Designing Robust GALS Circuits with Triple Modular Redundancy

In this paper we describe a new method for building fault-tolerant globally asynchronous locally synchronous (GALS) systems based on triple modular redundancy. In order to avoid a single point of failure, we present a redundant clocking scheme for providing independent clock signals to the triplicated GALS modules. Independent clocking, however, requires the use of an alternative recovery mechanism, which performs voting only at certain safe synchronization points. An implementation of an asynchronous state machine controlling this recovery process is given and thoroughly evaluated concerning its robustness against soft-errors. With the help of model checking the fault-resilience of the proposed circuit is formally verified. A case study, including a description for the design automation of GALS-based TMR systems, shows the viability of the new architecture. The resulting solution offers low area overheads and a competitive performance compared to standard TMR approaches.