FPGA Design of an Integrated CAN and EDAC Soft Core for Spacecraft Applications

MAPLD 2005/P168Antonio Roldao Lopes 1/21

FPGA Design of an Integrated

CAN and EDAC

Soft Core for Spacecraft Applications


CONTENTS

→ Space Engineering Approaches

→ New missions, New Challenges→ Commercial off-the-shelf Components

→ Taking Advantage of FPGAs

→ Experiences with EDACAN Soft-core→ Triple Modular Redundancy→ Controller Area Network for Spacecraft-Usage

→ Future: Satellite Generic System-on-Chip

MAPLD 2005/P168Antonio Roldao Lopes 2


Traditional Space Engineering

Reducedrisk

Increased Cost

FewerMissions

MAPLD 2005/P168Antonio Roldao Lopes 3

• Space missions are infrequent

• So they have to be ultra-reliable

• So they are very expensive

• So they are infrequent

Engineering is conservative.

Each satellite is custom-built.

Costs are high and performance constrained.Hi-rel parts are purchased in very small quantities.

Quality is supreme, cost and performance secondary.


SSTL’s Engineering Approach

MoreMissions

ManagedRisk

Reduced Cost

• Space missions are frequent

• So they need not be perfect

• So they can be less expensive

• So they can be more frequent

Engineering is practical, cost-driven.

Costs are reduced yet performance can increase.

Satellites are produced in batches, using off the shelf units.

Commercial parts are purchased in huge quantities by other industries.

Quality, price and performance are all factors in the customer’s decision.


New Missions, New Challenges

With missions that go beyond Low-Earth orbits, (GTO/GEO), satellites become exposed to a harsher environment.

This is mainly due to the presence of Van Allen belts.

In these higher orbits, Satellites have to be designed to sustain higher doses of radiation. This means that they need to cope with Single Events Upsets (SEUs) and single-event latchups (SELs).

Typically at Low-Earth orbits, components are subject to 1 Krad a year. In higher orbits they can be subject to more than 10 times that radiation.


Commercial off-the-shelf Components

• Usually very few “common” COTS parts fail at less than 5 Krad.

• Space qualified components that sustain higher radiation doses are scarce and their costs can ramp up exponentially.

To keep in sync with the SSTL’s engineering approach, of maintaining satellites at the lowest cost possible, a combination of technologies and risk management techniques are put into practice.

An example of such risk management techniques is the use of TMR memories; where errors on individual COTS modules can be corrected provided the majority are in agreement.

In terms of technologies, one that is applied in almost all the sub-systems is Anti-fuse FPGAs.


Taking Advantage of FPGAsThis devices are available with capacities that range from couple hundred to multi-million gates. Coming in a range of packages, they also include radiation tolerant versions.

These devices are also revolutionizing the whole of the electronics and computing domain by providing the following features:

• Parallelism• Reconfigurability (not in the case of Anti-fuse)• Integration• Flexibility• Reduced Time Scales• Software Nature


With the contract to a build a test satellite for the Galileo constellation (GSTBv2/A), SSTL had to develop systems to meet higher radiation environments.

SGR-GEO - Introduction

One such system flying on this satellite as an experiment, is a new Space GPS Receiver for GEO/MEO Orbits.

Because this receiver will fly in an orbit above the GPS constellation, it required the introduction of specialised tracking loops, hardware adaptations for more precise timing and was augmented to tolerate higher radiation effects.


SGR-GEO – Description

• Heritage This receiver is based on the previously flown SGR-05 receiver.

• Purpose To demonstrate the acquisition of GPS pseudo-ranges in MEO/GEO orbits

• Description Experimental GPS receiver based on Zarlink GP4020 and GP2015 chipsets FPGA based HurriCANe core provides CAN comms and TMR RAM Maximum power consumption 6.5W, dropping to 4.5W after OCXO warm-up Uses a specially commissioned patch antenna and a separate LNA with diode protection


SGR-GEO – Initial Design

Filter & DC-DC

28 V

28 V ret

Relay

CAN 0

CAN 1

Relay

C515

TTC node

5 V

0 V

Voltage

Regs

5 Vd5 Va3.3 Vd

2.5 V3.3 Va

0 V

FPGA (A54SX32)

Glue Logic + EDAC

LN

A

GP2015 RF f/e

Antenna

OCXO

RA

M

A

RA

M

B

RA

M

C

GP4020

Correlator & CPU

GP2010

correlator

10 MHz

Data bus

Addr bus

Sampled data

Serial link

Control lines

FR

AM

AD

C

CPU clk

Samp clk

Flash

CAN

SJA-1000


Controller Area Network

• Why CAN ?– Flexibility

• Subsystem and Payload Interfacing• Less Complex Wiring Harness

– Lighter Spacecraft, Less Possibility for error.

• Tolerates Late Design Changes– Addition of telemetry points without changes to wiring harness

– Fault Tolerance• Bus Lock-up potential !!

– Wide variety of test equipment– ‘Off- the-shelf’ cheap components

• Cost implications of specialised ‘Rad-Tolerant’ !!


CAN for Spacecraft Usage (CAN-SU)

– CAN Standard A (11-bit Identifier)

– Collision Resolution through priority encoded IDs.

– Higher Level Protocol – CAN-Spacecraft Usage

• Optimised for Telemetry, Tele-command, File Transfer

• Peer-to-Peer addressing on existing CAN Bus

• Two services provided for communicating peers

• Datagram service

– Telemetry and Tele-command

– Boot loading & Code Patching

• Buffer Transfer Service


Controller Area Network for Spacecraft Usage

CAN-SU CAN FRAME

DESTINATION ADDR ID [0-7] (1 Byte)

SEQUENCE ID [8-11] (3 bits)

SIZE SIZE (range 0 – 8)

How CAN-SU translates to CAN Frame

CAN-SU CAN FRAME

SOURCE ADDR DATA BYTE [0]

COMMAND DATA BYTE [1]

USER DATA DATA BYTE [2-7]


Previous Solution - RadCAN

• A development by Adrian Woodroffe using CASA2

• This solution was presented at MAPLD 2004 (P106)


Current Development - EDACAN

• EDACAN Comprises of

– Simple glue logic for memory decoding– EDAC (Error Detection and Correction) IP Core– Controller Area Network IP Core, based on HurriCANe– Purpose built wrapper for especially tailored for CAN-SU

• Advantages of EDACAN over RadCAN

– Flexibility to adapt the core to meet new demands

– Possibility to further integrate saving PCB space and power

– Freedom between radiation tolerant or industrial FPGAs


EDACAN – EDAC/TMR

• EDAC/TMR– Besides the basic ability to correct Single Event Upsets, this core provides

the option to select each RAM bank individually. This allows software routines to check for errors in individual RAM banks and correct them.

– At LEO orbits it was verified a rate of 1 SEU/MByte of SRAM per day. It is estimated that this rate will be up an order of magnitude at GEO Orbits

– This EDAC Core comprises of Asynchronous logic as follows:

RAM A

RAM A

RAM B

RAM B

RAM C

RAM C

MAJORITYVOTEDDATA

RAM A

RAM B

RAM C

DATA

READ WRITE


EDACAN - HurriCANe• HurriCANe

– HurriCANe is an ESA development of a CAN 2B Soft IP core– Initially developed as prototype to study the internals of CAN, gradually

evolved into a full controller– Used on SMART-1 and ATV (Automated Transfer Vehicle)– Freely available to ESA members (provided license is granted)

CAN_RX CAN_TX

CRC_CALCULATOR

CAN_HANDLER

CAN_SYNCHRONIZER

ERROR_FRAME_GEN

ERROR_COUNTERS

HurriCANe

Custom Interface

CAN Module

nOE

nWE

ADDRESS [0-7]

DATA[0-15]

nCS

CAN_TX

CAN_RX


EDACAN - Experiences• Different Clock Domains

-Due to the micro processor clock (27.5Mhz) being unrelated to from the CAN clock (14.5Mhz), metastability issues were observed. Since the CAN-SU protocol is acknowledged these issues can be easily resolved simply by adding retries. (However this is only a temporary solution!)

• Lack of Receive FIFO-To prevent the lost of CAN frames, a software FIFO was implemented. This meant that the micro-processor had to probe the CAN controller periodically, thus losing performance. To optimize such performance, an interrupt line was devised such that it would flag every time the controller received a frame. This also meant that the CPU was being interrupted regardless of the message’s destination, and consequently losing performance. For further optimization a MASK tailored for CAN-SU was implemented.

- All these improvements were easily implemented due to the “soft” nature of the core.


New SGR-GEO Design

Filter & DC-DC

28 V

28 V ret

Relay

CAN 0

CAN 1

Relay

C515

TTC node

5 V

0 V

Voltage

Regs

5 Vd5 Va3.3 Vd

2.5 V3.3 Va

0 V

FPGA (A54SX32)

HurriCANe CAN core

EDAC + Glue Logic

LN

A

GP2015 RF f/e

Antenna

OCXO

RA

M

A

RA

M

B

RA

M

C

GP4020

Correlator & CPU

GP2010

correlator

10 MHz

Data bus

Addr bus

Sampled data

Serial link

Control lines

FR

AM

AD

C

CPU clk

Samp clk

Flash


Satellite Generic System-on-Chip (SG-SoC)

• FUTURE DEVELOPMENT

- In keeping with the trend of further integrating devices into the FPGA, the next step would be to incorporate the micro-processor

- Currently set of requirements being put together to determine generic system that could be easily adapted to any specific application

- This system should be reconfigurable and technology independent

- Once this platform is implemented, turning it into a GPS receiver would only require plugging-in GPS specific modules (e.g. correlators) and providing a proper interface to external chips (e.g. RF Front-end)


Dr Alex da Silva Curiel Hans Tiggeler Luca Stagnaro

Dr Martin Unwin Michael Meier Simon Prasad

Dr Tanya Vladimirova

Acknowledgements

3

3

2

1

3 – Surrey Satellite Technology Ltd4 – European Space Agency

3

3

4

Saros – 1Surrey Space Centre – 2

Date post:	12-Jan-2016
Category:	Documents
Upload:	whitney
View:	57 times
Download:	0 times

FPGA Design of an Integrated CAN and EDAC Soft Core for Spacecraft Applications

Documents