Once an ESD Event Occurs, Limit Discernable Effects

Despite all efforts to the contrary, an ESD event may still occur. If it produces physical damage, little can be done in most cases except replacement of the affected component or the entire node. One of the few exceptions to this is the use of memory error detection and correction techniques, which can help identify and avoid permanently damaged memory elements; however, few other portions of a wireless sensor network node contain redundancy comparable to that found in a memory. So, generally, a node cannot automatically recover from a hardware failure.

The same is not true, though, for system upsets. The effects of a nondestructive ESD event are greatly affected by system firmware and software.^[37] The analogy is to the engineering definitions of stress and strain: stress is the disturbing force; strain is the response of the system to the applied stress. In the case of ESD-resistant firmware and software design, stress is often the corruption of a register by an ESD event, and strain is how the system firmware and software respond to the incorrect register value. ESD-resistant firmware can reduce the consequences of ESD events, should they occur.

The design of ESD-resistant firmware and software is often done at increased cost, both in development time and in size of the implemented code. The code size is a particularly sensitive point, due to the large effect memory costs have on total network node cost. This cost must be balanced with the "mission-critical" nature of the wireless sensor network application (i.e., the effect losing a network node or having it perform an improper operation due to an ESD event will have on the overall application) and the cost of additional hardware efforts to reduce the rate of ESD events. Often it is less expensive to reduce or eliminate the effect of an ESD event than it is to eliminate the ESD event itself.

Register corruption can affect all parts of microcontroller operation. Corruption of data registers is an obvious problem. In addition, because the Program Counter is an internal register, it can be corrupted by an ESD event, leading to incorrect program flow. Finally, interrupt masks and other status information are also stored in internal registers; corruption of these can lead to improper behavior.

One of the basic tenets of ESD-resistant programming is to not trust the existing state of the microcontroller. Bits set or cleared at some time in the past may have become corrupted due to an ESD event. To protect against this possibility, the desired values should be restored immediately prior to their use, regardless of their present state. This minimizes the time during which the system is vulnerable to upset. Other techniques are specific to the type of information stored:

Data integrity checks. When possible, the data coming in from external sources should be checked for its integrity. Digital data should employ an error-correcting code (ECC), such as a Reed-Solomon or other block code, added at the source and checked upon receipt to detect and correct data corruption during the transmission process (regardless of the transmission medium, i.e., whether the data was received via a connected cable or via the RF link). Such a method can even correct corruption due to an ESD event occurring at another network node. If the implementation of an error-correcting code is not possible, at a minimum, a parity bit or cyclic redundancy check (CRC) block should be checked. Data produced by an analog-to-digital converter should have simple checks performed for "reasonableness." For example, if the process is known to be slowly varying, like the room temperature of a house, the last value of the data sequence (in degrees Celsius) of 29, 29, 30, −1 (in hex, 1D, 1D, 1E, FF) should be viewed with suspicion — especially if the samples are taken once per second. Incoming data that cannot be corrected by the ECC employed, or fails the CRC or other incoming integrity check, should not be used, of course; depending upon the application, it may be simply ignored, a default value used in its place, or a retransmission request may be made. The integrity of stored data should be rechecked immediately prior to its use, to avoid the use of data corrupted during storage. Critical data should be stored in multiple places in RAM; at least two copies should be compared and found identical, prior to use of the data.

Program flow checks. These checks confirm that the program flow is correct, and that the program has not improperly entered some area of memory, due perhaps to corruption of the program counter. The first line of defense here is the watchdog timer, which resets the microcontroller should it not receive regular setting from the running program. The second line of defense is checks within the running code itself. Progression through the program can be monitored by the use of flags set when a segment of code is entered, then checked against the set value when the segment is exited. If, upon exiting, the flag is not set, it indicates that that segment of code was entered improperly.

Status information checks. Modern microcontrollers have several registers dedicated for specific purposes. One example cited at the beginning of this chapter was the register that stored the increment rate of the microcontroller's real time clock. As in this example, when these registers get corrupted, unexpected software events (USEs) can occur. These registers should have their values regularly refreshed as part of the program's regular housekeeping subroutine, especially those values, such as the RTC increment rate, that are adjustable by design of the microcontroller, but fixed for any particular application.

Boxleitner^[38] has an excellent discussion on principles useful in ESD-resistant programming.

^[21]Warren Boxleitner, Electrostatic Discharge and Electronic Equipment: A Practical Guide for Designing to Prevent ESD Problems. New York: IEEE Press. 1989.

^[22]M. Mardiguian, ESD hardening of plastic housed equipment, EMC Test & Design, July/August 1994, pp. 21–24.

^[23]Boxleitner, Electrostatic Discharge and Electronic Equipment.

^[24]Ajith Amerasekera et al., Modeling MOS snapback and parasitic bipolar action for circuit-level ESD and high current simulation, Proc. 34th Annu. IEEE Intl. Reliability Physics Symp., 1996, pp. 318–326.

^[25]Ajith Amerasekera, Addressing ESD for microprocessors and ASICS in 21st-century technologies, Symp. on VLSI Circuits Dig. of Technical Papers, 2000, pp. 84–87.

^[26]Amerasekera and Duvvury, ESD in Silicon Integrated Circuits.

^[27]Charvaka Duvvury and Ajith Amerasekera, ESD: a pervasive reliability concern for IC technologies, Proc. IEEE, v. 81, n. 5, May 1993, pp. 690–702.

^[28]Charvaka Duvvury, ESD protection device issues for IC designs, Proc. IEEE Custom Integrated Circuits Conf., 2001, pp. 41–48.

^[29]Charvaka Duvvury and Ajith Amerasekera, Advanced CMOS protection device trigger mechanisms during CDM, IEEE Trans. Components, Packaging, and Manufacturing Technology — Part C, v. 19, n. 3, July 1996, pp. 169–177.

^[30]William D. Mack and Robert G. Meyer, Protecting BiCMOS circuits, EMC Test Design, July/August 1992, pp. 26–31.

^[31]Amerasekera and Duvvury, ESD in Silicon Integrated Circuits. Chapter 9.

^[32]Ke Gong et al., A study of parasitic effects of ESD protection on RF ICs, IEEE Trans. Microwave Theory and Techniques, v. 50, n. 1, January 2002, pp. 393–402.

^[33]Frederic Stubbe et al., A CMOS RF-receiver front-end for 1 GHz applications, Symp. VLSI Circuits Dig. of Technical Papers, 1998, pp. 80–83.

^[34]P. Leroux and M. Steyaert, High-performance 5.2 GHz LNA with on-chip inductor to provide ESD protection, Electronics Lett., v. 37, n. 7, 29 March 2001, pp. 467–469.

^[35]Paul Leroux, Johan Janssens, and Michiel Steyaert, A 0.8-dB NF ESD-protected 9-mW CMOS LNA operating at 1.23 GHz [for GPS receiver], IEEE J. Solid-State Circuits, v. 37, n. 6, June 2002, pp. 760–765.

^[36]Ming-Dou Ker et al., ESD protection design for 900-MHz RF receiver with 8-kV HBM ESD robustness, Proc. IEEE Radio Frequency Integrated Circuits Symp., 2002, pp. 427–430.

^[37]Boxleitner, Electrostatic Discharge and Electronic Equipment.

^[38]Ibid.

Once an ESD Event Occurs, Limit Discernable Effects

Once an ESD Event Occurs, Limit Discernable Effects

admin