Hardware Acceleration of Fault-tolerant System Verification

1. Hardware Acceleration of Fault-tolerant System Verification Marcela Šimková isimkova@fit.vutbr.cz Faculty of Information Technology Brno University of Technology Czech Republic June 4, 2013

2. Motivation • Evaluation platform for testing fault-tolerance methodologies in electro-mechanical (EM) applications. • Examples: • aerospace, • space, • automotive, • safety-critical, • … Marcela Šimková

3. Goals of the Research • Fault-tolerance methodologies are targeted to electronic components. → Is the mechanical part also affected? How? • Fault-tolerance methodologies are often demonstrated on simple electronic circuits. → What about real-size systems? Marcela Šimková

4. Current State • We have: • FPGA-based designs (mechanical part), • simulation environment (stimuli, reactions of electronic part), • fault-injector. • We need: • A complex set of input stimuli (test vectors) for detection of injected faults and checking the design behaviour. simulation FPGA fault injection robot controller robot FPGA input stimuli fault injection robot controller Marcela Šimková

5. Outline of the Presentation • Evaluation platform. • Experimental EM design. • Issue of the complexity. • Simulation of the mechanical part. • Fault injection. • Different fault-tolerance methodologies. • Strategies for the generation of input stimuli. • ATPG. • Functional verification. • Experiments. • HAVEN. Marcela Šimková

6. Evaluation Platform Zápatí pro všechny stránky (ne první a poslední)

7. Experimental EM Design • The robot device (mechanical part) and its robot controller (electronic part). • Mission: Path search through a maze. Evaluation Platform Marcela Šimková

8. Issue of the Complexity • The robot controller is designed as a complex system with specific components. • Testing and validating individual or co-operating fault-tolerance methodologies. Evaluation Platform Marcela Šimková

9. Simulation of the Mechanical Part • Simulation environment Player/Stage. • Video: http://www.fit.vutbr.cz/~isimkova/robot/final.wmv • The visual feedback about the movements of the robot after the fault injection. Evaluation Platform Marcela Šimková

10. Fault Injection • The weak point of FPGAs is their configuration memory. • Configuration bits (bitstream) determine the functionality of the FPGA chip (in our case the robot controller). • Small change of the bitstream (inversion of the stored value) can lead to different functionality (Single Event Upset, SEU). • Fault injection = a deliberate change of single or multiple bits in the bitstream. • The main goal: classification of faults. Evaluation Platform Marcela Šimková

11. Different Fault-tolerance Methodologies • Incremental hardening of designsagainst faults. • Methodologies: • TMR, • duplex, • coding, • bit scrubbing, • partial dynamic reconfiguration, • ... Evaluation Platform Marcela Šimková

12. Strategies for the Generation of Input Stimuli Zápatí pro všechny stránky (ne první a poslední)

13. Strategies • Common approaches: ATPG (Automatic Test Pattern Generation)- gate-level- different fault models- scan architectures Functional tests- check functional aspects of the design • New strategy? Functional verification - pre-silicon simulation-based verification approach- register-transfer level- check functional and partially structural aspects of the design Input Stimuli Generation Marcela Šimková

14. Functional Verification • Simulation-based approach that checks whether a model of the system (DUT, Design Under Test) respects the specification. • Additional verification techniques: • constrained-random stimulus generation, • coverage-driven verification, • assertion-based verification, • self-checking mechanisms. • Implementation mainly in SystemVerilog. • Verification methodologies (OVM, UVM). Input Stimuli Generation Marcela Šimková

15. Coverage • ATPG - fault coverage • Functional verification coverage metrics specification DUT (hdl) functional code statement assertions FSM Input Stimuli Generation Marcela Šimková

16. Pros and Cons of Using Functional Verification • Cons: • knowledge of verification basics, • implementation of the verification environment (2 weeks or more). • Pros: • reuse of verification vectors (if functional verification is a part of the pre-silicon phase of the design cycle), • fast generation of vectors (in seconds). Input Stimuli Generation Marcela Šimková

17. Experimental design Median Workshop Marcela Šimková

18. 1. Experiment Median Workshop Marcela Šimková

19. 2. Experiment Median Workshop Marcela Šimková

20. 3. Experiment Median Workshop Marcela Šimková

21. 4. Experiment • Combination of vectors from functional verification and ATPG. • Achieved fault coverage: 96.20% Median Workshop Marcela Šimková

22. Evaluation of Results • As for ALU, vectors originated in functional verification were effective enough for detection of stuck-at faults. • Combination with ATPG vectors even more effective. • Future ideas: • Bigger designs (the robot controller)? • Randomness of vectors? • An optimized set of vectors from functional verification? Median Workshop Marcela Šimková

23. Future work • Direct interconnection of the evaluation platform with the functional verification environment. → Verification of fault-tolerant designs ! • How? Input Stimuli Generation Marcela Šimková

24. HAVEN • Framework for hardware acceleration of functional verification on FPGA (for arbitrary synchronous units). • Allows acceleration by moving some (or all) components from software to hardware verification environment. • Runs at the frequency limited only by the FPGA (~ 100 MHz). • High level of abstraction, easy to adapt/extend. • For an FPGA system, verifies directlythe system, not only a model. • Freely available and open source. Dagstuhl Seminar: Verifying Reliability Marcela Šimková

25. Questions? Zápatí pro všechny stránky (ne první a poslední)