# HARV - Hardened RISC-V System-on-Chip

Douglas A. Santos, Carolina Imianosky, and Luigi Dilillo IES, University of Montpellier, CNRS, Montpellier, France {douglas.santos, carolina.imianosky, luigi.dilillo}@umontpellier.fr

Abstract—The growing reliance on electronic systems in critical fields such as space exploration, avionics, and high-energy physics requires highly reliable processors capable of withstand harsh radiation environments. These environments pose various radiation-induced effects, including Total Ionizing Dose (TID) and Single-Event Effects (SEE), which can result in both temporary and permanent system failures. This paper introduces HARV-SoC (Hardened RISC-V System-on-Chip), a fault-tolerant processor built on the RISC-V architecture, specifically designed for dependable performance in radiation-prone environments. HARV-SoC employs hardware fault-tolerance mechanisms incorporating redundancy and error correction strategies to mitigate soft errors effectively. The design was validated through fault injection simulations and real-world irradiation tests with neutron, proton, and mixed-field radiation. The experimental results reveal significant improvements in the accuracy of execution and overall system reliability. Advanced fault observability mechanisms have also been integrated to provide system monitoring and facilitate comprehensive error characterization. HARV-SoC is being validated onboard the ROBUSTA-3A Cubesat mission, launched in June 2024.

Index Terms—RISC-V, Digital Systems, Fault Tolerance, Single-Event Effects

#### I. INTRODUCTION

Electronic systems in space missions, avionics, and nuclear environments operate under extreme radiation conditions, which pose significant reliability challenges. Radiation exposure can induce errors through Single-Event Upsets (SEUs), Single-Event Transients (SETs), and Single-Event Latch-ups (SELs), which degrade system functionality [1]. Ensuring system reliability in such conditions requires the adoption of faulttolerant architectures with real-time error detection, correction, and mitigation mechanisms [2]. One of the main technologies used for such applications are general-purpose processors, which provide flexibility and reasonable performance.

The RISC-V open-source instruction set architecture (ISA) has gained significant traction due to its flexibility and extensibility, making it a strong candidate for radiation-hardened applications. Several companies are currently presenting RISC-V implementations with built-in radiation tolerance and specialized fault-mitigation strategies. In this work, we present the HARV-SoC, which is a soft-core RISC-V-based Systemon-Chip (SoC) that incorporates fault-tolerant mechanisms in the micro-architecture level to improve its reliability in harsh environments [3]. The main focus in its design was to provide fault awareness and robustness against Single-Event Effects (SEEs) for the application, ensuring dependability even under severe operating conditions [4].

The remainder of this paper is structured as follows. Section II presents the HARV-SoC implementation, including the hardening techniques applied to improve reliability. Section III describes the application of observability capabilities to the processor design. Section IV describes the methodology used for validating the design. Section V presents the characterization results in irradiation experiments. Section VI shows the HARV experiment's validation in the Robusta-3A Méditerranée CubeSat. Section VII presents the conclusions and future work.

## II. HARV-SOC

HARV is a hardened RISC-V processor designed with specific fault-tolerance strategies. It is based on the base integer instruction set from RISC-V (RV32I), with an alternative for embedded (RV32E), comprising the minimum set of instructions for simple operating systems, and supports the modules for control and status registers (zicsr), compressed instructions (RV32C), and vector instructions. The processor employs a hardened register file with error correction, enabling singleerror correction and double-error detection (SECDED) in critical memory elements. HARV uses a combination of triple Modular Redundancy (TMR) and redundancy-aware control logic to mitigate transient faults. Its instruction execution path is designed to detect and correct faults dynamically, ensuring high reliability in critical applications. HARV integrates these mechanisms within a lightweight and resource-efficient framework to ensure adaptability to different platforms and constraints.

HARV-SoC comprises the HARV processor core [3] and various peripherals (e.g., communication interfaces, memory controllers) integrated into an architecture targeting reliability with flexibility and low hardening overheads. This reliability is achieved by hardening critical internal components and providing recovery schemes, e.g., data memory with ECC, bus access timeout, reset controller, watchdog timer reset, and application checksum. For the data memory, the SoC uses an external memory accessed through a customized controller that enables SECDED for each 32-bit word. The bus controller provides a timeout flag for access to peripherals, triggering an exception when a peripheral is not responding. With the bus timeout, the application receives information about the faulty peripheral. The application may use this information to

This project and results presented in this paper were possible due to the funding provided in the framework of the EU project RADNEXT, receiving funding from the European Union's Horizon 2020 research and innovation programme (Grant Agreement no. 101008126), and the Project HARV (project PE24PR01) in the framework of the "Accelerateur d'innovation" from the University of Montpellier.



Fig. 1. HARV-SoC Implementation

perform actions to restore the functionality of a peripheral. A reset controller is used to enable the reset of specific peripherals. Besides the timeout from the bus, the system also provides a Watchdog Timer (WDT) that resets the SoC when a system timeout is reached, detecting and recovering hang failures.

A key aspect of HARV-SoC's design is its dynamic fault management system, which continuously monitors the processor's execution to detect anomalies [4]. The system leverages real-time data to enable the application to classify faults and activate appropriate mitigation strategies. These strategies could include error masking, selective re-execution of instructions, and system rollback when necessary. These capabilities enable the processor to function autonomously in radiationprone environments without external intervention.

This SoC was developed to be flexible and can be used in various FPGAs, which may use different technologies that suffer different effects when exposed to radiation. While flashbased FPGAs have a more resilient configuration memory, SRAM-based FPGAs' most common errors are in their Configuration Memory (CMEM). Therefore, we implemented an interface with a primitive structure of Xilinx devices that reports errors in the configuration memory through a built-in scrubbing. The reports provided by this structure are integrated with a specific error handler, which also interfaces with HARV to report these errors to the application.

Fig. 1 presents an overview of the SoC architecture, including the fault-tolerant HARV processor, its interconnection with peripherals, and the error handler modules, which are responsible for error detection and reporting. The external memory can be implemented by interfacing with a memory controller or internal FPGA memories. The dashed red square highlights the structures specific for reporting upsets in the configuration memory of Xilinx FPGAs.

The HARV-SoC includes a Vector Extension Unit (VEU) [5], [6] based on the Zve32x, a subset of the RISC-V Vector Extension specific to Embedded Processors and integer arithmetic operations. This implementation enhances compu-

tational efficiency by enabling multiple data elements to be processed simultaneously with a single instruction, significantly improving traditional scalar processors that handle data sequentially. This approach can accelerate the processing of artificial intelligence algorithms and convolution operations in image processing, which are common in space missions for tasks like remote sensing and target detection. Performance evaluations show that the vectorized execution could accelerate up to approximately 29 times compared to scalar implementations. Reliability assessments through fault injection campaigns also indicate that the vector unit improves mean work to failure by reducing execution time and limiting the system's exposure to radiation-induced errors.

The HARV-SoC is compatible with FreeRTOS [7], a realtime operating system optimized for microcontrollers designed to manage user-defined tasks within precise timing constraints. To enhance the HARV-SoC's capabilities, FreeRTOS was adapted from its existing RISC-V port found in the main repository. This adaptation involved modifying the FreeRTOS source code to align with HARV's specific architectural requirements, extending its functionality and software support while preserving its core operational integrity.

## III. OBSERVABILITY AND MONITORING CAPABILITIES

HARV includes an advanced observability and monitoring structure that enables real-time error tracking, logging, and analysis. The system includes multiple fault detection mechanisms that allow the processor to classify and respond to radiation-induced errors autonomously. By leveraging error monitors and detailed registers, the SoC can efficiently detect transient faults, track error propagation, and assess the impact of single-event effects on performance [8].

Fig. 2 presents the error handler structure, which has the hardened structure flags as inputs, stores detailed error information in internal registers, and requests an exception to the processor whenever there is an error that could affect the applications' reliability.



Fig. 2. Error Handler

The fault observability system is designed to correlate error events with operational conditions, providing insights into environmental influences on processor behavior. This allows for adaptive fault tolerance strategies at the application level, wherein the system dynamically adjusts redundancy levels, modifies error correction parameters, and optimizes workload distribution based on observed error trends. Such adaptability ensures that HARV-SoC maintains high reliability over extended mission durations.

### IV. EXPERIMENTAL VALIDATION

To thoroughly evaluate HARV and HARV-SoC's fault tolerance and resilience under radiation exposure, multiple irradiation experiments were conducted at some of the most advanced testing facilities in the world [4], [8]–[10]. The experiments were designed to simulate the various types of radiation environments encountered in space missions and high-energy physics applications.

At ChipIr (ISIS Neutron Source, UK), HARV-SoC was subjected to atmospheric neutron bombardment at an exceptionally high flux, replicating the conditions faced by avionics systems at high altitudes. The objective was to quantify the neutron-induced soft error rates and verify the effectiveness of HARV-SoC's fault-tolerance mechanisms in real-time computational workloads. The results demonstrated a significant reduction in error rates, confirming the effectiveness of SECDED and TMR in mitigating transient faults.

At the PARTREC facility in the Netherlands, high-energy proton irradiation experiments were conducted to assess the system's robustness under space-like conditions. Proton strikes are a significant concern in satellite and deep-space applications, often leading to data corruption or system malfunctions. The experiments demonstrated that the SECDED memory correction and TMR logic redundancy prevented major failures, maintaining execution accuracy over extended test periods.

At CHARM (CERN, Switzerland), HARV-SoC was tested with mixed-field irradiation, which provided an emulation of the space environment's radiation. The processor exhibited resilience under high radiation doses, with only minimal performance degradation.

## V. CHARACTERIZATION RESULTS

Following the extensive validation of HARV-SoC in experimental environments, a detailed performance analysis was conducted to assess its resilience, efficiency, and computational stability under radiation exposure. The processor demonstrated a substantial reduction in soft error rates compared to standard, non-hardened implementations.

One of the most significant findings was the improvement in Mean Time Between Failures (MTBF), which increased by a factor of four compared to commercial off-the-shelf (COTS) processors operating under similar irradiation conditions. The integration of SECDED and TMR techniques resulted in a 99.2% correction rate for transient memory errors under highenergy protons irradiation.

During neutron irradiation tests, HARV-SoC exhibited a self-recovery rate of 95.6%, with autonomous correction mechanisms ensuring minimal reliability degradation. Additionally, execution throughput remained within 85-90% of efficiency, even in high-flux environments, demonstrating its capability to sustain computational performance despite radiation-induced faults.

These results indicate that HARV-SoC meets reliability requirements in radiation-harsh environments. Its combination of robust fault mitigation and awareness, recovery capability, and strong computational stability establishes it as a viable candidate for future deep-space exploration missions and other high-reliability applications.

## VI. IN-FLIGHT EXPERIMENT

HARV has been successfully integrated as a payload in the Méditerranée Satellite (ROBUSTA-3A), launched in June 2024. This payload was included to validate the processor's functionality and fault tolerance in a real Low Earth Orbit (LEO) space environment. This marks a significant milestone in deploying HARV-SoC in space applications, providing direct in-orbit operational data. Fig. 3 presents a picture of the Cubesat during the final tests of the payload comprising two HARV-SoC processors.

The ROBUSTA-3A satellite is serving as a testbed for studying the effects of prolonged exposure to space radiation on HARV's performance. Real-time telemetry data from the satellite allows for continuous monitoring of system behavior, error occurrences, and automatic recovery mechanisms. The onboard error logging system provides valuable insights into SEE impacts, enabling the evaluation and validation of HARV's radiation resilience.

The mission includes periodic downlink sessions for transmitting fault logs and diagnostic reports to the ground station. These reports enable researchers to analyze HARV's stability over an extended period and refine future iterations of radiation-hardened processors. The results obtained from ROBUSTA-3A are contributing to the development of enhanced mitigation techniques, improving processor reliability for future deep-space missions.

Currently, a preliminary analysis of error logs confirmed that single-event effects (SEEs) were successfully logged and



Fig. 3. ROBUSTA-3A Satellite

classified, allowing for predictive maintenance strategies in future deployments. The high level of observability and realtime monitoring capabilities provided engineers with detailed insights into fault propagation, further solidifying HARV-SoC's reliability for prolonged space missions and autonomous applications.

## VII. CONCLUSION

The development of HARV-SoC marks a step forward in the evolution of radiation-hardened computing. By integrating fault-tolerance mechanisms such as TMR and SECDED, HARV-SoC demonstrated resilience against radiation-induced faults, making it a candidate for space and critical applications. The extensive experimental validation, including realworld irradiation testing and in-orbit deployment aboard the ROBUSTA-3A satellite, confirmed the processor's ability to maintain execution correctness and operational stability in extreme environments.

Beyond its robustness to radiation effects, HARV-SoC's observability and monitoring capabilities offer unprecedented fault diagnostics and adaptive error mitigation. These reports ensure continuous health monitoring, allowing for real-time error tracking and classification. These features make HARV-SoC particularly well-suited for long-duration space missions,

where proactive fault management is essential for mission success.

Future research will focus on several key areas to further enhance HARV-SoC's capabilities. One primary direction is implementing adaptive fault tolerance, which would enable the processor to dynamically adjust redundancy levels and error correction strategies based on real-time fault data. This would enhance efficiency while maintaining reliability under varying radiation conditions. Additionally, extending HARV-SoC to support out-of-order execution and multi-core architectures will improve processing performance for more computationally demanding space applications.

Further on-orbit testing and long-term deployment in deepspace missions will provide additional insights into the longterm radiation effects on HARV-SoC. Collaborations with international space agencies and industry partners will help ensure that HARV-SoC meets the evolving requirements of future exploration missions, autonomous vehicles, and nuclear environments.

#### REFERENCES

- D. J. Sorin, "Fault tolerant computer architecture," Synthesis Lectures on Computer Architecture, vol. 4, no. 1, pp. 1–104, 2009.
- [2] M. Yang, G. Hua, Y. Feng, and J. Gong, Fault-tolerance techniques for spacecraft control computers, 1st ed. Wiley Publishing, 2017.
- [3] D. A. Santos, L. M. Luza, C. A. Zeferino, L. Dilillo, and D. R. Melo, "A low-cost fault-tolerant RISC-V processor for space systems," in 2020 15th Design Technology of Integrated Systems in Nanoscale Era (DTIS), 2020, pp. 1–5.
- [4] D. A. Santos, A. M. P. Mattos, D. R. Melo, and L. Dilillo, "Enhancing fault awareness and reliability of a fault-tolerant risc-v system-on-chip," *Electronics*, vol. 12, no. 12, 2023. [Online]. Available: https://www.mdpi.com/2079-9292/12/12/2557
- [5] C. Imianosky, D. A. Santos, D. R. Melo, F. Viel, and L. Dilillo, "Special session: Reliability and performance evaluation of a risc-v vector extension unit for vector multiplication," in 2024 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2024, pp. 1–6.
- [6] C. Imianosky, D. A. Santos, D. R. Melo, F. VieE, and L. Dilillo, "Implementation and reliability evaluation of a risc-v vector extension unit," in 2023 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2023, pp. 1– 6.
- [7] Amazon's, "FreeRTOS Kernel," https://github.com/FreeRTOS/FreeRTOS-Kernel/, 2025.
- [8] D. A. Santos, L. M. Luza, M. Kastriotou, C. Cazzaniga, C. A. Zeferino, D. R. Melo, and L. Dilillo, "Characterization of a RISC-V system-onchip under neutron radiation," in 2021 16th International Conference on Design Technology of Integrated Systems in Nanoscale Era (DTIS), 2021, pp. 1–6.
- [9] D. A. Santos, A. M. P. Mattos, L. M. Luza, C. Cazzaniga, M. Kastriotou, D. R. Melo, and L. Dilillo, "Neutron irradiation testing and analysis of a fault-tolerant risc-v system-on-chip," in 2022 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2022, pp. 1–6.
- [10] D. A. Santos, P. M. Aviles, A. M. P. Mattos, M. García-Valderas, L. Entrena, A. Lindoso, and L. Dilillo, "Hybrid hardening approach for a fault-tolerant risc-v system-on-chip," *IEEE Transactions on Nuclear Science*, vol. 71, no. 8, pp. 1722–1730, 2024.