Efficient Fault Injection based on Dynamic HDL Slicing Technique by Bagbaba, Ahmet Cagri et al.
2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any
current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new
collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other
works.
.
ar
X
iv
:2
00
2.
00
78
7v
1 
 [c
s.A
R]
  2
4 J
an
 20
20
Efficient Fault Injection based on Dynamic HDL
Slicing Technique
Ahmet Cagri Bagbaba∗†, Maksim Jenihhin†, Jaan Raik†, Christian Sauer∗
∗Cadence Design Systems, Munich, Germany; † Tallinn University of Technology, Tallinn, Estonia
Email: ∗{abagbaba, sauerc}@cadence.com, †{maksim.jenihhin, jaan.raik}@taltech.ee
Abstract—This work proposes a fault injection methodology
where Hardware Description Language (HDL) code slicing is
exploited to prune fault injection locations, thus enabling more
efficient campaigns for safety mechanisms evaluation. In partic-
ular, the dynamic HDL slicing technique provides for a highly
collapsed critical fault list and allows avoiding injections at
redundant locations or time-steps. Experimental results show that
the proposed methodology integrated into commercial tool flow
doubles the simulation speed when comparing to the state-of-the-
art industrial-grade EDA tool flows.
Index Terms—Fault injection, fault simulation, functional
safety, transient faults, ISO26262, RTL
I. INTRODUCTION
During the design of ISO26262 [1] compliant chips, de-
signers need to evaluate effectiveness of the design to deal
with random hardware faults. This is usually done by the fault
injection simulations. The goal of a fault injection experiment
is to exercise the system’s fault protection capabilities. Faults
which cause the system to fail in the absence of fault detection
capabilities are defined to be critical. A critical fault, if
undetected in presence of fault processing mechanism, will
result in a failure of the system under test. Using critical faults
to estimate fault coverage eliminates the possibility of fault
injection experiments to produce no errors. Several approaches
to generate the critical fault list to speed up the fault injection
campaigns have been proposed. However, to the best of the
authors’ knowledge this is the first work where dynamic HDL
slicing has been implemented in order to minimize the number
of fault injections. The main contributions proposed by this
work as follows:
• Dynamic slicing on HDL for critical fault list generation.
• Language-agnostic RTL fault injection.
As a result, significant speed-up of the fault injection
simulation is achieved. Experimental results show that the
proposed methodology doubles the simulation speed when
comparing to the state-of-the-art optimizations based on static
cone approach. Only fault model implemented in this paper
is based on single-clock-cycle bit-flip faults within the RTL
registers. This fault model is targeting single Single-Event-
Upsets (SEUs) in all the flip-flops of the design. The proposed
methodology is demonstrated on Cadence tools but it remains
applicable to other tool flows as well.
This research was supported by project RESCUE funded from the European
Unions Horizon 2020 research and innovation programme under the Marie
Sklodowaska-Curie grant agreement No 722325.
In the majority of the published literature [2], [3] fault
location and fault insertion time are randomly selected as
opposed to the methodology explained in this paper. In addi-
tion, previous works [4] have demonstrated that with randomly
selected fault lists the ratio of faults which do not produce
errors may range as low as 2 to 8 per cent, depending
on the system under simulation. Therefore, minimization of
fault injection locations has a potential to reduce the time
of the fault injection campaign significantly while allowing
injection and simulation of a considerably larger number of
relevant faults. Additionally, dynamic slicing technique is used
in [5], [6] for statistical bug localization in RTL. Different
from the works listed above, this paper proposes a dynamic
HDL slicing based technique that implicitly covers the golden
run fault collapsing, thereby significantly speeding up the fault
injection process.
II. PROPOSED METHODOLOGY
The proposed methodology is outlined in Fig. 1. We explain
the details of the methodology in the following paragraphs by
using a motivational example depicted in Fig. 2.
Static slice(1) shows the dependency between HDL state-
ments [7]. Static slice column in Fig. 2 shows the HDL
statements which are in static slice of TAR F output. Fig. 2
also implies that, static slice does not depend on clock cycles
(shown as C1, C2, C3, C4 and C5). In this work, Cadence®
JasperGold Formal Verification Platform is used to calculate
backward static slice.
In parallel to static slicing step, the RTL design is simulated
in Cadence® Xcelium™ simulator to dump and analyse cov-
erage data(2). In this step, we dump coverage data for each
clock cycle so that we can find what statements in the RTL are
executed for each clock cycle. In the proposed methodology,
one clock cycle defines the size of our dynamic slice. We use
code coverage which measures how thoroughly a testbench
exercises the lines of HDL code. At the end of this step, we
Fig. 1. Proposed Dynamic HDL slicing based fault injection methodology.
generate executed statements to use it in the next step. Fig. 2
shows executed statements for five clock cycles (C1, C2, C3,
C4, C5).
Dynamic slicing(3), as it is implemented here, includes
those statements that actually affect the value of a variable
for a particular set of inputs of the RTL so it is computed on
a given input [8]. It provides more narrow slices than static
slice and consists of only the statements that effect the value
of a variable for a given input. In a nutshell, dynamic slice is
the intersection of static slice and executed statements as in
the Fig. 2. For instance, during the time window C5, register
FF (Line 27) is not in dynamic slice meaning that we do not
need to inject fault in FF at C5 time window. Dynamic slice
gives us critical faults and eliminates those faults that are not
critical. In this way, we manage to reduce fault list by injecting
only critical faults. This provides significant speed-up in the
fault injection simulation time as each injected fault increases
total run time of fault injection campaign.
For the fault injection simulation step(4), we use Cadence®
Xcelium™ Fault Simulator. Fault injection simulation selects
critical faults from the dynamic slices, injects them at the
specified time and evaluates the fault propagation.
III. EXPERIMENTAL RESULTS
In order to verify the accuracy of proposed fault injection
method, we firstly integrate our methodology into Cadence
flow, then we execute our application on different designs
that are available in [9] and [10]. Table I shows the details
for both static slice which is state-of-the-art approach and
dynamic slice optimization. For the smaller chopper example,
total CPU time of overall regression is reduced to 1.2s when
compared to static slice optimizations. For the more complex
simple spi design, two-dimensional memory is selected as a
fault target. As a result, we reduce the fault list to the critical
faults and achieve 11.2 times shorter CPU time in dynamic
slice optimization.
IV. CONCLUSIONS
This paper proposes a methodology to optimize fault in-
jection campaigns by pruning the fault list to the critical
faults identified using a dynamic HDL slicing technique that
provides for fault list collapsing. In this way, we narrow down
the fault space and reduce execution time of fault injection
simulation campaigns. Experimental results show that we
achieve significant speed-up of the fault injection simulation
when comparing to the state-of-the-art flows.
Fig. 2. HDL slicing on a motivational example chopper [9].
REFERENCES
[1] I. S. Organization, “Iso 26262 - road vehicles - functional safety,”
International Organization for Standardization, 2011.
[2] X. Iturbe, B. Venu, and E. Ozer, “Soft error vulnerability assessment
of the real-time safety-related arm cortex-r5 cpu,” in 2016 IEEE In-
ternational Symposium on Defect and Fault Tolerance in VLSI and
Nanotechnology Systems (DFT), Sept 2016, pp. 91–96.
[3] R. Travessini, P. R. C. Villa, F. L. Vargas, and E. A. Bezerra, “Processor
core profiling for seu effect analysis,” in 2018 IEEE 19th Latin-American
Test Symposium (LATS), March 2018, pp. 1–6.
[4] J. Raik, U. Repinski, M. Jenihhin, and A. Chepurov, “High-level decision
diagram simulation for diagnosis and soft-error analysis,” Design and
Test Technology for Dependable Systems-on-Chip, pp. 294–309, 2011.
[5] M. Jenihhin, A. Tepurov, V. Tihhomirov, J. Raik, H. Hantson, R. Ubar,
G. Bartsch, J. H. M. Escobar, and H. Wuttke, “Automated design error
localization in rtl designs,” IEEE Design Test, vol. 31, no. 1, pp. 83–92,
Feb 2014.
[6] U. Repinski, H. Hantson, M. Jenihhin, J. Raik, R. Ubar, G. D.
Guglielmo, G. Pravadelli, and F. Fummi, “Combining dynamic slicing
and mutation operators for esl correction,” in 2012 17th IEEE European
Test Symposium (ETS), May 2012, pp. 1–6.
[7] M. Iwaihara, M. Nomura, S. Ichinose, and H. Yasuura, “Program slicing
on vhdl descriptions and its applications,” 1996.
[8] B. Korel and J. Laski, “Dynamic program slicing,” Inf. Process.
Lett., vol. 29, no. 3, pp. 155–163, Oct. 1988. [Online]. Available:
http://dx.doi.org/10.1016/0020-0190(88)90054-3
[9] E. M. Clarke, M. Fujita, S. P. Rajan, T. W. Reps, S. Shankar, and
T. Teitelbaum, “Program slicing for vhdl,” International Journal on
Software Tools for Technology Transfer, vol. 4, pp. 125–137, 2002.
[10] (2018) Opencores. [Online]. Available: http://www.opencores.org
TABLE I
FAULT INJECTION CAMPAIGN RESULTS FOR CHOPPER AND SIMPLE SPI DESIGNS
Design Name chopper simple spi
Optimization type Static Slice Dynamic Slice Static Slice Dynamic Slice
Observation list tar f dat o
Fault target F0, FF dynamic slices mem[][] dynamic slices
Total number of injected faults 410 255 210080 960
Number of detected faults 220 137 1696 609
Number of undetected faults 190 118 208384 351
Total CPU time of overall regression 1.33s 1.2s 171.5s 15.2s
