Instituto de Informática and Dipartimento di Automatica e Informatica Universidade Federal do Rio...

Instituto de Informática and Dipartimento di Automatica e InformaticaUniversidade Federal do Rio Grande do Sul and Politecnico di Torino

Porto Alegre, Brazil and Torino, Italy

DFT 2006Washington, DC, USA

Online Hardening of

Programs Against SEUs and

SETs

Carlos Lisbôa Massimo Violante

Matteo Sonza Reorda Luigi Carro

Luigi Carro DFT 2006 - October 4-6, 2006 2

Porto AlegreBrasil

TorinoItalia

ArlingtonWashington, DC

USA

A small world ...


Hardening by hardware duplication

• duplicates the core processor

• requires additional control hardware significant area overhead

Memory

P

bus

P

? error


Memory Pabus

cbus

dbus

Extradata and

code

• requires modification of the software• duplication of variables

• error detection codes

• extra instructions to process them

memory + performance overhead

SIHFT: software-implemented hardware fault tolerance


A hybrid technique

Memory Pabus

cbus

dbus

Extradata and

code

• requires modification of the software

• reduced memory overhead

• reduced performance overhead

I-IP error


Outline

• Proposed approach

• The I-IP

• Design flow

• Experimental results

• Conclusions and future work


Proposed approach

• non-intrusive IP core added to SoC

• allows hardware and software transparency • no need to modify the source code of the application

(which sometimes is not available)

• no need to modify the core processor

(which sometimes is not available)

• the I-IP performs instruction hardening, consistency and control flow checks

• scalable technique, with area and performance tradeoffs adjustable at design time


Overall architecture

P

abus

cbus

dbus I - IP

error

IRQ

IRQ

abus

cbus

dbus

Code

Memory


• the I-IP intercepts instructions fetched from memory by the core processor

• if the instruction is to be hardened (this is a design time option), it is replaced by a sequence of instructions

• this sequence is sent to the processor by the I-IP instead of the instruction originally fetched from the application

Instruction hardening


P

abus

cbus

dbus I - IP

error

IRQ

IRQ

abus

cbus

dbus

Code

Memory


store I-IP-adx, src1store I-IP-adx, src2opcode dst, src1, src2store I-IP-adx, dstbranch FETCH_ADX+offset

opcode dst, src1, src2


• the sequence of instructions provides the operand and result values for the I-IP

• the I-IP executes the same operation in parallel with the core processor

• the consistency of the result produced by the core processor is checked by the I-IP against its own result

• in case of mismatch, an error signal is activated

Consistency check


Note: offset = size of the instruction

Control flow check

• memory transfer, data processing and I/O instructions

Anext = A + offset

• branch instructions

taken:

Ataken = branch destination

not taken:

Anext = A + offset


Outline


• The I-IP

• Design flow




Architecture of the I-IP

CPU interface

Memory interface

Fetch logic

Decode logic

ALUControl

Unit

abus dbus cbus

abus dbus cbusIRQ

IRQ


Assumptions

• the target system is a SoC with a processor core running a dedicated application

• the I-IP is inserted in the SoC chip between the program memory and the core processor

• there is no instruction cache, or it can be disabled

• instruction and data memories hardened by suitable EDAC


Outline


• Assumptions

• Overall architecture

• The I-IP

• Design flow




Design Flow

Binary code

Disassembler

Instructionmix

I-IP generator

I-IP VHDL model

Constraints


Outline


• Assumptions


• The I-IP

• Design flow




Attained experimental results(using an Intel 8051 compatible SoC)

Method Hardenedinstructions

Reduction offailures (%)

Area (*)

overhead (%)Performanceoverhead (%)

INC 81.3 13.1 292.0Proposed

hereINC+ADD 87.5 15.7 314.00

SIHFTDec 2000 n. a. 81.8 76.2 388.3

Hybrid approachFeb 2006 n. a. 92.5 51.8 108.9

(*) related to original SoC area (core processor + memory, without I-IP) = 52,343 m²


Outline


• Assumptions


• The I-IP

• Design flow




Conclusions

• the proposed technique is non intrusive, and requires no change in the core processor IP

• it does not introduce any memory overhead in the hardened system

• since no change in the application source code is required, source code is not necessary

• selection of instructions to be hardened allows to trade cost x reliability scalability


Future Work

• hardware implementation of the I-IP to evaluate the area overhead it introduces

• extension of the technique to allow the use of the core processor’s cache memory

• use of application profiling to detect optimal mix of instructions to be hardened

• improve the technique aiming to achieve better performance (lower overhead)


Questions ?

Contact: [email protected]

Thank You !


I have some questions:

• Anybody going to Dulles Friday evening?• Willing to share a cab?


• original instruction:


store I-IP-adx, src1store I-IP-adx, src2opcode dst, src1, src2store I-IP-adx, dstbranch FETCH_ADX+offset

FETCH_ADX: opcode dst, src1, src2

• source operands and result fetching

Date post:	30-Dec-2015
Category:	Documents
Upload:	kimberly-stevens
View:	212 times
Download:	0 times

Instituto de Informática and Dipartimento di Automatica e Informatica Universidade Federal do Rio...

Documents