Synthesis of Self-Checking Microcontrollers by Field Programmable Devices

1
Synthesis of Self-Checking Microcontrollers by
Field Programmable Devices
Reliable Design Research Laboratory

• This research was supported by BSF under grant
  No. 9800154

2
Outlines

• Definitions
• Sum-of-Minterms based architecture
  (SOM-architecture)
• Reduced m-out-of-n code
• Match Detector based architecture
  (MD-architecture)
• State Monotonic SSC
• Self-healing SSC
• Estimation of fault latency
• Reducing the fault latency by FSM decomposition

3
Synchronous Sequential Circuit (SSC)
4
Algorithmic State Machine
5
Finite State Machine
6
Faults

• Stuck-_at_ faults
• Permanent
• Transient
• Intermittent
• Fault Latency is the length of time between the
  occurrence of a fault and the appearance of an
  error due to that fault.

7
Unidirectional error detection codes

• Example of unidirectional errors
• X 1 1 0 0 1 -gt X 1 0 0 0 0
• Y 1 0 1 1 1 -gt Y 1 1 1 1 1
• In any vectors only one error type appears, but
  both error types may exist
• Berger Code M-out-of-n Code
• Smith Code Bose-Lin Code
• Reduced m-out-of-n Code

8
Totally Self-Checking Property

• A sequential circuit is self-testing if, for
  every fault in a fault set, there is an
  input/state code pair in the circuit such that a
  non-code output is produced.
• A sequential circuit is fault secure if, for
  every fault from the faulty set the sequential
  circuit never produces an incorrect code output
  for a code input.
• A sequential circuit is totally self-checking
  (TSC) if it is both self-testing and
  fault-secure.

9
Basic Self-Checking Architecture
10
Sum-of-Minterms based architecture
(SOM-architecture)

• Uses unidirectional error detection coding of SSC
  outputs

11
Reduced m-out-of-n code

• Code is a systematic one
• Code enables dividing the codeword into m fields
  in such a way that any acceptable codeword has
  exactly one bit that is equal to one in each of
  the fields
• The proposed reduced code allows checking each of
  the fields separately and therefore simplifies
  the checker

12
An Example of Reduced Coding
Information bits Information bits Information bits Information bits Information bits Information bits Check bits Check bits Check bits
Z1 Z2 Z3 Z4 Z5 Z6 c1 c2 c3
o1 0 0 0 0 0 0 1 1 1
o2 1 0 1 1 0 0 0 0 0
o3 0 1 0 1 0 0 0 1 0
o4 0 0 0 1 1 1 0 0 0
o5 1 0 0 0 0 1 0 0 1
o6 0 0 0 1 0 1 1 0 0
o7 0 0 1 1 0 0 1 0 0
o8 0 0 0 0 1 0 0 1 1
o9 0 0 1 0 0 0 1 0 1
o10 0 1 0 0 0 1 0 0 1
13
Checkers function
Where
1-hot - function
14
The checker scheme for our example
15
Estimations the checkers complexity for
LUT-based implementation
Number of LUTs is
where
number of elements in coding subsets and
Bounds for complexities of checker
16
Match Detector based architecture
(MD-architecture)
17
Truth Table of the Match Detector
r(i) S1(i) V1(i) S0(i) V0(i)
1 1 0 1 0
0 0 1 0 1
1 0 1 1 1
0 1 0 0 0
-- 0 0 0 0
-- 1 1 1 1
18
Advantages of the MD-Architecture

• Low fault latency characteristic
• Doesnt require any error detecting coding of the
  SSC outputs

19
Comparison of Overheads for Various Self-Checking
Architectures
20
State Monotonic SSC

• One of the way for providing TSC property of a
  SSC is realization of the monotonic SSC in state
  variables
• State monotonic function can be presented in the
  sum-of-products form, which is unate in state
  variables

21
An Example of Unate Representation in State
Variables
22
Self-healing SSC

• A SSC may have a self-healing property for a
  given fault and a given input sequence even if it
  does not have equivalent states.

23
Behavior of the circuit in presence of a
permanent fault

• M0 Fault free mode
• M1 Latent mode
• M2 Silent Mode
• M3 Erroneous mode

24
Behavior of the circuit in presence of a
transient fault

• M0 Fault free mode
• M2 Silent Mode
• M3 Erroneous mode

25
Example of healing
Clock 1 Input 111 Initial State 1000
N0 x1x2x3 y1y2y3y4 Y1Y2Y3Y4 Z1Z2Z3Z4Z5Z6Z7
1 0 - - 1 - - - 1 0 0 0 0 0 0 1 0 1 1
2 1 0 - 1- - - 1 0 0 0 0 0 0 1 0 1 1
3 1 1 - 1- - - 1 1 0 0 1 0 0 1 0 1 0
4 - - 0 - 1 - - 0 1 0 0 0 0 1 1 0 0 1
5 - - 1 - 1 - - 0 0 1 0 1 0 0 1 0 1 0
6 1 0 - - - 1 - 0 0 1 0 1 0 0 1 0 1 0
7 0 - - - - 1 - 0 0 0 1 1 1 0 0 0 0 1
8 1 1 - - - 1 - 0 0 0 1 1 1 0 0 0 0 1
9 - - 0 - - - 1 0 0 0 1 0 1 0 0 1 1 0
10 - - 1 - - - 1 1 0 0 0 1 1 0 0 1 0 0
26
Example of healing
Clock 2 Input 111
N0 x1x2x3 y1y2y3y4 Y1Y2Y3Y4 Z1Z2Z3Z4Z5Z6Z7
1 0 - - 1 - - - 1 0 0 0 0 0 0 1 0 1 1
2 1 0 - 1- - - 1 0 0 0 0 0 0 1 0 1 1
3 1 1 - 1- - - 0 1 0 0 1 0 0 1 0 1 0
4 - - 0 - 1 - - 0 1 0 0 0 0 1 1 0 0 1
5 - - 1 - 1 - - 0 0 1 0 1 0 0 1 0 1 0
6 1 0 - - - 1 - 0 0 1 0 1 0 0 1 0 1 0
7 0 - - - - 1 - 0 0 0 1 1 1 0 0 0 0 1
8 1 1 - - - 1 - 0 0 0 1 1 1 0 0 0 0 1
9 - - 0 - - - 1 0 0 0 1 0 1 0 0 1 1 0
10 - - 1 - - - 1 1 0 0 0 1 1 0 0 1 0 0
27
Example of healing
Clock 3 Input 101
N0 x1x2x3 y1y2y3y4 Y1Y2Y3Y4 Z1Z2Z3Z4Z5Z6Z7
1 0 - - 1 - - - 1 0 0 0 0 0 0 1 0 1 1
2 1 0 - 1- - - 1 0 0 0 0 0 0 1 0 1 1
3 1 1 - 1- - - 0 1 0 0 1 0 0 1 0 1 0
4 - - 0 - 1 - - 0 1 0 0 0 0 1 1 0 0 1
5 - - 1 - 1 - - 0 0 1 0 1 0 0 1 0 1 0
6 1 0 - - - 1 - 0 0 1 0 1 0 0 1 0 1 0
7 0 - - - - 1 - 0 0 0 1 1 1 0 0 0 0 1
8 1 1 - - - 1 - 0 0 0 1 1 1 0 0 0 0 1
9 - - 0 - - - 1 0 0 0 1 0 1 0 0 1 1 0
10 - - 1 - - - 1 1 0 0 0 1 1 0 0 1 0 0
28
Example of healing
Clock 4 Input 101
N0 x1x2x3 y1y2y3y4 Y1Y2Y3Y4 Z1Z2Z3Z4Z5Z6Z7
1 0 - - 1 - - - 1 0 0 0 0 0 0 1 0 1 1
2 1 0 - 1- - - 1 0 0 0 0 0 0 1 0 1 1
3 1 1 - 1- - - 0 1 0 0 1 0 0 1 0 1 0
4 - - 0 - 1 - - 0 1 0 0 0 0 1 1 0 0 1
5 - - 1 - 1 - - 0 0 1 0 1 0 0 1 0 1 0
6 1 0 - - - 1 - 0 0 1 0 1 0 0 1 0 1 0
7 0 - - - - 1 - 0 0 0 1 1 1 0 0 0 0 1
8 1 1 - - - 1 - 0 0 0 1 1 1 0 0 0 0 1
9 - - 0 - - - 1 0 0 0 1 0 1 0 0 1 1 0
10 - - 1 - - - 1 1 0 0 0 1 1 0 0 1 0 0
29
Percentage of sequences on which SSC survived
30
Estimation of Fault Latencies
31
Transition probability matrices of the additional
chain
32
Reducing the Fault Latency by FSM
Decomposition  The main idea of our approach
is to decompose a given FSM into a network of
smaller component FSMs for latency reduction. For
this decomposition at any given time only one
component is working and each of others is
testing itself. The proposed decomposition
architecture allows1.    A drastic decrease of
the fault latency in comparison with the initial
FSM.2.    Diagnostic of the FSM. It is possible
not only to detect the presence of a fault but
also to indicate its place.3.    Increasing
efficiency of the hardware, since each of the
constituent FSMs permanently functions - either
in the testing, or in the working mode.  We
will illustrate the proposed approach by the
following decompositions1)     Decomposition of
the given FSM into the network of two Component
FSMs.2)     Decomposition of the given FSM into
the network of three Component FSM and a
Supervisor FSM.
33
Algorithmic State Machine
34
Tables of Component FSMs of the Decomposition
Network
35
Graph of the given FSM
36
Transitions of the Component FSMs
37
(No Transcript)
38
Architecture of the Decomposition Network of two
constituent FSMs
39
Transition form a1 to a4 in the decomposition
network
is predefined state of the component FSMs, chosen
as initial testing state
40
Transition form a1 to a4 in the decomposition
network
is predefined state of the component FSMs, chosen
as initial testing state
41
Decomposition of the given FSM into a network of
two component FSMs
42
Decomposition of the given FSM into a network of
two component FSMs
43
FSM benchmarks results before and after
decomposition into the network of two components
44
Latency curves for s-a-faults for variable x1
before and after decomposition