The Second International Conference on Secure System Integration and Reliability Improvement
System-Bus Fault Injection Framework in SystemC Design Platform Kun-Chun Chang, Yi-Chinag Wang, Chung-Hsien Hsu, Kuen-Long Leu and Yung-Yuan Chen Department of Computer Science and Information Engineering Chung-Hua University, Hsin-Chu, Taiwan
[email protected] works. As we know, the system bus, such as AMBA AHB, provides an integrated platform for IP-based SoC. Apparently, the robustness of system bus plays an important role in the SoC reliability. So, performing the system-bus FMEA is imperative to validate the reliability of SoC. In this work, we propose an effective system-bus simulation-based fault injection framework in SystemC design platform at the abstraction level of timed functional transaction-level modeling with hierarchical channel to assist the reliability assessment.
Abstract As system-on-chip (SoC) becomes prevalent in the intelligent system applications, the reliability issue of SoC is getting more attention in the design industry while the SoC fabrication enters the very deep submicron technology. In this study, we present a new approach of system-bus fault injection in SystemC design platform, which can be used to assist us in performing the FMEA procedure during the SoC design phase. We demonstrate the feasibility of the proposed fault injection mechanism with an experimental ARM-based system.
2. Fault Injection Framework in SystemC
1. Introduction
To be specific, we exploit a popular hierarchical channel: AMBA AHB to demonstrate our fault injection approach. The principal idea of our method is based on the insertion of a fault injection module (FIM) into the interconnection between ‘Master’ and ‘AHB’ as shown in Figure 1, where the FIM is to control the fault injection activity for the selected Master and AHB. Since AHB allows multiple Masters, we need to build up a FIM for each Master as shown in Figure 1. The FIM is responsible for the fault injection activity including when to inject a fault, the fault target, what the fault value and its duration. The FIM contains an injection fault list, which depicts the injection activity for each fault. The core of the FIM design is how to decide when to activate a fault injection. We adopt a distributed injection control approach instead of using one centralized control unit, like method presented in [2, 3], to control the injection activity. The framework of system bus fault injection is described below:
As SoC becomes more and more complicated, the SoC could encounter the reliability problem due to the increased likelihood of faults or radiation-induced soft errors especially when the chip fabrication enters the very deep submicron technology [1]. Thus, it is essential to perform the FMEA procedure to locate the weaknesses of the system and provide the practical fault-tolerant strategies to improve the reliability. However, due to the high complexity of the SoC, the incorporation of the FMEA procedure and fault-tolerant demand into the SoC will further raise the design complexity. Therefore, we need to adopt the behavioral level or higher level of abstraction to describe/model the SoC, such as using SystemC, to tackle the complexity of the SoC design and verification. An important issue in the design of SoC is how to validate the system reliability as early in the development phase to reduce the re-design cost. As a result, a system-level dependability verification platform is required to facilitate the designers in assessing the dependability of a system with an efficient manner. Normally, the fault injection approach is employed to verify the robustness of the systems. Most of the previous fault injection studies focus on the VHDL design platform, whereas only a few works [2-4] address the fault injection issue in SystemC design platform. In our previous paper [4], we proposed a fault injection methodology for cycle-accurate register-transfer level (RTL) and compared the results of injection campaigns with the outcomes derived from the VHDL RTL. In [2, 3], the authors proposed a fault injection framework that is applicable to functional level and transaction layer 1 in SystemC. However, the issue of system-bus fault injection is not addressed in previous
978-0-7695-3266-0/08 $25.00 © 2008 IEEE DOI 10.1109/SSIRI.2008.11
Figure 1. System bus fault injection structure. Framework: The event-driven method is utilized to trigger the FIM to inject the faults into the system bus during the data transactions. An event is used to represent a particular condition that decides the time of fault occurrence. We employ two types of events to control the triggering of the fault injection. Type 1 is the number
211
of transactions conducted by a specific Master. Type 1 of events is to count the bus transactions and the FIM is triggered to inject a fault into the system bus when the transactions reach to a specific number. This type of events can be used to do the FMEA of bus transactions without distinguishing the mode of single or burst data transaction. Type 2 is the combination of bus protocols to form the desired events. For AMBA AHB, an event, like a particular number of burst transaction/split transaction occurring or a particular number of burst transaction plus the busy status happening during this burst transaction, can be created to determine the time of fault injection during the simulation. This class of events can be utilized to perform the FMEA of a particular transaction mode. This analysis is able to discover the effect of the faults occurring during a particular transaction mode on the system reliability. Therefore, we can exploit the second type of events to further explore the FMEA of the system bus. In summary, the function of a FIM contains three parts: bus monitor, event check and fault injection. For the current bus Master, the operation of its FIM is first to monitor the bus and collect the bus transaction information; then, check whether the declared event occurs; if yes, the fault is injected into the bus.
3.2 Type 2 Event-Driven Fault Injection Figure 4 exhibits the fault injection results based on the Type 2 event-driven method, where the left part and right part are fault-free and faulty results, respectively. We set the FIM to inject a fault into the data bus when the second burst transaction occurs and the transfer mode (HTRANS) is ‘sequence’. From Figure 4, the length of second burst transaction is four. So, the FIM injects a fault into the data bus at second, third and fourth transaction of the second burst transaction. It is evident that the fault duration is three transactions long.
3. Fault Injection Demonstration Figure 3. Type 1 event-driven fault injection results.
The following experimental studies were performed to validate the feasibility of our fault injection framework proposed in Section 2. Figure 2 shows an ARM-based system used in fault injection experiments. We use the AMBA bus library [5] provided by CoWare Platform Architect to implement the system as illustrated in Figure 2. The benchmark program developed for this injection study is 10 × 10 matrix multiplication. The fault target is data bus.
Figure 4. Type 2 event-driven fault injection results. Acknowledgement. Authors acknowledge the support of the National Science Council, R.O.C., under Contract No. NSC 95 – 2221 – E – 216 – 015, NSC 96 – 2221 – E – 216 – 006.
References: [1] C. Constantinescu, “Impact of Deep Submicron Technology on Dependability of VLSI Circuits,” IEEE Dependable Systems and Networks, pp. 205-209, 2002. [2] K. Rothbart et al., “High Level Fault Injection for Attack Simulation in Smart Cards,” 13th Asian Test Symposium, pp. 118-121, Nov. 2004. [3] K. Rothbart et al., “A Smart Card Test Environment Using Multi-Level Fault Injection in SystemC”, 6th IEEE Latin-American Test Workshop, pp. 103-108, 2005. [4] K. L. Leu, Y. Y. Chen, and J. E. Chen, “A Comparison of Fault Injection Experiments under Different Verification Environments”, IEEE 4th ICITA, pp. 582-587, Jan. 2007. [5] CoWare Model Library, “AMBA Bus Library,” Product Version V2006.1.2.
Figure 2. The experimental ARM-based system.
3.1 Type 1 Event-Driven Fault Injection Figure 3 illustrates the fault injection results based on the Type 1 event-driven method, where the left part and right part are fault-free and faulty results, respectively. We set the FIM to inject a fault into the data bus when the numbers of transactions reach to 781, 784 and 788 respectively. The fault duration is one transaction long. The results of Figure 3 justify our approach.
212
