Nadpis 1 Nadpis 2

Nadpis 3

Jméno PříjmeníVysoké učení technické v Brně, Fakulta informačních technologií v Brně

Božetěchova 2, 612 66 Brnojmeno@fit.vutbr.cz

99.99.2008

Hardware Acceleration of Fault-tolerant System Verification

Marcela Šimkováisimkova@fit.vutbr.cz

Faculty of Information TechnologyBrno University of Technology

Czech Republic

June 4, 2013

Motivation

• Evaluation platform for testing fault-tolerance methodologies in electro-mechanical (EM) applications.

• Examples:• aerospace,• space,• automotive, • safety-critical,• …

2 Marcela Šimková

Goals of the Research

3

• Fault-tolerance methodologies are targeted to electronic components.

→ Is the mechanical part also affected? How?

• Fault-tolerance methodologies are often demonstrated on simple electronic circuits.

→ What about real-size systems?

Marcela Šimková

Current State

• We have: • FPGA-based designs (mechanical part),• simulation environment (stimuli, reactions of electronic

part),• fault-injector.

• We need:• A complex set of input stimuli (test vectors) for detection of

injected faults and checking the design behaviour.

4

robotrobot

controller

simulation FPGA

faultinjection

inputstimuli

robotcontroller

faultinjection

FPGA

Marcela Šimková

Outline of the Presentation

5

1. Evaluation platform.

• Experimental EM design.• Issue of the complexity.• Simulation of the mechanical part.• Fault injection.• Different fault-tolerance methodologies.

2. Strategies for the generation of input stimuli.

• ATPG.• Functional verification.• Experiments.• HAVEN.

Marcela Šimková

Zápatí pro všechny stránky (ne první a poslední) 6

Evaluation Platform

Experimental EM Design

Evaluation Platform Marcela Šimková

7

• The robot device (mechanical part) and its robot controller (electronic part).

• Mission: Path search through a maze.

Issue of the Complexity

Evaluation Platform Marcela Šimková

8

• The robot controller is designed as a complex system with specific components.

• Testing and validating individual or co-operating fault-tolerance methodologies.

Simulation of the Mechanical Part

Evaluation Platform Marcela Šimková

9

• Simulation environment Player/Stage.

• Video: http://www.fit.vutbr.cz/~isimkova/robot/final.wmv

• The visual feedback about the movements of the robot after the fault injection.

Fault Injection

Evaluation Platform Marcela Šimková

10

• The weak point of FPGAs is their configuration memory.

• Configuration bits (bitstream) determine the functionality of the FPGA chip (in our case the robot controller).

• Small change of the bitstream (inversion of the stored value) can lead to different functionality (Single Event Upset, SEU).

• Fault injection = a deliberate change of single or multiple bits in the bitstream.

• The main goal: classification of faults.

Different Fault-tolerance Methodologies

Evaluation Platform Marcela Šimková

11

• Incremental hardening of designsagainst faults.

• Methodologies: • TMR,• duplex,• coding,• bit scrubbing, • partial dynamic reconfiguration,• ...

Zápatí pro všechny stránky (ne první a poslední) 12

Strategies for the Generation of Input Stimuli

Strategies

Input Stimuli Generation Marcela Šimková

13

• Common approaches:

ATPG (Automatic Test Pattern Generation)- gate-level- different fault models- scan architectures

Functional tests- check functional aspects of the design

• New strategy?

Functional verification- pre-silicon simulation-based verification approach- register-transfer level- check functional and partially structural aspects of the design

Functional Verification

Input Stimuli Generation Marcela Šimková

14

• Simulation-based approach that checks whether a model of the system (DUT, Design Under Test) respects the specification.

+ Additional verification techniques:• constrained-random stimulus generation,• coverage-driven verification,• assertion-based verification,• self-checking mechanisms.

+ Implementation mainly in SystemVerilog.

+ Verification methodologies (OVM, UVM).

Coverage

15

• ATPG - fault coverage • Functional verification

functionalcode

assertions

statement

FSM

coverage metricsspecification DUT (hdl)

Input Stimuli Generation Marcela Šimková

Pros and Cons of Using Functional Verification

16

• Cons:• knowledge of verification basics,• implementation of the verification environment (2 weeks or

more).

• Pros:• reuse of verification vectors (if functional verification is a

part of the pre-silicon phase of the design cycle),• fast generation of vectors (in seconds).

Input Stimuli Generation Marcela Šimková

Experimental design

17Median Workshop Marcela Šimková

1. Experiment

18Median Workshop Marcela Šimková

2. Experiment

19Median Workshop Marcela Šimková

3. Experiment

20Median Workshop Marcela Šimková

4. Experiment

21

• Combination of vectors from functional verification and ATPG.

• Achieved fault coverage: 96.20%

Median Workshop Marcela Šimková

Evaluation of Results

22Median Workshop Marcela Šimková

• As for ALU, vectors originated in functional verification were effective enough for detection of stuck-at faults.

• Combination with ATPG vectors even more effective.

• Future ideas:• Bigger designs (the robot controller)?• Randomness of vectors?• An optimized set of vectors from functional verification?

Future work

• Direct interconnection of the evaluation platform with the functional verification environment.

→ Verification of fault-tolerant designs !

• How?

Input Stimuli Generation Marcela Šimková

23

HAVEN

• Framework for hardware acceleration of functional verification on FPGA (for arbitrary synchronous units).

• Allows acceleration by moving some (or all) components from software to hardware verification environment.

• Runs at the frequency limited only by the FPGA (~ 100 MHz).

• High level of abstraction, easy to adapt/extend.

• For an FPGA system, verifies directlythe system, not only a model.

• Freely available and open source.

24Dagstuhl Seminar: Verifying Reliability Marcela Šimková

Zápatí pro všechny stránky (ne první a poslední) 25

Questions?