COTS SoC FPGAs provide an ideal platform for the design of space avionics due to their advantages in cost, performance, and flexibility. However, their susceptibility to radiation-induced SEEs is a blocking factor and, thus, SEE mitigation techniques are needed. One popular mitigation technique for COTS processors is lockstep architecture. Here, we aim to design, develop, and validate a loosely-coupled lockstep approach with checkpoint and restore mechanisms for the dual-core ARM-A9 processor of the Xilinx Zynq-7000 APSoC. Several lockstep approaches have been proposed in the past to support the design of fault-tolerant COTS processors for onboard computers. The project relies on ideas proposed in these approaches but also introduces novel techniques to improve system reliability, performance, and seamless integration. In our approach, the CPUs run the same code independently and are macro-synchronized based on the IO dataflow-driven mode proposed in DM/DT2. The context data are stored into memories within the FPGA fabric (BRAMs), where a hw module synchronizes the CPUs, compares the results, and triggers the cores to initiate the recovery process in case of discrepancy. The contributions of the project wrt. the state-of-the-art are: -Our approach is compatible with Real-Time Operating Systems (RTOS); open-source OS, such as the FreeRTOS or RTEMS will be studied -Each processor executes its own RTOS instance to eliminate single points of failure -On-chip caches are enabled for better performance, which, however, impose extra complexity in the checkpointing mechanism -Reconfigurable logic (BRAMs, checker, buses) are protected against SEEs using TMR and scrubbing -RTOS functions and services will be developed to accommodate the seamless integration of lockstep functionality to programs -Our approach will be validated with extensive fault injection and heavy-ion radiation experiments
