Fault-Tolerance in VHDL Description: Transient-Fault Injection & Early Reliability Estimation TIMA-INPG Lab Fabian Vargas, Alexandre Amory Raoul Velazco Catholic University – PUCRSTIMA-INPG Laboratory Electrical Engineering Dept. 46, Av. Félix Viallet Av. Ipiranga, – Grenoble Porto Alegre France Brazil

Summary 1. Motivation: Important issues on the design of FT circuits for space applications 2.1. The Proposed Approach:  Built-In Reliability Functions Library  Target Architecture: main blocks 2.2. Reliability Early-Estimation:  Main steps of the procedure and fault-coverage estimation  Fault-Injection Mechanism: LFSR to inject single/multiple faults  Example of fault injection in the VHDL: Generate Statement 3. Conclusions & Future Work

1. Motivation: Important concerns of computer designers for space applications : n Power computation, area usage, weight, and dependability (availability, reliability, and testability). Main Characteristics & Drawbacks : n application-specific systems (requirements change frequently from application to application) :  very expensive systems! n Synthesis (EDA) tools do not represent effective development facilities  the short time available for making remedical changes to a faulty application in time-critical systems is not often respected.  not optimized compilers. n There is a lack of commercial libraries with special components (incorporating FT facilities) n Development of an FPGA/ASIC board to test/validate the FT strategies :  takes time and money!

1. Motivation: Fig. 1. Illustration of the charge collection mechanism that causes single-event upset : (a) particle strike and charge generation; (b) current pulse shape generated in the n+p junction during the collection of the charge.  Radiation causes Single-Event Upset (SEU) in memory elements:  Processor latches and cache mem. cells are sensitive to SEUs  FPGAs store logic/routing in latches.

The Proposed Approach: Built-In Reliability Functions Library: achieving the desired circuit fault-tolerance Fig. 2. Block diagram of the FT-PRO tool being developed to automate the process of generating storage element transient-fault-tolerant complex circuits.

The Proposed Approach: Built-In Reliability Functions Library: achieving the desired circuit fault-tolerance Fig. 3. Target block diagram generated by the FT-PRO Tool: (a) for a single register; (b) for an n-register bank. (a)(b)

The Proposed Approach: Built-In Reliability Functions Library: achieving the desired circuit fault-tolerance Fig. 4. Control block diagrams: (a) Parity Generator; (b) Checker/Corrector. (a)(b)

Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code Insertion of the transient (single or multiple) fault in the VHDL code according to a predefined MTBF. Simulate the circuit. After simulation, we look for the primary outputs (POs) of the circuit to verify, for each of the injected transient faults, if they affected the functional circuit operation.

In this case, we can obtain one of the three conclusions :  the fault was not propagated to the POs, then it is considered redundant;  the fault was propagated to the POs of the circuit and it was detected by the built-in reliability functions appended to the memory elements. (This can be verified by reading out the outputs of the comparators along with the VHDL code after simulation.) Then, the reliability of the circuit is maintained.  if the fault produced an erroneous PO and it was not detected by the appended hardware, then the reliability of the circuit is reduced. –This happens because either the reliability functions used in the program fail to detect such a fault, or the choice of the memory elements to be made fault-tolerant is not adequate (because important blocks of storage elements remain in the original form) Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code

At the end of this process, we compute the overall transient fault coverage as a function of the predefined MTBF for the target application as follows: Transient_Fault_Coverage (MTBF) = K. (M - E) Where: K is the number of detected transient faults; M is the total number of injected transient faults; E is the number of redundant transient faults in the VHDL code Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code

Fig. 5. Approach used to inject faults in the VHDL code. (Example for a circuit that operates with 8 information bits plus 5 check bits) Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code

Three different operating modes: (a) normal_mode. No fault injection is possible during the simulation process. (b) precision_fault-injection_mode. Single/multiple faults can be injected in the selected memory register. User defines which bits and in which sequence the selected bits will be flipped by setting specific seeds into the LFSR, before clocking it. This results in the injection of the fault(s) in the selected memory element. Reset the LFSR, and repeat the operation to insert another seed into this element and so on. (c) random_fault-injection_mode. A unique reset is performed in the beginning of the process in order to inject the first seed. After this, every time the user wants to inject a fault in the selected memory element, he needs only to generate the clock signal is activated, a fault is pseudo-randomly injected into the selected memory element by the LFSR Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code

At the VHDL code level, the LFSR can be implemented by means of a Generate Statement. This mechanism can be used as a conditional elaboration of a portion of a VHDL description Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code

package FAULT_INJECTION_PKG is fault injection mode -- 0 => normal mode -- 1 => precision fault injection mode -- 2 => random fault injection mode constant FAULT_INJECTION : integer := 0; -- to allow fault injection in high data order, set this constant constant FAULT_DATA_HIGH : std_logic := '1';... end FAULT_INJECTION_PKG; entity REG_FT is port( CLOCK, RESET, -- chip enable CE :in std_logic; -- input from data bus D :in std_logic_vector(7 downto 0); -- output to data bus Q :out std_logic_vector(7 downto 0); ERROR :out std_logic_vector(1 downto 0) ); end REG_FT; Fig. 6. Pseudo VHDL code illustrating the high-level fault-injection mechanism.

architecture REG_FT of REG_FT is -- register (info + check bits) signal REG : std_logic_vector(12 downto 0); -- info bits alias INFO_REG : std_logic_vector(7 downto 0) is reg(12 downto 5); -- check bits alias CHECK_REG : std_logic_vector(4 downto 0) is reg(4 downto 0);... begin... NORMAL_MODE: if FAULT_INJECTION = 0 generate -- input data from data bus INFO_REG <= D; -- parity from parity generator CHECK_REG <= PARITY_GEN; end generate; PRECISION_FAULT_INJECTION_MODE: if FAULT_INJECTION = 1 generate FAULT_DATA_HIGH_BLOCK: if FAULT_DATA_HIGH = '1' generate LFSR_DATA_HIGH: LFSR port map( LFSR_IN=> INFO_REG(7 downto 4), LFSR_OUT=> LFSR_OUT_DATA_HIGH, CLK_IN=> CLK_LFSR, RST_IN => RESET); -- insert a fault in the 4 MSB bits INFO_REG <= LFSR_OUT_DATA_HIGH & INFO_REG(3 downto 0); end generate;... end REG_FT; Fig. 6. Pseudo VHDL code illustrating the high-level fault-injection mechanism.

Consider the clock signal C1 used to drive the LFSR. The goal of this control signal is to determine the moment when the LFSR evaluates, i.e. the exact moment when a fault is injected in the selected memory element. Possible implementation at the VHDL code level : command after, to introduce timing constraints to memory element assignments.... C1 := “1” after 100ms; C1 := “0” after 200ms; C1 := “1” after 300ms; C1 := “0” after 400ms;... Note that the number of faults injected depends on the type of the seed placed in the LFSR Reliability Early-Estimation: injecting transient faults (SEUs) in VHDL code

 We presented a new approach to automate the process of generating fault tolerant complex circuits described in VHDL language. The approach uses coding techniques associated to registers or group of registers to detect the occurrence of a bit-flip (Single-Event Upset – SEU) and to localize the affected memory element (thus, performing error correction).  In a second step, this approach also estimates the reliability of such complex circuits with respect to SEU. This procedure is also performed in an early stage of the design process, i.e., at the circuit VHDL specification level.  This approach is being automated through the development of the FT_PRO tool.  A test vehicle (a Z80-like microprocessor) is being implemented in a commercial FPGA to be exercised under radiation at the Lawrence Berkeley Lab facility (88-inch cyclotron). Experimental results will allow to verify the effectiveness of the reliability early-estimation procedure, as well as will provide a valuable feedback to future improvements of the built-in reliability functions database. 3. Conclusions & Future Work: