System Hardening and Real Applications

  • Michel PignolEmail author


This chapter describes the suitable protections at architecture and system level against the effects of radiation on electronic components and digital systems. After the description of the general architecture of a space avionics system, the potential solutions for each type of units (equipments) constituting an on-board computer are presented through the example of real space applications: avionics bus, links, memory units, and—the main part—processing units i.e. fault-tolerant architectures. The main fault-tolerant mechanisms are overviewed, as time replication either at instruction or task level, duplex, triplex (TMR), lock-step, then a trade-off between these different solutions is outlined. Real case studies are also analyzed.


COTS Commercial component Fault-tolerant architecture Mitigation Radiation Upset Transient Space avionics Avionic bus Link Memory unit Processing unit 



The author gratefully acknowledges the different participants in the improvement of this chapter: Thierry Chapuis (CNES) for a part of section “Good Practices to Face Radiation Effects”, Alain Peus (CNES) for section “Stating the Problem”, Jean-Louis Carayon (CNES) for section “MYRIADE: A Small Satellite Case Study” and all the other people not mentioned.


General Reference

  1. 1.
    M. Pignol, J.-L. Carayon, T. Chapuis, A. Peus, B. Saba, Radiation effects on digital systems, in Chapter III-03 of Space Radiation Environment and its Effects on Spacecraft Components and Systems (SREC'04), Space Technology Course of CNES/ONERA/RADECS Association, (Cépaduès Editions, Toulouse (France), 2004), pp. 411–459. ISBN 2–85428–654-5Google Scholar

COTS Methodology

  1. 2.
    C. Aicardi, P. Lay, A. Mouton, C. Revellat, D. Beauvallet, G. Lemarchand, et al., Guidelines for commercial parts management, in Proceedings of the European Space Components Conference (ESCCON), 2002, pp. 185–188Google Scholar
  2. 3.
    M. Pignol, COTS-based applications in space avionics, Invited presentation in Proceedings of the 13th EDAA/IEEE Design, Automation & Test in Europe (DATE), 2010, pp. 1213–1219Google Scholar

Avionic Buses

  1. 4.
    Mil-Std-1553—MIL-STD-1553B, Digital time division command/response multiplex data bus, Notice 2, Department of Defense of USA, Sept. 1986Google Scholar
  2. 5.
    Mil-Std-1773—K.A. LaBel, M. Flanegan, P. Marshall, C. Dale, E.G. Stassinopoulos, Spaceflight experiences and lessons learned with NASA’s first Fiber optic data bus, in Proceedings of the 2nd RADECS Association/ESA/CNES/IEEE European Conf. On Radiations and its Effects on Components and Systems (RADECS), 1993Google Scholar

High Speed Serial Links

  1. 6.
    LNR—M. Pignol, J. Nodet, High speed data links developed for the SPOT 5 image chain, in Proceedings of the Eurospace/ESA/CNES DAta Systems in Aerospace Conference (DASIA), 1996, pp. 467–475Google Scholar
  2. 7.
    LNTHD—M. Pignol, F. Malou, C. Aicardi, Qualification and Relifing testing for space applications applied to the Agilent G-link components, in Proceedings of the 16th IEEE Interantional On-Line Testing Symposium (IOLTS), 2010, pp. 103–108Google Scholar

Memory Units

  1. 8.
    J. Clavier, M. Niquil, G. Coffinet, F. Behr, Théorie et technique de la transmission des données—Notions fondamentales, ENSTA, 2nd edn. (Masson, London, 1979)Google Scholar
  2. 9.
    P. Csillag, Introduction aux codes correcteurs (Edition Marketing, Paris, 1990)Google Scholar
  3. 10.
    W.W. Peterson, E.J. Weldon, Error-Correcting Codes, 2nd edn. (MIT Press, Cambridge, MA, 1996)zbMATHGoogle Scholar
  4. 11.
    M. Pignol, Device and method for detecting and correcting memory errors in an electronic system, patent EP 1 340 148 B1Google Scholar
  5. 12.
    M. Pignol, Coding device and method for a storage error detection and correction assembly in an electronic system, patent EP 1 340 147 B1Google Scholar

Processing Units—Fault Tolerant Architectures

    General References

    1. 13.
      M. Pignol, How to cope with SEU/SET at system level? in Proceedings of the 11th IEEE International On-Line Testing Symposium (IOLTS), 2005, pp. 315–318Google Scholar
    2. 14.
      J.-C. Laprie, J. Arlat, J.-P. Blanquart, A. Costes, Y. Crouzet, Y. Deswarte, J.-C. Fabre, H. Guillermain, M. Kaâniche, K. Kanoun, C. Mazet, D. Powell, C. Rabéjac, P. Thévenod-Fosse, Guide de la sûreté de fonctionnement (Cépaduès-Éditions, Toulouse, 1995–96), p. 369Google Scholar
    3. 15.
      D.P. Siewiorek, R.S. Swarz, Reliable Computer Systems—Design and Evaluation (Digital Press, Bedford, MA, 1992), p. 908zbMATHGoogle Scholar
    4. 16.
      J.-C. Geffroy, G. Motet, Design of Dependable Computing Systems (Kluwer Academic Publishers, Dordrecht, 2002), p. 700CrossRefGoogle Scholar
    5. 17.
      S. Mitra, N. Seifert, M. Zhang, Q. Shi, K.S. Kim, M. Nicolaidis, D. Chardonnereau, Robust system design with built-in soft-error resilience. IEEE Comput. 38(2), 43–52 (2005)CrossRefGoogle Scholar
    6. 18.
      M. Nicolaidis, A low-cost single-event latchup mitigation scheme, in Proceedings of the 12th IEEE International On-Line Testing Symposium (IOLTS), 2006, pp. 111–115Google Scholar

Fault-Tolerant Architectures

  1. 19.
    Granularity—P. Gawkowski, J. Sosnowski, Assessing software implemented fault detection and fault tolerance mechanisms, in Proceedings of the IEEE 12th Asian Test Symposium (ATS), 2003, pp. 462–467Google Scholar
  2. 20.
    Copra—C. Méraud, P. Lloret, COPRA: a modular family of reconfigurable computers, in Proceedings of the IEEE National Aerospace and Electronics Conference (NAECON), 1978, pp. 822–827Google Scholar
  3. 21.
    Smex—B.S. Smith, J. Hengemihle, The small explorer data system, a data system based on standard interfaces, in Proceedings of the AIAA/NASA 2nd International Symposium on Space Information Systems, 1990Google Scholar
  4. 22.
    TTMR/Protons—D. Czajkowski and M. McCartha, Ultra low-power space computer leveraging embedded SEU mitigation, in Proceedings of the IEEE Aerospace Conference, 2003Google Scholar
  5. 23.
    TTMR/Protons—Space Micro Inc. web site:
  6. 24.
    Time replic. instr.—M. Rebaudengo, M. Sonza Reorda, M. Torchiano, M. Violante, Soft-error detection through software fault-tolerance techniques, in IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT), 1999, pp. 210–218Google Scholar
  7. 25.
    Time replic. instr.—P. Bernardi, L.M.V. Bolzani, M. Rebaudengo, M. Sonza Reorda, F.L. Vargas, M. Violante, A new hybrid fault detection technique for systems-on-a-chip. IEEE Trans. Comput. 55(2), 185–198 (2006)CrossRefGoogle Scholar
  8. 26.
    EDDI—M.N. Lovelette, K.S. Wood, D.L. Wood, J.H. Beall, P.P. Shirvani, N. Oh, E.J. McCluskey, Strategies for fault-tolerant, space-based computing: lessons learned from the ARGOS testbed, in Proceedings of the IEEE Aerospace Conference, vol. 5, 2002, pp. 2109–2119Google Scholar
  9. 27.
    DMT—M. Pignol, Processing procedure for an electronic system subject to transient error constraints and a memory access monitoring device, patent US 6 839 868 B1Google Scholar
  10. 28.
    DMT & DT2—M. Pignol, DMT and DT2: two fault-tolerant architectures developed by CNES for COTS-based spacecraft supercomputers, in Proceedings of the 12th IEEE International On-Line Testing Symposium (IOLTS), 2006, pp. 203–212Google Scholar
  11. 29.
    DMT & DT2—M. Pignol, T. Parrain, V. Claverie, C. Boléat, G. Estaves, Development of a testbench for validation of DMT and DT2 fault-tolerant architectures on SOI PowerPC7448, in Proceedings of the 14th IEEE International On-Line Testing Symposium (IOLTS), 2008, pp. 182–184Google Scholar
  12. 30.
    DT2—M. Pignol, Software system tolerating transient errors and control process in such a system, patent US 7 024 594 B2Google Scholar
  13. 31.
    Bird—P. Behr, W. Bärwald, K. Briess, S. Montenegro, Fault tolerance and COTS: next generation of high performance satellite computers, in Proceedings of the Eurospace/ESA/CNES DAta Systems in Aerospace Conference (DASIA), 2003Google Scholar
  14. 32.
    TMR/Byzantine faults—L. Lamport, R. Shostak, M. Pease (SRI International), The byzantine generals problem. ACM Trans. Program. Lang. Syst., 4(3), 382–401 (1982)CrossRefGoogle Scholar
  15. 33.
    Guards—D. Powell, J. Arlat, L. Beus-Dukic, A. Bondavalli, P. Coppola, A. Fantechi, E. Jenn, C. Rabéjac, A. Welling, GUARDS: a generic upgradable architecture for real-time dependable systems, IEEE Trans. Parallel Distributed Syst. 10(6), 580–599 (1999)Google Scholar
  16. 34.
    Clocks—H. Kopetz, W. Ochsenreiter, Clock synchronization in distributed real-time systems. IEEE Trans. Comput., C-36(8), 933–940 (1987)CrossRefGoogle Scholar
  17. 35.
    Hermes—C. Guidal, P. David, Development of a fault tolerant computer system for the Hermes space shuttle, in Proceedings of the IEEE Fault-Tolerant Computing Symposium (FTCS-23), 1993Google Scholar
  18. 36.
    Guards—A. Bondavalli, F. Di Giandomenico, F. Grandoni, D. Powell, C. Rabejac, State restoration in a COTS-based N-modular architecture, in 1st International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC), pp. 174–183, 1998Google Scholar
  19. 37.
    Space Shuttle—J.R. Sklaroff, Redundancy management technique for space shuttle computers. IBM J. Res. Dev. 20, 20–28 (1976)Google Scholar
  20. 38.
  21. 39.
    Guards—D. Powell (ed.), A Generic Fault-Tolerant Architecture for Real-Time Dependable Systems, ed. by David Powell, Kluwer Academic Publishers, Boston, 2001Google Scholar
  22. 40.
    Servis-1—H. Kanai, K. Hama, M. Akiyama, N. Natsuka, Overview of SERVIS project toward application of commercial technology for space, in 56th International Astronautical Congress, IAC-05-D1.2.09, 2005Google Scholar
  23. 41.
    Craft—H. Hihara, K. Yamada, M. Adachi, K. Mitani, M. Akiyama, K. Hama, CRAFT: an experimental fault tolerant computer system for SERVIS-2 satellite, in Proceedings of the 21th AIAA Int. Communications Satellite Systems Conference (ICSSC), Paper no 2003–2291, 2003Google Scholar
  24. 42.
    Remei/Index—H. Saito, Y. Masumoto, T. Mizuno, A. Miura, M. Hashimoto, H. Ogawa, S. Tachikawa, T. Oshima, M. Hirahara, S. Okano, et al., INDEX: Piggy-back satellite for aurora observation and technology demonstration, in 51th IAF International Astronautical Congress, 2000Google Scholar
  25. 43.
    Remei/Index—S. Fukuda, T. Mizuno, S-I. Sakai, T. Takahara, R. Kaneda, Y. Yanagawa, H. Saito, et al., On-orbit performance of the REMEI satellite with integrated computer system and introduction to its flexible operation, in Proceedings of the 25th ISTS (International Symposium on Space Technology and Science) and 19th ISSFD (International Symposium on Space Flight Dynamics), Paper no 2006-f-01, 2006Google Scholar
  26. 44.
    SCS750—R. Hillman, G. Swift, P. Layton, M. Conrad, C. Thibodeau, F. Irom, Space processor radiation mitigation and validation techniques for an 1,800 MIPS processor board, in Proceedings of the 12th RADECS Association/ESA/CNES/IEEE European Conference on Radiations and its Effects on Components and Systems (RADECS), 2003, pp. 347–352Google Scholar
  27. 45.
    SCS750—L. Longden, C. Thibodeau, R. Hillman, P. Layton, M. Dowd, Designing a single board computer for space using the most advanced processor and mitigation technologies, Maxwell Technologies White PaperGoogle Scholar
  28. 46.
    GAIA—S. Provost, M. Le Roy, B. Mamdy, G. Flandin, T. Paulsen, GAIA video processing embedded algorithms: Prototyping and validation activities, in Proceedings of the Eurospace/ESA/CNES DAta Systems in Aerospace Conference (DASIA), 2007Google Scholar
  29. 47.
    GAIA—P. Paulet, M. Le Roy, D. Sharman, T. Paulsen, L. Longden, R. Hillman, Towards general-purpose payload data processing computers, example of the GAIA video processing unit, in Proceedings of the Eurospace/ESA/CNES DAta Systems in Aerospace Conference (DASIA), 2011Google Scholar
  30. 48.
    Lock-step pb—D. Bernick, et al., NonStop® advanced architecture, in Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2005, pp. 12–21Google Scholar
  31. 49.
  32. 50.
    Calipso—R. DeCoursey, R. Melton, R. Estes, Non radiation hardened microprocessors in space-based remote sensing systems, in Proceedings of the SPIE Sensors, Systems, and Next-Generation Satellites X, vol. 6361, 2006Google Scholar
  33. 51.
    ABFT—M. Turmon, R. Granat, Algorithm-based fault tolerance for Spaceborne computing: basis and implementations, in Proceedings of the IEEE Aerospace Conference, 2000Google Scholar
  34. 52.
    REE—K. Whisnant, R.K. Iyer, P. Jones, R. Some, D.A. Rennels, An experimental evaluation of the REE SIFT environment for spaceborne applications, in Proceedings of the IEEE/IFIP International Conference On Dependable Systems and Networks (DSN), 2002, pp. 585–594Google Scholar

Other Concepts

  1. 53.
    BIST—M. Nicolaidis, Efficient UBIST implementation for microprocessor sequencing parts, in International Test Conference (ITC), 1990, pp. 316–326Google Scholar
  2. 54.
    BIST—M. Nicolaidis, M. Boudjit, New implementations, tools, and experiments for decreasing self-checking PLAs area overhead, in Proceedings of the IEEE Int. Conf. on Computer Design: VLSI in Computers and Processors (ICCD), 1991, pp. 275–281Google Scholar
  3. 55.
    Watchdog processors—A. Mahmood, E.J. McCluskey, Concurrent error detection using watchdog processors—a survey. IEEE Trans. Comput. 37(2), 160–174 (1998)Google Scholar
  4. 56.
    Control-Flow checking—O. Nahmsuk, P.P. Shirvani, E.J. McCluskey, Control-flow checking by software signatures. IEEE Trans. Reliab. 51(1), 111–122 (2002)Google Scholar
  5. 57.
    Wrappers—J. Arlat, J.-C. Fabre, M. Rodriguez, F. Salles, Dependability of COTS microkernel-based systems. IEEE Trans. Comput. 51(2), 138–163 (2002)CrossRefGoogle Scholar
  6. 58.
    Wrappers—F. Salles, M. Rodriguez, J.-C. Fabre, J. Arlat, MetaKernels and faults containment wrappers, in Proceedings of the IEEE Fault-Tolerant Computing Symposium (FTCS-29), 1999, pp. 22–29Google Scholar
  7. 59.
    ASIC protection—J. Gaisler, Concurrent error-detection and modular fault-tolerance in an 32-bit processing Core for embedded space flight applications, in Proceedings of the IEEE Fault-Tolerant Computing Symposium (FTCS-24), 1994Google Scholar
  8. 60.
    ASIC protection—J. Gaisler, A portable and fault-tolerant microprocessor based on the SPARC V8 architecture, in Proceedings of the IEEE/IFIP Dependable System and Networks (DSN), 2002Google Scholar

Real Case Studies

  1. 61.
    ATV—G. Urban, H.-J. Kolinowitz, J. Peleska, A survivable avionics system for space applications, in Proceedings of the IEEE Fault-Tolerant Computing Symposium (FTCS-28), 1998Google Scholar
  2. 62.
    Myriade—J.-L. Carayon, V. Dubourg, P. Danto, G. Galéa, An innovative onboard computer for CNES microsatellites, in Proceedings of the 21th IEEE Digital Avionics Systems Conference (DASC), 2002Google Scholar


  1. 63.
    Iridium-Next—P. Murray, T. Randolph, D. Van Buren, D. Anderson, I. Troxel, High performance, high volume reconfigurable processor architecture, in Proceedings of the IEEE Aerospace Conference, 2012Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.CNESToulouse Cedex 9France

Personalised recommendations