Dür, W., Függer, M., & Steininger, A. (2021). Generation of a fault-tolerant clock through redundant crystal oscillators. Microelectronics Reliability, 120, 1–11. https://doi.org/10.1016/j.microrel.2021.114088
E191-02 - Forschungsbereich Embedded Computing Systems
-
Journal:
Microelectronics Reliability
-
ISSN:
0026-2714
-
Date (published):
May-2021
-
Number of Pages:
11
-
Publisher:
PERGAMON-ELSEVIER SCIENCE LTD
-
Peer reviewed:
Yes
-
Keywords:
fault tolerance; fault tolerant clocking; formal proof; single point of failure
en
Abstract:
Having a precise and stable clock that is still fault tolerant is a fundamental prerequisite in safety critical real-time systems. However, combining redundant independent clock sources to form a unified fault-tolerant clock supply is non-trivial, especially when redundant clock outputs are required – e.g., for supplying the replicated nodes within a TMR architecture through a clock network that does not suffer from a single point of failure. Having these outputs fail independent but still keeping them tightly synchronized is highly desirable, as it substantially eases the design of the overall architecture. In this paper we address exactly this challenge. Our approach extends an existing, ring-oscillator like distributed clock generation scheme by augmenting each of its constituent nodes with a stable clock reference. We introduce the appropriately modified algorithm and illustrate its operation by simulation experiments. These experiments further demonstrate that the four clock outputs of our circuit do not share a single point of failure, have small and bounded skew, remain stabilized to one crystal source during normal operation, do not propagate glitches from one failed clock to a correct one, and only exhibit slightly extended clock cycles during a short stabilization period after a component failure. In addition we give a rigorous formal proof for the correctness of the algorithm on an abstraction level that is close to the implementation.