Automatic Insertion of Fault-Tolerant Structures at the RT Level

5 downloads 0 Views 49KB Size Report
Automatic Insertion of Fault-Tolerant Structures at the RT Level. Luis Entrena, Celia López, Emilio Olías. Electronic Technology Area. Universidad Carlos III de ...
Automatic Insertion of Fault-Tolerant Structures at the RT Level Luis Entrena, Celia López, Emilio Olías Electronic Technology Area. Universidad Carlos III de Madrid Avda. de la Universidad, 30. 28911 Leganés (Madrid) Spain {entrena, celia, olias}@ing.uc3m.es Abstract Historically, there has been a lack of CAD tools for the design of on-line testable circuits. As a consequence, the design of on-line testable circuits is currently being made manually to a large extent. In this paper we propose a new tool for the automatic insertion of faulttolerant structures in an HDL synthesizable description of the design. With this tool, a fault-tolerant version of the design can be automatically produced according to the user specifications. The resulting fault-tolerant design is also described in an HDL and can be simulated and synthesized with commercial tools. Examples are shown to demonstrate the capabilities of this approach.

1. Introduction Traditionally, on-line testing techniques have been restricted to few application domains. The area and performance penalties introduced by on-line testing were only accepted in order to meet high reliability requirements in safety critical applications. The relatively small number of such applications did not make attractive for CAD vendors the development of tools specific to the design of on-line testable circuits [1]. As a matter of fact, on-line testable circuits are being designed manually to a large extent. This requires large design efforts that affect negatively design productivity and time-to-market. The design of an on-line testable circuit is usually accomplished by introducing fault-tolerant structures in a previously designed circuit. Within the current HDLbased methodologies, the insertion of fault-tolerant structures is usually performed by manually modifying the HDL code. There are several reasons why designers usually prefer performing fault-tolerant modifications at the RT level. First of all, this is a natural choice, because most designers work mainly at this level. This choice also allows the use of behavioral simulation, in order to validate the fault-tolerant design. On the other hand, the application of many fault-tolerant techniques require a synthesis step, that cannot be accomplished by simply substituting some logic cells by their testable equivalents (as in the case of structured DFT techniques) except for some trivial cases [2]. With a clever use of commercial This work has been partially supported by the European Commission under contract IST-1999-11762 (AMATISTA)

synthesis tools, many fault-tolerant structures can be correctly synthesized, thus saving design time. In this paper we propose an approach for automatic insertion of fault-tolerant structures in synthesizable VHDL descriptions at the RT level. This approach provides an automatic way to substitute current manual practices in the application of hardware redundancy and information redundancy techniques in fault-tolerant designs. This allows to increase the design productivity and to reduce the chance of errors. The resulting faulttolerant design is also obtained in the form of a VHDL synthesizable description which can be further simulated and synthesized with commercial tools. The proposed techniques are being developed in project AMATISTA along with a fault injection and simulation tool. This tool allows to evaluate the level of fault-tolerance achieved in the design. Throughout the iteration with the insertion of fault-tolerant structures and the evaluation of the fault-tolerance achieved, early exploration of the design space is largely enabled.

2. Automatic modification of HDL code The general objective of the tool we propose in this work consists in taking an existing design and modify it, according to user specifications, to produce a faulttolerant design. To this purpose we adopt the scheme shown in Fig. 1. In this scheme, the initial HDL design is first analyzed and elaborated for synthesis. Elaboration for synthesis creates a design after the analysis replacing the HDL operators and constructs with synthetic operators. Throughout a user interface, fault-tolerance techniques can be applied at selected points in the design in a step by step fashion. At each step, a transformation is specified by selecting a target (a piece of hardware and its associated code) and a technique to be applied on the target. The descriptions of components needed for the various fault-tolerance techniques to be applied are available in a component library named FT-library. Examples of these components are encoders, majority voters, comparators, etc. Self-checking designs of particular modules (e.g., typical data path components [3]) are also included. These components are inserted in the design as required for the fault-tolerance techniques to be applied. The final fault-tolerant design obtained can then be downloaded to a new VHDL file which will be

the input for simulation or synthesis with other tools. In most synthesis environments, intermediate results are stored in internal design databases and cannot be downloaded in standard formats. However, note that in the proposed environment, fault-tolerance transformations are modeled as a presynthesis step. By keeping backtrack information between the analyzed and elaborated models of the design, it is possible to revert the modifications to HDL code and download a modified HDL version of the fault-tolerant design. This option allows to perform behavioral simulation and synthesis of the modified design with commercial tools. The Fault-Tolerance Insertion tool (FTI) is being developed using the source code analyzer Tauri [4]. This tool provides an open analysis and elaboration database for VHDL and Verilog designs. In the sequel, we will use VHDL for the examples. However, note that the proposed techniques can be easily extended to Verilog. User interface FT insertion tool

Fault Tolerance Insertion Procedures

VHDL output file

VHDL input file

WORK

FT Library

To other tools

Fig. 1. Scheme of the Fault-Tolerant Insertion tool

3. Automatic insertion of hardware redundancy Hardware redundancy techniques achieve fault tolerance by replicating hardware components of the circuit. The outputs of the replicated components are then resolved to produce a single output, which may be coded to cover for possible faults in the output resolution logic. The type and characteristics of the resolution function depends on the particular hardware redundancy technique used (e.g., a majority voter for TMR). Note that the terms “resolved” and “resolution function” should not be confounded with the usual VHDL terminology. The output resolution function is not implemented as a VHDL resolution function. From the previous definitions, any transformation based on a hardware redundancy technique is determined by three main aspects: (1) the replication target, which is defined as the piece of hardware that is to be replicated; (2) the particular hardware redundancy technique to be applied, which mainly defines the output resolution function; (3) the error recovery actions which are required to recover from a detected error. The user can select at RT level those parts of the circuit that must become fault -tolerant in terms of VHDL

objects (signals, variables and ports), statements and a desired portion of the input cone that is automatically identified. The associated hardware is then modified in the elaborated model, which provides a RT-level view of the design. Identifying the input cone of a signal can be easily performed in the elaborated model by tracing back the signal up to the primary inputs. A typical case in RTL consists in selecting the input cone of the signal up to the preceding registered signals. This case can be recursively extended to larger portions of the input cone. Automatic replication of the target consists in identifying the target, by marking the nodes in the selected portion of the input cone of the signal, and inserting copies of the marked nodes (the replicas) in the elaborated model, along with the new object declarations associated to the replicated nodes. The VHDL code corresponding to the replicas is then generated by tracing back to the analyzed model. This code needs to be modified in order to cover some hardware structures that are not described explicitly in VHDL, such as default assignments to registers. In this case, auxiliary variables are inserted to model explicitly the required behavior. The output resolution function must be inserted in order to obtain a single, fault-tolerant output from the outputs of the replicated components. For active hardware techniques, such as DWC, the resolution function also provides an error signal which is activated in case of error. The resolution function is inserted by means of a call to a function or procedure included in the FT-library. Example. We will illustrate the replication approach by showing the result of applying it to the example shown in Code 1. The duplicated signals are labeled with the suffix “_FT0” and “_FT1”. A resolution function is applied afterwards to determine the value of the target signal p. In this example, the resolution function corresponds to DWC technique and is modeled by a VHDL procedure that outputs the p value and an error signal. The resulting VHDL code is shown in Code 2. The modifications are shown in bold.

4. Automatic insertion of information redundancy The result of adding information redundancy is that a portion of dataflow works with encoded data. Therefore, a set of operations must be provided in order to encode or decode data for a selected portion of dataflow as well as to modify buses and operators for the required data code. The encoding of a portion of dataflow can be obtained through a composition of the following basic automatic operations: (1) insert an encoder/decoder/checker at a selected point; (2) substitute an existing operator by the equivalent operator that operates on coded data; (3) Extend the size of selected data to accommodate the extra bits required by the redundant code used.

process(clk, reset) begin if reset = ‘0’ then p