1 flipper seu fault injection in xilinx fpgas monica alderighi national institute for astrophysics,...
TRANSCRIPT
1
FLIPPERFLIPPER
SEU Fault Injection in Xilinx FPGAsSEU Fault Injection in Xilinx FPGAs
Monica Alderighi National Institute for Astrophysics, IASF Milano, Italy
Computing Systems for Space GroupFabio Casini, Sergio D’Angelo, Marcello Mancini, Sandro Pastore, Giacomo
Sechi
ESA/ESTEC Contract n. 8559/NL/LvH/gm
2M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
OutlineOutline
OverviewOverview Basic principle and main featuresBasic principle and main features Case study Case study Preliminary resultsPreliminary results ConclusionsConclusions
3M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
FLIPPERFLIPPER what is it? what is it?
SEU emulation by fault injection in Virtex II devices SEU emulation by fault injection in Virtex II devices (patent pending) (patent pending)
FLIPPER is a flexible XC2VP20-based board conceived as a FLIPPER is a flexible XC2VP20-based board conceived as a powerful hardware platform for the following powerful hardware platform for the following main applicationmain application
FLIPPER can be used in FLIPPER can be used in more generalmore general ways ways radiation ground testingradiation ground testing test equipmenttest equipment digital I/O boarddigital I/O board general purpose Virtex2 boardgeneral purpose Virtex2 board ……
4M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Why FLIPPER?Why FLIPPER?
SEUs are of utmost concern for Xilinx devices as SEUs are of utmost concern for Xilinx devices as functionalities are sensitive to unintended change in functionalities are sensitive to unintended change in configuration memoryconfiguration memory
Fault InjectionFault Injection tools able to adequately address tools able to adequately address “reacheable” radiation sensitive parts, are useful“reacheable” radiation sensitive parts, are useful
Our objective is providing one tool able to:Our objective is providing one tool able to: inject SEUs into the configuration memoryinject SEUs into the configuration memory manage a high number of I/O pins manage a high number of I/O pins exercise a DUT device performing on board comparison of test exercise a DUT device performing on board comparison of test
results results
5M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
FLIPPER basic principleFLIPPER basic principle
SEU injection by SEU injection by active partial active partial reconfigurationreconfiguration
SEU injection by configuration adopted in an SEU injection by configuration adopted in an earlier prototype for Virtex Iearlier prototype for Virtex I**
Close approach, yet with different purposes, Close approach, yet with different purposes, used by FT UNSHADESused by FT UNSHADES
Reported approach by the literature in the FI Reported approach by the literature in the FI field (e.g. R. Leveugle)field (e.g. R. Leveugle)
* Alderighi et al., Proocedings of the 18th IEEE Int’l On-line Testing Symposium, 2003
Alderighi et al., Proocedings of the 9th IEEE Int’l Conference on Defect and Fault Tolerance in VLSI Systems, 2003
6M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
FLIPPER what’s forFLIPPER what’s for
Analyze SEU effects in designs Analyze SEU effects in designs implemented in Xilinx FPGAsimplemented in Xilinx FPGAs
Study SEU effects in Xilinx FPGA Study SEU effects in Xilinx FPGA reconfiguration logic reconfiguration logic by means of a write operation into by means of a write operation into
configuration logic registersconfiguration logic registers Evaluate/compare mitigated designs in Evaluate/compare mitigated designs in
one/selected device(s)one/selected device(s)
7M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
FLIPPER featuresFLIPPER features SEU emulator comprising hardware, firmware & SEU emulator comprising hardware, firmware &
softwaresoftware Fault injection based on frame modification and Fault injection based on frame modification and
active partial re-configurationactive partial re-configuration Verified through JTAG & Impact verifyVerified through JTAG & Impact verify
Single bit and multiple bit upsetsSingle bit and multiple bit upsets Test vectors and gold vectors imported from Test vectors and gold vectors imported from
ModelSim simulationModelSim simulation Test vectors up to 150 bit wide and gold vectors Test vectors up to 150 bit wide and gold vectors
up to 120 bit wideup to 120 bit wide ≈ ≈ 26000 test vectors @10MHz 26000 test vectors @10MHz ≈ 11 injection/s ≈ 11 injection/s
with max. I/O port widthwith max. I/O port width
8M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
FLIPPER features FLIPPER features (cont’d)(cont’d)
After each injection the DUT is exercised for the After each injection the DUT is exercised for the whole set of test vectorswhole set of test vectors
Test/gold vectors comparison performed on board. Test/gold vectors comparison performed on board. In case of mismatch, a fault packet is sent to the In case of mismatch, a fault packet is sent to the PC containing:PC containing: # of the current injected fault# of the current injected fault # of the current test vector # of the current test vector Ex-OR between the current DUT outputs and the expected (gold) valuesEx-OR between the current DUT outputs and the expected (gold) values
DUT FPGA’s pin wired together in triplets on the DUT FPGA’s pin wired together in triplets on the DUT board to implement XTMR-ed designsDUT board to implement XTMR-ed designs
XQR2V6000 used as DUT for ESA contractXQR2V6000 used as DUT for ESA contract Test execution either via GUI interface or in batch Test execution either via GUI interface or in batch
modemode Injection mode and options selectable via softwareInjection mode and options selectable via software
9M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
FLIPPER GUI InterfaceFLIPPER GUI InterfaceTEST MODE• sequential
• bit-flip location generated sequentially within the injection range
• original frame restored after functional test• fault accumulation
• random generation of fault locations• faulty frames persist
• accumulate and clean up• original frames are restored after a number
(user selectable) number of injections
DUT CLOCK RATE• 5 MHz• 10 MHz• 50 MHz• 100 MHz
STOP TEST CONDITION• first functional fault/configuration failure• # bit flip• none
ADDRESS RANGEDefines the area in which faults are injected(device dependent)
options
action buttons
test run status
log window
menu items
OPEN_PRJ demoADHOC_TESTADHOC_FILE F:\MyInjection\prova\file1.hocSET_MASK_HH F 1 A D D 5#connect_devSET_RATE 100MSET_RANGE 10, 3345SAVE_OPTSET_VEC F:\ESA_software\stimuli, F:\ESA_software\templateSET_BSTR F:\ESA_software\file_demo\top_dut_2#NEW_PRJ CTM, F:\MyInjectionSET_MODE accumulation
10M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Technical featuresTechnical featuresMain board: Xilinx XC2VP20-5 FF896Xilinx XC2VP20-5 FF896 USB 2.0 port with dedicated microcontrollerUSB 2.0 port with dedicated microcontroller Up to 128 MByte SDRAM or 256 MByte DDR memoryUp to 128 MByte SDRAM or 256 MByte DDR memory 16 MByte Flash16 MByte Flash ISP Flash for FPGA configuration (JTAG configuration also allowed)ISP Flash for FPGA configuration (JTAG configuration also allowed) 32 KByte I32 KByte I22C EC E22PROM for the microcontroller configuration PROM for the microcontroller configuration Temperature control chipTemperature control chip Two customizable frequencies through independent oscillatorsTwo customizable frequencies through independent oscillators Two 240 pin connectors plus one 60 pin connector for DUT boardsTwo 240 pin connectors plus one 60 pin connector for DUT boards P160 connectors for standard P160 connectors for standard expansionexpansion boards boards Single power supply (5V/10A)Single power supply (5V/10A) On-board voltage regulators forOn-board voltage regulators for
1.5V/15A1.5V/15A 2.5V/15A2.5V/15A 3.3V/6A3.3V/6A 1.8V/1.5A 1.8V/1.5A
Power LEDsPower LEDs FPGA configuration LEDs FPGA configuration LEDs Size: 22 cm x 12 cmSize: 22 cm x 12 cm
11M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Technical features (cont’d)Technical features (cont’d)
Piggy-back DUT board:
In principle any Xilinx V2, V2 Pro, V4, and next In principle any Xilinx V2, V2 Pro, V4, and next generation devicesgeneration devices can be used (with some can be used (with some limitations) for fault injection testlimitations) for fault injection test
Up to 416 DUT pins can be driven by the main Up to 416 DUT pins can be driven by the main board’s FPGA (more pin in case of XTMR-ed board’s FPGA (more pin in case of XTMR-ed designs)designs)
DUT FPGA accessible either through SelectMAP DUT FPGA accessible either through SelectMAP port or JTAG portport or JTAG port
Temperature control chipTemperature control chip Two 240 pin connectors plus one 60 pin Two 240 pin connectors plus one 60 pin
connectorconnector Powered by the main boardPowered by the main board FPGA configuration LEDsFPGA configuration LEDs Size: 10 cm x 12 cmSize: 10 cm x 12 cm
12M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Case StudyCase Study
Injection into a specific designInjection into a specific design ESA CUC-CTM IP coreESA CUC-CTM IP core
Provides basic time keeping functionsProvides basic time keeping functions Evaluate XTMR version vs Evaluate XTMR version vs
unmitigated oneunmitigated one Test-benches and XTMR version Test-benches and XTMR version
provided by ESA provided by ESA
13M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
CUC-CTMCUC-CTM
Provides alarm services and periodic Provides alarm services and periodic pulses pulses
Can be accessed and programmed via Can be accessed and programmed via AMBA APB slave interfaceAMBA APB slave interface
14M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
CUC-CTM ImplementationCUC-CTM ImplementationXQR2V6000XQR2V6000
PlainPlain XTMRXTMR
FFFF 785 out of 67,584 785 out of 67,584
(1%)(1%)2,361 out of 67,5842,361 out of 67,584
(3%)(3%)
LUTLUT 1789 out of 67,584 1789 out of 67,584
(2%)(2%)7,167 out of 67,584 7,167 out of 67,584
(10%)(10%)
IOBIOB 212 out of 824 212 out of 824
(25%)(25%)569 out of 824 569 out of 824
(69%)(69%)
GCLKGCLK 1 out of 16 1 out of 16
(12%)(12%)3 out of 16 3 out of 16
(18%)(18%)
15M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Test StructureTest Structure
Device configurationDevice configuration Injection by active partial reconfigurationInjection by active partial reconfiguration Functional testFunctional test Repeat from the injection without Repeat from the injection without
restoring the bitstreamrestoring the bitstream
16M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Test infoTest info Injection strategy Injection strategy
Single bit flipSingle bit flip Fault AccumulationFault Accumulation Stop condition Stop condition first functional fault first functional fault
CampaignsCampaigns plain/XTMRplain/XTMR
XTMR optionsXTMR options The “entire design” is triplicatedThe “entire design” is triplicated ““Standard” as XMTR typesStandard” as XMTR types ““Triple voted” outputTriple voted” output
# run# run 1000/25001000/2500
# test vectors# test vectors 26452/2645226452/26452
17M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Preliminary resultsPreliminary results
Distribution of the number of injections - Plain versionXQR2V6000 DUT
0,00
1,00
2,00
3,00
4,00
5,00
6,00
7,00
8,00
9,00
0 50 100
150
200
250
300
350
400
450
500
550
600
650
700
750
800
850
900
950
1000
1050
1100
1150
1200
1250
1300
1350
1400
1450
1500
1550
1600
1650
1700
1750
1800
1850
1900
1950
2000
2050
2100
2150
2200
2250
Injections to the first fuctional fault
Fre
qu
en
cy
(%
)
Distribution of the number of injections - XTMR versionXQR2V6000 DUT
0,00
0,50
1,00
1,50
2,00
2,50
0 50 100
150
200
250
300
350
400
450
500
550
600
650
700
750
800
850
900
950
1000
1050
1100
1150
1200
1250
1300
1350
1400
1450
1500
1550
1600
1650
1700
1750
1800
1850
1900
1950
2000
2050
2100
2150
2200
2250
2300
2350
2400
2450
2500
2550
2600
2650
2700
2750
2800
2850
2900
2950
3000
3050
3100
3150
3200
3250
3300
3350
3400
3450
3500
3550
3600
3650
3700
3750
3800
3850
3900
3950
4000
4050
4100
4150
4200
4250
4300
4350
4400
4450
4500
4550
4600
4650
4700
4750
4800
4850
4900
4950
Injections to the first functional fault
Fre
qu
en
cy
(%
)
Mean = 1.1Standard deviation = 1.75Max = 7.96
Mean = 0.5Standard deviation = 0.51Max = 2.27
18M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Preliminary results Preliminary results (cont’d)(cont’d)
Cumulative Frequency Distribution of the number of injections - Plain version XQR2V6000 DUT
0,00
10,00
20,00
30,00
40,00
50,00
60,00
70,00
80,00
90,00
100,00
0 50 100
150
200
250
300
350
400
450
500
550
600
650
700
750
800
850
900
950
1000
1050
1100
1150
1200
1250
1300
1350
1400
1450
1500
1550
1600
1650
1700
1750
1800
1850
1900
1950
2000
2050
2100
2150
2200
2250
Injections to the first functional fault
Cu
mu
lati
ve
Fre
qu
en
cy
(%
)
Cumulative Frequency Distribution of the number of injections - XTMR versionXQR2V6000 DUT
0,00
10,00
20,00
30,00
40,00
50,00
60,00
70,00
80,00
90,00
100,00
0 50 100
150
200
250
300
350
400
450
500
550
600
650
700
750
800
850
900
950
1000
1050
1100
1150
1200
1250
1300
1350
1400
1450
1500
1550
1600
1650
1700
1750
1800
1850
1900
1950
2000
2050
2100
2150
2200
2250
2300
2350
2400
2450
2500
2550
2600
2650
2700
2750
2800
2850
2900
2950
3000
3050
3100
3150
3200
3250
3300
3350
3400
3450
3500
3550
3600
3650
3700
3750
3800
3850
3900
3950
4000
4050
4100
4150
4200
4250
4300
4350
4400
4450
4500
4550
4600
4650
4700
4750
4800
4850
4900
4950
Injections to the first functional fault
Cu
mu
lati
ve
Fre
qu
en
cy
(%
)
19M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Plain VS. XTMRPlain VS. XTMRCumulative Frequency Distribution - Plain Vs. XTMR
XQR2V6000 DUT
0,00
10,00
20,00
30,00
40,00
50,00
60,00
70,00
80,00
90,00
100,000 50 100
150
200
250
300
350
400
450
500
550
600
650
700
750
800
850
900
950
1000
1050
1100
1150
1200
1250
1300
1350
1400
1450
1500
1550
1600
1650
1700
1750
1800
1850
1900
1950
2000
2050
2100
2150
2200
2250
2300
2350
2400
2450
2500
2550
2600
2650
2700
2750
2800
2850
2900
2950
3000
3050
3100
3150
3200
3250
3300
3350
3400
3450
3500
3550
3600
3650
3700
3750
3800
3850
3900
3950
4000
4050
4100
4150
4200
4250
4300
4350
4400
4450
4500
4550
4600
4650
4700
4750
4800
4850
4900
4950
Injections to the first functional fault
Cu
mu
lati
ve
Fre
qu
en
cy
(%
)
XTMR Plain
Cumulative Frequency Distribution - Plain Vs. XTMRXQR2V6000 DUT
0,00
5,00
10,00
15,00
20,00
25,00
30,00
35,00
0 50 100 150
Injections to the first functional fault
Cu
mu
lati
ve
Fre
qu
en
cy
(%
)
XTMR Plain
20M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
Plain VS. XTMRPlain VS. XTMR
CUC-CTM - Comparison XTMR VS Plain DesignXQR2V6000 DUT
0,001,002,003,004,005,006,007,008,009,00
10,0011,0012,0013,0014,0015,0016,00
0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50
Injections to the First Functional Fault
Cu
mu
lati
ve
Fre
qu
en
cy
(%
)
XTMR Plain
scrubbing
21M. Alderighi, MPD07, March 7-8, 2007, Noordwijk, The Netherlands
ConclusionsConclusions
Encouraging preliminary resultsEncouraging preliminary results Extension of the actual contract for Extension of the actual contract for
FLIPPER upgradeFLIPPER upgrade Likely usage of FLIPPER in a proton Likely usage of FLIPPER in a proton
radiation testingradiation testing
22
ENDEND
[email protected]@iasf-milano.inaf.it
http://cosy.iasf-milano.inaf.it/flipper_index.htmhttp://cosy.iasf-milano.inaf.it/flipper_index.htm