Date post: | 30-Dec-2015 |
Category: |
Documents |
Upload: | kimberly-stevens |
View: | 212 times |
Download: | 0 times |
Instituto de Informática and Dipartimento di Automatica e InformaticaUniversidade Federal do Rio Grande do Sul and Politecnico di Torino
Porto Alegre, Brazil and Torino, Italy
DFT 2006Washington, DC, USA
Online Hardening of
Programs Against SEUs and
SETs
Carlos Lisbôa Massimo Violante
Matteo Sonza Reorda Luigi Carro
Luigi Carro DFT 2006 - October 4-6, 2006 2
Porto AlegreBrasil
TorinoItalia
ArlingtonWashington, DC
USA
A small world ...
Luigi Carro DFT 2006 - October 4-6, 2006 3
Hardening by hardware duplication
• duplicates the core processor
• requires additional control hardware significant area overhead
Memory
P
bus
P
? error
Luigi Carro DFT 2006 - October 4-6, 2006 4
Memory Pabus
cbus
dbus
Extradata and
code
• requires modification of the software• duplication of variables
• error detection codes
• extra instructions to process them
memory + performance overhead
SIHFT: software-implemented hardware fault tolerance
Luigi Carro DFT 2006 - October 4-6, 2006 5
A hybrid technique
Memory Pabus
cbus
dbus
Extradata and
code
• requires modification of the software
• reduced memory overhead
• reduced performance overhead
I-IP error
Luigi Carro DFT 2006 - October 4-6, 2006 6
Outline
• Proposed approach
• The I-IP
• Design flow
• Experimental results
• Conclusions and future work
Luigi Carro DFT 2006 - October 4-6, 2006 7
Proposed approach
• non-intrusive IP core added to SoC
• allows hardware and software transparency • no need to modify the source code of the application
(which sometimes is not available)
• no need to modify the core processor
(which sometimes is not available)
• the I-IP performs instruction hardening, consistency and control flow checks
• scalable technique, with area and performance tradeoffs adjustable at design time
Luigi Carro DFT 2006 - October 4-6, 2006 8
Overall architecture
P
abus
cbus
dbus I - IP
error
IRQ
IRQ
abus
cbus
dbus
Code
Memory
Luigi Carro DFT 2006 - October 4-6, 2006 9
• the I-IP intercepts instructions fetched from memory by the core processor
• if the instruction is to be hardened (this is a design time option), it is replaced by a sequence of instructions
• this sequence is sent to the processor by the I-IP instead of the instruction originally fetched from the application
Instruction hardening
Luigi Carro DFT 2006 - October 4-6, 2006 10
P
abus
cbus
dbus I - IP
error
IRQ
IRQ
abus
cbus
dbus
Code
Memory
Instruction hardening
store I-IP-adx, src1store I-IP-adx, src2opcode dst, src1, src2store I-IP-adx, dstbranch FETCH_ADX+offset
opcode dst, src1, src2
Luigi Carro DFT 2006 - October 4-6, 2006 11
• the sequence of instructions provides the operand and result values for the I-IP
• the I-IP executes the same operation in parallel with the core processor
• the consistency of the result produced by the core processor is checked by the I-IP against its own result
• in case of mismatch, an error signal is activated
Consistency check
Luigi Carro DFT 2006 - October 4-6, 2006 12
Note: offset = size of the instruction
Control flow check
• memory transfer, data processing and I/O instructions
Anext = A + offset
• branch instructions
taken:
Ataken = branch destination
not taken:
Anext = A + offset
Luigi Carro DFT 2006 - October 4-6, 2006 13
Outline
• Proposed approach
• The I-IP
• Design flow
• Experimental results
• Conclusions and future work
Luigi Carro DFT 2006 - October 4-6, 2006 14
Architecture of the I-IP
CPU interface
Memory interface
Fetch logic
Decode logic
ALUControl
Unit
abus dbus cbus
abus dbus cbusIRQ
IRQ
Luigi Carro DFT 2006 - October 4-6, 2006 15
Assumptions
• the target system is a SoC with a processor core running a dedicated application
• the I-IP is inserted in the SoC chip between the program memory and the core processor
• there is no instruction cache, or it can be disabled
• instruction and data memories hardened by suitable EDAC
Luigi Carro DFT 2006 - October 4-6, 2006 16
Outline
• Proposed approach
• Assumptions
• Overall architecture
• The I-IP
• Design flow
• Experimental results
• Conclusions and future work
Luigi Carro DFT 2006 - October 4-6, 2006 17
Design Flow
Binary code
Disassembler
Instructionmix
I-IP generator
I-IP VHDL model
Constraints
Luigi Carro DFT 2006 - October 4-6, 2006 18
Outline
• Proposed approach
• Assumptions
• Overall architecture
• The I-IP
• Design flow
• Experimental results
• Conclusions and future work
Luigi Carro DFT 2006 - October 4-6, 2006 19
Attained experimental results(using an Intel 8051 compatible SoC)
Method Hardenedinstructions
Reduction offailures (%)
Area (*)
overhead (%)Performanceoverhead (%)
INC 81.3 13.1 292.0Proposed
hereINC+ADD 87.5 15.7 314.00
SIHFTDec 2000 n. a. 81.8 76.2 388.3
Hybrid approachFeb 2006 n. a. 92.5 51.8 108.9
(*) related to original SoC area (core processor + memory, without I-IP) = 52,343 m²
Luigi Carro DFT 2006 - October 4-6, 2006 20
Outline
• Proposed approach
• Assumptions
• Overall architecture
• The I-IP
• Design flow
• Experimental results
• Conclusions and future work
Luigi Carro DFT 2006 - October 4-6, 2006 21
Conclusions
• the proposed technique is non intrusive, and requires no change in the core processor IP
• it does not introduce any memory overhead in the hardened system
• since no change in the application source code is required, source code is not necessary
• selection of instructions to be hardened allows to trade cost x reliability scalability
Luigi Carro DFT 2006 - October 4-6, 2006 22
Future Work
• hardware implementation of the I-IP to evaluate the area overhead it introduces
• extension of the technique to allow the use of the core processor’s cache memory
• use of application profiling to detect optimal mix of instructions to be hardened
• improve the technique aiming to achieve better performance (lower overhead)
Luigi Carro DFT 2006 - October 4-6, 2006 24
I have some questions:
• Anybody going to Dulles Friday evening?• Willing to share a cab?