emulation of seu effect in bitstream of fpga
Post on 01-Jan-2016
25 Views
Preview:
DESCRIPTION
TRANSCRIPT
Emulation of SEU Effect In Emulation of SEU Effect In Bitstream of FPGABitstream of FPGA
Jiří Kvasnička,Jiří Kvasnička, Hana Kub Hana Kubátováátová
Introduction to SEUIntroduction to SEUFPGA devices are widely used IC in many target FPGA devices are widely used IC in many target applicationapplicationSEU (Single Event Upset) is an undesirable effect SEU (Single Event Upset) is an undesirable effect caused by caused by charged particlecharged particle, that can modify the design , that can modify the design by reversing 1 bit in configuration memoryby reversing 1 bit in configuration memory
SEUSEU represents a problem: represents a problem:– For For SRAMSRAM memory (configuration memory, registers, distributed memory (configuration memory, registers, distributed
RAM)RAM)– especially in radiation especially in radiation hostile environmentshostile environments (airplanes, satellites) (airplanes, satellites)
and nuclear facilities (nuclear plants, colliders) and nuclear facilities (nuclear plants, colliders) – even in devices operating at even in devices operating at sea level sea level (290FIT/Mb @ Xilinx (290FIT/Mb @ Xilinx
Rosetta experiment; FIT = failure per 10Rosetta experiment; FIT = failure per 1099hours)hours)
Dependability of a system built on SRAM based FPGAs Dependability of a system built on SRAM based FPGAs depends on a depends on a mapped, placed and routedmapped, placed and routed designdesign
[Aerospace corp.]
How to estimate FPGA design How to estimate FPGA design reliability?reliability?
IrradiationIrradiation by a particle beam by a particle beam– most exact resultsmost exact results– expensive, labor-intensiveexpensive, labor-intensive– results from results from mapped and routedmapped and routed
design loaded in FPGAdesign loaded in FPGA
Software simulationSoftware simulation– is possible only with FPGA layout knowledge (therefore is is possible only with FPGA layout knowledge (therefore is
limited only to manufacturers):limited only to manufacturers):– without FPGA layout knowledge: limited to RTL levelwithout FPGA layout knowledge: limited to RTL level
Emulation in hardwareEmulation in hardware– SEU is emulated by a bit-flip in bitstreamSEU is emulated by a bit-flip in bitstream– results from results from mapped and routedmapped and routed design loaded in FPGA design loaded in FPGA– FPGA layout knowledge helps in results interpretationFPGA layout knowledge helps in results interpretation
[Aerospace corp.]
FPGA structure classificationFPGA structure classification
Bits of FPSLIC bitstream can be classified into following groups, according to a function of bits:
Cell interconnection 33.6%
Bus repeater 25.4%
LUT 12.5%unexplored 8.5%
Cell to bus connection 7.8%
Bus crossing 7.8%
I/O pad 4.2%
Other 0.3%
– LUT– Cell interconnection– Cell to BUS connection– BUS crossing– BUS repeater– Unexplored (includes: clock,
reset, distributed RAM) – I/O (untested)– “Other” (glue bitstream bits
without function)
FPGA Fault classificationFPGA Fault classification
Each bit can be classified by its fault modelEach bit can be classified by its fault modelCategories are designed exclusively to FPSLICCategories are designed exclusively to FPSLICAssociation with fault model depends on the mapped designAssociation with fault model depends on the mapped design3 main groups:3 main groups:– UsedUsed (bits related to the design) (bits related to the design)– UnusedUnused (outside the design) (outside the design)– Unknown (unexplored)Unknown (unexplored) (not decided weather Used/Unused, due to (not decided weather Used/Unused, due to
limited bitstream knowledge)limited bitstream knowledge)
Bit from bitstream
Used Unused
ConflictOpen Unpredictable
Unknown
Alternate Antenna
F-F‘0’-F No static functional influence
– Measured group
Faults in FPGA (1/3)Faults in FPGA (1/3)
UnusedUnused– ““don’t care” bitsdon’t care” bits– Bits in this group do not lay in the design areaBits in this group do not lay in the design area– Can not affect the designCan not affect the design
AntennaAntenna– An unused wire is connected to the data-pathAn unused wire is connected to the data-path– Has no static influence on the designHas no static influence on the design– extra load capacitance extra load capacitance delays can worse delays can worse
Faults in FPGA (2/3)Faults in FPGA (2/3)
AlternateAlternate– These bits alternate the design These bits alternate the design – No conflict is caused by alternateNo conflict is caused by alternate
OpenOpen– these bits cause data-path to breakthese bits cause data-path to break
Faults in FPGA (3/3)Faults in FPGA (3/3)
ConflictConflict– Occurs when 2 driven wires are connected Occurs when 2 driven wires are connected – ““0-F” between constant 0 and any function0-F” between constant 0 and any function– ““F-F” between 2 functionF-F” between 2 function
UnpredictableUnpredictable– special case of open, where the default logical value special case of open, where the default logical value
“1” is substituted with “Z”“1” is substituted with “Z”
Emulation of FPGA faultsEmulation of FPGA faults
AT94K40AL FPSLIC (FPGA+AVR)AT94K40AL FPSLIC (FPGA+AVR)SEU is emulated by a reconfiguration of 1 bit of configuration memorySEU is emulated by a reconfiguration of 1 bit of configuration memory2 copies of benchmark present: “2 copies of benchmark present: “testedtested” and “” and “goldengolden” reference copy” reference copyVR controls the testing and reconfigurationVR controls the testing and reconfigurationBitstream analysis and set of bits selection are performed in PC.Bitstream analysis and set of bits selection are performed in PC.
FPGA
Tested benchmark
Test generator
Comp
checker
Faultclass logic
AVR
star
t
finis
h
reconfiguration
Ref. benchmark
clas
s
SRAM
Commands Results
Summary: Obtaining reliability of Summary: Obtaining reliability of the designthe design
Step 1Step 1: synthesize, place and route the design: synthesize, place and route the design– More exact result from mapped designMore exact result from mapped design
Step 2Step 2: analyze each bit of the bitstream: analyze each bit of the bitstream– Separate bits, that do not harm the designSeparate bits, that do not harm the design– Rough estimationRough estimation– Analysis significantly reduces set of tested bitsAnalysis significantly reduces set of tested bits
Step 3Step 3: test all possible vulnerable bits (short, : test all possible vulnerable bits (short, open, conflicts, alternates…)open, conflicts, alternates…)
Results follow on next slides…Results follow on next slides…
0
10000
20000
30000
40000
50000
Bits
of b
itstr
ea
m [b
it]
FPGA structure area
S1488 benchmark selected bits
Destroying bitsSelected non-destroying bits
All remaining bits
0
10000
20000
30000
40000
50000
Bits
of b
itstr
ea
m [b
it]
FPGA structure area
5xp1 benchmark selected bits
Destroying bitsSelected non-destroying bits
All remaining bits
0
500
1000
1500
2000
Cell_interconnection
Bus_repeater
LUT unexploredCell_to_bus
Bus_crossing
forbidden
Bits
of b
itstr
ea
m [b
it]
FPGA structure area
5xp1 benchmark selected bits
Destroying bitsSelected non-destroying bits
All remaining bitsZoom 25X:
0
5000
10000
15000
20000
25000
UnusedAntenna
UnexploredConflict FF
AlternateOpen Conflict 0F
Unpredictable
Bits
of b
itstr
eam
[bit]
FPGA faults
s1488 fault categories
ModifyingNot modifying
Don't care
0
10000
20000
30000
40000
50000
60000
70000
UnusedAntenna
UnexploredConflict FF
AlternateOpen Conflict 0F
Unpredictable
Bits
of b
itstr
eam
[bit]
FPGA faults
s1488 fault categories
ModifyingNot modifying
Don't care
0
20000
40000
60000
80000
100000
120000
UnusedAntenna
UnexploredConflict FF
AlternateOpen Conflict 0F
Unpredictable
Bits
of b
itstr
eam
[bit]
FPGA faults
5xp1 fault categories
ModifyingNot modifying
Don't care
0
200
400
600
800
1000
1200
UnusedAntenna
UnexploredConflict FF
AlternateOpen Conflict 0F
UnpredictableB
its o
f bits
trea
m [b
it]
FPGA faults
5xp1 fault categories
ModifyingNot modifying
Don't care
Zoom 100X:
ConclusionsConclusions
+ Well-proven design flow for benchmark testing+ Well-proven design flow for benchmark testing
+ Bitstream test coverage 95.5%+ Bitstream test coverage 95.5%
+ Fast selection and separation of vulnerable bits + Fast selection and separation of vulnerable bits (at (at O(n)O(n) time complexity) time complexity)
±± Results are affected by place and route process Results are affected by place and route process
– – FPGA structure and bitstream knowledge is FPGA structure and bitstream knowledge is required for correct area and fault classification required for correct area and fault classification and for exact vulnerable bit selectionand for exact vulnerable bit selection
– – Advantage of testing speedup (with comparison Advantage of testing speedup (with comparison with software simulation) is degraded by time with software simulation) is degraded by time needed for Place&route and programmingneeded for Place&route and programming
Thank you for your attentionThank you for your attention
Question slidesQuestion slides
1 0 1 0 1 1 0 0
0 0 0 1 0 0 0 0Å
=1 0 1 1 1 1 0 0
Z X Y D
1 0 1 0 1 1 0 0
Fault injectionFault injection
MD4 bitstream format is usedMD4 bitstream format is used
It consist of 4 byte register:It consist of 4 byte register:– Z value represents a “layer”, which selects a type of FPGA resourceZ value represents a “layer”, which selects a type of FPGA resource
– X and Y values are related to location of selected resourceX and Y values are related to location of selected resource
– D contains up to 8 bits of bitstreamD contains up to 8 bits of bitstream
A new configuration byte is created by changing bit in a A new configuration byte is created by changing bit in a configuration byteconfiguration byte
Bitstream analysis and visualizationBitstream analysis and visualization
s1488 benchmark shown on example figuress1488 benchmark shown on example figuresAll bits from the left half of the FPSLIC device are All bits from the left half of the FPSLIC device are selectedselectedAnalysis is based on wire driving state observation and Analysis is based on wire driving state observation and possible fault determinationpossible fault determination
Detailed fault effect classificationDetailed fault effect classification
A: A: Hidden faultHidden fault ( (The result is always OKThe result is always OK))B: B: Detected faultDetected fault ( (wrong result always detected by CEDwrong result always detected by CED))C: C: Undetected faultUndetected fault ( (result is wrong, but never detected result is wrong, but never detected by CED)by CED)D: D: Temporarily detected fault Temporarily detected fault ( (The wrong result is The wrong result is sometimes detected by CED and sometimes is notsometimes detected by CED and sometimes is not))Possibility of further Possibility of further Fault securityFault security (A(A or or B)B), , Self TestingSelf Testing (B(B or or D)D) and and Totally Self-checkingTotally Self-checking (B)(B) parameters computation parameters computation
Benchmark Checker
Compa-rator
V
U
e (fault)
x
F(x)
Fe(x)
Detectable fault count
Undetectable fault count
ABCD
Codeword
Same vectors
n
m+p
m+pParity predictor
S1488 with single-parityS1488 with single-parity
0
2000
4000
6000
8000
10000
12000
14000
16000
UnusedAntenna
UnexploredConflict FF
AlternateOpen Conflict 0F
Unpredictable
Bits
of b
itstr
eam
FPGA fault types
Fault distribution in bitstream and corresponding vulnerable bits of design
DetectedUndetected
Partially detectedHidden
0
10000
20000
30000
40000
50000
60000
70000
UnusedAntenna
UnexploredConflict FF
AlternateOpen Conflict 0F
Unpredictable
Bits
of b
itstr
eam
FPGA fault types
Fault distribution in bitstream and corresponding vulnerable bits of design
DetectedUndetected
Partially detectedHidden
Testing areaTesting area
5xp1 s14885xp1 s1488
FPGA structure – s1488 areasFPGA structure – s1488 areas
0
10000
20000
30000
40000
50000
60000
70000
80000
90000
100000
Cell_interconnection
Bus_repeater
LUT unexplored
Cell_to_bus
Bus_crossing
I/O_padOther
Bits
of b
itstr
eam
Areas in FPGA
Area distribution in bitstream and corresponding vulnerable bits of design
ModifyingNot modifying
FPGA structure – areasFPGA structure – areas
Cell interconnection 35.0%
Bus repeater 37.4%
LUT 14.6%
Unexplored 1.5%
Cell to bus connection 8.3%
Bus crossing 3.2%
All bits
Vulnerable bits of s1488 benchmark
Cell interconnection 33.6%Bus repeater 25.4%
LUT 12.5%
unexplored 8.5%
Cell to bus connection 7.8%
Bus crossing 7.8%
I/O pad 4.2%
Other 0.3%
FPGA faultsFPGA faults
0
2000
4000
6000
8000
10000
12000
14000
16000
UnusedAntenna
UnexploredConflict FF
AlternateOpen Conflict 0F
Unpredictable
Bits
of b
itstr
eam
FPGA fault types
Fault distribution in bitstream and corresponding vulnerable bits of design
ModifyingNot modifying
0
10000
20000
30000
40000
50000
60000
70000
UnusedAntenna
UnexploredConflict FF
AlternateOpen Conflict 0F
Unpredictable
Bits
of b
itstr
eam
FPGA fault types
Fault distribution in bitstream and corresponding vulnerable bits of design
ModifyingNot modifying
How to estimate reliability?How to estimate reliability?Irradiation by a beam of particlesIrradiation by a beam of particles– most exact resultsmost exact results– expensive, labor-intensiveexpensive, labor-intensive– results from results from mapped and routedmapped and routed
design loaded in FPGAdesign loaded in FPGA
Software simulationSoftware simulation– is possible only with FPGA layout knowledge is possible only with FPGA layout knowledge
(therefore is limited only to manufacturers):(therefore is limited only to manufacturers):– without FPGA layout knowledge: limited to without FPGA layout knowledge: limited to
RTL levelRTL level
EmulationEmulation– SEU is emulated by a bit-flip in bitstreamSEU is emulated by a bit-flip in bitstream– results from results from mapped and routedmapped and routed design loaded design loaded
in FPGAin FPGA
[Aerospace corp.]
[Aerospace corp.]
FPGA FPGA Emulator key featuresEmulator key features
Observe the SEU resistance of the design Observe the SEU resistance of the design mappedmapped in FPGA (with regard to the bitstream in FPGA (with regard to the bitstream utilization)utilization)
The SEU is The SEU is emulatedemulated by 1-bit change in the by 1-bit change in the bitstreambitstream
Evaluation of Fault Security (FS), Self Testing Evaluation of Fault Security (FS), Self Testing (ST) and Totally Self-Checking (TSC) properties(ST) and Totally Self-Checking (TSC) properties
Evaluation of dependability parameters for Evaluation of dependability parameters for practical applicationpractical application
top related