Fault-ToleranceinVHDLDescriptionTransient-FaultInjection在VHDL描述的瞬时故障注入容错.ppt

Fault-Tolerance in VHDL Description:Transient-Fault Injection & Early Reliability Estimation TIMA-INPG Lab Fabian Vargas, Alexandre Amory Raoul Velazcovargas@computer.org Raoul.Velazco@imag.frCatholic University – PUCRSTIMA-INPG LaboratoryElectrical Engineering Dept. 46, Av. Félix VialletAv. Ipiranga, 6681 38031 – Grenoble90619-900 Porto Alegre FranceBrazil Summaryn1. Motivation: Important issues on the design of FT circuits for space applicationsn2.1. The Proposed Approach:uBuilt-In Reliability Functions LibraryuTarget Architecture: main blocksn2.2. Reliability Early-Estimation: uMain steps of the procedure and fault-coverage estimationuFault-Injection Mechanism: LFSR to inject single/multiple faultsuExample of fault injection in the VHDL: Generate Statementn3. Conclusions & Future Work2vargas@computer.org1. Motivation: Important concerns of computer designers for space applications :nPower computation, area usage, weight, and dependability (availability, reliability, and testability).Main Characteristics & Drawbacks :napplication-specific systems (requirements change frequently from application to application) : very expensive systems!nSynthesis (EDA) tools do not represent effective development facilities  the short time available for making remedical changes to a faulty application in time-critical systems is not often respected. not optimized compilers.nThere is a lack of commercial libraries with special components (incorporating FT facilities)nDevelopment of an FPGA/ASIC board to test/validate the FT strategies :  takes time and money!3vargas@computer.org1. Motivation: Fig. 1. Illustration of the charge collection mechanism that causes single-event upset : (a) particle strike and charge generation; (b) current pulse shape generated in the n+p junction during the collection of the charge.  Radiation causes Single-Event Upset (SEU) in memory elements: Processor latches and cache mem. cells are sensitive to SEUs FPGAs store logic/routing in latches.4vargas@computer.org2.1. The Proposed Approach:Built-In Reliability Functions Library: achieving the desired circuit fault-toleranceFig. 2. Block diagram of the FT-PRO tool being developed to automate the process of generating storage element transient-fault-tolerant complex circuits.5vargas@computer.org2.1. The Proposed Approach:Built-In Reliability Functions Library: achieving the desired circuit fault-toleranceFig. 3. Target block diagram generated by the FT-PRO Tool: (a) for a single register; (b) for an n-register bank.(a)(b)6vargas@computer.org2.1. The Proposed Approach:Built-In Reliability Functions Library: achieving the desired circuit fault-toleranceFig. 4. Control block diagrams: (a) Parity Generator; (b) Checker/Corrector. (a)(b)7vargas@computer.org2.2. Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL codenInsertion of the transient (single or multiple) fault in the VHDL code according to a predefined MTBF.nSimulate the circuit. nAfter simulation, we look for the primary outputs (POs) of the circuit to verify, for each of the injected transient faults, if they affected the functional circuit operation.8vargas@computer.orgnIn this case, we can obtain one of the three conclusions :Fthe fault was not propagated to the POs, then it is considered redundant;Fthe fault was propagated to the POs of the circuit and it was detected by the built-in reliability functions appended to the memory elements. (This can be verified by reading out the outputs of the comparators along with the VHDL code after simulation.) Then, the reliability of the circuit is maintained.Fif the fault produced an erroneous PO and it was not detected by the appended hardware, then the reliability of the circuit is reduced. –This happens because either the reliability functions used in the program fail to detect such a fault, or the choice of the memory elements to be made fault-tolerant is not adequate (because important blocks of storage elements remain in the original form). 2.2. Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code9vargas@computer.orgnAt the end of this process, we compute the overall transient fault coverage as a function of the predefined MTBF for the target application as follows:Transient_Fault_Coverage(MTBF) = K . (M - E)Where: K is the number of detected transient faults; M is the total number of injected transient faults; E is the number of redundant transient faults in the VHDL code.2.2. Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code10vargas@computer.orgFig. 5. Approach used to inject faults in the VHDL code. (Example for a circuit that operates with 8 information bits plus 5 check bits).2.2. Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code11vargas@computer.orgThree different operating modes: (a) normal_mode. No fault injection is possible during the simulation process. (b) precision_fault-injection_mode. Single/multiple faults can be injected in the selected memory register. User defines which bits and in which sequence the selected bits will be flipped by setting specific seeds into the LFSR, before clocking it. This results in the injection of the fault(s) in the selected memory element. Reset the LFSR, and repeat the operation to insert another seed into this element and so on.(c) random_fault-injection_mode. A unique reset is performed in the beginning of the process in order to inject the first seed. After this, every time the user wants to inject a fault in the selected memory element, he needs only to generate the clock signal is activated, a fault is pseudo-randomly injected into the selected memory element by the LFSR.2.2. Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code12vargas@computer.orgnAt the VHDL code level, the LFSR can be implemented by means of a Generate Statement. nThis mechanism can be used as a conditional elaboration of a portion of a VHDL description. 2.2. Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code13vargas@computer.orgpackage FAULT_INJECTION_PKG is...-- fault injection mode-- 0 => normal mode-- 1 => precision fault injection mode-- 2 => random fault injection modeconstant FAULT_INJECTION : integer := 0;-- to allow fault injection in high data order, set this constantconstant FAULT_DATA_HIGH : std_logic := '1';...end FAULT_INJECTION_PKG;------------------------------------------------entity REG_FT isport( CLOCK,RESET,-- chip enableCE :in std_logic;-- input from data busD :in std_logic_vector(7 downto 0);-- output to data busQ :out std_logic_vector(7 downto 0);ERROR :out std_logic_vector(1 downto 0) );end REG_FT;Fig. 6. Pseudo VHDL code illustrating thehigh-level fault-injection mechanism.14vargas@computer.orgarchitecture REG_FT of REG_FT is-- register (info + check bits)signal REG : std_logic_vector(12 downto 0);-- info bitsalias INFO_REG : std_logic_vector(7 downto 0) is reg(12 downto 5);-- check bitsalias CHECK_REG : std_logic_vector(4 downto 0) is reg(4 downto 0);...begin...NORMAL_MODE:if FAULT_INJECTION = 0 generate-- input data from data bus INFO_REG <= D; -- parity from parity generator CHECK_REG <= PARITY_GEN;end generate;PRECISION_FAULT_INJECTION_MODE:if FAULT_INJECTION = 1 generate FAULT_DATA_HIGH_BLOCK:if FAULT_DATA_HIGH = '1' generateLFSR_DATA_HIGH: LFSR port map( LFSR_IN=> INFO_REG(7 downto 4),LFSR_OUT=> LFSR_OUT_DATA_HIGH, CLK_IN=> CLK_LFSR,RST_IN => RESET); -- insert a fault in the 4 MSB bits INFO_REG <= LFSR_OUT_DATA_HIGH & INFO_REG(3 downto 0); end generate;end generate;...end REG_FT;Fig. 6. Pseudo VHDL code illustrating thehigh-level fault-injection mechanism.15vargas@computer.orgConsider the clock signal C1 used to drive the LFSR. The goal of this control signal is to determine the moment when the LFSR evaluates, i.e. the exact moment when a fault is injected in the selected memory element. Possible implementation at the VHDL code level : command after, to introduce timing constraints to memory element assignments. . . . C1 := “1” after 100ms; C1 := “0” after 200ms; C1 := “1” after 300ms; C1 := “0” after 400ms; . . .Note that the number of faults injected depends on the type of the seed placed in the LFSR.2.2. Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code16vargas@computer.org4 We presented a new approach to automate the process of generating fault tolerant complex circuits described in VHDL language. The approach uses coding techniques associated to registers or group of registers to detect the occurrence of a bit-flip (Single-Event Upset – SEU) and to localize the affected memory element (thus, performing error correction).4 In a second step, this approach also estimates the reliability of such complex circuits with respect to SEU. This procedure is also performed in an early stage of the design process, i.e., at the circuit VHDL specification level.4 This approach is being automated through the development of the FT_PRO tool.4 A test vehicle (a Z80-like microprocessor) is being implemented in a commercial FPGA to be exercised under radiation at the Lawrence Berkeley Lab facility (88-inch cyclotron). Experimental results will allow to verify the effectiveness of the reliability early-estimation procedure, as well as will provide a valuable feedback to future improvements of the built-in reliability functions database.3. Conclusions & Future Work: 17vargas@computer.org。