View
218
Download
3
Embed Size (px)
Citation preview
Part 4Part 4
CASECASE
((EMI-Tolerant Embedded SystemEMI-Tolerant Embedded System))
SummarySummary
1. Technology Trends Impact & Failure Types
Induced by Conducted-EMI on ICs
2. Design for Electromagnetic Immunity (DEMI)
Fault Avoidance
3. Experimental Evaluation
4. Final Considerations
Requirement assurance that application upsets due to the EM environment will not occur is fundamental to acceptance of systems as fit for purpose.
Dependence on electronics is widespread and increasing …
..
Embedded Embedded Portable Portable
ElectronicsElectronics
- Distributed Systems (Grids)- Servers integrating real-time voice/image/data...
- ABS - Air-Bag - EFI- Onboard Computers …
- Smart phones- Web browsers- Digital MP3 audio players- Handheld computers- Messaging applications- GPS- Speech…
- Sensors- Actuators- Gateways integrating wireless LAN / AC Power Line Nets / Internet for building automation…
1.1. Technology Trends Impact & Failure Types Technology Trends Impact & Failure Types Induced by Conducted-EMI on ICsInduced by Conducted-EMI on ICs
..
Embedded Embedded Portable Portable
ElectronicsElectronics
- Distributed Systems (Grids)- Servers integrating real-time voice/image/data...
- ABS - Air-Bag - EFI- Onboard Computers …
- Smart phones- Web browsers- Digital MP3 audio players- Handheld computers- Messaging applications- GPS- Speech…
- Sensors- Actuators- Gateways integrating wireless LAN / AC Power Line Nets / Internet for building automation…
Requirement assurance that application upsets due to the EM environment will not occur is fundamental to acceptance of systems as fit for purpose.
Dependence on electronics is widespread and increasing …
1.1. Technology Trends Impact & Failure Types Technology Trends Impact & Failure Types Induced by Conducted-EMI on ICsInduced by Conducted-EMI on ICs
Increasingly hostile
Electromagnetic (EMI) Noise
..
Embedded Embedded Portable Portable
ElectronicsElectronics
- Distributed Systems (Grids)- Servers integrating real-time voice/image/data...
- ABS - Air-Bag - EFI- Onboard Computers …
- Smart phones- Web browsers- Digital MP3 audio players- Handheld computers- Messaging applications- GPS- Speech…
- Sensors- Actuators- Gateways integrating wireless LAN / AC Power Line Nets / Internet for building automation…
Dependence on electronics is widespread and increasing …
Requirement assurance that application upsets due to the EM environment will not occur is fundamental to acceptance of systems as fit for purpose.
Electromagnetic (EMI) Noise
Fig. 1. Technology trends impact on ICs.
1.1. Technology Trends Impact & Failure Types Technology Trends Impact & Failure Types Induced by Conducted-EMI on ICsInduced by Conducted-EMI on ICs
The following are high speed effects on ICs that you can “see” in your design
1) The PCB or MCM only works at low frequencies.
2) The PCB and MCM work only within a narrow frequency range.
3) When you change vendor parts. It won’t work as well or won’t work at all.
4) Temperature changes make a big difference in your design.
5) The design is peculiar to the type of connectors and parts that you use.
6) Small changes in power supply voltages can make a big difference.
7) Touching or bringing the hand closer to the board can affect the performance (capacitive coupling).
8) Adding bypass capacitors can cause significant changes in performance.
9) The board radiated a lot and is sensitive to EMI.
10) Things work alone well. When you connect to system or other components it won’t work well or won’t work at all.
1.1. Technology Trends Impact & Failure Types Technology Trends Impact & Failure Types Induced by Conducted-EMI on ICsInduced by Conducted-EMI on ICs
Fig. 2. Diagnosing problems high-speed circuits.
1.1. Technology Trends Impact & Failure Types Technology Trends Impact & Failure Types Induced by Conducted-EMI on ICsInduced by Conducted-EMI on ICs
Fig. 3. Output PAD signal distortion due to
interference (500MHz) superimposed on the input
square wave.
Fig. 4. Output PAD signals distorted by RF interference (800MHz)
superimposed on the input square wave are compared with the signal
measured without interference.
1.1. Technology Trends Impact & Failure Types Technology Trends Impact & Failure Types Induced by Conducted-EMI on ICsInduced by Conducted-EMI on ICs
In such a noisy environment, there are two types of failures induced by
conducted RF interference on ICs:
a) Static failures: occur in the presence of conducted RF interference
superimposed on high or low logical level. The signal at the IC input port goes
out of high or low noise margins. In this case, errors at the IC’s output ports
come from failures in the IC input ports.
b) Dynamic failures: occur when conducted RF interference added to the
IC input logical signal gives variation in the input port propagation delay.
Thus, changing the logic gates settling time and hold time. In this case, errors
due to conducted RF interference observed at the IC’s output ports come from
failures in internal sub-circuits.
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
EmbeddedEmbeddedPortablePortable
Electronics:Electronics:
computerscomputersvehiclesvehicles
hand-held deviceshand-held devicesbuilding automationbuilding automation
Design for Design for ElectromagneticElectromagnetic
ImmunityImmunityDEMIDEMI
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
Design methods for DEMI:
HWHW-Based Fault -Based Fault AvoidanceAvoidance
SWSW-Based Fault -Based Fault DetectionDetection
More recently … Application-levelApplication-level
Common practice: Board-levelBoard-level
Becoming more usual: IC-levelIC-level
Solution design methods for DEMI at the IC-levelIC-level in particular to low power IC-based applications has become mandatory
Examples …
reduce the dynamic switching currents:
block decoupling capacitors, improved (weak) pad-drivers design
optimize distribution of switching currents over time:clock concepts with intentional non-zero skew
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
A) Board-Level Layout Analysis:
A.1) Grounding:
Two basic types: single and multipoint.
Solution design for electromagnetic immunity (DEMI) at the board-levelboard-level is also largely employed:
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
A.2) Isolation and Partitioning (Moating):
Isolation and partitioning refers to the physical separation of components,
circuits, and power planes from the other functional devices, areas, and
subsystems.
An isolated area is an island in the board, similar to a castle with a moat.
Only those traces required for operation or interconnects can travel to this
separate area.
Two methods exist to interconnect traces, power, and ground planes to its
island: Method 1: uses isolation transformers or optical isolators and common-mode data
line filters to cross the moat.
Method 2: uses a bridge in the moat. In this case, isolation is also used to separate
high-frequency-bandwidth components from lower-bandwidth circuits.
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
B) Shielding
C) Decoupling Capacitors
D) Watch-Dog Timer (board and on-chip levels)
Other Techniques …
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
In summary:
There is a long list of possible design and fabrication solutions that can be used to enhance SoCs EM immunity.
However, none of them guarantees perfect solution!
Additionally, very cost-sensitive (system performance, power consumption, and implementation complexity).
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
For instance …
Weak drivers lead to a more sensitive IC to noise as well as may expose it to delay faults since transistors become slower with higher temperatures.
Zero-clock skew trend naturally supported by today’s design tools, but clock smearing concept for the sake of reduced RF emission to perform clock distribution must be done manually, since today’s tools do not support directly non-zero clock signal design.
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
2.2. Design for Electromagnetic Immunity (DEMI) Design for Electromagnetic Immunity (DEMI) Fault AvoidanceFault Avoidance
Board-level layout analysis burden task from the design point of view; sometimes impossible to attend all the requirements (e.g. blocks placement-&-routing).
Shielding, Decoupling Capacitors Shielding increases weight and volume (not acceptable for embedded applications); decoupling capacitors are effective filters under limited voltage swings.
WDT more robust than the monitored logic, but under certain limits.
Goal: analyze the (joint) use of HW-based fault-avoidance with SW-based
fault-detection techniques in the presence of EMI
Device: MSP430 Texas Microcontroller
Workload: Bubble Sorting; Matrix Multiplication
Test Setup: Compliance with the Int. Std Normative IEC 61000-4-29 to inject noise (voltage dips) into the
Vcc power supply line of the device.
GigaHertz Transverse Electromagnetic (GTEM) Cell, to expose the device to different EM
fields.
3. 3. Experimental EvaluationExperimental Evaluation
Fig. 19. IEC 61.000-4-29 Normative – compliance EMI Generator and test setup used for electromagnetic-induced noise injection and analysis.
Programming Keyboard
Start-Stop Command
Output Display
Noisy Power Lines to the
DUT
3. 3. Experimental EvaluationExperimental Evaluation
Experiment 1: Conducted EMI
Fig. 19. IEC 61.000-4-29 Normative – compliance EMI Generator and test setup used for electromagnetic-induced noise injection and analysis.
3. 3. Experimental EvaluationExperimental Evaluation
Experiment 1: Conducted EMI
Fig. 21. Oscilloscope printscreen of voltage dips injected into the microcontroller Vcc pin. Negative pulse of -30% (-0.9V) and width of 30ms. (Nominal Vcc = 3.0V.)
3. 3. Experimental EvaluationExperimental Evaluation
Experiment 1: Conducted EMI
3. 3. Experimental EvaluationExperimental Evaluation
Errors Observed for Different Voltage Dip Durations
0%
20%
40%
60%
80%
100%
0,01 0,03 0,1 0,3 1
Duration (s)
Control-flow Errors
Data Errors
Detection Rate for Different Voltage Dip Durations(Including Data and Control-Flow Errors)
0%
20%
40%
60%
80%
100%
0,01 0,03 0,1 0,3 1
Duration (s)
% Not Detected
% Detected
SW-Based Fault Detection Summary(Including Data and Control-Flow Errors)
70,63
29,37
% Detected
% Not Detected
Not DetectedObserved HW-Based Faults(%)
Errors % Data % Control Technique (WDT)
27,79 8,3282,61 17,39
24 28100 0
0 0100 0
0 00 0
0 00 0
Detected Faults (%)
Duration (s)SW-Based Techniques (%)
0,01 3663,89
0,03 2548
0,1 1100
0,3 00
1 00
Fig. 8. SW-Based Fault Detection Summary. (238-byte Image Processing Program) [Data-dominant]
Fig. 7. Fault-Detection Capability Summary for the SW-Based Techniques. (238-byte Image Processing Program)
Fig. 6. “Data” versus “Control” Error Detection Summary. (238-databyte Image Processing Program)
Table 3. Fault Detection Summary for the 238-databyte Image Processing Program.
Experiment 1: Conducted EMI
3. 3. Experimental EvaluationExperimental Evaluation
Not DetectedObserved HW-Based Faults(%)
Errors % Data % Control Technique (WDT)
16,95 039,8 60,2
4,285 12,85532,76 67,24
1,88 11,3221,74 78,26
0 12,8220,59 79,41
6,25 12,515,38 84,62
1 1681,25
0,3 3987,18
0,1 5386,79
0,03 7082,86
Detected Faults (%)
Duration (s)SW-Based Techniques (%)
0,01 8583,05
Table 4. Fault-Detection Summary for the 238-byte Bubble Sort Program.
Detection Rate for Different Voltage Dip Durations (including data and control-flow errors)
0%
50%
100%
0,01 0,03 0,1 0,3 1
Duration (s)
Not Detected
Detected
Fig. 10. Fault-Detection Capability Summary for the SW-Based Techniques. (238-byte Bubble Sort Program)
SW-Based Fault Detection Summary(Including Data and Control-Flow Errors)
84,23
15,78
Detected (%)
Not Detected (%)
Errors Observed for Diferent Voltage Dip Durations
0%
20%
40%
60%
80%
100%
0,01 0,03 0,1 0,3 1
Duration (s)
Control-f low Errors
Data Errors
Fig. 9. “Data” versus “Control” Error Detection Summary. (238-byte Bubble Sort Program)
Fig. 11. SW-Based Fault Detection Summary. (238-byte Bubble Sort Program) [Control-dominant]
Experiment 1: Conducted EMI
Fig 23. Test setup for EMI-based fault injection; (a), (b) and (c) General scheme and equipments at INTI; (d) SUT (MSP430F149 Texas Microcontroller) and Power Meter inside
the GTEM Cell.
(b)
(c)
RF Signal Generator
Power Amplifier
JTAG On-Line Communication: “SUT/Host” (Serial Port, Optical Fiber)
GTEM Cell
SUT
Personal Computer
(Host)
Power Meter
(a)
(d)
GTEM CellGTEM Cell
3. 3. Experimental EvaluationExperimental EvaluationExperiment 2: Irradiated EMI
3. 3. Experimental EvaluationExperimental Evaluation
(a)
(b)
Number of workload runs
Number of runs yielding erroneous
outputs
Number of runs with errors detected
Number of runs terminated by system
crash
Number of runs with errors not detected^
Average number of erroneous memory words per erroneous
run
70 12 7 (58.3%) 1 5 (41.7%) 58.8
Number of workload runs
Number of runs yielding erroneous outputs
Number of runs with errors detected
Number of runs terminated by system
crash
Number of runs with errors not detected^
Average number of erroneous memory words per erroneous
run
75 36 18 (50%) 3 18 (50%) 84.5
Table 1. Test summary for the workload Bubble-Sort:
(a) HW-based fault detection supported by remote personal computer operating as WDT; (b) SW-based fault detection technique implemented with data- and control-flow faults detection.
Test parameters: Modulation Frequency: 1GHz; Carrier frequency: 1KHz; Measured EM field: 70V/m.
Experiment 2: Irradiated EMI
3. 3. Experimental EvaluationExperimental Evaluation
(a)
(b)
(c)
Number of workload runs
Number of runs yielding erroneous
outputs
Number of runs with errors detected
Number of runs terminated by system
crash
Number of runs with errors not detected^
Average number of erroneous memory words per erroneous
run
167 147 70 (72,2%) 4 77 (27,8%) 3.3*, 6.6**, 471.5***
Number of workload runs
Number of runs yielding erroneous
outputs
Number of runs with errors detected
Number of runs terminated by system
crash
Number of runs with errors not detected^
Average number of erroneous memory words per erroneous
run
173 94 75 (79.8%) 7 19 (20.2%) 20.8*, 9.4**, 295.8***
Number of workload runs
Number of runs yielding erroneous
outputs
Number of runs with errors detected
Number of runs terminated by system
crash
Number of runs with errors not detected^
Average number of erroneous memory words per erroneous
run
174 169 92 (84.4%) 14 77 (15.6%) 27.5*, 6.6**, 124.5***
Table 2. Test summary for the workload Matrix Multiplication:
(a) HW-based fault detection supported by remote personal computer operating as WDT; (b) SW-based fault detection technique implemented with data-flow fault detection; (c) SW-based fault detection technique implemented with control-flow fault detection.
Test parameters: Modulation Frequency: 100MHz; Carrier frequency: 1KHz; Measured EM field: 100V/m.
Experiment 2: Irradiated EMI
6658
99
34
0
10
20
30
40
50
60
70
80
90
100
A B C D
MF(GHz) / IF(V/m)A = 0,1/90 B = 0,15/100 C = 1/70 D = 0,1/100
Fig 24. Number of erroneous memory words as a function of the Modulation Frequency (MF) and the EM Incident Field (IF). Results for the workload Bubble Sort.
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
0 10 20 30 40 50 60 70 90 100
EM Field Incident on the SUT (V/m)
NN
PF
Fig 25. Normalized Number of Processor Failures [NNPF = (# of runs yielding erroneous outputs)/(# of runs)] as a function of the EM incident field applied on the SUT (V/m).
3. 3. Experimental EvaluationExperimental Evaluation
Experiment 2: Irradiated EMI
System architecture co-implemented in HW+SW to detect transient
faults in control-flow and application data. Architecture main
characteristics:
SW-embedded structures at the application code level yield
good fault-detection for EMI.
Migrating part of the SW-embedded structures into HW, by
implementing a watch-dog (int/ext) to monitor the application
processor (joint use of SW + HW fault detection improves even
more fault coverage in EMI-exposed environments at
reasonable cost)
44. . Final ConsiderationsFinal Considerations