1 / 15

Codesign and Simulated Fault Injection of Safety-Critical Embedded Systems Using SystemC

Codesign and Simulated Fault Injection of Safety-Critical Embedded Systems Using SystemC. Jon Perez, Mikel Azkarate-askasua, Antonio Perez Embedded Systems Group IKERLAN-IK4 Technology Research Centre Mondragon, Spain. Motivation.

yule
Download Presentation

Codesign and Simulated Fault Injection of Safety-Critical Embedded Systems Using SystemC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Codesign and Simulated Fault Injection of Safety-Critical Embedded Systems Using SystemC Jon Perez, Mikel Azkarate-askasua, Antonio Perez Embedded Systems Group IKERLAN-IK4 Technology Research Centre Mondragon, Spain

  2. Motivation • Design of safety-critical embedded systems require careful analysis of: • Fault forecasting • Fault prevention • Fault removal • Fault tolerance • IEC-61508 highly recommends fault injection techniques in all steps of the development process to analyze the reaction of the system in a faulty environment and validate implemented Fault Tolerance Mechanisms (FTM) • Late discovery of a design pitfall might require a expensive redesign of the product! • Simulated Fault Injection (SFI) enables and early dependability assessment • Could we have a design environment for the codesign and accelerated SFI?

  3. Outline • Preliminaries • SFI with SystemC • Conclusion and future work

  4. Preliminaries – SystemC • SystemC is an standardized system level design language, IEEE-1666, that provides codesign and simulation environment: • Open source C++ library • Codesign, both hardware and software components can be described using a common language • Provides multiple abstraction levels from architectural level down to Register Transfer Level (RTL) • SystemC provides an event driven simulation kernel that: • Provides a simulation environment • Global notion of time Black, D. C. and J. Donovan (2004). SystemC: From the Ground Up, Eklectic Ally, Inc.

  5. Preliminaries – Fault Injection • SWIFI (Software Implemented Fault Injection), the objective is to reproduce at software level errors that would have been produced upon occurring faults in the execution hardware or software. • HWIFI (Hardware Implemented Fault Injection), fault injection is performed on the final system or early prototype hardware • SFI (Simulated Fault Injection) enables an early dependability assessment of the system, using a simulation model of the system under analysis. • The use of fault injection techniques in SystemC is still scarce, but SFI in HDL models is a well examined area with three main methods for fault injection: • Saboteurs: an additional fault injection module is inserted between modules • Mutants: a component is modified / replaced by an extended component that provides faulty behavior • Simulator command: the values of variables and signals are modified manually / automatically using simulator commands

  6. Preliminaries – ETCS odometry • ERTMS (European Railway Traffic Management System) is an European union backed initiative for the definition of a unique train signaling standard. • ETCS (European Train Control System) is the on-board automatic train protection, safety-critical embedded system, that protects the train by supervising the traveled distance and speed, activating the emergency brake if authorized values are exceeded. • It relies on the distance and speed measurements of the odometry system based on a set of diverse sensors. For a maximum speed of 500 km/h error must be bounded to:

  7. SFI with SystemC – Proposed approach • Modules: • System model, is the design under analysis • Fault injection module, executes simulator commands with the progression of time by updating a table of variables • Transactor module, converts fault injection variables into custom variables, signals and ports as required by the system model under analysis • Checker module, the custom module that verifies the correct operation of the system • Three consecutive abstraction levels are proposed: behavioral, architectural and system implementation level.

  8. SFI with SystemC – Fault Injection Commands • Command <window, idx, value> • Time window • Idx: Variable index • Value: Given variable value • Window <id, offset, duration> • Id: Time reference identifier • Offset..offset+duration: Command time section • Special value, forever: <id, offset, -1> • Special value, default: <-1, -1, -1>

  9. SFI with SystemC – Behavioral level • Combination of diverse sensors, which type and how many. • Analysis of sensor-fusion algorithms • Analysis of sensor fault-error-failure • Injected faults (FMEA): • Relative angles • Adhesion factor • Wheel diameter • Etc.

  10. SFI with SystemC – Architectural level • TMR, Triple Modular Redundancy • Each node implements the sensor-fusion algorithm • Distribution of sensors in nodes • Distribution of information (interfaces) • Fail-silent node • Voting algorithm • Etc. • Injected faults (FMEA): • Communication channel failure • Node failure • Node sends incorrect value • Etc.

  11. SFI with SystemC – System implementation level • Hardware / Software partition • More detailed interface design • Custom design refinement level: • Sensor model • Hardware • Microprocessor • Etc. • Injected faults (FMEA): • Statistical bit-flips • Statistical signal glitches • Etc.

  12. SFI with SystemC – Command Table Default values Speed set-point Fault-injection variables Distance

  13. SFI with SystemC – Experimental result

  14. Conclusion and Future Work • Summary • The use of SystemC for the codesign and SFI provides multiple advantages: • The system is codesigned using a single standard modeling language • Simulations include SFI • Eases the design space exploration and FMEA analysis • Multiple abstraction-refinement levels are supported • Helps reduce the risk of late pitfall discovery • Meets IEC-61508 recommendation, use of fault injection techniques in all steps of the development process • Complementary with SWIFI and HWFI • Future work • Maintenance oriented fault injection, to ensure that spurious malfunctions of interest (e.g. transient faults) are detected and registered.

  15. Thank you!

More Related