The Eighth Meeting on…
Fault-Tolerant Spaceborne Computing Employing New Technologies, 2015
SCHEDULE
Location guide: All activities OUTSIDE the red outline are a the Sheraton Albuquerque Uptown hotel. The main meeting place for the meeting is at the CSRI building near Sandia labs. The closed sessions will be elsewhere at Sandia, but meet at the CSRI building
Tuesday, May 26, 2015 Wednesday, May 27, 2015 Thursday, May 28, 2015 Friday, May 29, 2015
8:00 AM Region outlined in red at Sandia CSRI/90 --> Breakfast (Sandia) Breakfast (Sandia) Breakfast (Sandia)
8:15 AM            
8:30 AM Legend Intro   Tony Amort, Boeing, RHBD3 status update / test results, Rad-Hard DDR2 test results, and SEE analysis in the design loop User group 7 MUG (Sandia) Maestro User Group
8:45 AM Administrative and meals Sung kyu Lim, Ga Tech, Opportunities and Challenges of 3D ICs in Space Computing
9:00 AM Working group   Tony Sims, Cobham, Cobham Quad Core Processors (Feat. GR740)
9:15 AM Presentation session
9:30 AM Closed session Ned Hanlon, USNA, USNA Cubesat Project Jon Ballast, BOEING, NGSP study results
9:45 AM    
10:00 AM Peter Kogge, Notre Dame, An Energy Model for Future Scalable Multi-core Processors [Remote] Ran Ginosar, Ramon Chips Ltd (by phone), RC64: High Performance Rad-Hard Manycore with FPGA Extension for Telecomm Satellites and other Space Applications
10:15 AM
10:30 AM [Remote] Doug Sheldon, COTS Electronics Qualification using Simulation Tools James Levy, 3D wg outbrief (2+4)
10:45 AM
11:00 AM Matt French, ISI, The SecUre and Robust Electronics (SURE) Center Matt French, trust wg outbrief (3)
11:15 AM John Bellardo, smallsat wg outbrief (1)
11:30 AM Ken Heffner, Honeywell, Building the Approach to Cyber Physical Systems Security for Integrated Trust in Space Systems Eric Swenson, AFIT, Designing, Building, and Testing CubeSat C&DH Hardware and Softwar 
11:45 AM
12:00 PM Note: Please do not go to Sandia this day; go to the hotel. There will be a registration desk from 12:30 or so Lunch (Sandia, provided) Lunch (Sandia, provided) Limited lunch (Sandia, provided)
12:15 PM    
12:30 PM    
12:45 PM    
1:00 PM Working group 1 (hotel) CubeSats and small sats (Bellardo). Working group 2 (hotel) 3D new developments (Levy/Lim). Link to schedule: v2-WG2.docx John Bellardo, Cal Poly, CubeSats and small sats Closed session (meet at CSRI building and carpool or caravan to a different location)    
1:15 PM  
1:30 PM John Samson, Honeywell, Dependable Multiprocessor (DM) CubeSat Technology Development: ISS (International Space Station) Flight Experiments  
1:45 PM  
2:00 PM Ken Mighell, NOAO, Using CubeSats to Bridge the TRL Valley of Death  
2:15 PM  
2:30 PM Gen Sasaki, Mathworks, New Satellite Engineering Development Methodologies Using Model-Based Design  
2:45 PM  
3:00 PM Break (provided, hotel) Break (provided)  
3:15 PM          
3:30 PM Working group 1 continued Working group 2 continued Richard Berger, BAE, RAD5545  
3:45 PM  
4:00 PM Ching Hu, Altera, UAV and Satellite Technology Alignment and Cross Leveragability  
4:15 PM  
4:30 PM Ian Troxel, Betroker, Inc. and Bob Campanini, Micropac Industries, Inc., Survey of Technology for Fiber Optic Interconnects for Space  
4:45 PM  
5:00 PM        
5:15 PM Reception (hotel)  
5:30 PM     Drive to hotel; socialize in lobby Dinner on your own
5:45 PM        
6:00 PM        
6:15 PM        
6:30 PM        
6:45 PM        
7:00 PM Working group 3 (hotel) Trust: Emerging Solutions, Current Research, and Future Needs (Matt French) Working group 4 (hotel) Commercial parts in space (Levy/Yamaguchi) Dinner served   Working group 5 (hotel) Software, resilience (Hans Zima) Working group 6 (hotel) Storage status (Marinella)
7:15 PM    
7:30 PM    
7:45 PM Dinner speaker. Katie Stack, JPL, Science Highlights from the Mars Curiosity Rover Mission
8:00 PM
8:15 PM
8:30 PM
8:45 PM
9:00 PM
9:15 PM
9:30 PM
9:45 PM
10:00 PM
1. CubeSats and small sats
The CubeSat working group is intended to be an open, wide-ranging discussion of computing challenges surrounding higher risk, lower cost missions.  Seed topics for discussion include:

  * What classifies a mission as “CubeSat”
  * How being “CubeSat" impacts the development process
  * How that development process is reflected in the final flight configuration of the satellite
  * Synergies between “CubeSat" and non-CubeSat ends of the spectrum
  * CubeSats pushing the technical boundaries of flight computing, such as multi-processors, power consumption, and miniaturization

Everyone is encouraged to bring their own ideas and topics for discussion.  The format will be a mix of open discussion and prepared presentations / remarks, with the majority of time spent in open discussion.
2. New Developments in 3D IC Design, CAD Tools, and Architecture
What appears below is a tightly-formatted version of v2-WG2.docx
1:00 PM Topic 1: What are the full-chip power, performance, area (PPA) benefits of 3D ICs over 2D ICs?
1:15 PM
1:30 PM Open discussion (Why the delay in mainstream acceptance of 3D ICs?/What are the killer apps for 3D IC?/What is the monolithic 3D IC? How is this different from TSV-based 3D ICs?/What are the new challenges in space computing?
1:45 PM
2:00 PM Topic 2: How much are the EDA tools ready for 3D ICs?
2:15 PM
2:30 PM Open discussion (What important features are missing?/Do we extend 2D IC tools or start from scratch?/How can EDA tools help alleviate multi-physics reliability issues in 3D ICs?/What are the EDA solutions for heterogeneous integration?/What are the new challenges in space computing?)
2:45 PM
3:00 PM Break (provided, hotel)
3:15 PM
3:30 PM Topic 3: How should we optimize the architecture to better benefit from 3D ICs?
3:45 PM
4:00 PM Open discussion (How will 3D IC help many-core computing?/How will 3D IC change the memory hierarchy?/How can 3D IC help in-memory computing?/How will 3D IC help non-Von Neumann computing?/What are the useful architectural methods to alleviate thermal issues in 3D ICs?/What are the new challenges in space computing?)
4:15 PM
4:30 PM Wrap-up (with a BAA whitepaper draft)
4:45 PM
3. Trust: Emerging Solutions, Current Research, and Future Needs
This working group will provide an overview of Trust issues for the Aerospace Community, highlight emerging solutions from across the industry, and explore active research programs in the area. Discussion will focus on perceived gaps with respect to the Aerospace community’s needs. This working group will be held at the UNCLASSIFIED level. Higher level discussions can be held at the closed session on 5/28.
7:00 PM Matt French, Introduction and trust background
7:30 PM Emerging solutions: Michael Chen, Mentor Graphics, Secure Silicon
8:00 PM Emerging solutions: Ching Hu, Altera, Stratix-10
8:30 PM Break (provided, hotel)
8:45 PM Current Research: Dr. Carl McCants, IARPA, Trusted Integrated Chips
9:15 PM Current Research: Cal Roman, AFRL, Upcoming Research Announcements
9:30 PM Organizers, Open Discussion and Wrap Up
10:00 PM
4. Trade-offs and considerations for 3D electronics
Areas to discuss: Size/Die availability/Fault Tolerance/System designs/Cost/Materials/Thermal Management/Radiation effects and mitigation
5. Sofware/resilience
Topics in software for spacecraft. Working Group WG 5 will address the issue of software supporting the reliability of spacecraft computing. Topics covered will include a strategy for managing the end of Moore's Law and the application of formal methods for autonomous control systems. 
What appears below is a tightly formatted version of WG5.docx
7:00 PM Kerianne H. Gross, Air Force Research Laboratory, Wright-Patterson Air Force Base, OH, Application and Evaluation of Formal Methods Tools  to a 6U CubeSat  Attitude Control System
7:30 PM John Paul Walters. USC Information Sciences Institute, Marina Del Rey, CA, Opportunities for Software-Based Fault Tolerance in  Space Systems
8:00 PM Erik P. DeBenedictis, Computing Research, Sandia, End of Moore's Law and Space Computing
8:30 PM Hans P. Zima, Jet Propulsion Laboratory, California Institute of Technology, and
University of Vienna, Austria, The FailSafe Assertion Language

9:00 PM General Discussion
10:00 PM
6. Memory and storage
TBD
7. Maestro User Group (MUG)
The Maestro Users Group will be an open forum for current and potential users of the rad-hard Maestro many-core processor for space. The Maestro processor is based on the commercial Tile64 processor, has 49 cores, and provides up to 25 GFLOPS and 50 GOPS. The MTUG meeting will be an informal and interactive meeting of developers and users to discuss the current state of Maestro hardware and software technology, applications, performance, flight prospects, systems, and user experiences
Abstracts
Tony Amort RHBD3 status update / test results, Rad-Hard DDR2 test results, and SEE analysis in the design loop
RHBD3 status update / test results, Rad-Hard DDR2 test results, and SEE analysis in the design loop
Jon Ballast NGSP study results
Similar to GOMAC
Richard Berger Quad-Core Radiation-Hardened System-on-Chip Power Architecture® Processor"
Based on the QorIQ® system-on-chip processor architecture from Freescale Semiconductor with additional unique features for space applications, the RAD55xx™ system-on-chip platform integrated circuit can be personalized into multiple processor solutions.  The RAD55xx platform includes four 32/64 bit Power Architecture® processor cores, three levels of on-die cache memory, dual interleaved DDR3 DRAM controllers, data path acceleration architecture (DPAA) on-die hardware accelerators, a NAND Flash controller, and high I/O throughput based on serializer/deserializer high speed links.  Manufactured at the IBM trusted foundry in 45nm silicon-on-insulator (SOI) process technology with copper interconnect and leveraging the radiation-hardened by design RH45™ technology, the RAD55xx platform optimizes power/performance to deliver processor throughput of up to 5.6 GOPS/3.7 GFLOPS, memory bandwidth of up to 102 Gb/s, and I/O throughput of up to 64 Gb/s.  Each of the highly efficient RAD5500™ 64-bit cores offers direct addressability to 64 GB of memory, improves double precision floating point performance, and achieves 3.0 Dhrystone MIPS/MHz.  The RAD55xx platform is designed for insertion into systems using the SpaceVPX standard, supporting the RapidIO data plane, SpaceWire control plane, and I2C utility plane.  Architectural trades, the development methodology, technical challenges, and single board computer solutions are discussed.
Ran Ginosar RC64: High Performance Rad-Hard Manycore with FPGA Extension for Telecomm Satellites and other Space Applications
RC64 is a rad-hard high-performance many-core signal processor comprising 64 DSP cores, 4 Mbytes on-chip shared memory, telecomm accelerators and high bandwidth I/O. It can be enhanced with a companion FPGA. It is designed for a variety of space applications. The paper demonstrates its use in telecomm payloads and smart phased-array antennas.
Kerianne H. Gross Application and Evaluation of Formal Methods Tools to a 6U CubeSat Attitude Control System
This presentation describes the implementation of a set of formal methods tools on a 6U CubeSat control system. Through these tools, model checking analysis is applied to the requirements, architecture, and model development phases of the design process of a reaction wheel attitude control system example to evaluate the feasibility of the approach and identify gaps in tool capabilities. The requirements for the control system are expressed in a mathematically rigorous framework currently under development by Rockwell Collins and AFRL called the Specification and Analysis of Requirements (SpeAR) tool. The SpeAR tool allows subject matter experts to write system requirements in peer-reviewed specification templates  that allow for formal analysis. The properties and requirements developed in SpeAR are then used to develop an architecture of the system in the Architecture Analysis & Design Language (AADL) and the  Assume Guarantee Reasoning Environment (AGREE) AADL annex  is used to evaluate the behavior of the subsystem components within the greater system. Requirements in SpeAR are documented as guarantees of the system in AGREE, and properties developed in SpeAR are used to build the system behavior. The verified architecture provides the framework for a Simulink model and simulation of the control system. The assumptions and guarantees developed during the architecture phase are used to manually write the Simulink files. The Simulink model is then analyzed using Simulink Design Verifier to prove that the guarantees (and original requirements) hold true throughout the modeling phase. SpeAR, AGREE, and Simulink Design Verifier are used to formally describe and analyze a 6U CubeSat Reaction Wheel Assembly design owned by the Air Force Institute of Technology (AFIT).
Ken Heffner Building the Approach to Cyber Physical Systems Security for Integrated Trust in Space Systems
The goal for more integration and capability in space electronics systems places higher demands on reliability and robustness.  Concurrently, the persistent threat imposed by advancing capabilities in cyber attacks creates a demand on space systems cyber resiliency and supply chain trust for spacecraft and ground-based networks.  Many challenges to designing space systems for cyber resiliency  include the diverse security areas of concern, such as, software assurance, information assurance, hardware assurance, counterfeits, malicious features and  forensics.   These areas of concern expand the range of cyber attack vectors presented to today’s hacker who possesses increasing systems engineering competency of spacecraft and  the connected ground-based networks.  A concurrent approach to space systems engineering that integrates quality and safety with cyber resiliency could provide a path to trust and better buying power for U.S. defense platforms and the critical infrastructure.  The components of the approach would include systems vulnerability modeling and verification tools, cyber range emulation and validation, electronics inspection tools, secure communications,  advanced multi-layer microelectronics architectures, microelectronics design for detecting malicious expression such as: data leakage, functioning outside of specifications, design defects and denial of service and others.   The concurrent systems engineering approach provides a disciplines and affordable means for understanding and addressing the gaps in cyber resiliency for complex space systems and space networks
Ching Hu UAV and Satellite Technology Alignment and Cross Leveragability
UAV and satellite systems have many core components in common.  The similarities and differences will be discussed to identify which technology blocks can be re-used and which ones would require significant additional development.  Some example reference designs will be reviewed and put in context of these applications.  The converging trends on high altitude UAV and LEO satellites will also be discussed and new options to further advance this technology will be explored.
Peter Kogge An Energy Model for Future Scalable Multi-core Processors
he DARPA Exascale report focused on three system architectures: heavyweight (using conventional server-class cores), lightweight (using lower performance ASICs combining cores and routing), and heterogeneous (a mix of the others plus GPUs). The original 2008 report included energy models for each of the first two. In the process of a recent complete update to the energy model for the heavyweight architecture, a great deal of insight has been developed about what we might expect from trying to use such chips in highly scalable systems. This talk focuses on those aspects of the new model that most relate to possible space applications, particularly ones that will try to use end-of-Moore technologies.
Sung Kyu Lim Opportunities and Challenges of 3D ICs in Space Computing
This talk first presents the latest accomplishments in modeling, design, testing, and CAD tool/foundry readiness for 3D ICs targeting terrestrial applications. We next discuss new challenges and opportunities for 3D ICs when deployed in space. 
Ken Mighell Using CubeSats to Bridge the TRL Valley of Death
I describe how an application like CRBLASTER could be used to test a new memory chip/technology for several hours/days/months in Low Earth Orbit using a 6U CubeSat.  While the Notice of Intent has passed for NASA's Earth Science Technology Office's 2015 InVEST (In-space Validation of Earth Science Technologies) program, that and similar opportunities are important for technology providers wishing to somehow get their new technologies out of the infamous Technology Readiness Level "Valley of Death." Although a 6U CubeSat experiment has obvious limitations in terms of volume and size, if a technology can be made small enough and light enough to be considered for a nanosatellite flight experiment, then NASA mission planners could potentially soon have better options for the design of next generation of satellites or planetary probes.
John Samson Dependable Multiprocessor (DM) CubeSat Technology Development: ISS (International Space Station) Flight Experiments
Following the successful SMDC (Space and Missile Defense Command) TechSat F-cubed (Form, Fit, Function) demonstration in 2012, DM CubeSat technology development continued its path to space.  In March 2013, Yosemite Space, formerly known as Advanced Materials Applications, LLC, and Honeywell Aerospace were awarded a CASIS (the Center for the Advancement of Science in Space) grant to perform both ground-based and space-based radiation testing of Gumstix™ COM (Compute-On-Module) modules. Ground-based proton testing of a variety of Gumstix modules has been completed. The space-based radiation testing and performance validation will be conducted as an ISS (International Space Station) National Laboratory flight experiment. Originally scheduled for launch in late 2014, the launch of the Gumstix flight experiment has been delayed to September 2015.  In September 2014, Honeywell and Morehead State University (MSU) were awarded a CASIS grant to fly a DM (Dependable Multiprocessor) CubeSat payload processor as a 2015 ISS National Laboratory flight experiment.  This ISS flight experiment will culminate with the TRL7 validation of DM CubeSat technology.  Following a brief overview of DM and DM CubeSat technology, the two ISS flight experiments and other DM CubeSat-related developments will be discussed.
Gen Sasaki New Satellite Engineering Development Methodologies Using Model-Based Design
At Sandia, new satellite engineering development methodologies using Model-Based Design were evaluated for any improvements in development time, costs, reuse, modularity and quality.  This talk will introduce a case study, performed as part of this assessment, which implements an edge detection algorithm on a rapid prototyping device.
Doug Sheldon COTS Electronics Qualification using Simulation Tools
Interest in the qualification of COTS electronics continues to increase.  Historical specification based testing emphasizes defect identification while simplifying long term failure mechanisms.  Modern COTS electronics often present the opposite conditions to the qualifying agency, namely many parts are made on highly optimized fabrication lines with very low levels of defects but processes that are optimized to true commercial conditions.  This means testing to identify defects are of less value than testing that is focused on long term failure mechanisms.  Understanding long term failure mechanisms requires a complete understand of the complex interactions that occur in the highly engineered devices that make up modern COTS electronics.  Simulation tools have progressed to high enough levels of maturity to now be a useful contributor to the overall qualification process.  This talk will review the physics of failure and analysis concepts that simulations tools now offer, from device level models through circuit and PCB levels, all the way to the system level.  
Tony Sims Cobham Quad Core Processors (Feat. GR740)
Next generation satellites and computing platforms require enhanced processing power at all levels of operation. Applications requiring a processor to multi-task while performing with the lowest possible power consumption, smallest footprint, and highest application versatility will continue to be the backbone of the system. Cobham (formerly Aeroflex) is committed to address the requirements of the "Next Generation" platform by offering multi-core products with a wide variety of interfaces on a single chip. Our multi-core processor is not burdened by the requirements of ITAR. Over the years, Cobham Semiconductor Solutions developed a large portfolio of proven Intellectual Property that provides the versatility seen on all LEON based products available to the aerospace market. The GR740 microprocessor is one of those products. The GR740 is a LEON4 based Quad-core processor developed on the ST Microelectronics Rad Hard 65 nm CMOS technology platform for space applications. The processor provides the performance necessary to handle all command and control responsibilities while providing the ability to secure access between interfaces or memory address space. Cobham also provides hardware designs and Intellectual Property cores that enable customers to rapidly develop custom system-on-chip designs. The presentation will provide results on implementation for FPGA designs such as the Microsemi RTG4 devices.
Katie Stack
Science Highlights from the Mars Curiosity Rover Mission
Katie am a research scientist at the Jet Propulsion Laboratory in Pasadena, CA and a member of the MSL Curiosity rover team. My research interests include the study of sedimentology and stratigraphy on Mars using an integrated analysis of data from in situ rover missions and orbital imagers.
Eric Swenson TITLE:  "Designing, Building, and Testing CubeSat C&DH Hardware and Software"
DESCRIPTION:  CubeSat C&DH processors range from simple ultra-low power microcontrollers to extremely capable higher-power microprocessors.  We will look over the range of C&DH processor hardware options and discuss the key factors that drive selection such as ease of development and processor capabilities.  Next, we will discuss critical hardware interface options between the C&DH card and other bus components.  Finally, development and testing of C&DH software will be presented along with discussions on the challenges of implementation on real time operating systems. 
Ian Troxel and Bob Campanini Survey of Technology for Fiber Optic Interconnects for Space
To overcome the impending “speed wall” inherent in high-speed electrical interconnects, a few programs are underway to complete the early-stage work in support of the migration to optical-fiber-based options.  A specific study has recently been completed to identify viable component options and outline next-steps needed to move to qualified solutions.  This presentation provides comments upon the study’s results and recommendations as well as the latest environmental qualification tests that have been completed.
John Paul Walters Opportunities for Software-Based Fault Tolerance in Space Systems
As the next generation of space systems continue to add additional cores and heterogeneity, opportunities arise for leveraging these resources to detect and mitigate failures.  I will describe ISI’s effort in developing a radiation-hardened by software solution for different classes of space processors, including Maestro and the NASA Spacecube
Hans P. Zima The FailSafe Assertion Language
The  FailSafe Assertion Language provides a set of constructs that can be embedded in a host language program for the purpose of checking the state of computations during runtime, expressing tolerance for certain kinds of program errors, and specifying relationships that can be used for dynamic program optimization. In contrast to approaches such as the Java Assertion Language the FailSafe Assertion Language  is defined independently of a particular host language. Constructs of the language fall into four major categories: (1) assertions, (2) tolerance directives, (3) pragmas, and (4) error control features.
Assertions provide a means to express the knowledge that a propositional logic predicate over data should be satisfied at certain points during program execution. Predicates are classified as either status predicates or invariants. Status predicates define a precondition or postcondition for individual program statements, whereas invariants must be satisfied throughout extended regions. A major purpose of assertions is their support for the hard correctness of  algorithms.  Tolerance directives instruct the system to ignore occurrences of certain classes of errors during program execution. Pragmas can provide information about key relationships between energy consumption, performance, and reliability that can guide the system in optimizing an objective function at runtime, depending on the environment in which a program executes.  Finally, error control features provide tools for error recovery via the association of error-handling routines with AL constructs and source program components.

Date of this document: May 29, 2015