Emulation-based Fault Injection Tools

the top-level design module is modified, along with the simulator command technique as presented in¹⁰³,¹⁰⁴.

• Higher observability and controllability.

The author studied the recently developed fault injection tools based on instrumentation technique mainly and few tools based on reconfiguration. In instrumentation-based techniques, a fault injector circuit named saboteur is added to each fault site to produce the preferred fault model. The possible places for the instrumentation technique are at the code level, after synthesis in a netlist, and in the physical layout after a place and route stage. However, reconfiguration utilises the built-in facility of partial and full reconfiguration technique and mostly works at a bit-stream stage.

Single event upsets and single event transients are the most intermittent faults in semiconductor devices, in which the value of a particular bit is changed from its original value, and this causes some errors, or some values are stuck-at some fixed values (e.g. stuck-at faults). These faults occur mostly in the configuration memory, user memory and registers in processors. Some tools are also designed to determine and validate these faults.

FIDYCO¹⁰⁹ is an HW/SW combination for fault injection, where the hardware part is implemented in VHDL on the FPGA, whereas, the software part is run on the host computer. Rahbaran et al. in the year 2004 developed a method which is a flexible and open system capable of testing a variety of components¹¹⁰. Later in the year 2006, another tool named FADES (stands for FPGA-based framework for the Analysis of the Dependability of Embedded Systems) was presented by Andres et al. and developed at Fault Tolerant Systems Research Group (GSTF), Technical University of Valencia, Spain¹¹¹,¹¹². This tool injects faults in the configuration memory and works at the bit-stream stage of the development flow. It injects various fault models in the configuration bit-stream using Jbits tool. This tool is based on Run-Time-Reconfiguration (RTR) fault injection technique¹¹³.

FITVS¹¹⁴ is used for fault grading in VLSI and to provide high speed up to 1µs/fault. The faults are injected through modification of the code using the saboteur’s fault model. It does not require FPGA reconfiguration. The process is highly automated with the help of a C program. FITVS does not rely on

109Flexible on-chip Injector for run-time DependabilitY validation with target-specific COmmand language

110 [RSH04] Rahbaran, Steininger, and Handl. “Builtin Fault Injection in Hardware -The FIDYCO Example”. 2004

111 [And+06a] Andres et al. “FADES: a fault emulation tool for fast dependability assessment”. 2006

112 [And+06b] Andres et al. “Fast Emulation of Permanent Faults in VLSI Systems”.

113 [And+08] 2006Andres et al. “Fault Emulation for Dependability Evaluation of VLSI Systems”. 2008

114Fault Injection Tool for Validating SEEs

circuit size and easily intermixes with Verilog and VHDL. Various benchmark circuits were tried out, and the results including failure, silent and latent faults were presented in the year 2008¹¹⁵. In the same year, FITO (FPGA-based fault-Injection TOol) was developed and presented¹¹⁶,¹¹⁷. Permanent and transient faults were injected in the flip-flops and the logic gates of the circuit under test. The fault-injection process is based on the addition of some extra ports and connections to the flip-flops of the considered circuit.

As described earlier, fault injection can also be done by putting the SUT in the radiation environment. The radiation causes a single event upset (a.k.a bit-flip) fault in the memory element. A new prototyping platform focused on the detection and analysis of fault tolerance in design is being developed under the name FT-UNSHADES¹¹⁸. It is a hardware/software platform that takes advantage of the configuration circuitry present in all of Xilinx Virtex technology¹¹⁹. In the year 2010, Alderighi et al. developed a tool named Flipper, which is an SEU emulation platform that targets the configuration memory of an FPGA under test via partial reconfiguration¹²⁰.

In 2011, L.Reva et al. presented a way to implement a fault injection tech-nique named DBIT¹²¹. According to them, this proposed tool can be used for fault profiling and injection. The fault injection is accomplished on the VHDL source file, and different faults can be injected like faults in signal/variable names, constants, operators, assignment and conditional statements and faults in the component’s instantiations. The injection process can be automatic, semi-automatic or manual. During the same year, Naviner et al.¹²² from the Institute of the Telecom ParisTech developed a fault injection tool named FIFA (Fault Injection and Fault masking Analysis). This tool is designed to expedite the process of fault injection. In the FIFA tool, the special saboteurs are inserted in the design to make them faulty, and the same golden model is used as a fault-free. These saboteur models are based on the different fault

115 [ZFY08] Zheng, Fan, and Yue. “FITVS: A FPGA-Based Emulation Tool For High-Efficiency Hardness Evaluation”. 2008

116 [SSM08] Shokrolah-Shirazi and Miremadi. “FPGA-Based Fault Injection into Synthesizable Verilog HDL Models”. 2008

117 [SMS13] Shirazi, Morris, and Selvaraj. “Fast FPGA-based fault injection tool for embedded processors”. 2013

118Fault Tolerant-UNiversity of Sevilla HArdware DEbugging System

119 [Náp+07] Nápoles et al. “Radiation Environment Emulation for VLSI Designs: A Low Cost Platform based on Xilinx FPGA’s”. 2007

120 [Ald+10] Alderighi et al. “Experimental Validation of Fault Injection Analyses by the FLIPPER Tool”. 2010

121 [RKK11] Reva, Kulanov, and Kharchenko. “Design fault injection-based technique and tool for FPGA projects verification”. 2011

122 [Nav+11] Naviner et al. “FIFA: A fault-injection–fault–analysis-based tool for reliability assessment at RTL level”. 2011

models like stuck-at 0/1, single and multiple SEUs. After that, responses are matched, and the robustness of digital circuits is examined.

Mohammadi, A et al. developed a tool in the year 2012, named SCFIT¹²³. It is a simulation/emulation-based fault injection tool. It uses TCL scripts to access different resources of Altera FPGA via a JTAG cable. This tool is based on a technique which uses the Altera FPGAs debugging facilities to inject SEU fault model in both flip-flops and memory units¹²⁴,¹²⁵. Another tool which is also based on simulation/emulation was presented in the year 2009¹²⁶. This tool is called FuSE¹²⁷. It combines the performance of the prototype implemented in hardware and the flexibility & visibility of the HDL simulation standard. Faults are injected by the simulator in the RTL signals or variables using either the simulated HDL model or the netlist implemented inside an FPGA to accelerate the fault injection process.

In the year 2013, Mansour et al. developed a fault injection tool named DFI¹²⁸ at TIMA labs in France. According to them, the DFI tool is used to emulate the consequences of SEUs occurring on memory cells of CPUs. It is based on the modification of the circuit’s architecture at RTL level. It can inject faults during a single clock cycle while the circuit under test is executing an application program¹²⁹. Later, authors presented another tool named NETFI (NETlist Fault Injection) also developed at TIMA lab France in the same year 2013. In this work, NETFI tool that allows automated fault-injection at the netlist level of a given Device Under Test (DUT). The idea is to modify the built-in FPGA resources which are used by the netlist after synthesising a design described at RTL level, thus allowing fault injection¹³⁰,¹³¹. After a few years, the researchers at the TIMA lab added few features in the NETFI tool and named it NETFI-2 in the year 2017. In this work, an existing emulation-based methodology is extended, updated and improved¹³². HDL environment

123Shadow Components-based Fault Injection Technique

124 [Moh+12] Mohammadi et al. “SCFIT: A FPGA-based fault injection technique for SEU fault model”. 2012

125 [MV13a] Mansour and Velazco. “An Automated SEU Fault-Injection Method and Tool for HDL-Based Designs”. 2013

126 [JDR09] Jeitler, Delvai, and Reichor. “FuSE - a hardware accelerated HDL fault injection tool”. 2009

127Fault-injection Using SEmulation

128Direct Fault Injection

129 [MV13b] Mansour and Velazco. “SEU Fault-Injection in VHDL-Based Processors:

A Case Study”. 2013

130 [Man+13] Mansour et al. “A method and an automated tool to perform SET fault-injection on HDL-based designs”. 2013

131 [MV13a] Mansour and Velazco. “An Automated SEU Fault-Injection Method and Tool for HDL-Based Designs”. 2013

132 [Sol+17] Solinas et al. “Preliminary results of NETFI-2: An automatic method for fault injection on HDL-based designs”. 2017

can generate a list of faults, and it is used for fault emulation/simulation of the target system. Authors in¹³³ presented a code modifier for fault injection campaign, which is developed in C++ language for structural Verilog net-list.

A multiplexer is injected as a stuck-at fault model in the code.

In a nutshell, fault injection techniques and tools at the code level allow us to get rid of technology dependencies. The tool can be used for any FPGA from any vendor. We can also use any commercial simulator tools to perform our desired experiments. Also, at the code level, fault injection experiment provides high observability and controllability as compared to reconfiguration-based fault injection technique.