The configuration of the reprogrammable field-programmable gate array (FPGA) currently on the market is very susceptible to single event upset when it operates in radiation environments. The current state-of-the-art approach is to refresh the configuration while the FPGA is operating. When using this approach, it is essential to detect the loss of configuration access while the FPGA is operating in a radiation environment, allowing the system to initiate a configuration access recovery.
To detect the loss of configuration access, the prior art would, using external circuitry, read the frame address register (FAR) and write another value to FAR. Writing to the FAR would alter the value stored in the cyclic redundancy checks register (CRC). It then reads the CRC and compares it to the expected value. If it does not compare favorably, it signals the loss of configuration access, allowing the external circuitry to initiate a configuration access recovery. Additional external circuitry is employed to facilitate this series of operations. This may increase the complexity and the number of the components, the board space, and the power for the implementation. Additionally, by adding components, overall reliability goes down.
The purpose of this invention is to reliably detect loss of configuration access to a reprogrammable FPGA without using external circuitry, thus simplifying radiation-tolerant designs using reprogrammable FPGAs. The circuitry to detect the loss of configuration access can be included as part of the user’s design, and implemented inside the application FPGA. Hence, there are no additional components required to verify the configuration refresh of the application FPGA as required in prior approaches.
The configuration memory can either be used to control the configuration of the reprogrammable FPGA, or some of it can be used as application memory. Such usage is commonly referred to as “distributed memory.” Refreshing the configuration clears the contents of the distributed memory, which is why this memory is not normally used in applications requiring configuration refreshes.
This innovation makes use of the clearing of distributed memory that results from configuration refreshes. The following sequential operations are incorporated into the application design, allowing detection of the failure of configuration access.
Step 1: Write a unique signature into a distribute memory (signature memory). In the implementation, a 16 × 1-bit memory is used. The signature used is “1011111011101111.”
Step 2: Wait for the completion of configuration refresh.
Step 3: Read from the signature memory. The signature memory would be cleared if the loading of the configuration is successful. Hence, a non-zero return from the read indicates there is a failure of the access to the configuration port.
This work was done by Tak-kwong Ng and Jeffrey Herath of Langley Research Center. LAR-17268-1