CFCET: A hardware-based control flow checking technique in COTS processors using execution tracing

This paper presents a behavioral-based error detection technique called control flow checking by execution tracing (CFCET) to increase concurrent error detection capabilities of commercial off-the-shelf (COTS) processors. This technique traces the program jumps graph (PJG) at run-time and compares it with the reference jumps graph to detect possible violations caused by transient faults. The reference graph is driven by a preprocessor from the source program.The idea behind the CFCET is based on using an external watchdog processor (WDP) and also the internal execution tracing feature available in COTS processors to monitor the addresses of taken branches in a program, externally. This is done without any modification of application programs, thus, the program overhead is zero. This technique is analytically evaluated based on three different fault models. The results show that the error detection coverage varies between 79.74% and 96.43% depending on the different workload programs. The errors are detected with about zero latency. The external hardware overhead is about 3% using the Altera flex 10K30 FPGA and the execution time overhead is between 33.26% and 140.81% for different workload programs. The overheads have been measured experimentally by executing the workloads on a Pentium system.     

Time redundancy and gate sizing soft error-tolerant based adder design

In this paper, we propose an efficient and promising soft error tolerance approach for arithmetic circuits with high performance and low area overhead. The technique is applied for designing soft error tolerant adders and is based on the use of a fault tolerant C-element connecting a given adder output to one input of the C-element while connecting a delayed version of that output to the second input. It exploits the variability of the delay of the adder output bits, in which the most significant bits (MSBs) have longer delay than the least significant bits (LSBs), by adding larger delay to the LSBs and smaller delay to the MSBs to guarantee full fault tolerance against the largest pulse width of transient error (soft error) for the available technology with minimum impact on performance. To guarantee fault protections for transistors feeding outputs with smaller added delay, the technique utilizes transistor scaling to ensure that the injected fault pulse width is less than the added delay of the second output of the C-element. Simulation results reveal that the proposed technique takes precedence over other techniques in terms of failure rate, area overhead, and delay overhead. The evaluation experiments have been done based on simulations at the transistor level using HSPICE to take care of temporal masking combined with electrical masking. In comparison to TMR, the technique achieves 100% reliability with 31% reduction in area overhead without impacting performance in the case of a 32-bit adder, and 42% reduction in area overhead and 5% reduction in performance overhead in the case of a 64-bit adder. While our proposed technique achieves area reduction of 4.95% and 9.23% in comparison to CE-based DMR and Feedback-based DMR techniques in the case of a 32-bit adder, it achieves area reduction of 19.58% and 23.24% in the case of a 64-bit adder.     

A Fault Detection Scheme for the FPGA Implementation of SHA-1 and SHA-512 Round Computations

The Secure Hash Algorithm is the most popular hash function currently used in many security protocols such as SSL and IPSec. Like other cryptographic algorithms, the hardware implementation of hash functions is of great importance for high speed applications. Because of the iterative structure of hash functions, a single error in their hardware implementation could result in a large number of errors in the final hash value. In this paper, we propose a novel time-redundancy-based fault diagnostic scheme for the implementation of SHA-1 and SHA-512 round computations. This scheme can detect permanent as well as transient faults as opposed to the traditional time redundancy technique which is only capable of detecting transient errors. The proposed design does not impose significant timing overhead to the original implementation of SHA-1 and SHA-512 round computation. We have implemented the proposed design for SHA-1 and SHA-512 on Xilinx xc2p7 FPGA. It is shown that for the proposed fault detection SHA-1 and SHA-512 round computations, there are, respectively, 3% and 10% reduction in the throughput with 58% and 30% area overhead as compared to the original schemes. The fault simulation of the implementation shows that almost 100% fault coverage can be achieved using the proposed scheme for transient and permanent faults.     

Generation Methodology for Good-Enough Approximate Modules of ATMR

Approximate triple modular redundancy (ATMR) is sought for logic masking of soft errors while effectuating lower area overhead than conventional TMR through the introduction of approximate modules. However, the use of approximate modules instigates reduced fault coverage in ATMR. In this work, we target better design tradeoffs in ATMR by proposing a heuristic method that effectively utilizes a threshold for unprotected input vectors to generate good enough combinations of approximate modules for ATMR, which accomplishes higher fault coverage and reduced area overhead compared with previously proposed approaches. The key concept is to employ logic optimization techniques of prime implicant (PI) expansion and reduction for successively obtaining approximate modules such that the combination of three approximate modules appropriately functions as an ATMR. For an ATMR to function appropriately, blocking is used to ensure that at each input vector, through the prime implicant (PI) expansion and reduction technique, only one approximate module differ from the original circuit. For large circuits, clustering is utilized and comparative analysis indicates that higher fault coverage is attained through the proposed ATMR scheme while preserving the characteristic feature of reduced area overhead. With a small percentage of unprotected input vectors, we achieved substantial decrease in transistor count and greater fault detection, i.e., an improvement of up to 26.1% and 42.1%, respectively.     

Enhanced architectures for soft error detection and correction in combinational and sequential circuits

In this paper two new methods for the design of fault-tolerant pipelined sequential and combinational circuits, called Error Detection and Partial Error Correction (EDPEC) and Full Error Detection and Correction (FEDC), are described. The proposed methods are based on an Error Detection Logic (EDC) in the combinational circuit part combined with fault tolerant memory elements implemented using fault tolerant master–slave flip-flops. If a transient error, due to a transient fault in the combinational circuit part is detected by the EDC, the error signal controls the latching stage of the flip-flops such that the previous correct state of the register stage is retained until the transient error disappears. The system can continue to work in its previous correct state and no additional recovery procedure (with typically reduced clock frequency) is necessary. The target applications are dataflow processing blocks, for which software-based recovery methods cannot be easily applied. The presented architectures address both single events as well as timing faults of arbitrarily long duration. An example of this architecture is developed and described, based on the carry look-ahead adder. The timing conditions are carefully investigated and simulated up to the layout level. The enhancement of the baseline architecture is demonstrated with respect to the achieved fault tolerance for the single event and timing faults. It is observed that the number of uncorrected single events is reduced by the EDPEC architecture by 2.36 times compared with previous solution. The FEDC architecture further reduces the number of uncorrected events to zero and outperforms the Triple Modular Redundancy (TMR) with respect to correction of timing faults. The power overhead of both new architectures is about 26–28% lower than the TMR.     

Error Detection Enhancement in PowerPC Architecture-based Embedded Processors

This paper presents a behavior-based error detection technique called Control Flow Checking using Branch Trace Exceptions for PowerPC processors family (CFCBTE). This technique is based on the branch trace exception feature available in the PowerPC processors family for debugging purposes. This technique traces the target addresses of program branches at run-time and compares them with reference target addresses to detect possible violations caused by transient faults. The reference target addresses are derived by a preprocessor from the source program. To enhance the error detection coverage, three other mechanisms, i.e., Machine Check Exception, System Trap Instructions and Work Load Timer are combined with the Branch Trace Exception mechanism. The proposed technique is experimentally evaluated on a 32-bit PowerPC microcontroller using software implemented fault injection (SWIFI) and Power Supply Disturbances fault injection (PSD). A total of 6,000 faults were injected in microcontroller to measure the error detection coverage of the proposed control flow checking technique. The experimental results show that this technique detects about 95.2% of transient errors in software implemented fault injection method and 96.4% of transient errors in power supply disturbances fault injection method.     

A New Hybrid Fault-Tolerant Architecture for Digital CMOS Circuits and Systems

This paper presents a new hybrid fault-tolerant architecture for robustness improvement of digital CMOS circuits and systems. It targets all kinds of errors in combinational part of logic circuits and thus, can be combined with advanced SEU protection techniques for sequential elements while reducing the power consumption. The proposed architecture combines different types of redundancies: information redundancy for error detection, temporal redundancy for soft error correction and hardware redundancy for hard error correction. Moreover, it uses a pseudo-dynamic comparator for SET and timing errors detection. Besides, the proposed method also aims to reduce power consumption of fault-tolerant architectures while keeping a comparable area overhead compared to existing solutions. Results on the largest ISCAS’85 and ITC’99 benchmark circuits show that our approach has an area cost of about 3 % to 6 % with a power consumption saving of about 33 % compared to TMR architectures.     

Error detection by duplicated instructions in super-scalarprocessors

This paper proposes a pure software technique "error detection by duplicated instructions" (EDDI), for detecting errors during usual system operation. Compared to other error-detection techniques that use hardware redundancy, EDDI does not require any hardware modifications to add error detection capability to the original system. EDDI duplicates instructions during compilation and uses different registers and variables for the new instructions. Especially for the fault in the code segment of memory, formulas are derived to estimate the error-detection coverage of EDDI using probabilistic methods. These formulas use statistics of the program, which are collected during compilation. EDDI was applied to eight benchmark programs and the error-detection coverage was estimated. Then, the estimates were verified by simulation, in which a fault injector forced a bit-flip in the code segment of executable machine codes. The simulation results validated the estimated fault coverage and show that approximately 1.5% of injected faults produced incorrect results in eight benchmark programs with EDDI, while on average, 20% of injected faults produced undetected incorrect results in the programs without EDDI. Based on the theoretical estimates and actual fault-injection experiments, EDDI can provide over 98% fault-coverage without any extra hardware for error detection. This pure software technique is especially useful when designers cannot change the hardware, but they need dependability in the computer system. To reduce the performance overhead, EDDI schedules the instructions that are added for detecting errors such that "instruction-level parallelism" (ILP) is maximized. Performance overhead can be reduced by increasing ILP within a single super-scalar processor. The execution time overhead in a 4-way super-scalar processor is less than the execution time overhead in the processors that can issue two instructions in one cycle     

Partial evaluation based triple modular redundancy for single event upset mitigation

We present a design technique, Partial evaluation-based Triple Modular Redundancy (PTMR), for hardening combinational circuits against Single Event Upsets (SEU). The basic ideas of partial redundancy and temporal TMR are used together to harden the circuit against SEUs. The concept of partial redundancy is used to eliminate the gates whose outputs can be determined in advance. We have designed a fault insertion simulator to evaluate partial redundancy technique on the designs from MCNC′91 benchmark. Experimental results demonstrate that we can reduce the area overhead by up to 39.18% and on average 17.23% of the hardened circuit when compared with the traditional TMR. For circuits with a large number of gates and less number of outputs, there is a significant savings in area. Smaller circuits or circuits with a large number of outputs also show improvement in area savings for increased rounding range.     

Hybrid time and hardware redundancy to mitigate SEU effects on SRAM-FPGAs: Case study over the MicroLAN protocol

SRAM-based field programmable gate arrays (FPGAs) are particularly sensitive to single event upsets caused by high-energy space radiation. Single Event Upset (In order to successfully deploy the SRAM-FPGA based designs in aerospace applications, designers need to adopt suitable hardening techniques. In this paper, we describe novel hybrid time and hardware redundancy (HT&HR) structures to mitigate SEU effects on FPGA, especially digital circuits that are designed with bidirectional ports. The proposed structures that combine time and hardware redundancy decrease the SEU propagation mechanisms among the redundant hard units. Analysis results and fault injection experiments on some standard ISCAS benchmarks and MicroLAN protocol, as a case study over the bidirectional ports, show that the capability of tolerating SEU effects in HT&HR technique increases up to 70 times with respect to solely hardware redundant versions. On average, the proposed method provides 39.2 times improvement against single upset faults and 14.9 times for double upset faults; however it imposes about 14.7% area overhead. Also, for the considered benchmarks, HT&HR circuits become 8.8% faster on the average than their TMR versions.     

Controller Resynthesis for Testability Enhancement of RTL Controller/Data Path Circuits

In this paper, we propose a controller resynthesis technique to enhance the testability of register-transfer level (RTL) controller/data path circuits. Our technique exploits the fact that the control signals in an RTL implementation are don't cares under certain states/conditions. We make an effective use of the don't care information in the controller specification to improve the overall testability (better fault coverage and shorter test generation time). If the don't care information in the controller specification leaves little scope for respecification, we add control vectors to the controller to enhance the testability. Experimental results with example benchmarks show an average increase in testability of 9% with a 3–4 fold decrease in test generation time for the modified implementation. The area, delay and power overheads incurred for testability are very low. The average area overhead is 0.4%, and the average power overhead is 4.6%. There was no delay overhead due to this technique in most of the cases.     

Partial scan flip-flop selection by use of empirical testability

Partial serial scan as a design for testability technique permits automatic generation of high fault coverage tests for sequential circuits with less hardware overhead and less performance degradation than full serial scan. The objective of the partial scan flip-flop selection method proposed here is to obtain maximum fault coverage for the number of scan flip-flops selected. Empirical Testability Difference (ETD), a measure of potential improvement in the testability of the circuit, is used to successively select one or more flip-flops for addition or deletion of scan logic. ETD is calculated by using testability measures based on empirical evaluation of the circuit with the acutal automatic test pattern generation (ATPG) system. In addition, once such faults are known, ETD focuses on the hard-to-detect faults rather than all faults and uses heuristics to permit effective selection of multiple flip-flops without global optimization. Two ETD algorithms have been extensively tested by using FASTEST ATPG [1, 2] on fourteen of the ISCAS89 [3] sequential circuits. The results of these tests indicate that ETD yields, on average, 35% fewer uncovered detectable faults for the same number of scanned flip-flops or 27% fewer scanned flip-flops for comparable fault coverage relative to cycle-breaking methods.This work was performed while the author was with the University of Wisconsin-Madison.     

On-Line Monitor Design of Finite-State Machines

On-line monitoring is a useful technique for ensuring system reliability. By continuously supervising the system's operation, a wide range of problems, such as physical defects, transient faults and design errors, can be detected. A monitor M*'s behavior can be viewed as an abstraction of the target system M's behavior, and can be represented by a homomorphic mapping from M to M*. We present a systematic procedure to select homomorphisms for monitor design and measure their costs based on a behavioral fault model. Analysis of the method shows that monitors with very few states and low area can provide high fault coverage. Experimental results are presented which quantify the basic trade-off between area overhead and fault coverage. Simulation results under the industry-standard single stuck-at fault model are also reported.     

Experimental Results for Self-Dual Multi-Output Combinational Circuits

In this short note, the possibilities and the limitations for the application of self-dual circuits with alternating inputs are experimentally investigated. The original circuit is assumed to be given as a netlist of gates. The necessary area overhead, the fault coverage for single stuck-at faults in test mode and the error detection probability in on-line mode due to internal stuck-at faults and stuck-at faults at the input lines are determined for MCNC benchmark circuits.     

A New Approach to Single Event Effect Tolerance Based on Asynchronous Circuit Technique

Some asynchronous circuit techniques are proposed to provide a new approach to Single Event Effect (SEE) tolerance in synchronous circuits. Two structures, Double Modular Redundancy (DMR) and Temporal Spatial Triple Modular Redundancy with Dual Clock Triggered Register (TSTMR-D), are presented. Three SEE tolerant 8051 cores with DMR, TSTMR-D and traditional Triple Modular Redundancy (TMR) are implemented in SMIC 0.35 μm process. The results of fault injection experiments indicate that DMR has a relatively low overhead on both area and latency than TMR, while tolerates SEU in sequential logic. TSTMR-D provides tolerance for both SEU and SET with reasonable area and latency overhead.     

An integrated fault tolerance technique for combinational circuits based on implications and transistor sizing

With fabrication technology reaching nano levels, systems are exposed to higher susceptibility to soft errors. Thus, development of effective techniques for designing soft error tolerant systems is of high importance. In this work, an integrated soft error tolerance technique based on logical implications and transistor sizing is proposed. In order to reduce implication learning time, a set of source and target nodes with predefined thresholds are selected and implications between these nodes are extracted. Then, the impact of adding a functionally redundant wire (FRW) due to each implication is evaluated. This is done based on identifying an implication path and the gates along the implication path whose detection probabilities will be reduced due to adding the implication FRW. Then, the gain of an implication is estimated in terms of reduction in fault detection probabilities of gates along an implication path. The implication with the highest gain is selected. The process is repeated until the gain is less than a predetermined threshold. The proposed implication-based fault tolerance technique enhances the circuit reliability with minimal area overhead based on enhancing logical masking. However, its effectiveness depends on the existence of such relations in a circuit and can enhance circuit reliability upto a certain level. To enhance circuit reliability to any required level, selective-transistor redundancy (STR) based technique is then applied. This technique is based on providing fault tolerance for individual transistors with high detection probability based on transistor duplication and sizing. Experimental results show that the proposed integrated fault tolerance technique achieves similar reliability in comparison to applying STR alone with lower area overhead.     

A finite state machine based fault tolerance technique for sequential circuits

With technology advancement at the nanometer scale, systems became more subjected to higher manufacturing defects and higher susceptibility to soft errors. Currently, soft errors induced by ion particles are no longer limited to a specific field such as aerospace applications. This raises the challenge to come up with techniques to tackle soft errors in both combinational and sequential circuits. In this work, we propose a finite state machine (FSM) based fault tolerance technique for sequential circuits. The proposed technique is based on adding redundant equivalent states to protect few states with high probability of occurrence. The added states guarantee that all single faults occurring in the state variables of highly occurring states or in their combinational logic are tolerated. The proposed technique has minimal area overhead as only few states need protection.     

Control-flow checking by software signatures

This paper presents a new signature monitoring technique, CFCSS (control flow checking by software signatures); CFCSS is a pure software method that checks the control flow of a program using assigned signatures. An algorithm assigns a unique signature to each node in the program graph and adds instructions for error detection. Signatures are embedded in the program during compilation time using the constant field of the instructions and compared with run-time signatures when the program is executed. Another algorithm reduces the code size and execution time overhead caused by checking instructions in CFCSS. A "branching fault injection experiment" was performed with benchmark programs. Without CFCSS, an average of 33.7 % of the injected branching faults produced undetected incorrect outputs; however, with CFCSS, only 3.1 % of branching faults produced undetected incorrect outputs. Thus it is possible to increase error detection coverage for control flow errors by an order of magnitude using CFCSS. The distinctive advantage of CFCSS over previous signature monitoring techniques is that CFCSS is a pure software method, i.e., it needs no dedicated hardware such as a watchdog processor for control flow checking. A watchdog task in multitasking environment also needs no extra hardware, but the advantage of CFCSS over a watchdog task is that CFCSS can be used even when the operating system does not support multitasking     

Arbitrary Two-Pattern Delay Testing Using a Low-Overhead Supply Gating Technique

With increasing defect density and process variations in nanometer technologies, testing for delay faults is becoming essential in manufacturing test to complement stuck-at-fault testing. This paper presents a novel test technique based on supply gating, which can be used as an alternative to the enhanced scan based delay fault testing, with significantly less design overhead. Experimental results on a set of ISCAS89 benchmarks show an average reduction of 34% in area overhead with an average improvement of 65% in delay overhead and 90% in power overhead during normal mode of operation, compared to the enhanced scan implementation.