|
|
|
|
Index:Home
>
Solution >
ERC32 Solution >ERC32 Xception |
| |
 |
|
|
OverView
Fault injection is
the deliberate insertion of artificial faults
into an embedded system in order to gain an understanding
on the effects of real faults and provide feedback
for system correction or enhancement.
Injecting faults
has twin objectives: system validation and system
evaluation. In the first case, the goal is to
test the fault-tolerance mechanisms and verify
their correctness when handling the faults they
were designed to deal with. In the second case,
the objective is to estimate the system's performance
in the presence of faults, e.g. in terms of its
downtime per year, reliability for a specific
mission, or the performance degradation due to
fault handling.
There are several
techniques available to inject faults. Heavy ion
bombarding, laser beams, and Pin-Level Forcing
Techniques (PLFT) can insert real hardware faults
on a system. Other techniques such as Software-Imple
mented Fault Injection
(SWIFI) and Scan Chain Implemented Fault Injected
(SCIFI) rely on debugging and testing resources
of modern chips to emulate faults through the
manipulation of the system state, e.g., flipping
a bit on a register or corrupting the result of
a floating point calculation. Mutation is yet
another methodology - here, source code is instrumented
to reflect programming mistakes, i.e., bugs.
The
Xception for ERC32
can realize the Pin level Forcing Techniques (PLFT)
and the Scan Chain Implemented Fault Injected
(SCIFI)
SCIFI:
SCAN CHAIN IMPLEMENTED FAULT INJECTION
Scan chain implemented
fault injection is based on the Boundary-scan
(BSCAN) hardware specification adopted in the
early nineties by IEEE to design the emulator
for ERC32 CPU.
In the Xception extended implementation, BSCAN
module receives the fault parameters from the
host and controls/monitors the target through
BSCAN chain (a serial standard channel
through the ICs board).
The fault definition module sets up the breakpoint
condition and defines the fault model (type, location
and duration). The workload begins its execution
and it is left running, being halted only when
it reaches the breakpoint. Fault injection takes
place by reading the contents of all the scan-chains,
inverting the bits stated in the configuration
data and writing back the fault injected scan-chains
to the target. The workload is resumed and the
experiment follows the general proceedings.
PLFT:
PIN-LEVEL FORCING FAULT INJECTION
The forcing technique
is performed by the pin-level module, which uses
fault actuators (forcing probes) to insert stuck-at
faults on target system locations.
At the fault definition interface, it is possible
to define which probes
will be actuated
and the type of fault to be performed: stuck-at-0
or stuck-at-1. Upon receiving the fault parameters
from the host, the pin-level module actuates the
probes.
The fault actuators are independent from
the pin-level module. Choosing the best actuators
to use on each system is dependent on the target
specific characteristics. These actuators are
available at 5V and 3,3V, raging from high-speed
actuators (transistors based) to electro-mechanical
relays.
The major advantages of this technique are the
ability to insert faults where none of the other
methods are able to access and to inject realistic
permanent faults (none of the other methods are
able to emulate these faults).
CPU
Address match the trigger settings
CPU
Data bus match the trigger settings
The
Fault can be Injected with absolute time
The
Fault can be Injected with CPU cycles
CPU
Address match the trigger settings
CPU
Data bus match the trigger settings
The
Fault can be Injected with absolute time
The
Fault can be Injected with CPU cycles
Trace Module can trace 32bits address
bus, 32 bits data bus, also include the check
bits.
Trace Module also trace another
80 bits from the CPU, such are Interrupt, Chip-select,
CPU running status and control bits.
Additional external 8 bits port
and 24 bits time-stamp are traced.
The Trace Buffer is 128K deep.
Trigger-In and Trigger-Out are supported
Software & Hardware qualify
function is used to filter the data
Powerful trigger can be used to
stop Trace or stop the CPU, the trigger can be
A/D bus or some check bits error
VME connectors are used to connect
the trace bits
|
|
|
|
