168_roldao_p
Download
Report
Transcript 168_roldao_p
FPGA Design of an Integrated
CAN and EDAC
Soft Core for Spacecraft Applications
Antonio Roldao Lopes
1/21
MAPLD 2005/P168
CONTENTS
→ Space Engineering Approaches
→ New missions, New Challenges
→ Commercial off-the-shelf Components
→ Taking Advantage of FPGAs
→ Experiences with EDACAN Soft-core
→ Triple Modular Redundancy
→ Controller Area Network for Spacecraft-Usage
→ Future: Satellite Generic System-on-Chip
Antonio Roldao Lopes
22/21
MAPLD 2005/P168
Traditional Space Engineering
• Space missions are infrequent
• So they have to be ultra-reliable
• So they are very expensive
Fewer
Missions
Reduced
risk
• So they are infrequent
Engineering is conservative.
Increased
Each satellite is custom-built.
Cost
Costs are high and performance constrained.
Hi-rel parts are purchased in very small quantities.
Quality is supreme, cost and performance secondary.
Antonio Roldao Lopes
33/21
MAPLD 2005/P168
SSTL’s Engineering Approach
•
•
•
•
Space missions are frequent
So they need not be perfect
So they can be less expensive
So they can be more frequent
More
Missions
Managed
Risk
Reduced
Cost
Engineering is practical, cost-driven.
Costs are reduced yet performance can increase.
Satellites are produced in batches, using off the shelf units.
Commercial parts are purchased in huge quantities by other industries.
Quality, price and performance are all factors in the customer’s decision.
Antonio Roldao Lopes
4/21
MAPLD 2005/P168
New Missions, New Challenges
With missions that go beyond Low-Earth
orbits, (GTO/GEO), satellites become
exposed to a harsher environment.
This is mainly due to the presence of Van Allen belts.
In these higher orbits, Satellites have to be designed to sustain
higher doses of radiation. This means that they need to cope with
Single Events Upsets (SEUs) and single-event latchups (SELs).
Typically at Low-Earth orbits, components are subject to 1 Krad a
year. In higher orbits they can be subject to more than 10 times that
radiation.
Antonio Roldao Lopes
5/21
MAPLD 2005/P168
Commercial off-the-shelf Components
• Usually very few “common” COTS parts fail at less than 5 Krad.
• Space qualified components that sustain higher radiation doses
are scarce and their costs can ramp up exponentially.
To keep in sync with the SSTL’s engineering approach, of
maintaining satellites at the lowest cost possible, a combination of
technologies and risk management techniques are put into practice.
An example of such risk management techniques is the use of
TMR memories; where errors on individual COTS modules can be
corrected provided the majority are in agreement.
In terms of technologies, one that is applied in almost all the subsystems is Anti-fuse FPGAs.
Antonio Roldao Lopes
6/21
MAPLD 2005/P168
Taking Advantage of FPGAs
This devices are available with capacities that range from couple
hundred to multi-million gates. Coming in a range of packages, they
also include radiation tolerant versions.
These devices are also revolutionizing the whole of the electronics and
computing domain by providing the following features:
• Parallelism
• Reconfigurability (not in the case of Anti-fuse)
• Integration
• Flexibility
• Reduced Time Scales
• Software Nature
Antonio Roldao Lopes
7/21
MAPLD 2005/P168
SGR-GEO - Introduction
With the contract to a build a test satellite for the
Galileo constellation (GSTBv2/A), SSTL had to
develop systems to meet higher radiation
environments.
One such system flying on this satellite as an experiment, is a
new Space GPS Receiver for GEO/MEO Orbits.
Because this receiver will fly in an orbit above the GPS constellation,
it required the introduction of specialised tracking loops, hardware
adaptations for more precise timing and was augmented to tolerate
higher radiation effects.
Antonio Roldao Lopes
8/21
MAPLD 2005/P168
SGR-GEO – Description
• Heritage
This receiver is based on the previously flown SGR-05 receiver.
• Purpose
To demonstrate the acquisition of GPS pseudo-ranges in MEO/GEO orbits
• Description
Experimental GPS receiver based on Zarlink GP4020 and GP2015 chipsets
FPGA based HurriCANe core provides CAN comms and TMR RAM
Maximum power consumption 6.5W, dropping to 4.5W after OCXO warm-up
Uses a specially commissioned patch antenna and a separate LNA with diode
protection
Antonio Roldao Lopes
9/21
MAPLD 2005/P168
SGR-GEO – Initial Design
Filter &
DC-DC
28 V ret
5 Vd
5 Va
3.3 Vd
3.3 Va
2.5 V
0V
Voltage
Regs
0V
Serial link
Relay
C515
TTC node
Control lines
FRAM
5V
ADC
28 V
Antenna
GP4020
GP2010
Correlator
& CPU
correlator
Addr
bus
Relay
Samp
clk
Glue Logic + EDAC
CPU
clk
Sampled data
LNA
FPGA (A54SX32)
Data
bus
GP2015
RF f/e
CAN
SJA-1000
10 MHz
RAM C
RAM B
RAM A
CAN 0
Flash
OCXO
CAN 1
Antonio Roldao Lopes
10/21
MAPLD 2005/P168
Controller Area Network
• Why CAN ?
– Flexibility
• Subsystem and Payload Interfacing
• Less Complex Wiring Harness
– Lighter Spacecraft, Less Possibility for error.
• Tolerates Late Design Changes
– Addition of telemetry points without changes to wiring harness
– Fault Tolerance
• Bus Lock-up potential !!
– Wide variety of test equipment
– ‘Off- the-shelf’ cheap components
• Cost implications of specialised ‘Rad-Tolerant’ !!
Antonio Roldao Lopes
11/21
MAPLD 2005/P168
CAN for Spacecraft Usage (CAN-SU)
– CAN Standard A (11-bit Identifier)
– Collision Resolution through priority encoded IDs.
– Higher Level Protocol – CAN-Spacecraft Usage
• Optimised for Telemetry, Tele-command, File
Transfer
• Peer-to-Peer addressing on existing CAN Bus
• Two services provided for communicating peers
• Datagram service
– Telemetry and Tele-command
– Boot loading & Code Patching
• Buffer Transfer Service
Antonio Roldao Lopes
12/21
MAPLD 2005/P168
Controller Area Network for Spacecraft Usage
How CAN-SU translates to CAN Frame
CAN-SU
CAN FRAME
CAN-SU
CAN FRAME
DESTINATION ADDR
ID [0-7] (1 Byte)
SOURCE ADDR
DATA BYTE [0]
SEQUENCE
ID [8-11] (3 bits)
COMMAND
DATA BYTE [1]
SIZE
SIZE (range 0 – 8)
USER DATA
DATA BYTE [2-7]
Antonio Roldao Lopes
13/21
MAPLD 2005/P168
Previous Solution - RadCAN
• A development by Adrian Woodroffe using CASA2
• This solution was presented at MAPLD 2004 (P106)
Antonio Roldao Lopes
14/21
MAPLD 2005/P168
Current Development - EDACAN
• EDACAN Comprises of
–
–
–
–
Simple glue logic for memory decoding
EDAC (Error Detection and Correction) IP Core
Controller Area Network IP Core, based on HurriCANe
Purpose built wrapper for especially tailored for CAN-SU
• Advantages of EDACAN over RadCAN
– Flexibility to adapt the core to meet new demands
– Possibility to further integrate saving PCB space and power
– Freedom between radiation tolerant or industrial FPGAs
Antonio Roldao Lopes
15/21
MAPLD 2005/P168
EDACAN – EDAC/TMR
• EDAC/TMR
– Besides the basic ability to correct Single Event Upsets, this core provides
the option to select each RAM bank individually. This allows software
routines to check for errors in individual RAM banks and correct them.
– At LEO orbits it was verified a rate of 1 SEU/MByte of SRAM per day. It is
estimated that this rate will be up an order of magnitude at GEO Orbits
– This EDAC Core comprises of Asynchronous logic as follows:
RAM A
RAM B
RAM A
RAM A
MAJORITY
VOTED
DATA
RAM C
DATA
RAM B
RAM C
RAM B
RAM C
READ
Antonio Roldao Lopes
WRITE
16/21
MAPLD 2005/P168
EDACAN - HurriCANe
• HurriCANe
– HurriCANe is an ESA development of a CAN 2B Soft IP core
– Initially developed as prototype to study the internals of CAN, gradually
evolved into a full controller
– Used on SMART-1 and ATV (Automated Transfer Vehicle)
– Freely available to ESA members (provided license is granted)
CAN Module
CAN_TX
CAN_RX
HurriCANe
CAN_RX
nOE
nWE
CAN_TX
CAN_HANDLER
Custom
Interface
CRC_CALCULATOR
ADDRESS [0-7]
DATA[0-15]
ERROR_COUNTERS
ERROR_FRAME_GEN
nCS
CAN_SYNCHRONIZER
Antonio Roldao Lopes
17/21
MAPLD 2005/P168
EDACAN - Experiences
• Different Clock Domains
-Due to the micro processor clock (27.5Mhz) being unrelated to from the
CAN clock (14.5Mhz), metastability issues were observed. Since the CANSU protocol is acknowledged these issues can be easily resolved simply by
adding retries. (However this is only a temporary solution!)
• Lack of Receive FIFO
-To prevent the lost of CAN frames, a software FIFO was implemented. This
meant that the micro-processor had to probe the CAN controller periodically,
thus losing performance. To optimize such performance, an interrupt line was
devised such that it would flag every time the controller received a frame.
This also meant that the CPU was being interrupted regardless of the
message’s destination, and consequently losing performance. For further
optimization a MASK tailored for CAN-SU was implemented.
- All these improvements were easily implemented due to the “soft” nature of
the core.
Antonio Roldao Lopes
18/21
MAPLD 2005/P168
New SGR-GEO Design
Filter &
DC-DC
28 V ret
5 Vd
5 Va
3.3 Vd
3.3 Va
2.5 V
0V
Voltage
Regs
0V
Serial link
Relay
C515
TTC node Control lines
FRAM
5V
ADC
28 V
Antenna
GP4020
GP2010
Correlator
& CPU
correlator
Addr
bus
Relay
FPGA (A54SX32)
HurriCANe
CAN core
Samp
clk
EDAC +
Glue Logic
CPU
clk
Sampled data
LNA
Data
bus
GP2015
RF f/e
10 MHz
RAM C
RAM B
RAM A
CAN 0
Flash
OCXO
CAN 1
Antonio Roldao Lopes
19/21
MAPLD 2005/P168
Satellite Generic System-on-Chip (SG-SoC)
• FUTURE DEVELOPMENT
- In keeping with the trend of further integrating devices into the FPGA,
the next step would be to incorporate the micro-processor
- Currently set of requirements being put together to determine generic
system that could be easily adapted to any specific application
- This system should be reconfigurable and technology independent
- Once this platform is implemented, turning it into a GPS receiver
would only require plugging-in GPS specific modules (e.g. correlators)
and providing a proper interface to external chips (e.g. RF Front-end)
Antonio Roldao Lopes
20/21
MAPLD 2005/P168
Acknowledgements
Dr Alex da Silva Curiel
Hans Tiggeler
3
1
4
Luca Stagnaro
3
Dr Martin Unwin
Michael Meier3
Simon Prasad
3
Dr Tanya Vladimirova
Saros – 1
Surrey Space Centre – 2
Antonio Roldao Lopes
2
3 – Surrey Satellite Technology Ltd
4 – European Space Agency
21/21
MAPLD 2005/P168