+ R - LAAS
advertisement
2nd Workshop on Dependable and Secure Nanocomputing
Anchorage, June 27, 2008
Modeling Microprocessor Faults on
High-Level Decision Diagrams
R. Ubar, J.Raik, A.Jutman, M.Jenihhin
Tallinn Technical University, Estonia
M.Instenberg, H.-D.Wuttke
Ilmenau Technical University, Germany
1
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Outline
•
•
•
•
•
•
•
Introduction
Motivations and contributions
Discussion: faults and tests
Fault modeling with Decision Diagrams
Modeling microprocessor faults
Experimental results
Conclusions
2
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Introduction
• Fault models are needed for
– test generation,
– test quality evaluation and
– fault diagnosis
• To handle real physical defects is too difficult
• The fault model should
– reflect accurately the behaviour of defects, and
– be computationably efficient
• Usually combination of different fault models is used
• Fault model free approaches (!)
3
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Introduction
• Fault modeling levels
– Transistor level faults
– Logic level faults
•
•
•
•
stuck-at fault model
bridging fault model
open fault model
delay fault model
Low-Level models
– Register transfer level faults
– ISA level faults (MP faults)
– SW level faults
High-Level models
• Hierarchical fault handling
• Functional fault modeling
4
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Motivations
Current situation:
• The efficiency of test generation (quality, speed) is highly
depending on
– the description method (level, language), and
– fault models
• Because of the growing complexity of systems, gate level
methods have become obsolete
• High-Level methods for diagnostic modeling are today
emerging, however they are not still mature
Main disadvantages:
• The known methods for fault modeling are
– dedicated to special classes (i.e. for microprocessors, for
RTL, VHDL etc. languages...), not general
– not well defined and formalized
5
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Contributions
• High-Level Decision Diagrams are proposed for
diagnostic modeling of digital systems
• A novel DD-based node fault model is proposed
• The fault model is simple and formalized
• Traditional high-level fault models for different
abstraction levels of digital systems can be
replaced by the new uniform fault model
• As the result,
– the complexity of fault representation is reduced, and
– the speed of test generation and fault simulation can
be increased
6
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Register Level Fault Models
RTL statement:
K: (If T,C) RD F(RS1, RS2, … RSm), N
Components (variables)
RT level faults:
of the statement:
K K’ - label faults
K
- label
T T’ - timing faults
T
- timing condition
C C’ - logical condition faults
C
- logical condition
RD RD - register decoding faults
- destination register
RD
RS RS - data storage faults
- source register
RS
F F’ - operation decoding faults
F
- operation (microoperation) - data transfer faults
- data transfer
N
- control faults
N
- jump to the next statement (F) (F)’ - data manipulation faults
7
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Fault Models and Tests
Dedicated functional fault model for multiplexer:
– stuck-at-0 (1) on inputs,
– another input (instead of, additional)
– value, followed by its complement
Functional
fault model
– value, followed by its complement on a line whose address differs in
one bit
Test
description
8
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Hierarchical Fault Modeling
Functions
System:
F
Fault
model
Module
Structure
Wk
Network of
modules
Test
WSki
WFki
Component:
Fki
WSk
Test
F
Fk
Higher
level
Network of
components
Wdki
Test
WS k
System
WF k
Module
Lower
level
k
Bridge
Network of modules
WFk interpretation:
Test – at the lower level
Fault model – at the higher level
Interface between levels
Network of
transistors
9
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Logic Level Faults on SSBDDs
Fault modeling on Structurally Synthesized BDDs:
Fault
activation
x3 = 1
Fault
Stuck-at-0
Path
activation
Correct
signal
x1 1
0
x2
x1 0
x2 1
x4 0
x5
x6 0
x7
y
1
x3
10
x4
y
F (X)
y = x1 x2 ( x3 x4 x5 ) x6 x7
x5
Error
x6
x7
0
10
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Data Path in Digital Systems
y1
0
1
Control Path
y
x
Data Path
y1
y3
a
R1 •
M1
+
•
M2
e
M3
•
y4
c
b
•
IN
y2
R2 •
y2
0
1
y3
0
1
2
3
*
d
y4
0
1
2
M1
Function
M1 = R1
M1 = IN
M2
Function
M2 = R1
M2 = IN
M3
Function
M3 = M1+ R2
M3 = IN
M3 = R1
M3= M2* R2
R2
Operation
Function
Reset
R2 = 0
Hold
R2 = R’2
Load
R2 = M3
11
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Decision Diagram of the Data Path
y1
0
1
y2
0
1
y3
0
1
2
3
y4
0
1
2
M1
Function
M1 = R1
M1 = IN
M2
Function
M2 = R1
M2 = IN
M3
Function
M3 = M1+ R2
M3 = IN
M3 = R1
M3= M2* R2
R2
Operation
Function
Reset
R2 = 0
Hold
R2 = R’2
Load
R2 = M3
R2
y4
0
1
2
#0
R2
0
y3
0
y1
R2
R1 + R2
1
1
2
IN + R2
IN
R1
3
R2 + M3
M1
0
y2
R1 * R2
1
IN* R2
M2
12
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Faults and High-Level Decision Diagrams
R2
RTL-statement:
y4
K: (If T,C) RD F(RS1,RS2,…RSm), N
0
1
Terminal nodes
Nonterminal nodes
RTL-statement faults:
label,
timing condition,
logical condition,
register decoding,
operation decoding,
control faults
2
RTL-statement faults:
data storage,
data transfer,
data manipulation faults
y1
R1
M1
+
•
M2
•
*
y4
e
b
0
y3
1
c
M3
R2
0
y1
R1 + R2
1
y3
a
•
•
IN
y2
#0
2
3
R2 •
IN + R 2
IN
R1
y2
0
R 1* R 2
1
d
IN* R 2
13
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Faults and High-Level Decision Diagrams
RTL-statement:
K: (If T,C) RD F(RS1,RS2,…RSm), N
Nonterminal nodes
RTL-statement faults:
label,
timing condition,
logical condition,
register decoding,
operation decoding,
control faults
Label (decoding)
faults
Data part:
RD
K
T
Register or function
decoding faults
C
F(R)
Data transfer, storage
or manipulation faults
Control part:
KNEW
K
T
C
#N
Terminal nodes
RTL-statement faults:
data storage,
data transfer,
data manipulation faults
Tallinn University of Technology,
ESTONIA
Control (storage)
faults
Timing faults
Control (decoding) faults
14
Technical University Ilmenau, GERMANY
Fault Modeling on DDS
Binary DD
General case of DD
with 2 terminal nodes and
2 outputs
from each node
with n 2 terminal nodes and
n 2 outputs
from each node
0
y
lm
Gy
l1
Y
1
lm
m
l0
ln
Fn
0
GY
l0
l1
m
l2
1
2
lh
h
lk
lk+1
Fk
Fk+1
15
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Fault Model for Decision Diagrams
• Each path in a DD describes the behavior of the
system in a specific mode of operation
• The faults having effect on the behaviour can be
associated with nodes along the path
• A fault causes incorrect leaving the path activated by
a test
16
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Fault Model for Decision Diagrams
D1:
D2:
D3:
the output edge for x(m) = i of a node m
is always activated
the output edge for x(m) = i of a node m is
broken
instead of the given edge,
another edge or a set of edges is activated
17
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Microprocessor Modeling with S-Graphs
Instruction set of a
Microprocessor:
I1 :
I2 :
I3 :
I4 :
I5 :
I6 :
I7 :
I8 :
I9 :
I10:
MVI A,D
MOV R,A
MOV M,R
MOV M,A
MOV R,M
MOV A,M
ADD R
ORA R
ANA R
CMA A,D
S-Graph:
A IN
RA
OUT R
OUT A
R IN
A IN
AA+R
AAR
AAR
A¬A
IN
I5
I1 , I6
I2 - I5
I7 - I10
I2
R
A
I1 , I3, I4
I6 - I1 0
I7 , I8 , I9
I4
I3
OUT
18
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Test Generation for Microprocessors
High-Level DDs for a microprocessor (example):
DD-model of the
microprocessor:
Instruction set:
I1 :
I2 :
I3 :
I4 :
I5 :
I6 :
I7 :
I8 :
I9 :
I10:
MVI A,D
MOV R,A
MOV M,R
MOV M,A
MOV R,M
MOV A,M
ADD R
ORA R
ANA R
CMA A,D
A IN
RA
OUT R
OUT A
R IN
A IN
AA+R
AAR
AAR
A¬A
A
3
OUT
I
R
4
I
1,6
IN
2,3,4,5
A
7
A+R
A
R
2
I
5
8
A
9
IN
AR
AR
10
1,3,4,6-10
¬A
R
19
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Decision Diagrams for Microprocessors
High-Level DD-based structure of the microprocessor (example):
DD-model of the
microprocessor:
IN
A
3
R
OUT
I
R
4
I
IN
2,3,4,5
A
7
A+R
A
OUT
R
A
I
1,6
2
I
5
8
A
9
IN
AR
AR
10
1,3,4,6-10
¬A
R
20
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Microprocessor Fault Model
Faults affecting the operation of microprocessor can be
divided into the following classes:
•
•
•
•
•
addressing faults affecting register decoding;
addressing faults affecting the instruction
decoding and -sequencing functions;
faults in the data-storage function;
faults in the data-transfer function;
faults in the data-manipulation function.
21
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Microprocessor Fault Model
For multiplexers under a
fault, for a given source
address
any
of
the
following may happen:
F1: no source is selected
F2: wrong source is selected;
F3: more than one source is
selected and the
multiplexer
output is either
a wired-AND
or a
wired-OR function of the
sources, depending on
the technology.
A
I
1,6
IN
2,3,4,5
7
F1
8
F2
9
F3
10
A
A+R
AR
AR
¬A
22
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Microprocessor Fault Model
For demultiplexers under
a fault, for a given
destination address:
F4: no destination is selected
F5: instead of, or in addition to
the selected correct
destination, one or more
other destinations are
selected
A
I
3
OUT
I
F4
A
R
IN
2,3,4,5
R
4
1,6
A
7
A+R
F5
2
I
5
8
A
9
IN
AR
AR
10
1,3,4,6-10
¬A
R
23
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Microprocessor Fault Model
Addressing faults affecting
the
execution
of
an
instruction may cause the
following fault effects:
F6: one or more microorders not
activated by the
microinstructions of I
F7: microorders are erroneously
activated by the
microinstructions of I
F8: a different set of
microinstructions is activated
instead of, or in addition to, the
microinstructions of I
Tallinn University of Technology,
ESTONIA
A
I
1,6
IN
2,3,4,5
7
F6
8
F7
9
F8
10
A
A+R
AR
AR
¬A
24
Technical University Ilmenau, GERMANY
Microprocessor Fault Model
The data storage faults:
F9: one or more cells stuck at 0 or 1;
F10: one or more cells fail to make a
01 or 10 transitions;
F11: two or more pairs of cells are
coupled;
For buses under a fault:
A
I
1,6
2,3,4,5
7
8
F12: one or more lines stuck at 0 or 1;
F13: one or more lines form a wired-OR
or wired-AND function due to
shorts or spurious coupling
IN
9
10
A
A+R
AR
AR
¬A
25
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Test Generation on DDS
Binary DD
General case of DD
with 2 terminal nodes and
2 outputs
from each node
with n 2 terminal nodes and
n 2 outputs
from each node
0
y
lm
Gy
l1
1
Y
lm
m
l0
ln
Fn
0
GY
l0
l1
m
l2
1
2
lh
h
lk
lk+1
Fk
Fk+1
26
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Hierarchical Test Generation on DDs
Hierarhical test generation with DDs:
Single path activation in a single DD
Data function R1* R2 is tested
y1
y2
y3
a
•
M1
•
IN
+
M2
R2
*
0
1
2
e
M3
•
y4
c
b
•
Decision Diagram
y4
Data path
R1
Scanning test
#0
R2
0
y3
0
y1
R1 + R2
1
R2 •
1
2
d
3
Test program: Control: y1 y2 y3 y4 = x032
For all specified pairs of (R1, R2)
Data:
IN + R2
IN
R1
y2
0
R1 * R2
1
IN* R2
Low level test data (constraints W)
Tallinn University of Technology,
ESTONIA
27
Technical University Ilmenau, GERMANY
Test Generation on High Level DDs
High-level test generation with DDs:
Multiple paths activation in a single DD
Control function y3 is tested
Conformity test
Decision Diagram
R2
y4
Data path
1
y1
R1
y2
y3
a
•
M1
•
IN
+
M2
y4
2
#0
R2
0
y3
e
R2 •
1
2
*
R1 + R2
1
M3
•
0
y1
c
b
•
0
d
3
IN + R2
IN
R1
y2
0
R1 * R2
1
IN* R2
Test program: Control: For D = 0,1,2,3: y1 y2 y3 y4 = 00D2
Activating high-level faults: Data: Solution of R1+ R2 IN R1 R1* R2
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
28
Test Generation for Microprocessors
Scanning test program for adder:
DD-model of the
microprocessor:
A
OUT
3
I
R
4
I
1,6
A
R
I
8
A
9
5
IN
IN
2,3,4,5
7
2
Instruction sequence T = I5 (R)I1 (A)I7 I4
for all needed pairs of (A,R)
10
1,3,4,6-10
R
A
OUT
I4
A
A+R
AR
I7
A
I1
R
IN(2)
I5
R
AR
¬A
Time:
IN(1)
t
t-1
Observation
Test
t-2
t-3
Load
29
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Test Generation for Microprocessors
Conformity test program for decoding I:
DD-model of the
microprocessor:
A
OUT
3
I
R
4
Instruction sequence
I
1,6
7
A
R
2
I
8
A
9
5
IN
10
1,3,4,6-10
R
for all D{I1 - I10} at given A,R,IN(3)
IN
2,3,4,5
T = I5 I1 D I4
A
OUT
I4
A
A+R
AR
I = ID
A
I1
R
IN(2)
IN(3)
I5
R
AR
¬A
Time:
IN(1)
t
t-1
Observation
Test
t-2
t-3
Load
30
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Experimental results
6
5.57
HTPG
5
Synopsys
4.26
3.74
4
3
1.86
2
HTPG – high level
Synopsys – gate level
1.25
1.16
0.75
1
0.49
0.5
0.21
Gate-level fault coverage – 100%
0.29
0.19
0
Bit Width 4
Instructions
8
16
4
32
4
8
16
8
32
4
8
16
32
16
31
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
Conclusions
• Different fault models for different representation levels
of digital systems can be replaced on DDs by the
uniform node fault model
• It allows to represent groups of structural faults through
groups of functional faults
• As the result, the complexity of fault representation can
be reduced, and the simulation speed can be raised
• The fault model on DDs can be regarded as a
generalization
– of the classical gate-level stuck-at fault model, and
– of the known higher level fault models
www.pld.ttu.ee/~raiub/
32
Tallinn University of Technology,
ESTONIA
Technical University Ilmenau, GERMANY
