Advanced fault tolerance

ÅAC SpaceWire avionics flight model (FM) products feature advanced fault tolerance. The main aspects of the advanced fault tolerance are summarized in a short list below:

 

  • Components on the board are derated according to ESA ECSS standards.
  • Tight control of production flow using detailed instructions and lot travelers
  • All BGA soldering interfaces are inspected with X-ray
  • Continuous EDAC scrubbing of SDRAM with 1-bit error correction and 2-bit error detection per 16-bit (half word on each 32-bit instruction. Non-correctable error causes user interrupt and action.
  • EDAC checking on system flash with double bit error correction and extended bit error detection in combination with interleaving that corrects bursts with up to 16-bits in error.
  • Power loss detection and power buffer for critical parameter storage to NV-RAM.
  • Parity checking of instruction and data caches. Error causes cache reload.
  • Parity checking of peripheral FIFOs.
  • Triple modular redundancy (TMR) on all FPGA flipflops.
  • Triple modular redundancy (TMR) on boot flash.
  • FPGA SEU bank flip detection. Bank SEU leads to automatic reboot of the device.
  • Watchdog tripping leads to automatic reboot of the device.
  • Advanced error manager counts and stores detected failures during reset/reboot for later analysis.