industrial-grade processing chip has the situation of repeated reading of the address of data burst reading in the starting configuration process, for the situation, the industrial-grade SPI FLASH memory chip can support random jump to the appointed address for data access because the industrial-grade SPI FLASH memory chip has the address, but for the OTP PROM memory chip, the reading process must be sequential, the appointed address access cannot be performed, the fixed position data is automatically increased once the address is passed, if the repeated reading can only be restarted from the starting address, and the processor cannot wait for obtaining the configuration file and the check code, and cannot perform the repeated reading.
For this situation, in order to satisfy the implementation of the secure boot mode, in this embodiment, in the secure boot mode, the reading of the configuration file and the check code in the first set of OTP PROM memory chips is provided, and the providing of the configuration file and the check code for the industrial-level processing chip is performed for booting, including:
reading a configuration file and a check code in a first group of OTP PROM memory chips;
performing corresponding segmented storage on the configuration file and the check code according to the number of times of data burst reading and the address in the starting configuration process of the industrial-grade processing chip; and sequentially providing the data stored in the segments to an industrial-grade processing chip for starting.
In this embodiment, the configuration file and the check code in the OTP PROM memory chip are directly read sequentially by the industrial-level FPGA, and segmented storage is performed according to data requirements in the start configuration process of the industrial-level processing chip.
It is easy to understand that, since the industrial-level processing chip does not need to repeatedly read all data during the starting process, in another embodiment, after the industrial-level FPGA reads the configuration file and the check code in the OTP PROM memory chip, only the data that needs to be repeatedly read by the industrial-level processing chip may be copied and stored.
The starting or resetting restart of the processor has 3 starting modes, is suitable for quick starting under different environments, obviously shortens the starting time of the processor, overcomes the problem of system paralysis caused by simultaneous failure of redundant memory chips in the prior art, simultaneously adopts a safe starting mode to ensure the success of the starting of the processor, reduces the dependence on the erasing and rewriting operation of the memory chips and prolongs the whole service life of the system.
Example 1
As shown in fig. 4, the embodiment further details the method for resisting single event upset according to the present application by using a specific example.
The single event upset resistant method of the present embodiment relates to a normal start mode, a refresh start mode, and a secure start mode, and the execution of the 3 start modes is as shown in the figure, and specifically includes the following steps:
1) the FPGA reads the configuration file to start;
2) running a dog feeding process after the FPGA is started, and providing a dog feeding signal for an industrial watchdog circuit;
3) the FPGA establishes an SPI bus path and triggers a processor to start;
4) the FPGA judges a safe starting mark, if the safe starting mark is not set, a normal starting mode is executed, and the control processor loads a configuration file from the SPI FLASH; if the safe starting mark is set, executing a safe starting mode, reading a configuration file and a check code of the processor from the OTP PROM by the FPGA, simulating a slave device sequential logic in SPI communication, and providing the configuration file and the check code for the processor;
5) if the processor kernel is started and the file CRC check is normal, running a dog feeding process within 60 seconds to provide a dog feeding signal for the FPGA; otherwise, the running of the dog feeding process is abandoned. Therefore, after the configuration file is loaded by the processor, the FPGA judges whether a dog feeding signal is identified within 60 seconds, and if the dog feeding signal is identified, the processor is started and works normally; if no dog feeding signal is identified, executing step 6);
6) judging a refresh start flag, if the refresh start flag is not set, executing the refresh start mode, and executing the step 8); otherwise, setting a safe starting mark and returning to the step 3);
8) the method comprises the steps that an FPGA acquires SPI bus control right, serves as main equipment in SPI communication, and continuously provides a dog feeding signal for an industrial watchdog circuit;
9) the FPGA finishes erasing the SPI FLASH storage space;
10) and the FPGA reads the configuration file and the check code (key information) of the processor from the OTP PROM, writes the configuration file and the check code into the SPI FLASH, sets a refreshing starting mark, and returns to the step 3).
The above is an embodiment operation flow for a power-on starting stage in the single event upset resisting method, and of course, the flow is also suitable for execution of an operation monitoring stage, where steps 1 to 2 are steps of restarting an industrial-level FPGA fault, and steps 3 to 10 are steps of restarting an industrial-level processing chip fault.
For the execution flow in this embodiment, the determination of the safe start flag is added in the refresh start mode, and when the safe start flag is set, it is still determined whether the refresh start flag is set, and this flow setting seems redundant, but is simplified for the operation of the FPGA. Because only two safety marks are set in the process, the two judgments can be applied to distinguish and execute whether the refresh starting mode is executed for the first time or not and whether the safety starting mode is executed for the first time aiming at the operation of the power-on starting stage and the operation monitoring stage, so that the occupation of the internal resources of the FPGA is reduced. Therefore, the operation flow of the embodiment breaks through the existing thinking bias, simplifies the whole execution flow by utilizing the judgment which is similar to redundancy and unnecessary on certain execution paths, improves the efficiency of power-on starting or fault restarting, and reduces the time overhead brought by the fault as much as possible.
In this application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any particular order or number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In this application, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a system, article, or apparatus that comprises a list of elements is not necessarily limited to those elements explicitly listed, but may include other elements not expressly listed or inherent to such system or apparatus.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (9)

1. A single event upset resistant system, comprising: the system comprises an industrial-grade FPGA, and an industrial-grade processing chip, an industrial-grade watchdog circuit, a group of industrial-grade SPI FLASH memory chips and two groups of OTP PROM memory chips which are connected with the industrial-grade FPGA;
an internal watchdog circuit is arranged in the industrial-level FPGA, monitors the running state of the industrial-level processing chip by receiving a dog feeding signal output by the industrial-level processing chip, and controls the industrial-level processing chip to reset and restart when the running state of the industrial-level processing chip is abnormal;
the industrial-grade watchdog circuit is used for monitoring the running state of the industrial-grade FPGA by receiving the dog feeding signal output by the industrial-grade FPGA, and controlling the reset and restart of the industrial-grade FPGA when the running state of the industrial-grade FPGA is abnormal;
the group of industrial SPI FLASH memory chips comprise one or more industrial SPI FLASH memory chips which are arranged in parallel, and each industrial SPIFLASH memory chip is used for independently storing a configuration file and a check code required by starting of the industrial processing chip;
in the two sets of OTP PROM memory chips, the first set of OTP PROM memory chips is used for storing the configuration file and the check code required by the starting of the industrial processing chip, and the second set of OTP PROM memory chips is used for storing the configuration file required by the starting of the industrial FPGA.
2. The single event upset resistant system of claim 1, wherein the two sets of OTP PROM memory chips, one set comprising one or more OTP PROM memory chips and the other set comprising one or more OTP PROM memory chips, are cascaded in the set of OTP PROM memory chips.
3. A single event upset resistance method is realized based on the single event upset resistance system of claim 1, and is characterized in that the single event upset resistance method comprises an operation monitoring stage, and the operation monitoring stage comprises:
the industrial-grade watchdog circuit monitors the running state of the industrial-grade FPGA by receiving the dog feeding signal output by the industrial-grade FPGA, and controls the industrial-grade FPGA to reset and restart when the running state of the industrial-grade FPGA is abnormal;
and an internal watchdog circuit arranged in the industrial-level FPGA monitors the running state of the industrial-level processing chip by receiving a dog feeding signal output by the industrial-level processing chip, and controls the industrial-level processing chip to reset and restart when the running state of the industrial-level processing chip is abnormal.
4. The single event upset resistant method of claim 3, wherein the industrial level watchdog circuit controls the reset restart of the industrial level FPGA when the operating state of the industrial level FPGA is abnormal, comprising:
outputting a reset signal to the industrial-level FPGA, wherein the reset signal is used for resetting and restarting the industrial-level FPGA, and the resetting and restarting of the industrial-level FPGA comprises the following steps: and the industrial-grade FPGA reads the configuration file in the second group of OTP PROM memory chips for starting.
5. The single event upset resistant method of claim 3, wherein the industrial-level FPGA controls reset and restart of the industrial-level processing chip when the operating state of the industrial-level processing chip is abnormal, and the method comprises the following steps:
outputting a reset signal to the industrial-grade processing chip;
controlling an industrial level processing chip to start based on a preset mode;
the preset mode comprises a normal starting mode, a refreshing starting mode and a safe starting mode, wherein:
the normal start mode includes: controlling an industrial-grade processing chip to read a configuration file and a check code in an industrial-grade SPI FLASH memory chip for starting;
the refresh enabled mode includes: updating the configuration file and the check code stored in the industrial SPI FLASH storage chip, and controlling the industrial processing chip to read the configuration file and the check code in the industrial SPI FLASH storage chip for starting;
the secure boot mode comprising: and reading the configuration file and the check code in the first group of OTP PROM memory chips, and providing the configuration file and the check code for the industrial processing chip for starting.
6. The single event upset resistant method of claim 3, further comprising a power-on start phase implemented in the industrial-scale FPGA, comprising:
reading a configuration file in a second group of OTP PROM memory chips for starting;
outputting a dog feeding signal to the industrial watchdog circuit;
controlling an industrial level processing chip to start based on a preset mode;
the preset mode comprises a normal starting mode, a refreshing starting mode and a safe starting mode, wherein:
the normal start mode includes: controlling an industrial-grade processing chip to read a configuration file and a check code in an industrial-grade SPI FLASH memory chip for starting;
the refresh enabled mode includes: updating the configuration file and the check code stored in the industrial SPI FLASH storage chip, and controlling the industrial processing chip to read the configuration file and the check code in the industrial SPI FLASH storage chip for starting;
the secure boot mode comprising: and reading the configuration file and the check code in the first group of OTP PROM memory chips, and providing the configuration file and the check code for the industrial processing chip for starting.
7. The single event upset resistant method according to claim 5 or 6, wherein the method for resisting single event upset, which controls an industrial-level processing chip to start based on a preset mode, comprises:
detecting whether a safe starting mark is set or not, and starting an industrial-level processing chip based on a safe starting mode if the safe starting mark is set; if the safe starting mark is not set, starting based on a normal starting mode;
identifying a dog feeding signal after a preset time m, and if the dog feeding signal is identified, starting successfully; if the dog feeding signal is not identified, detecting whether a refreshing starting mark is set;
if the refresh start flag is not set, setting the refresh start flag and starting the industrial-level processing chip based on the refresh start mode; if the refresh start flag is set, setting a safe start flag and starting the industrial-level processing chip based on the safe start mode;
identifying a dog feeding signal after a preset time m, and if the dog feeding signal is identified, starting successfully; if the dog feeding signal is not recognized, whether the safety starting mark is set or not is detected again.
8. The single event upset resistant method of claim 7, wherein after the industrial processing chip is successfully started, the industrial processing chip sends out a one-time dog feeding signal at a preset time interval n, the industrial FPGA identifies the one-time dog feeding signal at a preset time interval q to monitor the operation of the industrial processing chip, wherein the time units of m, n and q are the same, and m > q > n.
9. The single event upset resistant method of claim 5 or 6, wherein reading the configuration file and the check code in the first set of OTP PROM memory chips, providing the configuration file and the check code for an industrial-grade processing chip to start, comprises:
reading a configuration file and a check code in a first group of OTP PROM memory chips;
performing corresponding segmented storage on the configuration file and the check code according to the number of times of data burst reading and the address in the starting configuration process of the industrial-grade processing chip;
and sequentially providing the data stored in the segments to an industrial-grade processing chip for starting.
CN202011123992.9A 2020-10-20 2020-10-20 Single-particle-upset-resistant system and method Active CN112306726B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011123992.9A CN112306726B (en) 2020-10-20 2020-10-20 Single-particle-upset-resistant system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011123992.9A CN112306726B (en) 2020-10-20 2020-10-20 Single-particle-upset-resistant system and method

Publications (2)

Publication Number Publication Date
CN112306726A true CN112306726A (en) 2021-02-02
CN112306726B CN112306726B (en) 2022-05-03

Family

ID=74328558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011123992.9A Active CN112306726B (en) 2020-10-20 2020-10-20 Single-particle-upset-resistant system and method

Country Status (1)

Country Link
CN (1) CN112306726B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113380294A (en) * 2021-07-13 2021-09-10 上海航天测控通信研究所 Single event upset resistant circuit and method for FLASH chip configured by FPGA
CN115098304A (en) * 2022-06-20 2022-09-23 中国科学院空间应用工程与技术中心 Embedded system, electronic equipment and software running method
CN116610631A (en) * 2023-07-21 2023-08-18 西安智多晶微电子有限公司 FPGA (field programmable Gate array) starting configuration method supporting multi-SPI Flash access

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101833536A (en) * 2010-04-16 2010-09-15 北京航空航天大学 Reconfigurable on-board computer of redundancy arbitration mechanism
US20120144244A1 (en) * 2010-12-07 2012-06-07 Yie-Fong Dan Single-event-upset controller wrapper that facilitates fault injection
CN104021051A (en) * 2014-06-06 2014-09-03 上海航天电子通讯设备研究所 Monitoring and correcting device for single event upset fault of satellite borne spread spectrum responder
CN204028893U (en) * 2013-12-19 2014-12-17 北京遥测技术研究所 One is applicable to the primary particle inversion resistant hardware safety circuit of FLASH storage chip
CN105242980A (en) * 2015-10-26 2016-01-13 上海斐讯数据通信技术有限公司 Complementary watchdog system and complementary watchdog monitoring method
US20170123884A1 (en) * 2015-11-04 2017-05-04 Quanta Computer Inc. Seamless automatic recovery of a switch device
CN108255636A (en) * 2017-12-13 2018-07-06 太原航空仪表有限公司 A kind of anti-single particle overturning system and its application method
US20190237139A1 (en) * 2018-02-01 2019-08-01 Microsemi Soc Corp. Hybrid configuration memory cell
CN110690917A (en) * 2019-09-24 2020-01-14 上海航天测控通信研究所 Space-borne single-particle-upset-resisting system of transceiver

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101833536A (en) * 2010-04-16 2010-09-15 北京航空航天大学 Reconfigurable on-board computer of redundancy arbitration mechanism
US20120144244A1 (en) * 2010-12-07 2012-06-07 Yie-Fong Dan Single-event-upset controller wrapper that facilitates fault injection
CN204028893U (en) * 2013-12-19 2014-12-17 北京遥测技术研究所 One is applicable to the primary particle inversion resistant hardware safety circuit of FLASH storage chip
CN104021051A (en) * 2014-06-06 2014-09-03 上海航天电子通讯设备研究所 Monitoring and correcting device for single event upset fault of satellite borne spread spectrum responder
CN105242980A (en) * 2015-10-26 2016-01-13 上海斐讯数据通信技术有限公司 Complementary watchdog system and complementary watchdog monitoring method
US20170123884A1 (en) * 2015-11-04 2017-05-04 Quanta Computer Inc. Seamless automatic recovery of a switch device
CN108255636A (en) * 2017-12-13 2018-07-06 太原航空仪表有限公司 A kind of anti-single particle overturning system and its application method
US20190237139A1 (en) * 2018-02-01 2019-08-01 Microsemi Soc Corp. Hybrid configuration memory cell
CN110690917A (en) * 2019-09-24 2020-01-14 上海航天测控通信研究所 Space-borne single-particle-upset-resisting system of transceiver

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
U. GUNNEFLO ET AL: "Evaluation of error detection schemes using fault injection by heavy-ion radiation", 《THE NINETEENTH INTERNATIONAL SYMPOSIUM ON FAULT-TOLERANT COMPUTING DIGEST OF PAPERS》 *
齐刘宇等: "一种SRAM型FPGA单粒子效应加固平台设计", 《计算机技术与应用》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113380294A (en) * 2021-07-13 2021-09-10 上海航天测控通信研究所 Single event upset resistant circuit and method for FLASH chip configured by FPGA
CN115098304A (en) * 2022-06-20 2022-09-23 中国科学院空间应用工程与技术中心 Embedded system, electronic equipment and software running method
CN115098304B (en) * 2022-06-20 2022-11-29 中国科学院空间应用工程与技术中心 Embedded system, electronic equipment and software running method
CN116610631A (en) * 2023-07-21 2023-08-18 西安智多晶微电子有限公司 FPGA (field programmable Gate array) starting configuration method supporting multi-SPI Flash access
CN116610631B (en) * 2023-07-21 2023-09-26 西安智多晶微电子有限公司 FPGA (field programmable Gate array) starting configuration method supporting multi-SPI Flash access

Also Published As

Publication number Publication date
CN112306726B (en) 2022-05-03

Similar Documents

Publication Publication Date Title
CN112306726B (en) Single-particle-upset-resistant system and method
KR102154436B1 (en) Semiconductor memory device
US7197613B2 (en) Nonvolatile memory
US7444543B2 (en) Data control unit capable of correcting boot errors, and corresponding self-correction method
CN106873990B (en) Multi-partition guiding method under embedded system RAM damage mode
US9891917B2 (en) System and method to increase lockstep core availability
JP2012113466A (en) Memory controller and information processing system
US9619318B2 (en) Memory circuits, method for accessing a memory and method for repairing a memory
CN101996689A (en) Memory errors processing method
CN102890657A (en) Method for reducing data read-write errors of EEPROM (electrically erasable programmable read-only memory)
CN102135927A (en) Method and device for system booting based on NAND FLASH
CN102298545A (en) System startup boot processing method and device
US11099949B2 (en) Method apparatus for resuming and recovery checking from interrupted programming of one-time programmable memory device
US20150248322A1 (en) Memory controller and memory system
CN102541690A (en) Intelligent card and method for recovering data
CN114203253A (en) Chip memory fault repair device and chip
US8995217B2 (en) Hybrid latch and fuse scheme for memory repair
JP3376306B2 (en) Data processing apparatus and data processing method
CN101923495A (en) Embedded fault tolerant system and fault tolerant method thereof
US20100185927A1 (en) Microprocessor System for Controlling at Least Partly Safety-Critical Processes
CN113268263A (en) Read-back refreshing method and system for FPGA
CN103890713A (en) Apparatus and method for managing register information in a processing system
CN108763148B (en) Fault-tolerant memory controller supporting upper notes
CN113094107B (en) Data protection method, device, equipment and computer storage medium
CN111176732A (en) Software and hardware redundancy safe starting and maintaining method based on MRAM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant