nd for high-reliability and high-availability electronic systems has expanded beyond the realms of traditional military, aerospace and outer space applications. Today, as intelligence and functionality increase in applications like communications infrastructure, industrial, medical and transportation, high reliability operation and high availability components are required as much on terra firma as in space.
Shrinking critical dimensions are making electronic components more vulnerable to single-event upsets, a phenomenon that was formerly restricted to space electronics. Whereas a radiation-induced error might result in a satellite failing to broadcast, a single-event upset could lead to a telecom router shutting down or a car’s power system locking up.
At the same time, these terrestrial applications are typically subject to tighter cost and design time restraints than their military, aerospace or space-going counterparts and are made in orders of magnitude greater volume. Which is why certain consumer technologies — namely memory — have had to get increasingly ‘space-ready’.
“Embedded Flash and embedded nonvolatile memories make high performance and high reliability applications in automotive and other high-rel markets possible,” states Web-Feet Research in a report that predicts high growth for embedded Flash MCUs. With its low power requirements and some security features, embedded Flash has many qualities to recommend it and in recent years, manufacturers have made great strides in addressing weaknesses of the past, namely reliability and high cost. One of these is STMicrosystems, who together with Freescale, developed the world’s first MCU certified to the ISO 26262 Functional Safety Standard, which incorporates embedded Flash.
Most recently, ST has implemented 55nm eFlash technology into MCUs destined for automotive applications such as engine management and transmission, car body controllers and safety/ADAS. Martin Duncan, ST’s Marketing Manager, Microcontrollers for Automotive explains how high reliability requirements have impacted ST’s eFlash developments. “In the last 5 years, high reliability has become of big significance to us. The standard we qualify to remains AEC-Q100, but it’s not nearly enough to address high reliability needs. We are governed by functional safety requirements, which broadly means the absence of unreasonable risk caused by malfunctioning of the circuit. But the nature of risk has changed from being fault tolerant to fail-safe. Whereas in the past, high reliability was about making ‘the perfect device’, now it’s about making them as good as you can and being tolerant to failure i.e implementing strategies to avoid both systematic and random failures during the operation of the device.”
If the nature of risk has changed, have the causes multiplied? Not necessarily, says Duncan: “In the past, failures were usually hard; i.e. something breaks. But soft failures are many times more probable.” Soft errors first became known in the 1970s with the introduction of dynamic RAM. Alpha particle emission caused by radioactive contaminants in chip packaging led to lost data bits. Package contaminants are now under control but other sources have since been proved to be at work. These include cosmic rays that shower energetic neutrons which can cause soft errors in circuits, especially at altitude. Latterly, the move to smaller technology nodes has made single event upsets more frequent. Hence, the industry’s quasi acceptance of failure and focus on strategies to live with it.
For ST’s high reliability MCUs, this means making them radiation hardened, including the RAM and the Flash. Duncan recounts: “In the memory, we use error correction code and an error detection circuit for the error correction! In essence, this means that the original data is compared with the data that has been corrected, which is then decoded and re-encoded so that one step later, all three data sources can be compared to make sure we have the same result.”
ST also implements an end-to-end correction scheme and in the device itself there are lots of replicated parts. Notes Duncan: “For critical paths, flip-flops are triplicated with binary two-out-of-three voting at each flip-flop. We also run checkers of the whole circuitry during runtime and have onboard voltage detectors, clock detectors and fault correction unit. If that wasn’t enough, we have to respect the ISO 26262 rules that entails a whole procedure for how to develop a device, requiring external certification to ensure that all the functional safety concepts have been addressed in accordance with the standard.”
Automotive applications require a highly reliable non-volatile memory for firmware storage on MCUs and until now, it’s been multi time programmable (MTP) memories that offer the most flexibility and ease of use. Historically provided by EEPROMs, Flash has now replaced EEPROM for this function, but it still remains costly with embedded Flash adding as much as 50% more cost to a standard logic CMOS MCU. Flash is also susceptible to tampering or reverse engineering to access the stored data or security codes. An alternative technology, for applications that do not require much re-programmability, is one-time programmable (OTP) anti-fuse NVM.
Mike Compeau, director of Sales & Marketing at Novocell Semiconductor, a supplier of OTP anti-fuse NVM, explains the difference between anti-fuse and Flash: “Flash relies on a floating gate to trap electrons that represent data. Anti-fuse is far simpler, using the gate oxide of a MOS transistor as the storage media. A ‘1’ is stored when a high voltage is applied and the ‘fuse’ is created. Once the high voltage of programming causes the ‘hard breakdown’ of the oxide layer we have created a solid pathway of molecules through this oxide, and it really won’t go away because it’s not a trapped charge. Effectively, changes of temperatures and time within typical operating ranges won’t have any effect on it.”
Novocell’s Smartbit anti-fuse NVM technology boasts higher reliability than EEPROM, Flash or competitive anti-fuse technology. Compeau explains: “Our patents allow us to perform ‘dynamic programming’, a method that senses when irreversible oxide hard breakdown has been completed and triggers a ‘done’ signal when the data has been fully programmed. Other anti-fuse technologies employ a time study where they apply the high voltage for a set amount of time and then test it to quantify what ratio of bits, on a normal curve, have been programmed. The advantage of our Smartbit technique is that we are much more amenable to variations in oxide thickness across the wafer, and to accommodating other variables in the manufacturing process.”
As anti-fuse uses a standard CMOS transistor device, there are no extra masks needed to create it, unlike Flash or EEPROM. Meanwhile, alterations to the transistor are invisible to conventional methods used to determine the stored contents illicitly. Compeau notes another advantage: “One of the reasons why we are seeing increased interest in our products in more ‘down to earth’ applications such as medical implantables is that we aren’t having to use error correction circuitry or redundant bits within the design, which inflates the size of the chip. Instead, if you need 256 bits, we place 256 bits and that’s all that’s necessary. This is entirely due to our hard breakdown detector circuitry which can actively monitor when breakdown has been completed.”
So what is the trade-off with OTP anti-fuse? Walt Novosel, Novocell’s President and CEO says: “The programming is dynamic so it could take 5 or 50μs, but the upside of that is no need for any post test.” Explaining Novocell’s focus on trimming, code storage, reprogramability and configuration applications, he adds: “For larger size devices — 4 to 8Mbyte for example — where we are competing more with floating gates, chip area may be a trade-off too.” Notably, anti-fuse OTP is proving a popular solution for analogue calibration and trimming of the analogue/mixed signal circuits populating the large number of sensors found in automotive electronics.
Driven partly by the sheer number of electronic subsystems in everything from cars to medical equipment, as well as the growing risk of single-event upsets, the concept of high reliability will only become stricter. This being the case, it will take an ever-widening array of memory technologies to cater to the inevitable compromises that will need to be made. After all, an aircraft can be made extremely redundant, but an airbag has much greater cost and size restraints. The solution may be a mix and match of memories — space-ready and standard — and reliability techniques, from both a system and on-chip perspective.