NASA Office of Logic Design

NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.


The NASA ASIC Guide: Assuring ASICs for SPACE

Chapter Two: Quality and Reliability Analysis

Objective:

To provide the evaluating team with a framework for ensuring a vendor's quality and reliability assurance programs can satisfy project requirements.

High-reliability space ASIC programs have stringent and unique requirements that not all ASIC vendors can meet. Government qualification programs set requirements for quality and reliability that parts must meet. Government qualified vendors are therefore one major source of high-reliability parts.

This chapter discusses two areas, the general support of government qualification programs for ASIC quality, and the specific support of ASIC quality through proper design methodology. ASIC designers and their managers must have access to and utilize a design methodology that supports reliable design.

Government Qualification Programs

When evaluating a vendor for space ASICs, we recommend the team first look at whether the vendor qualifies under the QML or the QPL government programs. Among other things, these programs extensively analyze a vendor's quality and reliability. They also standardize the way a vendor gathers and presents data. This reduces the learning curve required to understand each new vendor's way of doing their technical business.

ASIC QUALIFICATION INFORMATION

Obtaining ASICs for high-reliability applications requires the vendor and designer to deliver much more evidence of the part's reliability than most commercial ASICs require. Obtaining ASICs for high-reliability applications, obliges users to go beyond simply trusting the vendor's reputation and data book. The users must deliver data to their sponsors showing that all parts they use in an application, both off-the-shelf and ASIC parts, have the required pedigree.

The documents describing QML and QPL, MIL-I-38535 and MIL-M-38510/605/606/607/608, respectively, give a detailed description of the kinds of data the vendors must make available to users and to the government. These documents, to some extent, also call out the format for this information. This makes the pedigree information available to those users required to deliver the ASIC. Vendors who are not government qualified may not be able to produce pedigree information in a timely, complete, accurate, or easily understood fashion. Nonetheless, we advocate evaluating high-volume commercial vendors if they can meet the requirements of your program. However, when the contract requirements include proven reliability information, you may find that commercial vendors charge more and take longer to deliver the reliability information and associated parts than they would for their standard product and generic data book reliability information. After factoring in the entire ASIC program life cycle costs, commercial vendors may end up costing more than government-qualified vendors.

Both the QPL and the QML ASIC certification/qualification programs require quite extensive reliability analysis before the government grants qualification status. The quality and reliability analysis confirms that a vendor and/or a device meets the relevant government standards.

"Based on Total Quality Management, QML helps ensure high quality and reliability as well as cost effective parts."

QML and QPL are high-level programs, described by MIL-I-38535 and MIL-M-38510, respectively. Both QML and QPL refer to a number of additional MIL-STD documents. For example, MIL-STD-883 lists the details of test and screening methods used to evaluate quality and reliability of microcircuits for both the QML and QPL programs. The following list shows documents used in describing government microcircuit quality programs:

For each device type requiring qualification there has to be:

BRIEF HISTORY OF GOVERNMENT QUALIFICATION PROGRAMS

The government originally created the QPL program to maintain the high quality and reliability of discrete parts. Though a lengthy process, once QPL qualified, the parts can be produced cost effectively and speedily, providing the design and the process does not change. When industry introduced ASICs, their low volume and application-specific nature led to modification in the standard QPL program.

To address the issues of ASICs, MIL-M-38510/605, 606, 607, and 608 defined a generic gate array qualification approach. The gate array program quality system and process requirements ensure the entire product family qualifies and consistently meets the same design rules and process controls. The government uses a Standard Evaluation Circuit (SEC) to evaluate, maintain, and control the process reliability for the product family. Performing life testing on the SEC generically qualifies the product family. This approach reduces cost and shortens qualification cycle time.

The alternative QML program, MIL-I-38535, introduces a new concept. A manufacturer performs a self audit based on Total Quality Management (TQM). This management approach calls for establishing a quality management (QM) plan, and forming a technology review board (TRB). The desired quality and reliability levels are maintained through tools, such as, statistical process control (SPC), process monitors, parameter monitors, technology characterization vehicles (TCVs), and SECs. MIL-I-38535 provides details about these tools.

Once the program is in place the government certifies a manufacturing process flow. This certification means that parts can be produced on that flow, with less cost and a much shorter qualification cycle time. Thus the government certifies a vendor's process flow rather than a vendor's product family. The desired goals of QML, as documented in MIL-I-38535, follow:

For more information about these programs, see the Government Qualification Programs Appendix in this guide, or the actual MIL documents.

EVALUATING TEAM ACTIVITY

Whether a vendor is government qualified or not, when determining a vendor's overall product quality and reliability capabilities, we suggest the evaluation team review the following areas against all of their present and future ASIC program requirements:

Quality Design Methodology

When evaluating a vendor for space ASICs, we recommend the team also look at the quality aspects of the vendor's design methodology. Conversely, if the ASIC design team will be following their own methodology, examine it for the proper quality and reliability support features.

In general, a quality design methodology has maturity and stability. This means both the tasks and the tools used to carry them out have produced many reliable designs and actual devices.

For system-level reliability considerations related to ASICs, see Appendix Seven: "Reliability."

DESIGN METHODOLOGY TASKS

A design methodology for producing a quality ASIC design must include tasks focused directly on reliability concerns. Quality and reliability design work is closely tied to "producibility" -- creating a design that can be economically built. Design analysis and design verification are the two major areas of ASIC design most closely related to producibility, design quality, and reliability. The evaluation team must evaluate the ASIC vendor's design methodology for proper support of these functions.

Design for Producibility
Modifying a design at the very end of the design cycle may introduce problems that occur too late to rectify, thus affecting quality and reliability. Therefore, a vendor evaluation team must make sure that the vendor's design methodology includes:

Design for Reliability
Even if a design can be produced, it may still contain structures that weaken over time due to various stresses, ultimately making an ASIC fail. Therefore, a vendor evaluation team must make sure that the vendor's design methodology includes:

TOOLS

Tools must offer all needed functions for reliable design validation and analysis. They must have a sufficient level of quality, meaning maturity. Chapter 5 of this section, "CAD Tool Analysis," provides in-depth tool information.

A tool set must be both of sufficient quality and complete. New tools always have the potential for introducing problems. Therefore, to reduce potential problems, make sure the tool set is complete and proven at the beginning of your ASIC program. Introducing a new tool into a tool set late in a design cycle often results in a lack of quality because the new tool presents problems when there is little time to resolve the problem.

Tool Set Completeness
All tools needed to support the design methodology must be available and show the required quality as described below. In determining the completeness of a tool set, the evaluation team must verify:
Tool Quality
The basic tools and interfaces used in a quality design methodology have been available for some time. Tool bug fixes have matured to the point where cosmetic fixes dominate. To evaluate basic tools and interfaces, the evaluation team should obtain the following:

Summary


Now you may jump to:


Home - NASA Office of Logic Design
Last Revised: February 03, 2010
Digital Engineering Institute
Web Grunt: Richard Katz
NACA Seal