Kuen-Long Leu

SoC-level risk assessment using FMEA approach in system design with SystemC

As system-on-chip (SoC) becomes prevalent in the intelligent system applications, the reliability issue of SoC is getting more attention in the design industry due to the rapid increasing rate of radiation-induced soft errors while the SoC fabrication enters the very deep submicron technology. Therefore, the SoC dependability becomes a critical issue in safety-critical applications. Validating such systems is imperative to guarantee the dependability of the systems before they are being put to use. Moreover, it is beneficial to assess the SoC robustness in early design phase in order to significantly reduce the cost and time of re-design. To fill such needs, in this study, we propose a useful IP-based SoC-level risk model using failure mode and effects analysis (FMEA) method to assess the robustness of a SoC in SystemC transaction-level modeling (TLM) design level. The proposed risk model is able to facilitate the measure of the robustness and scales of failure-induced risks in a system, which can be used to identify the critical components and major failure modes for protection so as to effectively reduce the impact of failures to the system. A case study is used to demonstrate our risk model under CoWare Platform Architect environment. A system verification tool was created to assist us in measuring the robustness of the system, in locating the weaknesses of the system, and in understanding the effect of faults on system failure behavior during the SoC design phase. The contribution of this work is to promote the dependability verification to TLM abstraction level that can significantly enhance the simulation performance, and provide the comprehensive results to validate the system dependability in early design phase for safety-critical applications.

Reliable data path design of VLIW processor cores with comprehensive error-coverage assessment

In this paper, an effective fault-tolerant framework offering very high error coverage with zero detection latency is proposed to protect the data paths of VLIW processor cores. The feature of zero detection latency is essential to real-time error-recovery. The proposed framework provides the error-handling schemes of varying hardware complexity, performance and error coverage to be selected. A case study with an experimental VLIW architecture implemented in VHDL was used to demonstrate the impacts of our technique on hardware overhead and performance degradation. The fault injection experiments were performed to characterize the effects of fault-occurring frequency as well as workload variations on the error coverage, and the permanent faults on the length of time spent for error-recovery. The results observed from the experiments show that our approach can well protect the VLIW data paths even in a very severe fault scenario. As a result, the proposed fault-tolerant VLIW core is quite suitable for the highly dependable embedded applications.

System-Bus Fault Injection Framework in SystemC Design Platform

As system-on-chip (SoC) becomes prevalent in the intelligent system applications, the reliability issue of SoC is getting more attention in the design industry while the SoC fabrication enters the very deep submicron technology. In this study, we present a new approach of system-bus fault injection in SystemC design platform, which can be used to assist us in performing the FMEA procedure during the SoC design phase. We demonstrate the feasibility of the proposed fault injection mechanism with an experimental ARM-based system.

Fault-Tolerant VLIW processor design and error coverage analysis

In this paper, a general fault-tolerant framework adopting a more rigid fault model for VLIW data paths is proposed. The basic idea used to protect the data paths is that the execution result of each instruction is checked immediately and if errors are discovered, the instruction retry is performed at once to overcome the faults. An experimental architecture is developed and implemented in VHDL to analyze the impacts of our technique on hardware overhead and performance degradation. We also develop a comprehensive fault tolerance verification platform to facilitate the assessment of error coverage for the proposed mechanism. A paramount finding observed from the experiments is that our system is still extremely robust even in a very serious fault scenario. As a result, the proposed fault-tolerant VLIW core is quite suitable for the highly dependable real-time embedded applications

Generic Reliability Analysis for Safety-Critical FlexRay Drive-By-Wire Systems

Increasing importance of FlexRay systems in automotive domain inspires unceasing comparative researches. One primary issue among researches is to verify the reliability of FlexRay systems either from protocol aspect or from system design aspect. However, for more precisely addressing the FlexRay system reliability issue, we require a more generic analysis that simultaneously considers the network topology, clock sync between FlexRay ECUs and the ECU fault-tolerance. To fulfill this requirement, in this paper we first apply a well-known reliability model, Dynamic Fault Tree (DFT), to model the reliability of FlexRay systems with various network topologies, and then employ the Markov Chain (MC) to model the reliability of clock sync in terms of the number of sync ECUs. Furthermore, various fault-tolerant techniques for ECUs protection are also modeled by MC. The adopted two reliability models, DFT and MC, are integrated to form a mixed DFT to assess the FlexRay system reliability more accurately. Through a FlexRay steer-by-wire case study, we demonstrate the influence of different topologies, different ECU fault-tolerance and various number of sync ECUs on the reliability of FlexRay steer-by-wire system.

A verification flow for FlexRay communication robustness compliant with IEC 61508

FlexRay, as a communication protocol for automotive control systems, is developed to fulfill the increasing demand on the electronic control units for implementing systems with higher safety and more comfort. Fault-tolerant feature is especially highlighted in the FlexRay protocol such that the FlexRay systems can be robust enough for applying to the safety-critical applications. In this work, we investigate the fault-tolerant mechanisms adopted in the FlexRay protocol, and propose an effective verification flow to justify the FlexRay communication robustness. The goal of the proposed flow is to ensure that the communication robustness can achieve the demanded safety integrity level (SIL) defined in IEC 61508 norm. Through a case study, the feasibility of the verification flow is demonstrated.

Robustness investigation of the FlexRay system

FlexRay, as a communication protocol for automotive control systems, is developed to fulfill the increasing demand on the electronic control units for implementing systems with higher safety and more comfort. Fault-tolerant feature is especially highlighted in the FlexRay protocol such that it can be robust enough to apply for the safety-critical automotive applications. In this work-in-progress report, a verification strategy of the fault-tolerant mechanisms (FTMs) adopted in the FlexRay protocol is introduced. Our goal is to assess the effectiveness of FTMs to common interferences including EMI, SEU and crosstalk. We will also build up a simplified steer-by-wire system for observing its abnormal behaviors when the FTMs cannot overcome the interferences. All the investigations provide a transparent figure to the robustness of the FlexRay systems.

An Estimation Model of Vulnerability for Embedded Microprocessors

Embedded systems, and also the embedded microprocessors, have encountered the reliability challenge because the occurring probability of soft errors has a rising trend. When they are applied to safety-critical applications, designs with the fault tolerant consideration are required. For the complicated embedded systems or IP-based system-on-chip (SoC), it is unpractical and not cost-effective to protect the entire system or SoC. Analyzing the vulnerability of systems can help designers not only invest limited resource on the most crucial region but also understand the gain derived from the investment. In this paper we propose a model to fast estimate the microprocessors vulnerability with only slight simulation effort. From our assessment results, the rank of component vulnerability related to the probability of causing the microprocessor failure can be acquired. By choosing one of the mainstream microprocessors - VLIW (Very Long Instruction Word) processor - as an example, the practical usefulness of our estimation model is demonstrated.

An autonomous recovery software module for protecting embedded OS and application software

Embedded systems have been widespread for novel technologies which bring people more convenience and hence become more relevant to our life. When embedded systems are utilized on safety-critical applications, their availability and reliability issues must be addressed and systems must be protected by effective techniques. One primary cause of the embedded system crash is the data corruption error. In this study, the embedded system crashes caused by data corruption errors are resolved by an autonomous recovery software methodology (ARSM). ARSM is composed by system monitor, bad block salvage, autonomous recovery mechanism and OS initial backup. ARSM performs all-operation system monitoring. Once any application software and operation system crash is detected, the autonomous recovery mechanism will be activated to recover the embedded system back to normal operation. For verification of the ARSM, we adopt a car event data recorder to be the case demonstration, and generate data corruption errors to validate the efficiency of the ARSM.