

# Reliability Concerns with Logical Constants in Xilinx FPGA Designs

Heather Quinn, Paul Graham, Keith Morgan, Patrick Ostler Los Alamos National Laboratory

> Greg Allen The Jet Propulsion Laboratory

Gary Swift, Chen Wei Tseng The Xilinx Corporation



Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED





#### **Acknowledgements**

This work was funded by the DOE under the SOPRANO and DAPS projects and the DOD under the FPGA Mission Assurance Center.

The authors thank Jeff George of The Aerospace Corporation for helping us collect and analyze data.



Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED





#### **Overview**

- Background on logical constants
- Logical constant data
- Mitigating logical constants
- Conclusions



Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED

Slide 3



# **Logical Constants**

- Logical constants are needed to generate constant zero and one logic values used internally by FPGA designs
  - Artifact of mapping VHDL designs to the specific FPGA architecture
  - Not under design-control, unless the designer is going to extraordinary measures to avoid them in VHDL/Verilog
  - Easy to mitigate at either the EDIF or XDL level

#### "Implicit" logical constants

- Inputs to I/O, logic, RAM, clocking, and other resources
- Implemented in half latches (weak keepers)
- "Explicit" logical constants:
  - Tie-offs to the zeroth bit of the carry chain for adders and unused multiplier/DSP inputs
  - Implemented as constant LUTs in the Virtex-I and Virtex-II, implemented as architectural posts in the Virtex-4



Operated by Los Alamos National Security, LLC for NNSA





UNCLASSIFIED

Slide 4



## **Reliability Concerns with Half Latches**

#### Half latches

- Are not directly observable though readback and not scrubbable through on-line reconfiguration
- When upset, the tie-off does not operate properly until reset through off-line reconfiguration or by leaking off
- In the Virtex-I, half latches did not leak off
- In the newer devices, the weak keeper circuit will leak off

#### Half latch data:

- Virtex-I: Graham, P. et al., "SEU mitigation for half-latches in Xilinx Virtex FPGAs," IEEE Transactions on Nuclear Science, Vol. 50, No. 6, December 2003, pp. 2139 – 2146.
- Virtex-II, Virtex-II Pro, Virtex-4: follows....



Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED





# Half Latch Data: Virtex-II

#### Two modes in the data

- Peak at 0.13 secs has standard normal distribution shape
- Peak at 0.53 secs is an impulse function, as seen in the CDF
- Could be a contamination of data, two types of half latch designs, or constant LUTs
- The average time that a HL holds is 0.30 secs for the entire data set with a standard deviation of 0.21 secs such that 68% of all half latches leak off within 0.09-0.51 secs
- On average 99% of all half latches leak off within 1 second





Operated by Los Alamos National Security, LLC for NNSA



Slide 6

LA-UR-08-05661

UNCLASSIFIED

# Half Latch Data: Virtex-II Pro

#### Two modes in the data

- Peak at 0.05 secs has standard normal distribution shape
- Peak at 0.22 secs has a standard normal distribution shape
- Could be a contamination of data, two types of half latch designs, or constant LUTs
- The average time that a HL holds is 0.10 secs for the entire data set with a standard deviation of 0.08 secs such that 68% of all half latches leak off within 0.02-0.18 secs
- On average 100% of all half latches leak off within 0.45 secs





Operated by Los Alamos National Security, LLC for NNSA



# Half Latch Data: Virtex-4

- Single mode in the data
  - Peak at 0.35 secs has standard normal distribution shape with very large tails
- The average time that a HL holds is 0.33 secs for the entire data set with a standard deviation of 0.16 secs such that 68% of all half latches leak off within 0.17-0.49 secs
- On average 99% of all half latches leak off within 1 sec





Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED

Slide 8

LA-UR-08-05661

0.3

0.2

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9



# **Reliability Concerns with Constant LUTs**

#### Constant LUTs

- Are directly observable through readback and can be scrubbed through on-line reconfiguration
- Tie off directly affects the data stream by injecting bad data into adders and multipliers
- Design flow tools load balance the use of constant LUTs and can cause single points of failures in TMR-protected designs





Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED





### **Reliability Concerns with Architectural Posts**

#### Architectural Posts

- In the Virtex-II, these posts are an abstraction of a half latch and have the reliability concerns of a half latch
- In the Virtex-4, not certain what the post is and is still under investigation
  - Uncertain whether configuration bits are used in conjunction with the post
  - Single-bit problems with Virtex-4 do not seem to be post-related, but possibly single-bit domain crossing errors





Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED

Slide 10



### When to Mitigate Logical Constants

#### Half latches:

- Definitely mitigate Virtex-I
- Only mitigate high reliability applications for Virtex-II and Virtex-4
  - No Highly unlikely to affect TMR-protected designs

#### Constant LUTs

- Only mitigate TMR-protected designs
- Definitely mitigate Virtex-II
- Only mitigate high reliability applications for Virtex-I



Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED





## **Mitigating Half Latches**

- Half latch extraction is available from the RADDRC I and II tools (LANL), BL-TMR tool (BYU-LANL), and TMRTool (Xilinx)
- RADDRC I and II:
  - Half latches are extracted to constant LUTs in XDL
  - Constant LUTs are observable and in this case should not become meshed

#### BL-TMR and TMRTool

- Half latches are extracted to constant input pins in EDIF
- Input pins need to be triplicated, otherwise large cross-section
- Accelerator testing indicates there is a complete elimination of the half latch cross-section with all methods







Operated by Los Alamos National Security, LLC for NNSA



# **Mitigating Shared Constant LUTs**

#### RADDRC II tool (LANL)

- Eliminates shared constant LUTs in XDL works as with previous flow example
- Each LUT that is sourcing multiple constants is duplicated and the enmeshed network is separated into single-source constant LUTs
- Is possible to guide the placement with the previous ncd file to minimize the change to the circuit's placement
- Fault injection testing indicates there is a complete elimination of the shared constant LUT cross-section



Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED





### Conclusions

- A variety of logical constants are available on the Virtex family devices, including half latches and constant LUTs
  - Half latches can locally affect the reliability of I/O, logic, RAM, clocking, and other resources
  - Constant LUTs can regionally affect the reliability of adders and multipliers
- Mitigation tools are available to extract half latches and eliminate shared constant LUTs, improving the reliability of FPGA user designs



Operated by Los Alamos National Security, LLC for NNSA

UNCLASSIFIED

Slide 14

