# AITL on Space: A Robust Three-Layer Architecture with a Tri-NVM Hierarchy (SRAM / MRAM / FRAM)

# for Long-Duration Spacecraft Autonomy

# Shinichi Samizo

Independent Semiconductor Researcher
Former Engineer at Seiko Epson Corporation

Email: shin3t72@gmail.com GitHub: https://github.com/Samizo-AITL

Abstract—We propose AITL on Space, an Adaptive Intelligent Triple-Layer control architecture that integrates a robust core  $(H_{\infty})$  as the primary loop with PID as auxiliary), an FSM-based supervisory layer, and an AI adaptor for on-orbit redesign. A role-partitioned Tri-NVM hierarchy (SRAM/MRAM/FRAM) is mapped onto a 22 nm FDSOI SoC to achieve low leakage, radiation tolerance, and temperature margin. The end-to-end flow—specified in JSON via EduController, synthesized by AITL-H to a fixed-point  $H_{\infty}$  controller, validated by FPGA HIL with SEU/SEL injection, and closed by SystemDK cosimulation (thermal/radiation/packaging)—enables reproducible and resilient autonomy for deep-space missions. Simulations and HIL show a 20% improvement in robustness ( $\mu$ -analysis), 1.5× faster attitude settling, and reduced active power (0.78 W) versus a 28 nm CMOS baseline.

# I. Introduction

Deep-space missions demand autonomy under single-event effects (SEE), cumulative dose, and thermal cycling, while operating within severe power and resource budgets. Singlelayer control architectures struggle to combine robustness, failoperational behavior, and adaptive longevity in these environments. We therefore present AITL on Space, a threelayer control stack: (1) an  $H_{\infty}$  robust core as the primary loop (with PID kept as an auxiliary stabilizer), (2) an FSM supervisor for Safe/Nominal/Recovery modes with TMR, and (3) an AI adaptor (LLM-based) for long-term re-identification and rule/gain re-synthesis. On the silicon side, a Tri-NVM memory hierarchy partitions responsibilities across SRAM (execution with ECC/TMR), MRAM (code/log retention), and FRAM (safe boot/FSM states). We target 22 nm FDSOI to leverage low leakage, body-bias tunability, and improved SEE tolerance. A SystemDK-centric design and verification loop unifies models, HIL tests, and ASIC integration.

# II. RELATED WORK

#### A. Radiation-Hardened SoCs and Protection

Classic Rad-Hard approaches employ TMR and ECC, with SOI processes reducing parasitics and soft-error susceptibility. Recent **22 nm FDSOI** nodes provide a strong trade-off among leakage, body-bias adjustability, and radiation margins.

# B. Robust Control $(H_{\infty})$ for Space Systems

PID remains attractive for simplicity, but multi-domain, uncertainty-rich plants benefit from  $H_{\infty}$  mixed-sensitivity design guaranteeing performance under bounded uncertainty. In AITL,  $H_{\infty}$  is the *primary* loop; PID is *auxiliary*; FSM supervises mission modes; and the AI adaptor updates rules/gains under guard rails.

## C. Non-Volatile Memories in Space (SRAM/MRAM/FRAM)

SRAM excels in speed yet is SEU-prone (mitigated by ECC/TMR). MRAM provides robust retention and endurance. FRAM enables low-energy, frequent writes. We allocate *execution* to SRAM, *program/log* to MRAM, and *safe boot/FSM* to FRAM.

# D. SystemDK-Based Verification and Chiplet Readiness

SystemDK enables system-level co-simulation spanning control logic, RTL, and physical effects. This is especially important for *chiplet* integration (analog/control, NVM, power management, and interconnect), where early system verification reduces re-spins.

#### III. Specification and Design Flow

Mission-level requirements (pointing accuracy, power stability, thermal margin) are captured in **EduController** and exported as JSON: (A, B, C, D), weighting functions  $(W_1, W_2, W_3)$ , and fault scenarios. **AITL-H** synthesizes an  $H_\infty$  controller K (output feedback, mixed-sensitivity), emits fixed-point code for RTL/FPGA/ASIC, and generates testbenches. Validation includes:

- **FPGA HIL**: SEU/SEL injection, sensor outages; metrics include safe-mode entry < 1 s, recovery rate ≥ 99%, and ECC scrubbing efficiency.
- SystemDK FEM: thermal cycles, radiation effects, and packaging stress to close the loop before silicon.
- ASIC Mapping: 22FDX FDSOI implementation hardened for long-duration missions.

# IV. System Architecture (AITL on 22 nm FDSOI)

# A. Three-Layer Control Stack

**Robust Core**  $(H_{\infty}/\text{MIMO})$  stabilizes attitude/propulsion/power jointly under disturbances and uncertainty; **PID** supports initial/local stabilization. **FSM Supervisor** manages mode transitions (Safe/Nominal/Recovery) under TMR. **AI Adaptor** performs low-frequency re-identification and gain/rule updates, gated by safety constraints and verification hooks ("apply-if-safe").

## B. Tri-NVM Hierarchy and Protection

**SRAM** for execution (ECC/TMR-protected), **MRAM** for program and persistent logs (high endurance, radiation tolerance), and **FRAM** for safe boot images and FSM states (low-energy frequent writes). This division reduces SEU risk while enabling fast recovery.

#### C. Chiplet Integration and Power Management

22 nm FDSOI supports body-bias control for dynamic operating points. Chiplet partitioning (analog I/O, digital control, NVM, power management) isolates sensitive domains and eases redundancy planning; a radiation-tolerant interposer/NoC links chiplets.

# V. Mathematical Model and $H_{\infty}$ Synthesis

We consider a discrete-time LTI plant with disturbance  $w_k$ , noise  $v_k$ , and performance output  $z_k$ . With mixed-sensitivity shaping weights  $(W_1, W_2, W_3)$ , we synthesize output-feedback K minimizing  $||T_{w \to z}||_{\infty}$  under fixed-point realizability constraints. Observers/filters are co-designed to meet latency and FPGA/ASIC resource budgets.

# VI. SIMULATION AND HIL EXPERIMENTS

# A. Space-Environment Scenarios

- (1) **Radiation Injection (SEU/SEL)**: TMR/ECC efficacy validated; MRAM/FRAM exhibit ~60% fewer events than SRAM under identical injection profiles.
- (2) **Power Drop / Thermal Cycling**: body-bias adapts frequency/voltage; in  $-50^{\circ}$ C to  $+125^{\circ}$ C, FSM transition latency remains within 5%.
- (3) **Multi-Domain**  $H_{\infty}$ : against solar radiation pressure, geomagnetic disturbance, and thruster noise, robustness index ( $\mu$ -analysis) improves **20**% over PID-only baseline.

# B. FPGA HIL Results

Zynq Ultrascale+ implementation with SEU emulation shows TMR suppresses spurious FSM transitions by > 98%.  $H_{\infty}$  accelerates attitude settling by 1.5× vs. PID. Using a 22 nm FDSOI device model, leakage is ~35% lower than a 28 nm CMOS reference at matched conditions.

# C. Power/Performance Summary

#### D. Implementation Observations

Tri-NVM balances speed/retention/radiation tolerance; 22 nm FDSOI improves power and SEE margins; multi-domain  $H_{\infty}$  stabilizes coupled plants; SystemDK unifies chiplet design and space-environment scenarios.

#### VII. DISCUSSION

#### A. Effectiveness of the Three-Layer Stack

 $H_{\infty}$  as the primary loop with PID auxiliary achieves the measured 20% robustness gain and 1.5× faster settling; FSM+TMR renders mode-transition faults negligible; the AI adaptor safely updates gains/rules for long-term drift and unknown disturbances.

#### B. Semiconductor Platform Significance

FDSOI's body-bias and isolation reduce leakage and SEU susceptibility; Tri-NVM's functional partitioning (SRAM: execution, MRAM: retention/logs, FRAM: safe boot/FSM) enhances effective resilience in-flight.

# C. SystemDK Payoff

System-level reproduction of space scenarios *before silicon* reduces design—lab iterations; our data indicates ~30% schedule reduction to HIL sign-off.

# D. System Impact and Limits

High fail-safe rate (>99%), low active power, and adaptive autonomy broaden mission envelopes. Remaining issues: on-board AI compute budgeting,  $H_{\infty}$  scaling vs. logic/memory cost, and standardization of rad-hard chiplet interconnects.

#### NOVELTY AND CONTRIBUTIONS

- Three-Layer Control Novelty:  $H_{\infty}$  primary + FSM supervisory + AI adaptor (PID auxiliary) unifies robustness, safety, and on-orbit redesign.
- Tri-NVM Guidance: clear role partitioning (SRAM/MRAM/FRAM) with ECC/TMR for spacegrade memory hierarchies.
- SystemDK-Centered Flow: single framework to verify space scenarios and chiplet integration pre-silicon.
- Validated Gains: +20% robustness, 1.5× settling speedup, 0.78 W active.

# Conclusion

AITL on Space fuses robust control, supervisory safety, AI re-identification, and hardened memory on 22 nm FDSOI, verified by a SystemDK-driven flow from mission specification to ASIC. The approach improves reliability, performance, and power concurrently, positioning AITL as a candidate *standard architecture* for chiplet-based space-grade SoCs. Future work: scaling high-order  $H_{\infty}$ , distilled on-board AI, and standard radhard interconnects.

 $\label{table I} \mbox{TABLE I}$  Power, reliability, and performance comparison

| Metric                        | Unit                 | AITL SoC (22 nm FDSOI) | Legacy SoC (28 nm CMOS) | Conditions: $T = 25^{\circ}\text{C}$ , $V_{\text{core}} = 0.8 \text{ V}$ , |
|-------------------------------|----------------------|------------------------|-------------------------|----------------------------------------------------------------------------|
| Active Power                  | W                    | 0.78                   | 1.20                    |                                                                            |
| Standby Power                 | mW                   | 12                     | 25                      |                                                                            |
| Mean SEU Rate                 | bit-hr <sup>-1</sup> | $1/10^{7}$             | $1/10^6$                |                                                                            |
| Attitude Settling (disturbed) | S                    | 0.65                   | 1.0                     |                                                                            |
| Fail-safe Recovery Success    | °/o                  | 99.2                   | 93.5                    |                                                                            |

50 MHz loop, identical disturbance profiles (solar pressure, geomagnetic disturbance, thruster noise).



Fig. 1. End-to-end design flow from mission specification to ASIC.



Fig. 2. AITL architecture (simplified): three-layer control stack with role-partitioned tri-NVM hierarchy.



Fig. 3. Closed-loop structure for robust design. Objective: minimize  $||T_{w \to z}||_{\infty}$  under mixed-sensitivity shaping.

#### REFERENCES

- [1] M. Shell, "How to Use the IEEEtran LATEX Class," Journal of LATEX Class Files, vol. 14, no. 8, pp. 1–14, 2015.
- [2] P. Coussy, D. D. Gajski, M. Meredith, and A. Takach, An Introduction to System-Level Design with SystemC. Springer, 2009.
- [3] F. Clermidy et al., "FD-SOI Technology for Ultra-Low Power Applications," IEEE TCAS-I, vol. 64, no. 9, pp. 2241–2254, 2017.
- [4] H. Quinn and P. Graham, "Terrestrial-based Radiation Upset Testing of Advanced Commercial Microelectronics," *IEEE TNS*, vol. 62, no. 6, pp. 2549–2572, 2015.
- [5] K. Kobayashi et al., "Low-Power and High-Reliability SRAM Design under FD-SOI Technology," *IEEE JSSC*, vol. 52, no. 7, pp. 1680–1690, 2017
- [6] Y. Zhang, J. Wang, and X. Chen, "Non-Volatile Memories for Space Applications: MRAM and FRAM," *Microelectronics Reliability*, vol. 100, p. 113372, 2019.
- [7] K. Zhou and J. C. Doyle, Essentials of Robust Control. Prentice Hall, 1998
- [8] S. Samizo, "AITL Architecture for Robust Control in Space Sys-

- tems," Project Design Hub Technical Report, 2025. Available: https://samizo-aitl.github.io/
- [9] M. Fujita, H. Nakamura, and T. Nakada, "Chiplet Integration in System Design," *IEEE Design & Test*, vol. 38, no. 2, pp. 36–47, 2021.
- [10] A. Bouguettaya et al., "AI-Driven Adaptive Systems: From Cloud to Edge," Proceedings of the IEEE, vol. 110, no. 9, pp. 1423–1456, 2022.

#### AUTHOR BIOGRAPHY

Shinichi Samizo received the M.S. degree in Electrical and Electronic Engineering from Shinshu University, Japan. He worked at Seiko Epson Corporation as an engineer in semiconductor memory and mixed-signal device development, and contributed to inkjet MEMS actuators and PrecisionCore printhead technology. He is currently an independent semiconductor researcher focusing on process/device education, memory architecture, and AI system integration.

Contact: shin3t72@gmail.com.