OverView

Fault injection is the deliberate insertion of artificial faults into an embedded system in order to gain an understanding on the effects of real faults and provide feedback for system correction or enhancement.

Injecting faults has twin objectives: system validation and system evaluation. In the first case, the goal is to test the fault-tolerance mechanisms and verify their correctness when handling the faults they were designed to deal with. In the second case, the objective is to estimate the system's performance in the presence of faults, e.g. in terms of its downtime per year, reliability for a specific mission, or the performance degradation due to fault handling.

There are several techniques available to inject faults. Heavy ion bombarding, laser beams, and Pin-Level Forcing Techniques (PLFT) can insert real hardware faults on a system. Other techniques such as Software-Imple

mented Fault Injection (SWIFI) and Scan Chain Implemented Fault Injected (SCIFI) rely on debugging and testing resources of modern chips to emulate faults through the manipulation of the system state, e.g., flipping a bit on a register or corrupting the result of a floating point calculation. Mutation is yet another methodology - here, source code is instrumented to reflect programming mistakes, i.e., bugs.

The Xception for ERC32 can realize the Pin level Forcing Techniques (PLFT) and the Scan Chain Implemented Fault Injected (SCIFI)

SCIFI: SCAN CHAIN IMPLEMENTED FAULT INJECTION

Scan chain implemented fault injection is based on the Boundary-scan (BSCAN) hardware specification adopted in the early nineties by IEEE to design the emulator for ERC32 CPU.
In the Xception extended implementation, BSCAN module receives the fault parameters from the host and controls/monitors the target through BSCAN chain (a serial standard channel

through the ICs board).
The fault definition module sets up the breakpoint condition and defines the fault model (type, location and duration). The workload begins its execution and it is left running, being halted only when it reaches the breakpoint. Fault injection takes place by reading the contents of all the scan-chains, inverting the bits stated in the configuration data and writing back the fault injected scan-chains to the target. The workload is resumed and the experiment follows the general proceedings.

PLFT: PIN-LEVEL FORCING FAULT INJECTION

The forcing technique is performed by the pin-level module, which uses fault actuators (forcing probes) to insert stuck-at faults on target system locations.
At the fault definition interface, it is possible to define which probes

will be actuated and the type of fault to be performed: stuck-at-0 or stuck-at-1. Upon receiving the fault parameters from the host, the pin-level module actuates the probes.
The fault actuators are independent from the pin-level module. Choosing the best actuators to use on each system is dependent on the target specific characteristics. These actuators are available at 5V and 3,3V, raging from high-speed actuators (transistors based) to electro-mechanical relays.
The major advantages of this technique are the ability to insert faults where none of the other methods are able to access and to inject realistic permanent faults (none of the other methods are able to emulate these faults).

TRACE MODULE

•  Trace Module can trace 32bits address bus, 32 bits data bus, also include the check bits.

•  Trace Module also trace another 80 bits from the CPU, such are Interrupt, Chip-select, CPU running status and control bits.

•  Additional external 8 bits port and 24 bits time-stamp are traced.

•  The Trace Buffer is 128K deep.

•  Trigger-In and Trigger-Out are supported

•  Software & Hardware qualify function is used to filter the data

•  Powerful trigger can be used to stop Trace or stop the CPU, the trigger can be A/D bus or some check bits error

•  VME connectors are used to connect the trace bits