Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jon Perez, Mikel Azkarate-askasua, Antonio Perez

Published byCathleen Carroll Modified over 9 years ago

Similar presentations

Presentation on theme: "Jon Perez, Mikel Azkarate-askasua, Antonio Perez"— Presentation transcript:

1 Codesign and Simulated Fault Injection of Safety-Critical Embedded Systems Using SystemC
Jon Perez, Mikel Azkarate-askasua, Antonio Perez Embedded Systems Group IKERLAN-IK4 Technology Research Centre Mondragon, Spain

2 Motivation Design of safety-critical embedded systems require careful analysis of: Fault forecasting Fault prevention Fault removal Fault tolerance IEC highly recommends fault injection techniques in all steps of the development process to analyze the reaction of the system in a faulty environment and validate implemented Fault Tolerance Mechanisms (FTM) Late discovery of a design pitfall might require a expensive redesign of the product! Simulated Fault Injection (SFI) enables and early dependability assessment Could we have a design environment for the codesign and accelerated SFI? EDCC, Valencia, April 2010

3 Outline Preliminaries SFI with SystemC Conclusion and future work
EDCC, Valencia, April 2010

4 Preliminaries – SystemC
SystemC is an standardized system level design language, IEEE-1666, that provides codesign and simulation environment: Open source C++ library Codesign, both hardware and software components can be described using a common language Provides multiple abstraction levels from architectural level down to Register Transfer Level (RTL) SystemC provides an event driven simulation kernel that: Provides a simulation environment Global notion of time First animation, when I discuss closure Every program transition starting in X ends in X. EDCC, Valencia, April 2010 Black, D. C. and J. Donovan (2004). SystemC: From the Ground Up, Eklectic Ally, Inc.

5 Preliminaries – Fault Injection
SWIFI (Software Implemented Fault Injection), the objective is to reproduce at software level errors that would have been produced upon occurring faults in the execution hardware or software. HWIFI (Hardware Implemented Fault Injection), fault injection is performed on the final system or early prototype hardware SFI (Simulated Fault Injection) enables an early dependability assessment of the system, using a simulation model of the system under analysis. The use of fault injection techniques in SystemC is still scarce, but SFI in HDL models is a well examined area with three main methods for fault injection: Saboteurs: an additional fault injection module is inserted between modules Mutants: a component is modified / replaced by an extended component that provides faulty behavior Simulator command: the values of variables and signals are modified manually / automatically using simulator commands First animation, when I discuss closure Every program transition starting in X ends in X. EDCC, Valencia, April 2010

6 Preliminaries – ETCS odometry
ERTMS (European Railway Traffic Management System) is an European union backed initiative for the definition of a unique train signaling standard. ETCS (European Train Control System) is the on-board automatic train protection, safety-critical embedded system, that protects the train by supervising the traveled distance and speed, activating the emergency brake if authorized values are exceeded. It relies on the distance and speed measurements of the odometry system based on a set of diverse sensors. For a maximum speed of 500 km/h error must be bounded to: First animation, when I discuss closure Every program transition starting in X ends in X. EDCC, Valencia, April 2010

7 SFI with SystemC – Proposed approach
Modules: System model, is the design under analysis Fault injection module, executes simulator commands with the progression of time by updating a table of variables Transactor module, converts fault injection variables into custom variables, signals and ports as required by the system model under analysis Checker module, the custom module that verifies the correct operation of the system Three consecutive abstraction levels are proposed: behavioral, architectural and system implementation level. First animation, when I discuss closure Every program transition starting in X ends in X. EDCC, Valencia, April 2010

8 SFI with SystemC – Fault Injection Commands
Command <window, idx, value> Time window Idx: Variable index Value: Given variable value Window <id, offset, duration> Id: Time reference identifier Offset..offset+duration: Command time section Special value, forever: <id, offset, -1> Special value, default: <-1, -1, -1> First animation, when I discuss closure Every program transition starting in X ends in X. EDCC, Valencia, April 2010

9 SFI with SystemC – Behavioral level
Combination of diverse sensors, which type and how many. Analysis of sensor-fusion algorithms Analysis of sensor fault-error-failure Injected faults (FMEA): Relative angles Adhesion factor Wheel diameter Etc. First animation, when I discuss closure Every program transition starting in X ends in X. EDCC, Valencia, April 2010

10 SFI with SystemC – Architectural level
TMR, Triple Modular Redundancy Each node implements the sensor-fusion algorithm Distribution of sensors in nodes Distribution of information (interfaces) Fail-silent node Voting algorithm Etc. First animation, when I discuss closure Every program transition starting in X ends in X. Injected faults (FMEA): Communication channel failure Node failure Node sends incorrect value Etc. EDCC, Valencia, April 2010

11 SFI with SystemC – System implementation level
Hardware / Software partition More detailed interface design Custom design refinement level: Sensor model Hardware Microprocessor Etc. First animation, when I discuss closure Every program transition starting in X ends in X. Injected faults (FMEA): Statistical bit-flips Statistical signal glitches Etc. EDCC, Valencia, April 2010

12 SFI with SystemC – Command Table
Default values Speed set-point First animation, when I discuss closure Every program transition starting in X ends in X. Fault-injection variables Distance EDCC, Valencia, April 2010

13 SFI with SystemC – Experimental result
First animation, when I discuss closure Every program transition starting in X ends in X. EDCC, Valencia, April 2010

14 Conclusion and Future Work
Summary The use of SystemC for the codesign and SFI provides multiple advantages: The system is codesigned using a single standard modeling language Simulations include SFI Eases the design space exploration and FMEA analysis Multiple abstraction-refinement levels are supported Helps reduce the risk of late pitfall discovery Meets IEC recommendation, use of fault injection techniques in all steps of the development process Complementary with SWIFI and HWFI Future work Maintenance oriented fault injection, to ensure that spurious malfunctions of interest (e.g. transient faults) are detected and registered. EDCC, Valencia, April 2010

15 Thank you! EDCC, Valencia, April 2010

Download ppt "Jon Perez, Mikel Azkarate-askasua, Antonio Perez"

Similar presentations

TOPIC : SYNTHESIS DESIGN FLOW Module 4.3 Verilog Synthesis.

TOPIC : SYNTHESIS DESIGN FLOW Module 4.3 Verilog Synthesis.
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
DETAILED DESIGN, IMPLEMENTATIONA AND TESTING Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

DETAILED DESIGN, IMPLEMENTATIONA AND TESTING Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
1 Chapter 4 - Part 1 Software Processes. 2 Software Processes is: Coherent (logically connected) sets of activities for specifying, designing, implementing,

1 Chapter 4 - Part 1 Software Processes. 2 Software Processes is: Coherent (logically connected) sets of activities for specifying, designing, implementing,
Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.
Reporter:PCLee 2011.10.07. With a significant increase in the design complexity of cores and associated communication among them, post-silicon validation.

Reporter:PCLee With a significant increase in the design complexity of cores and associated communication among them, post-silicon validation.
Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.

Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.
Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.

Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.
Introduction Designing cost-sensitive real-time control systems for safety-critical applications requires a careful analysis of the cost/fault-coverage.

Introduction Designing cost-sensitive real-time control systems for safety-critical applications requires a careful analysis of the cost/fault-coverage.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
Presenter : Shih-Tung Huang Tsung-Cheng Lin Kuan-Fu Kuo 2015/6/15 EICE team Model-Level Debugging of Embedded Real-Time Systems Wolfgang Haberl, Markus.

Presenter : Shih-Tung Huang Tsung-Cheng Lin Kuan-Fu Kuo 2015/6/15 EICE team Model-Level Debugging of Embedded Real-Time Systems Wolfgang Haberl, Markus.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Reliability on Web Services Pat Chan 31 Oct 2006.

Reliability on Web Services Pat Chan 31 Oct 2006.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Functional Coverage Driven Test Generation for Validation of Pipelined Processors P. Mishra and N. Dutt Proceedings of the Design, Automation and Test.

Functional Coverage Driven Test Generation for Validation of Pipelined Processors P. Mishra and N. Dutt Proceedings of the Design, Automation and Test.
Design of SCS Architecture, Control and Fault Handling.

Design of SCS Architecture, Control and Fault Handling.
Motivation  Synthesis-based methodology for quick design space exploration enabled by automatic synthesis followed by analysis  Automatic synthesis:

Motivation  Synthesis-based methodology for quick design space exploration enabled by automatic synthesis followed by analysis  Automatic synthesis:
Chapter 10: Architectural Design

Chapter 10: Architectural Design
Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.

Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.
1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.

1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.

Similar presentations

Ads by Google