Process management for avionics - Atmospheric radiation effects - Part 7: Management of single event effects (SEE) analysis process in avionics design

IEC TR 62396-7:2017 is a technical report which describes a process to account for the effects of atmospheric radiation on electronic equipment. Single event effects (SEE) due to atmospheric radiation are one class of possible failure mechanisms that are addressed in the safety and reliability analyses of electronic equipment and associated functions. This document focuses on electronic components, electronic equipment and associated electronic functions. System level analysis is not addressed in this document. This document is intended to describe an approach to accounting for SEE in electronic equipment design, design review, and it can provide aid in the aerospace certification process.

General Information

Status
Published
Publication Date
11-Jul-2017
Current Stage
PPUB - Publication issued
Start Date
12-Jul-2017
Completion Date
12-Jul-2017
Ref Project

Buy Standard

Technical report
IEC TR 62396-7:2017 - Process management for avionics - Atmospheric radiation effects - Part 7: Management of single event effects (SEE) analysis process in avionics design
English language
18 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

IEC TR 62396-7
Edition 1.0 2017-07
TECHNICAL
REPORT
Process management for avionics – Atmospheric radiation effects –
Part 7: Management of single event effects (SEE) analysis process in avionics
design
IEC TR 62396-7:2017-07(en)
---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2017 IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form

or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from

either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC

copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or

your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC

The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes

International Standards for all electrical, electronic and related technologies.
About IEC publications

The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the

latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org

The stand-alone application for consulting the entire The world's leading online dictionary of electronic and

bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in

Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional

documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical

iPad. Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary

The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and

variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of

committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been

and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc

details all new publications released. Available online and If you wish to give us your feedback on this publication or

also once a month by email. need further assistance, please contact the Customer Service

Centre: csc@iec.ch.
---------------------- Page: 2 ----------------------
IEC TR 62396-7
Edition 1.0 2017-07
TECHNICAL
REPORT
Process management for avionics – Atmospheric radiation effects –
Part 7: Management of single event effects (SEE) analysis process in avionics
design
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 03.100.50; 31.020; 49.060 ISBN 978-2-8322-4456-2

Warning! Make sure that you obtained this publication from an authorized distributor.

® Registered trademark of the International Electrotechnical Commission
---------------------- Page: 3 ----------------------
– 2 – IEC TR 62396-7:2017 © IEC 2017
CONTENTS

FOREWORD ........................................................................................................................... 3

1 Scope .............................................................................................................................. 5

2 Normative references ...................................................................................................... 5

3 Terms, definitions and abbreviated terms ........................................................................ 6

3.1 Terms and definitions .............................................................................................. 6

3.2 Abbreviated terms ................................................................................................... 6

4 Radiation analysis process .............................................................................................. 7

4.1 General ................................................................................................................... 7

4.2 Determine inputs to SEE analysis ........................................................................... 8

4.3 Assess electronic component SEE sensitivity .......................................................... 9

4.4 Identify and account for mitigations and electronic equipment effects ................... 10

4.5 Calculate SEE rates and analyse risk .................................................................... 11

4.6 Perform radiation tests .......................................................................................... 12

4.7 Design change ...................................................................................................... 12

4.8 Radiation report .................................................................................................... 13

4.9 SEE impact analysis ............................................................................................. 13

4.10 On-going component management ........................................................................ 14

Annex A (informative) Detailed radiation analysis process ................................................... 15

Annex B (informative) Radiation effects evaluation table of electronic component ................ 16

Bibliography .......................................................................................................................... 18

Figure 1 – Radiation analysis process overview ...................................................................... 8

Figure A.1 – Detailed radiation analysis process flowchart .................................................... 15

Table B.1 – Template for radiation effects evaluation table of electronic component ............. 17

---------------------- Page: 4 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 3 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
PROCESS MANAGEMENT FOR AVIONICS –
ATMOSPHERIC RADIATION EFFECTS –
Part 7: Management of single event effects (SEE)
analysis process in avionics design
FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote

international co-operation on all questions concerning standardization in the electrical and electronic fields. To

this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,

Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC

Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested

in the subject dealt with may participate in this preparatory work. International, governmental and non-

governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely

with the International Organization for Standardization (ISO) in accordance with conditions determined by

agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence

between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in

the latter.

5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any

services carried out by independent certification bodies.

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

indispensable for the correct application of this publication.

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of

patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

The main task of IEC technical committees is to prepare International Standards. However, a

technical committee may propose the publication of a technical report when it has collected

data of a different kind from that which is normally published as an International Standard, for

example "state of the art".

IEC TR 62396-7, which is a technical report, has been prepared by IEC technical committee

107: Process management for avionics.
---------------------- Page: 5 ----------------------
– 4 – IEC TR 62396-7:2017 © IEC 2017
The text of this technical report is based on the following documents:
Enquiry draft Report on voting
107/300/DTR 107/304/RVDTR

Full information on the voting for the approval of this technical report can be found in the

report on voting indicated in the above table.

This document has been drafted in accordance with the ISO/IEC Directives, Part 2.

A list of all the parts in the IEC 62396 series, published under the general title Process

management for avionics – Atmospheric radiation effects, can be found on the IEC website.

The committee has decided that the contents of this document will remain unchanged until the

stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to

the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates

that it contains colours which are considered to be useful for the correct

understanding of its contents. Users should therefore print this document using a

colour printer.
---------------------- Page: 6 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 5 –
PROCESS MANAGEMENT FOR AVIONICS –
ATMOSPHERIC RADIATION EFFECTS –
Part 7: Management of single event effects (SEE)
analysis process in avionics design
1 Scope

This part of IEC 62396, which is a technical report, describes a process to account for the

effects of atmospheric radiation on electronic equipment. Single event effects (SEE) due to

atmospheric radiation are one class of possible failure mechanisms that are addressed in the

safety and reliability analyses of electronic equipment and associated functions.

This document focuses on electronic components, electronic equipment and associated

electronic functions. System level analysis is not addressed in this document.

This document is intended to describe an approach to accounting for SEE in electronic

equipment design, design review, and it can provide aid in the aerospace certification

process. This document establishes an example process for assessing electronic components

in the atmospheric radiation environment, evaluating for mitigations/protections/utilizations,

and addressing the electronic equipment impacts of the SEE. The process is intended to

support an SEE analysis for electronic equipment.

It does not describe, in detail, methods used to mitigate the effects of SEE in the electronic

equipment design.
NOTE 1 IEC 62396-3 provides further details for this process.
NOTE 2 IEC 62396-2 provides further details for SEE testing.

This document, by itself, is not a program requirements document, i.e. it does not contain the

word “shall.” However it describes a process that can be used, for example, at the discretion

and agreement of the users, to aid in the preparation and the maintenance of an electronic

components management plan (see [1] and [7]). The output of the process described in this

document provides data as an input into the product safety and reliability analyses.

Although developed for the avionics industry, this document can be used by other industrial

sectors at their discretion.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their

content constitutes requirements of this document. For dated references, only the edition

cited applies. For undated references, the latest edition of the referenced document (including

any amendments) applies.

IEC 62396-1:2016, Process management for avionics – Atmospheric radiation effects –

Part 1: Accommodation of atmospheric radiation effects via single event effects within

avionics electronic equipment
_____________
Numbers in square brackets refer to the Bibliography.
---------------------- Page: 7 ----------------------
– 6 – IEC TR 62396-7:2017 © IEC 2017
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions

For the purposes of this document, the terms and definitions given in IEC 62396-1 apply.

ISO and IEC maintain terminological databases for use in standardization at the following

addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp

NOTE For the purposes of the document, the term “device” can be used in place of “electronic component”.

3.2 Abbreviated terms
BIT built-in test
BoM bill of material
COTS commercial off the shelf
CRC cyclic redundancy check
E Energy
ECC error correction code
EDAC error detection and correction
FoM figure of merit
FPGA field-programmable gate array
IEEE Institute of Electrical and Electronics Engineers
I/O input/output
JEDEC JEDEC Solid State Technology Association
JESD JEDEC standard

L1/L2 level 1 / level 2 (related to microprocessor cache memories, "level 1" cache

memory being usually built onto the microprocessor chip itself, “level 2” cache
memory being usually on a separate chip or expansion card)
MBU multiple bit upset (in the same word)
MCU multiple cell upset
MTBF mean time between failure
P/SSA preliminary/system safety assessment
RAM random access memory
SDRAM synchronous dynamic random access memory
SEB single event burnout
SEE single event effect
SEFI single event functional interrupt
SEL single event latch-up
SET single event transient
SEU single event upset
SSA system safety assessment
TLB translation lookaside buffer
µP microprocessor
---------------------- Page: 8 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 7 –
4 Radiation analysis process
4.1 General

Electronic components and integrated circuits have become increasingly susceptible to

atmospheric radiation causing SEE. These phenomena are the result of interaction of high

energy cosmic rays with silicon-based components. The resulting single event effects may

cause various conditions; such as data corruption. Additional types of undesirable effects may

include:
• damage to hardware;
• corrupted software residing in volatile memory;
• corrupted data in memory;
• microprocessor halts and interrupts;
• writing over critical data tables;
• unplanned events.

The industry trend is for continued decreases in electronic component feature size and

operating voltages, while the number of gates on a given device continues to increase, which

entails focusing attention on the radiation effects. As this trend continues to deep sub-micron

feature sizes, electronic component designs are achieving higher densities and lower

voltages, resulting in smaller active charge regions. In general, for decreasing feature size of

silicon based cells, the expected critical charge decreases and the sensitivity to radiation may

increase.

The radiation effects analysis example process described in this document assesses the

radiation effects susceptibility of the electronic components and the effects at the electronic

equipment level. This includes radiation effects assessment of the electronic components,

mitigation analysis, and test of electronic components and electronic equipment if needed.

This information may be utilized as input to a safety and reliability assessment of the

electronic equipment.

An overview of the radiation analysis process is provided as example. The remainder of the

document provides one way to perform a radiation analysis with 4.2 to 4.10 providing further

details based on the radiation process shown in Figure 1.
---------------------- Page: 9 ----------------------
– 8 – IEC TR 62396-7:2017 © IEC 2017
START
Determine inputs to SEE
analysis
• Operational mission
• Neutron flux
• Bill of material
• Equipment architecture and
design (4.2)
Assess electronic Identify and account for
component SEE mitigations and
sensitivity equipment effects
(4.3) (4.4)
Perform radiation
Calculate SEE rates
tests
(4.5)
(4.6)
Test
Radiation report
(4.8)
Testing
Design change
No Yes
Change design
or design
Acceptable risk?
(4.7)
change?
(4.5)
(4.5)
SEE impact
analysis
(4.9)
END
IEC
Figure 1 – Radiation analysis process overview

The process starts with the operational mission and data definition (e.g. atmospheric radiation

environment, BoM…), and ends with a summary of the SEE effects data to be utilized as input

for safety and reliability assessments. An atmospheric radiation analysis plan may be included

in the planning for a new program. This analysis may be appropriate for new electronic

equipment development, electronic equipment upgrades, and electronic component
replacement programs.

Annex A provides, for information, a detailed radiation analysis process flowchart. This

diagram expands on the steps defined in Figure 1. Additional detailed descriptions of the

electronic component assessment, evaluation, electronic equipment impact analysis, and on-

going electronic component management steps are provided,
4.2 Determine inputs to SEE analysis

Inputs to the SEE analysis may include various electronic equipment and operational mission

definition, and detailed electronic equipment design information.

The atmospheric radiation definition may include the environment in which the electronic

equipment operates and the flux densities under consideration based on operational missions.

In the absence of such definition, the default levels of IEC 62396-1 are recommended.

The equipment design information may include the electronic equipment bill of materials

(BoM), schematics and electronic equipment design material. In addition, existing and

available SEE rates for known susceptible electronic components may be included.
---------------------- Page: 10 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 9 –
4.3 Assess electronic component SEE sensitivity

Each electronic component on the electronic equipment BoM is assessed for its susceptibility

to SEE, and classified according to its susceptibility to the various relevant SEE types (for

example SEB, SEL, MCU, MBU, SEU, SEFI…; for more details see IEC 62396-1).

For all sensitive electronic components, cross-section data is obtained if possible. If no data

is available, conservative estimates may be utilized for this initial step. Table B.1 provides a

template for recording the components typically considered sensitive and which may result in

a SEE analysis. Notes may be added to the table to indicate the source of the cross-section

rates. This table may be used throughout the SEE analysis process, starting with the

electronic component assessment, evaluation of mitigations/protections and SEE impact

analysis.
Electronic components assessment process steps may include:

a) Classification of each electronic component as being either SEE-sensitive (identifying all

applicable SEE types) or not SEE-sensitive.

b) For the sensitive electronic components, the column “Component SEE sensitivities” of

Table B.1 is populated. Sources of data may include:

1) test data (from a source such as high energy neutron beam; see list of facilities

provided in IEC 62396-1 for example);
2) industry data;
3) in-service flight data;

4) figure of merit (FoM) calculations based on test data from other sources (proton and

heavy ion);
5) conservative estimates.

For more details related to these sources of data, one can refer to IEC 62396-1:2016,

Annex G, and IEC 62396-2.

c) For each sensitive electronic component, describe the SEE sensitivity and provide all the

SEE cross-section data for each applicable SEE type for the electronic component. Details

on calculating the SEE rates in avionics are provided in IEC 62396-1.

The cross-section data, such as test data, vendor data or in-service data may be recorded

into the template proposed in Table B.1, column “SEE cross-section data (cm /bit)” or column

“SEE cross-section data (cm /device)”.

The SEE response of an electronic component is characterized as the SEE cross-section of

2 2

that component. The SEE cross-section unit is cm /device or cm /bit. This cross-section,

which is obtained through test, is the number of radiation events divided by the fluence of

particles (particle/cm , particle flux integrated over the exposure time) to which the electronic

component was exposed.

The SEE rate is calculated by multiplying the SEE cross-section and the integrated neutron

2 2

flux rate. Generally, 6 000 neutron/cm h (E > 10 MeV) and 9 300 neutron/cm h (E > 1 MeV)

are used for these calculations. The 1 MeV rate and greater is utilized for electronic

components with feature sizes less than 150 nm.

This flux value represents the nominal high energy neutrons at 40 000 ft and 45° latitude, and

is a recognized industry standard value. Details on calculating SEE rates in avionics are

provided in IEC 62396-1. Thermal energy neutron background information is provided in

IEC 62396-5.

The cross-sectional area is a figure of merit that establishes how sensitive the electronic

component is to the effects of atmospheric radiation. The different types of effects, such as

SEU, SEL or SEFI, have independent cross-sections. SEFI rates are often defined on a per-

---------------------- Page: 11 ----------------------
– 10 – IEC TR 62396-7:2017 © IEC 2017

device basis as the total number of registers in the electronic component; usually they are not

shared by the original electronic component manufacturer.

To establish a normalized standardized flux for avionics calculations, refer to IEC 62396-1 for

guidance about when different flux rates should be used (consideration of different altitudes

and latitudes, etc.). This is the standard number for quantitative calculations. Actual flux

varies according to altitude, latitude, and solar activity. For example, one electronic

component SEE rate can be approximated as follows (if its feature size is more than 150nm):

SEE rate per electronic component = Bit upset per electronic component hour =
6 000 neutron/cm /h x electronic component cross-section for E > 10 MeV.
A more accurate calculation integrates the flux and the cross-section curves.
4.4 Identify and account for mitigations and electronic equipment effects

Using the results for 4.3, the impact of SEE on the electronic equipment functionality may be

determined, taking into account the electronic component cross-sections, electronic

equipment design and implemented mitigations, protections and utilizations

This evaluation includes information related to the SEE rates of the electronic components

which have been deemed both susceptible and critical. The radiation evaluation provides an

assessment of the impacts of mitigations/protections/utilizations on SEE rates. Early in the

development program, electronic components selection and architectural decision are not

final. Therefore, the evaluation process may be started during this timeframe and may provide

aid in the assessment of proposed electronic components. In the later phases of the

development program, this process may further quantify SEE rates.

SEE rates can be adjusted for the conditions used within the design. Examples may include

accounting for the number of bits/registers utilized, on-chip error mitigation and electronic

equipment level error mitigation. Mitigation options and techniques may include electronic

component-level technology solutions, hardened circuit designs, and fault-tolerant electronic

equipment architectures.
Examples of mitigations/protections, which can be accounted, include:
a) Device / bit utilizations:
– include only the bits utilized in the design;
– account for the total number of control registers in components such as FPGAs.
b) Timing aspects:
– active monitors;
– watchdog timer, bit-stream CRC check; periodic CRC check of an FPGA may not be

considered fully mitigation unless the CRC is fast enough to catch the SEE before a

failure condition can be realized.
c) Electronic component level mitigations:
– SEU tolerant finite state machine;
– triple modular redundancy;
– on-chip EDAC or ECC;

– scrubbing (error correction technique which uses a background task that periodically

inspects memory for errors).
d) Electronic equipment level mitigations:
– data scrubbing;
– voting;
– triple modular redundancy (made by hardware or software);
---------------------- Page: 12 ----------------------
IEC TR 62396-7:2017 © IEC 2017 – 11 –
– reasonableness testing;
– CRC;
– watchdog timers;
– controlled power cycling.
e) Protections:

– filters, exposure window, data range-checking, continuous monitoring and exception

handling;
– redundancy, watchdog supervisory logic, error correction, and partitioning.

Software techniques may be utilized to mitigate the effects of SEE induced errors. Examples

include replication of program execution, results checking, refreshing and monitoring

configuration, data range checking, input data filtering, program and constant refreshing, and

process partitioning.

If the mitigated electronic components, utilizing conservative cross-section estimates, meet

the electronic equipment safety and reliability objectives then the evaluation may be

considered complete. If the initial SEE rate does not meet objectives, and has included

conservative cross-section estimates for untested electronic components, testing of the high

risk electronic components, or a re-design, may be an option.

If a statistically significant amount of existing flight data is available for the electronic

components under analysis, then in-flight results may be another input into the radiation

evaluation. This method may need customer’s agreement in advance.
4.5 Calculate SEE rates and analyse risk

The final SEE rate calculations are completed for each susceptible electronic component. This

may take into account all applicable cross-sections rates and the adjusted rates taking into

account mitigations/protections/utilizations. The “Evaluation” columns in Table B.1 may be

used to complete these SEE rate assessments. All mitigations/protections/utilizations factors

may be noted, with associated justifications and the updated SEE rates.

Each electronic component is reviewed to determine if the SEE rate is acceptable. This is an

estimate and review of the electronic components rates in terms of overall safety and

reliability objectives for the electronic equipment is considered. The review may be made on a

single electronic component basis or cumulative electronic component basis. After the SEE

rates have been calculated using the available component cross-sections, device utilizations,

protections, and mitigations, it can be determined if the resulting SEE rate is acceptable. For

example, if the SEE rate is an order of magnitude less than the overall hardware failure rate

then it may be able to be considered negligible.

During this evaluation phase of the process it may not be possible to complete a final analysis

to verify that all objectives have been met, however there may be enough information to

determine if it is reasonable to proceed with the SEE analysis or
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.