Transcript Synthesis of Self-Checking Microcontrollers by Field Programmable Devices

Reliable Design Research Laboratory
Synthesis of Self-Checking
Microcontrollers by Field
Programmable Devices
This research was supported by BSF under grant
No. 9800154
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
1
Reliable Design Research Laboratory
Outlines
Definitions
Sum-of-Minterms based architecture (SOMarchitecture)
Reduced m-out-of-n code
Match Detector based architecture (MD-architecture)
State Monotonic SSC
Self-healing SSC
Estimation of fault latency
Reducing the fault latency by FSM decomposition
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
2
Reliable Design Research Laboratory
Synchronous Sequential Circuit (SSC)
{
inputs x1
of SSC x N x
Z1
current
state
variables
of SSC
C
Combinational
part
of SSC
y1
{
yN y
}
Z Nz
Y1
YN y
}
output
functions
of SSC
next state
functions
of SSC
ff N y
ff1
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
3
Reliable Design Research Laboratory
Algorithmic State Machine
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
4
Reliable Design Research Laboratory
Finite State Machine
am
as
a1
a2
x1x 2
y2 , y3
1
a4
x1 x 2 x 3
y4
2
a1
x1 x 2 x 3
-
3
a3
x1
y2
4
a2
a4
1
y1 , y 4
5
a3
a1
x 4 x1
y1 , y 3
6
a3
x 4 x1
-
7
a4
x4
y1 , y 4
8
a5
x2
y5 , y6
9
a1
x2
-
10
a1
1
y1 , y 3
11
a4
a5
25 May 2016
X(a m , a s ) Y(a m , a s )
http://muse.tau.ac.il/ktl/Team_Web/
h
5
Reliable Design Research Laboratory
Faults
Stuck-@ faults
Permanent
Transient
Intermittent
Fault Latency is the length of time
between the occurrence of a fault and
the appearance of an error due to that
fault.
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
6
Reliable Design Research Laboratory
Unidirectional error detection
codes
Example of unidirectional errors
X = 1 1 0 0 1 -> X’ = 1 0 0 0 0
Y = 1 0 1 1 1 -> Y’ = 1 1 1 1 1
In any vectors only one error type appears, but
both error types may exist
Berger Code
M-out-of-n Code
Smith Code
Bose-Lin Code
Reduced m-out-of-n Code
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
7
Reliable Design Research Laboratory
Totally Self-Checking Property
A sequential circuit is self-testing if, for every
fault in a fault set, there is an input/state code
pair in the circuit such that a non-code output
is produced.
A sequential circuit is fault secure if, for every
fault from the faulty set the sequential circuit
never produces an incorrect code output for a
code input.
A sequential circuit is totally self-checking
(TSC) if it is both self-testing and fault-secure.
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
8
Reliable Design Research Laboratory
Basic Self-Checking Architecture
1, output Set of output codewords
R
0, output Set of output codewords
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
9
Reliable Design Research Laboratory
Sum-of-Minterms based
architecture (SOM-architecture)
Uses unidirectional error
detection coding of SSC
outputs
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
10
Reliable Design Research Laboratory
Reduced m-out-of-n code
Code is a systematic one
Code enables dividing the codeword into m
fields in such a way that any acceptable
codeword has exactly one bit that is equal to
one in each of the fields
The proposed reduced code allows checking
each of the fields separately and therefore
simplifies the checker
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
11
Reliable Design Research Laboratory
An Example of Reduced Coding
Information bits
Check bits
Z1
Z2
Z3
Z4
Z5
Z6
c1
c2
c3
o1
0
0
0
0
0
0
1
1
1
o2
1
0
1
1
0
0
0
0
o3
0
1
0
1
0
0
0
1
0
o4
0
0
0
1
1
1
0
0
0
o5
1
0
0
0
0
1
0
0
1
o6
0
0
0
1
0
1
1
0
0
o7
0
0
1
1
0
0
1
0
0
o8
0
0
0
0
1
0
0
1
1
o9
0
0
1
0
0
0
1
0
1
o10
0
1
0
0
0
1
0
0
1
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
m3
B1  Z1 , Z 2 , Z 5 , c1
0 B  Z , Z , c 
2
3
6
2
B3  Z 4 , c3 
12
Reliable Design Research Laboratory
Checker’s function
on every o i  ,
1,
R  F1 B1 ... F1 Bm   
0, on every unidirectional error.
Where
25 May 2016
F1  X 
“1-hot” - function
http://muse.tau.ac.il/ktl/Team_Web/
13
Reliable Design Research Laboratory
The checker scheme for our example
Z1
Z2
Z5
c1
11
LUT 1
LUT 5
31
LUT 7
11  Z1  Z 2  Z 5 c1
31  11 21  12 22
R1  31c3  Z 432
LUT 2
LUT 6
LUT 8
R1
Z4
c3
Z1
Z2
Z5
c1
12  Z 5  c1  Z 1Z 2
Z3
LUT 3
Z6
Z3
Z6
c2
25 May 2016
12
32  11 22  12 21
32
R2   32c3  Z 4  31
R2
 21
 21  Z 3  Z 6
LUT 4
 22
 22  c 2  Z 3 Z 6
http://muse.tau.ac.il/ktl/Team_Web/
14
Reliable Design Research Laboratory
Estimations the checker’s complexity
for LUT-based implementation
 m

L  2  ( NT - 1) / 2  m - 1
 i1

Number of LUTs is
where
NT
i
i
number of elements in coding subsets
and  N  N
m
i 1
Ti
Z
Bounds for complexities of checker:
( N Z  m - 2)  L  ( N Z  2m - 2)
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
15
Reliable Design Research Laboratory
Match Detector based architecture
(MD-architecture)
M
M
M
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
16
Reliable Design Research Laboratory
Truth Table of the Match Detector
r(i)
25 May 2016
S1(i) V1(i) S0(i) V0(i)
1
1
0
1
0
0
0
1
0
1
1
0
1
1
1
0
1
0
0
0
--
0
0
0
0
--
1
1
1
1
http://muse.tau.ac.il/ktl/Team_Web/
17
Reliable Design Research Laboratory
Advantages of the MD-Architecture
Low fault latency characteristic
Doesn’t require any error detecting
coding of the SSC outputs
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
18
Reliable Design Research Laboratory
Comparison of Overheads for
Various Self-Checking Architectures
N
Example
1
2
3
4
5
6
7
8
9
10
CSE
EX1
EX6
PLANET
PMA
S386
S820
S832
SAND
SSE
Average
25 May 2016
Berger
%
49.4
80.1
59.3
91.2
55.4
56.9
23.6
33.3
59.4
50
55.86
Smith
%
49.4
57.3
44.4
85.7
50
50
14
19.2
49.5
51.9
47.14
http://muse.tau.ac.il/ktl/Team_Web/
Red.(m,n)
%
48.1
14.6
29.6
40.7
41.1
41.4
9.5
13.4
41.7
51.9
33.2
MD
%
53.2
100
100
122.5
77.7
84.5
27
36.8
59.4
86.5
62.3
19
Reliable Design Research Laboratory
State Monotonic SSC
One of the way for providing TSC property of
a SSC is realization of the monotonic SSC in
state variables
State monotonic function can be presented
in the sum-of-products form, which is unate
in state variables
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
20
Reliable Design Research Laboratory
An Example of Unate Representation in State
Variables
№
1
1
0
0
-
-
-
-
1
0
0
0
1
0
0
0
1
0
1
2
1
0
1
1
-
-
-
1
0
0
0
1
0
0
0
1
0
1
3
0
-
-
-
-
-
-
1
0
0
1
0
1
0
0
0
0
1
4
1
0
1
0
-
-
-
1
0
1
0
0
0
0
0
1
1
1
5
1
1
-
-
-
-
-
1
1
0
0
0
0
0
0
0
1
0
6
1
-
-
-
-
-
1
-
0
0
1
0
1
0
1
1
0
0
7
0
1
-
-
-
-
1
-
0
1
0
0
1
0
0
0
0
1
8
0
0
-
-
-
-
1
-
1
0
0
0
0
1
0
1
0
0
9
1
-
-
-
-
1
-
-
0
1
0
0
1
0
1
1
0
0
10
0
-
1
-
-
1
-
-
1
0
0
0
1
0
0
0
0
1
11
0
-
0
-
-
1
-
-
1
0
0
0
1
0
0
0
0
1
12
1
0
-
0
1
-
-
-
0
0
0
1
0
1
0
0
0
1
13
1
0
-
1
1
-
-
-
0
0
1
0
0
0
1
1
0
0
14
0
-
-
-
1
-
-
-
0
1
0
0
0
0
1
0
0
0
15
1
1
-
-
1
-
-
-
1
0
0
0
0
0
0
0
0
0
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
21
Reliable Design Research Laboratory
Self-healing SSC
A SSC may have a self-healing property for a
given fault and a given input sequence even if it
does not have equivalent states.
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
22
Reliable Design Research Laboratory
Behavior of the circuit in presence of a
permanent fault
25 May 2016
M0
M1
M2
M3
M0
M1
M2
M3
–
–
–
–
Fault free mode
Latent mode
Silent Mode
Erroneous mode
http://muse.tau.ac.il/ktl/Team_Web/
23
Reliable Design Research Laboratory
Behavior of the circuit in presence of a
transient fault
M0 – Fault free mode
M2 – Silent Mode
M3 – Erroneous mode
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
24
Reliable Design Research Laboratory
Example of healing
Clock 1
25 May 2016
Input: 111
Initial State: 1000
N0
x1x2x3
y1y2y3y4
Y1Y2Y3Y4
Z1Z2Z3Z4Z5Z6Z7
1
0--
1---
1000
0001011
2
10-
1- - -
1000
0001011
3
11-
1- - -
1100
1001010
4
--0
-1--
0100
0011001
5
--1
-1--
0010
1001010
6
10-
--1-
0010
1001010
7
0--
--1-
0001
1100001
8
11-
--1-
0001
1100001
9
--0
---1
0001
0100110
10
--1
---1
1000
1100100
http://muse.tau.ac.il/ktl/Team_Web/
25
Reliable Design Research Laboratory
Example of healing
Clock 2
25 May 2016
Input: 111
N0
x1x2x3
y1y2y3y4
Y1Y2Y3Y4
Z1Z2Z3Z4Z5Z6Z7
1
0--
1---
1000
0001011
2
10-
1- - -
1000
0001011
3
11-
1- - -
0100
1001010
4
--0
-1--
0100
0011001
5
--1
-1--
0010
1001010
6
10-
--1-
0010
1001010
7
0--
--1-
0001
1100001
8
11-
--1-
0001
1100001
9
--0
---1
0001
0100110
10
--1
---1
1000
1100100
http://muse.tau.ac.il/ktl/Team_Web/
26
Reliable Design Research Laboratory
Example of healing
Clock 3
25 May 2016
Input: 101
N0
x1x2x3
y1y2y3y4
Y1Y2Y3Y4
Z1Z2Z3Z4Z5Z6Z7
1
0--
1---
1000
0001011
2
10-
1- - -
1000
0001011
3
11-
1- - -
0100
1001010
4
--0
-1--
0100
0011001
5
--1
-1--
0010
1001010
6
10-
--1-
0010
1001010
7
0--
--1-
0001
1100001
8
11-
--1-
0001
1100001
9
--0
---1
0001
0100110
10
--1
---1
1000
1100100
http://muse.tau.ac.il/ktl/Team_Web/
27
Reliable Design Research Laboratory
Example of healing
Clock 4
25 May 2016
Input: 101
N0
x1x2x3
y1y2y3y4
Y1Y2Y3Y4
Z1Z2Z3Z4Z5Z6Z7
1
0--
1---
1000
0001011
2
10-
1- - -
1000
0001011
3
11-
1- - -
0100
1001010
4
--0
-1--
0100
0011001
5
--1
-1--
0010
1001010
6
10-
--1-
0010
1001010
7
0--
--1-
0001
1100001
8
11-
--1-
0001
1100001
9
--0
---1
0001
0100110
10
--1
---1
1000
1100100
http://muse.tau.ac.il/ktl/Team_Web/
28
Reliable Design Research Laboratory
Percentage of sequences on which
SSC survived
N
25 May 2016
Example
1
CSE
Sequences,
%
65
2
EX1
18
3
EX6
25
4
PLANET
1
5
PMA
2
6
S386
25
7
S820
3
8
S832
4
9
SAND
1
1
0
SSE
Average
31
17.5
http://muse.tau.ac.il/ktl/Team_Web/
29
Reliable Design Research Laboratory
Estimation of Fault Latencies
Markov’s chain of the initial FSM is defined by the transition probability matrix:
 p  
1
ms
 p1q2 q3 p1 p2 q1 p1q2 p3 0

0 0
1
0
 0
 p1 p4
0 q1 p4 q4
0

0 0
0
p2
 q2
 1
0 0
0
0











pi  Pr  xi  1, qi  Pr  xi  0  1 - pi , i  1,, L.
We construct an additional Markov chain with the following properties:
(a) the number of states in the new chain is equal to R + 1. (R - number of states of the FSM). We define the
additional (R + 1)-th state as an absorbing state;
(b) if faults are absent, the additional chain moves within the first R states and its behavior does not differ
from behavior of the first chain.
(c) the additional chain moves to (R + 1)-th state when a fault is manifested by a distortion of the output
microinstruction.
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
30
Reliable Design Research Laboratory
Transition probability matrices of the additional chain
For s-a-1 fault of variable x1:
Fault free case:
 p1q2 q3

 0

 p1ms    pq1 p4
 2

 1
 0

p1 p2
0
0
0
0
0
q1
0
q1 p4
0
0
0
p1q2 p3
1
q4
0
0
0
0
0
0
p2
0
0
0

0
0

0

0
1 
p  
2
ms
 p1q 2 q 3 p1 p2

0
 0
 p p
0
= 1q 4 0

2
 1
0

0
 0
0
0



0 q1 p 4 

p2 0 
0 0 

0 1 
p1q 2 p3 0 q1
1
0 0
0
q4
0
0
0
0
0
0
Latency distribution function F1 k  and average valuek 1 for the above case of the s-a-1 fault of variable x1:
F1 k   Pr the latency  k 
, pi 0 - probability of i-th initial state.
 p      p 0, ..., p 0,0 .
F k   p k    p    p    0, ..., 0, 1
2
0
1
1
R 1
5
2
0
2 k
sm
T
    1, ..., 1 .
2 
k1  p01 I - qms
-1
T
Latency distribution function and average value for the whole set of variables:
Q
Q
F k    si Fi k , k   si k i
i 1
i 1
Q - number of faults in the set,si - probability of the i-th fault.
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
31
Reliable Design Research Laboratory
Reducing the Fault Latency by FSM Decomposition
The main idea of our approach is to decompose a given FSM into a network of smaller
component FSMs for latency reduction. For this decomposition at any given time only
one component is working and each of others is testing itself.
The proposed decomposition architecture allows:
1. A drastic decrease of the fault latency in comparison with the initial FSM.
2. Diagnostic of the FSM. It is possible not only to detect the presence of a fault but
also to indicate its place.
3. Increasing efficiency of the hardware, since each of the constituent FSMs
permanently functions - either in the testing, or in the working mode.
We will illustrate the proposed approach by the following decompositions:
1) Decomposition of the given FSM into the network of two Component FSMs.
2) Decomposition of the given FSM into the network of three Component FSM and a
Supervisor FSM.
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
32
Reliable Design Research Laboratory
Algorithmic State Machine
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
33
Reliable Design Research Laboratory
Tables of Component FSMs of the Decomposition
Network
Component FSM S1
Component FSM S2
am
as
X a m , a s 
Y a m , a s 
h
am
as
X a m , a s 
Y a m , a s 
h
a1
a 3 
a 3 
a1
Z 1 x1 x 2
Z 1 x1 x 2 x 3
Z 1 x1 x1 x 3
y1 y 2 Z 2
y4 Z 4
-
1
2
3
a2
a4
a2
a4
Z2 Z4
Z2
Z4
y1 y 4
-
1
2
3
a3
a1
Z 1 x1
Z1
y2
-
4
5
a4
a5
Z 2 Z 4 x2
y5 , y6
4
a 4 
Z 2 Z 4 x2
y1 , y 3 , Z 1
5
y1 y 3
y1 y 4 Z 4
6
7
8
Z2
6
Z 1 x 4 x1
Z 1 x 4 x1
Z1 x4
a2
-
a1
a3
a 3 
a4
Z4
-
7
Z2 Z4
Z2
y5 , y6 , Z1
-
8
9
a1
Z1
-
a 4 
a2
9
a4
Z4
-
10
a3
25 May 2016
a5
http://muse.tau.ac.il/ktl/Team_Web/
34
Reliable Design Research Laboratory
Graph of the given FSM
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
35
Reliable Design Research Laboratory
Transitions of the Component
FSMs
ai , a j  Am
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
36
Reliable Design Research Laboratory
ai  A , a j  A , m ¹ p
m
p
a m   A m
al  A p
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
37
Reliable Design Research Laboratory
Architecture of the Decomposition Network
of two constituent FSMs
Constituent
FSM S2
Constituent
FSM S1
Checker 1
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
Checker 2
38
Reliable Design Research Laboratory
Transition form a1 to a4 in the
decomposition network
is predefined state of the
component FSMs, chosen as
initial testing state
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
39
Reliable Design Research Laboratory
Transition form a1 to a4 in the
decomposition network
is predefined state of the
component FSMs, chosen as
initial testing state
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
40
Reliable Design Research Laboratory
Decomposition of the given FSM into a
network of two component FSMs
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
41
Reliable Design Research Laboratory
Decomposition of the given FSM into a
network of two component FSMs
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
42
Reliable Design Research Laboratory
FSM benchmarks results
before and after decomposition into the network of two
components
Name
L
N
R
H
M
before
W
kav
before
after
W
kav
after
decomp.
decomp.
decomp.
decomp.
big
18
28
17
185
17
57%
249.5
127.9%
130.4
bs
19
13
17
185
17
34%
88.3
82.0%
60.7
acdl
16
27
22
214
23
56%
152.0
125.4%
90.2
cow
49
24
24
261
18
32%
122.4
78.7%
78.9
v1_6
14
18
17
169
17
60%
79.2
134.8%
45.3
v1_10
15
18
18
264
18
48%
101.4
124.7%
80.2
v11_20
14
29
18
367
17
65%
121.1
137.8%
56.5
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
43
Reliable Design Research Laboratory
Latency curves for s-a-faults for variable x1
before and after decomposition
.
.
.
.
F
(k
)
.
.
.
.
.
k
25 May 2016
http://muse.tau.ac.il/ktl/Team_Web/
44