Single event upset mitigation techniques for FPGAs utilized in nuclear power plant digital instrumentation and control

Field programmable gate arrays (FPGAs) are integrated circuits being increasingly used for digital instrumentation and control (I&C) in nuclear power plants (NPPs) because of low cost, re-configurability and low design turn-around time. However, to ensure reliability, proper design techniques must be employed since the memory and logic in FPGAs are susceptible to single event upsets (SEUs). Triple modular redundancy (TMR) has become a common SEU mitigation design technique because of its straightforward implementation and reliable results. Partitioned TMR approaches are introduced in this paper, and formulae derived indicate that the maximum probability of two simultaneous errors [P_E]_max is inversely proportional to the number of logic partitions in a TMR design, when each redundant logic block in every logic partition has the same number of sensitive nodes. However, the maximum logic partitioning design cannot completely eliminate the possibility of two simultaneous upsets. For the example test circuit it is found that [P _E]_max is reduced dramatically from 66.67% for minimum logic partitioning to 4.44% for maximum logic partitioning. Because TMR introduces significant overhead due to its full hardware redundancy, a dual modular redundancy approach is also examined for application to less demanding situations. By comparative analysis this study reaches the conclusion that the maximum logic partitioning TMR implementation is the best solution for digital I&C applications in NPPs where obtaining robustness is of the highest importance, despite its higher area overhead.