Automatic Time-Redundancy Transformation for Fault-Tolerant Circuits Dmitry Burlyaev Pascal Fradet & Alain Girault 02/24/15, Monterey, California, USA @ FPGA'15 Our Objectives Here Develop a new automatic logic-level transformation for fault-tolerance: 1. technologically independent (eg, no clock line control). 2. SET correction with double time redundancy and less HW overhead than in TMR. 3. input/output transparent behavior to SET. 4. formally provable with a proof assistant. 1/17 Considered Fault-Models I Single-Event Upset (SEU) I I Single-Event Transient (SET) I 2/17 a bit-flip a current spike on a wire → SEU(s) Aut om at edDTMRDSchem es DTMR © D2011DMentorDGraphicsDCorp.DCompanyDConfidential 5 TheDDetailsDofDTMRD- RDD,DAugustD2011 w w w .m ent or .com Triple-Time Redundancy pi1 #1 combinatorial circuit 3/17 po1 Triple-Time Redundancy pi2 #2 combinatorial circuit 3/17 po2 Triple-Time Redundancy pi3 #3 combinatorial circuit 3/17 po3 Double Time Redundancy Transformation 4/17 I micro checkpointing-rollback I speed-up mode (switching-off time-redundancy) I input/output buffers (input/output transparency) I tolerance to at most one SET in 10 clock cycles Transformation DTR CO PO Combinational Part φ InputR Buffers Sequential Part si DsoQ so ini:C FF co ci pi CombinationalRPartR rB rB SO clk SequentialRPart SI si Input stream upsampling x2 (original throughput/2) s r clk si MemoryRBlock so save ini:C2 rollBack fail DTR 1) Memory Cell ← Memory Block 2) Control Block Introduction 3) Input/Output Buffers Insertion so f so fail si ControlRBlock DTR ini:C2 5/17 s save r rollBack subst subst φ 2 save rollBack rB subst s r rB subst po OutputR Buffers PI CI Memory Block: Working Cycle rollBack r save D E Q r' D E Q muxA 1 0C 1C so 0 si m D Q m' D Q muxB EQ ≠ 6/17 fail Memory Block: Working Cycle 0 rollBack 0 save Q E Q 1 0C E 1C 0 a1 Q Q EQ ≠ 6/17 fail Memory Block: Working Cycle 0 rollBack 1 save Q E Q 1 0C E 1C 0 a2 a1 Q Q EQ ≠ 6/17 fail Memory Block: Working Cycle 0 rollBack 0 save a2 Q E Q 1 0C E 1C a1 0 b1 a2 Q a1 Q EQ ≠ a1=a2 6/17 fail 0 Memory Block: Working Cycle 0 rollBack 1 save a2 Q E Q 1 0C E 1C a2 0 b2 b1 Q a2 Q EQ ≠ b1?a2 6/17 fail ? Memory Block: Working Cycle 0 rollBack 0 save b2 Q E a2 Q 1 0C E 1C b1 0 c1 b2 Q b1 Q EQ ≠ b2=b1 6/17 fail 0 Memory Block: Working Cycle 0 rollBack 1 save b2 Q E a2 Q 1 0C E 1C b2 0 c2 c1 Q b2 Q EQ ≠ Cycle: 1 6/17 c1?b2 fail ? Memory Block: Error-detection 0 rollBack 0 save c2 Q E c2 b2 Q E b2 1 0C 1C c1 0 d1 c2 Q c2 Cycle: 2 6/17 c1 Q c1 EQ ≠ c1≠c2 fail 1 Memory Block: Rollback 1 rollBack 1 save c2 Q E c2 b2 Q E b2 1 0C 1C b2 0 c3 d1 Q d1 Cycle: 3 6/17 c2 Q c2 EQ ≠ d1?c2 fail ? Memory Block: Speed-up 1 rollBack 0 save c3 Q E d2 c2 Q E c2 1 0C 1C c3 0 d1 c3 Q d2 Cycle: 4 6/17 d1 Q d1 EQ ≠ c3?d1 fail ? Memory Block: Output synchronization 1 rollBack 0 save c3 Q E d2 c2 Q E c2 1 0C 1C d1 0 e1 d1 Q e1 Cycle: 5 6/17 c3 Q d2 EQ ≠ d1?c3 fail ? Memory Block: Output synchronization 1 rollBack 0 save c3 Q E e2 c2 Q E d2 1 0C 1C e1 0 f1 e1 Q e2 Cycle: 6 6/17 d1 Q e1 EQ ≠ e1?d1 fail ? Memory Block: Speed-up OFF 0 rollBack 1 save c3 Q E e2 c2 Q E d2 1 0C 1C e1 0 f2 f1 f1 Cycle: 7 6/17 Q e1 Q e2 EQ ≠ f1?e1 fail ? Memory Block: Working Cycle- no FT 0 rollBack 0 save f2 E f2 Q c3 Q E e2 1 0C 1C f1 0 g1 f2 f2 Cycle: 8 6/17 f1 Q f1 Q EQ ≠ f2=f1 fail 0 Memory Block: Working Cycle- no FT 0 rollBack 1 save f2 E f2 Q c3 Q E e2 1 0C 1C f2 0 g2 g1 Cycle: 9 6/17 f2 g1 Q f2 Q EQ ≠ f2?g1 fail ? Memory Block: Working Cycle 0 rollBack 0 save g2 Q E g2 f2 E f2 Q 1 0C 1C g1 0 h1 g2 Q g2 Cycle: 10 6/17 g1 Q g1 EQ ≠ g1=g2 fail 1 Transformation DTR CO PO Combinational Part φ InputR Buffers Sequential Part si DsoQ so ini:C FF co ci pi CombinationalRPartR rB rB SO clk SequentialRPart SI si Input stream upsampling x2 (original throughput/2) s r clk si MemoryRBlock so save ini:C2 rollBack fail DTR 1) Memory Cell ← Memory Block 2) Control Block Introduction 3) Input/Output Buffers Insertion so f so fail si ControlRBlock DTR ini:C2 7/17 s save r rollBack subst subst φ 2 save rollBack rB subst s r rB subst po OutputR Buffers PI CI Control Block 8/17 Input Buffer pi 0 b D Q D b' ci 1C Q rB 9/17 I added to each primary input I keeps last 2 bits For recovery recalculation I keeps last 2 bits During recovery for transparency Output Buffer rollBack subst save cB p D p' Q D Q muxA muxD sub cC 1C 0 muxB oC co cA o D Q oA D o' Q oC' oA' 1C o'' D 1C Q 1C EQ oB' ≠ 10/17 poB 0 muxC oB poA 0 0 poC fail I added to each primary output I adds a delay to emit correct values during recovery I fault-tolerant by itself to SET Experimental Results 11/17 Synthesis Results: Profiling b17, ITC’99 Hardwareg4coregcells3 70000 voters 60000 50000 40000 30000 20000 In./Out.buffers 1Ctr.block sequential combin. Memory block 10000 0 original TMR DTR area - in terms of Core Cells for Actel ProASIC3 FPGA Synthesised in Synopsys Synplify Pro’2009 12/17 Hardware (core cells) Synthesis Results: Big Circuits, ITC’99 70000 60000 50000 40000 30000 20000 10000 0 original TMR DTR b12 b14 b15 DTR = original x1.39-2.0 TMR = original x3.4- 3.9 TMR = DTR x1.9- 2.5 13/17 b20 b21 b22 b17 Synthesis Results: Small <100 mem. cells Hardware (core cells) 1800 1600 1400 1200 1000 800 600 400 200 0 original TMR DTR b02 b01 b06 b03 b09 b08 b10 b13 b07 b11 b05 b04 The advantage is smaller 14/17 Summary 15/17 Summary I Automatic circuits transformation for time-redundancy: I can be formally proved: ∀C : circuit, ∀i : inputs, ∀o : outputs, C i −→ o ⇒ ⇒ T (C) i −→ o faulty 16/17 I applicable to existing synthesis tools (Mentor Graphics, Xilinx, Synopsys) I 1.9-2.5 smaller than TMR (with double throughput loss) I stream processing, technologically independent, ... Thank you for your attention! Your Questions/Feedbacks are WELCOMED dmitry.burlyaev @ inria.fr 17/17
© Copyright 2026 Paperzz