Conception et test des circuits et systèmes numériques à haute fiabilité et sécurité

Research activities I carried on after my nomination as Chargé de Recherche deal with the definition of methodologies and tools for the design, the test and the reliability of secure digital circuits and trustworthy manufacturing. More recently, we have started a new research activity on the test of 3D stacked Integrated CIrcuits, based on the use of Through Silicon Vias. Moreover, thanks to the relationships I have maintained after my post-doc in Italy, I have kept on cooperating with Politecnico di Torino on the topics related to test and reliability of memories and microprocessors.Secure and Trusted DevicesSecurity is a critical part of information and communication technologies and it is the necessary basis for obtaining confidentiality, authentication, and integrity of data. The importance of security is confirmed by the extremely high growth of the smart-card market in the last 20 years. It is reported in "Le monde Informatique" in the article "Computer Crime and Security Survey" in 2007 that financial losses due to attacks on "secure objects" in the digital world are greater than $11 Billions. Since the race among developers of these secure devices and attackers accelerates, also due to the heterogeneity of new systems and their number, the improvement of the resistance of such components becomes today’s major challenge.Concerning all the possible security threats, the vulnerability of electronic devices that implement cryptography functions (including smart cards, electronic passports) has become the Achille’s heel in the last decade. Indeed, even though recent crypto-algorithms have been proven resistant to cryptanalysis, certain fraudulent manipulations on the hardware implementing such algorithms can allow extracting confidential information. So-called Side-Channel Attacks have been the first type of attacks that target the physical device. They are based on information gathered from the physical implementation of a cryptosystem. For instance, by correlating the power consumed and the data manipulated by the device, it is possible to discover the secret encryption key. Nevertheless, this point is widely addressed and integrated circuit (IC) manufacturers have already developed different kinds of countermeasures.More recently, new threats have menaced secure devices and the security of the manufacturing process. A first issue is the trustworthiness of the manufacturing process. From one side, secure devices must assure a very high production quality in order not to leak confidential information due to a malfunctioning of the device. Therefore, possible defects due to manufacturing imperfections must be detected. This requires high-quality test procedures that rely on the use of test features that increases the controllability and the observability of inner points of the circuit. Unfortunately, this is harmful from a security point of view, and therefore the access to these test features must be protected from unauthorized users. Another harm is related to the possibility for an untrusted manufacturer to do malicious alterations to the design (for instance to bypass or to disable the security fence of the system). Nowadays, many steps of the production cycle of a circuit are outsourced. For economic reasons, the manufacturing process is often carried out by foundries located in foreign countries. The threat brought by so-called Hardware Trojan Horses, which was long considered theoretical, begins to materialize.A second issue is the hazard of faults that can appear during the circuit’s lifetime and that may affect the circuit behavior by way of soft errors or deliberate manipulations, called Fault Attacks. They can be based on the intentional modification of the circuit’s environment (e.g., applying extreme temperature, exposing the IC to radiation, X-rays, ultra-violet or visible light, or tampering with clock frequency) in such a way that the function implemented by the device generates an erroneous result. The attacker can discover secret information by comparing the erroneous result with the correct one. In-the-field detection of any failing behavior is therefore of prime interest for taking further action, such as discontinuing operation or triggering an alarm. In addition, today’s smart cards use 90nm technology and according to the various suppliers of chip, 65nm technology will be effective on the horizon 2013-2014. Since the energy required to force a transistor to switch is reduced for these new technologies, next-generation secure systems will become even more sensitive to various classes of fault attacks.Based on these considerations, within the group I work with, we have proposed new methods, architectures and tools to solve the following problems:• Test of secure devices: unfortunately, classical techniques for digital circuit testing cannot be easily used in this context. Indeed, classical testing solutions are based on the use of Design-For-Testability techniques that add hardware components to the circuit, aiming to provide full controllability and observability of internal states. Because crypto‐ processors and others cores in a secure system must pass through high‐quality test procedures to ensure that data are correctly processed, testing of crypto chips faces a dilemma. In fact design‐for‐testability schemes want to provide high controllability and observability of the device while security wants minimal controllability and observability in order to hide the secret. We have therefore proposed, form one side, the use of enhanced scan-based test techniques that exploit compaction schemes to reduce the observability of internal information while preserving the high level of testability. From the other side, we have proposed the use of Built-In Self-Test for such devices in order to avoid scan chain based test.• Reliability of secure devices: we proposed an on-line self-test architecture for hardware implementation of the Advanced Encryption Standard (AES). The solution exploits the inherent spatial replications of a parallel architecture for implementing functional redundancy at low cost.• Fault Attacks: one of the most powerful types of attack for secure devices is based on the intentional injection of faults (for instance by using a laser beam) into the system while an encryption occurs. By comparing the outputs of the circuits with and without the injection of the fault, it is possible to identify the secret key. To face this problem we have analyzed how to use error detection and correction codes as counter measure against this type of attack, and we have proposed a new code-based architecture. Moreover, we have proposed a bulk built-in current-sensor that allows detecting the presence of undesired current in the substrate of the CMOS device.• Fault simulation: to evaluate the effectiveness of countermeasures against fault attacks, we developed an open source fault simulator able to perform fault simulation for the most classical fault models as well as user-defined electrical level fault models, to accurately model the effect of laser injections on CMOS circuits.• Side-Channel attacks: they exploit physical data-related information leaking from the device (e.g. current consumption or electro-magnetic emission). One of the most intensively studied attacks is the Differential Power Analysis (DPA) that relies on the observation of the chip power fluctuations during data processing. I studied this type of attack in order to evaluate the influence of the countermeasures against fault attack on the power consumption of the device. Indeed, the introduction of countermeasures for one type of attack could lead to the insertion of some circuitry whose power consumption is related to the secret key, thus allowing another type of attack more easily. We have developed a flexible integrated simulation-based environment that allows validating a digital circuit when the device is attacked by means of this attack. All architectures we designed have been validated through this tool. Moreover, we developed a methodology that allows to drastically reduce the time required to validate countermeasures against this type of attack.TSV- based 3D Stacked Integrated Circuits TestThe stacking process of integrated circuits using TSVs (Through Silicon Via) is a promising technology that keeps the development of the integration more than Moore’s law, where TSVs enable to tightly integrate various dies in a 3D fashion. Nevertheless, 3D integrated circuits present many test challenges including the test at different levels of the 3D fabrication process: pre-, mid-, and post- bond tests. Pre-bond test targets the individual dies at wafer level, by testing not only classical logic (digital logic, IOs, RAM, etc) but also unbounded TSVs. Mid-bond test targets the test of partially assembled 3D stacks, whereas finally post-bond test targets the final circuit.The activities carried out within this topic cover 2 main issues:• Pre-bond test of TSVs: the electrical model of a TSV buried within the substrate of a CMOS circuit is a capacitance connected to ground (when the substrate is connected to ground). The main assumption is that a defect may affect the value of that capacitance. By measuring the variation of the capacitance’s value it is possible to check whether the TSV is correctly fabricated or not. We have proposed a method to measure the value of the capacitance based on the charge/ discharge delay of the RC network containing the TSV.• Test infrastructures for 3D stacked Integrated Circuits: testing a die before stacking to another die introduces the problem of a dynamic test infrastructure, where test data must be routed to a specific die based on the reached fabrication step. New solutions are proposed in literature that allow reconfiguring the test paths within the circuit, based on on-the-fly requirements. We have started working on an extension of the IEEE P1687 test standard that makes use of an automatic die-detection based on pull-up resistors.Memory and Microprocessor Test and ReliabilityThanks to device shrinking and miniaturization of fabrication technology, performances of microprocessors and of memories have grown of more than 5 magnitude order in the last 30 years. With this technology trend, it is necessary to face new problems and challenges, such as reliability, transient errors, variability and aging.In the last five years I’ve worked in cooperation with the Testgroup of Politecnico di Torino (Italy) to propose a new method to on-line validate the correctness of the program execution of a microprocessor. The main idea is to monitor a small set of control signals of the processors in order to identify incorrect activation sequences. This approach can detect both permanent and transient errors of the internal logic of the processor.Concerning the test of memories, we have proposed a new approach to automatically generate test programs starting from a functional description of the possible faults in the memory.Moreover, we proposed a new methodology, based on microprocessor error probability profiling, that aims at estimating fault injection results without the need of a typical fault injection setup. The proposed methodology is based on two main ideas: a one-time fault-injection analysis of the microprocessor architecture to characterize the probability of successful execution of each of its instructions in presence of a soft-error, and a static and very fast analysis of the control and data flow of the target software application to compute its probability of success

A Hardware Security Solution against Scan-Based Attacks

Scan based Design for Test (DfT) schemes have been widely used to achieve high fault coverage for integrated circuits. The scan technique provides full access to the internal nodes of the device-under-test to control them or observe their response to input test vectors. While such comprehensive access is highly desirable for testing, it is not acceptable for secure chips as it is subject to exploitation by various attacks. In this work, new methods are presented to protect the security of critical information against scan-based attacks. In the proposed methods, access to the circuit containing secret information via the scan chain has been severely limited in order to reduce the risk of a security breach. To ensure the testability of the circuit, a built-in self-test which utilizes an LFSR as the test pattern generator (TPG) is proposed. The proposed schemes can be used as a countermeasure against side channel attacks with a low area overhead as compared to the existing solutions in literature

Metodologia de monitorização do envelhecimento para aplicações de auto-teste embutido

Dissertação de mestrado, Engenharia Eléctrica e Electrónica, Instituto Superior de Engenharia, Universidade do Algarve, 2013The high integration level achieved as well as complexity and performance enhancements in new nanometer technologies make IC (Integrated Circuits) products very difficult to test. Moreover, long term operation brings aging cumulative degradations, due to new processes and materials that lead to emerging defect phenomena and the consequence are products with increased variability in their behaviour, more susceptible to delay-faults and with a reduced expected lifecycle. The main objectives of this thesis are twofold, as explained in the following. First, a new software tool is presented to generate HDL (Hardware Description Language) for BIST (Built-In Self-Test) structures, aiming delay-faults, and inserted the new auto-test functionality in generic sequential CMOS circuits. The BIST methodology used implements a scan based BIST approach, using a new BIST controller to implement the Launch-On-Shift (LOS) and Launch-On-Capture (LOC) delay-fault techniques. Second, it will be shown that multi-VDD tests in circuits with BIST infra-structures can be used to detect gross delay-faults during on-field operations, and consequently can be used as an aging sensor methodology during circuits’ lifecycle. The discrete set of multi-VDD BIST sessions generates a Voltage Signature Collection (VSC) and the presence of a delay-fault (or a physical defect) modifies the VSC collection, allowing the aging sensor capability. The proposed Design for Testability (DFT) method and tool are demonstrated with extensive SPICE simulation using three ITC’99 benchmark circuits.O elevado nível de integração atingida, complexidade, assim como performances melhoradas em novas tecnologias nanométricas tornam os produtos em circuitos integrados tecnológicos muito difíceis de testar. Para além disso, a operação a longo prazo produz degradações cumulativas pelo envelhecimento dos circuitos, devido a novos processos e materiais que conduzem a novos defeitos e a consequência são produtos com maior variabilidade no seu funcionamento, mais susceptíveis às faltas de atraso e com um tempo de vida menor. Os principais objectivos desta tese são dois, como explicado em seguida. Primeiro, é apresentada uma nova ferramenta de software para gerar estruturas de auto-teste integrado (BIST, Built-In Self-Test) descritas em linguagens de descrição de hardware (HDL, Hardware Description Language), com o objectivo de detectar faltas de atraso, e inserir a nova funcionalidade de auto-teste em circuitos genéricos sequenciais CMOS. A metodologia de BIST utilizada implementa um procedimento baseado em caminhos de deslocamento, utilizando um novo controlador de BIST para implementar técnicas de faltas de atraso, como Launch-On-Shift (LOS) e Launch-On-Capture (LOC). Segundo, irá ser mostrado que testes multi-VDD em circuitos com infra-estruturas de BIST podem ser usados para detectar faltas de atraso grosseiras durante a operação no terreno e, consequentemente, pode ser usado como uma metodologia de sensor de envelhecimento durante o tempo de vida dos circuitos. Um número discreto de sessões BIST multi-VDD geram uma Colecção de Assinaturas de Tensão (Voltage Signature Collection, VSC) e a presença de uma falta de atraso (ou um defeito físico) faz modificar a colecção VSC, comportando-se como sensor de envelhecimento. O trabalho foi iniciado com o estudo do estado da arte nesta área. Assim, foram estudadas e apresentadas no capítulo 2 as principais técnicas de DfT (Design for Testability) disponíveis e utilizadas pela indústria, nomeadamente, as técnicas de SP (Scan Path), de BIST e as técnicas de scan para delay-faults, LOS e LOC. No capítulo 3, ainda referente ao estudo sobre o estado da arte, é apresentado o estudo sobre os fenómenos que provocam o envelhecimento dos circuitos digitais, nomeadamente o NBTI (Negative Bias Temperature Instability), que é considerado o factor mais relevante no envelhecimento de circuitos integrados (especialmente em nanotecnologias). Em seguida, iniciou-se o desenvolvimento do primeiro objectivo. Relativamente a este assunto, começou-se por definir qual o comportamento das estruturas de BIST e como se iriam interligar. O comportamento foi descrito, bloco a bloco, em VHDL comportamental, ao nível RTL (Register Transfer Level). Esta descrição foi então validada por simulação, utilizando a ferramenta ModelSim. Posteriormente, esta descrição comportamental foi sintetizada através da ferramenta Synopsys, com a colaboração do INESC-ID em Lisboa (instituição parceira nestes trabalhos de investigação), e foi obtida uma netlist ao nível de porta lógica, que foi guardada utilizando a linguagem de descrição de hardware Verilog. Assim, obtiveram-se dois tipos de descrição dos circuitos BIST: uma comportamental, em VHDL, e outra estrutural, em Verilog (esta descrição estrutural em Verilog irá permitir, posteriormente, fazer a simulação e análise de envelhecimento). A nova estrutura de BIST obtida é baseada no modelo clássico de BIST, mas apresenta algumas alterações, nomeadamente ao nível da geração de vectores de teste e no controlo e aplicação desses vectores ao circuito. Estas modificações têm como objectivo aumentar a detecção de faltas e permitir o teste de faltas de atraso. É composto por três blocos denominados LFSRs (Linear Feedback Shift Registers), um utilizado para gerar os vectores pseudo-aleatórios para as entradas primárias do circuito, outro para gerar os vectores para a entrada do scan path, e o último utilizado como contador para controlar o número de bits introduzidos no scan path. Relativamente ao controlador, este foi especificamente desenhado para controlar um teste com estratégia de test-per-scan (ou seja, um teste baseado no caminho de varrimento existente no circuito) e tem uma codificação de estados que permite implementar as estratégias de teste de faltas de atraso, Launch-On-Shift (LOS) e Launch-On-Capture (LOC). Na secção de saída do novo modelo de BIST, o processo de compactação usa o mesmo princípio do modelo tradicional, utilizando neste caso um MISR (Multiple Input Signature Register). Ainda relativamente ao primeiro objectivo, seguiu-se o desenvolvimento da ferramenta BISTGen, para automatizar a geração das estruturas de BIST atrás mencionadas, nos dois tipos de descrição, e automaticamente inserir estas estruturas num circuito de teste (CUT, Circuit Under Test). A aplicação de software deve permitir o manuseamento de dois tipos de informação relativa ao circuito: descrição do circuito pelo seu comportamento, em VHDL, e descrição do circuito pela sua estrutura, em Verilog. Deve ter como saída a descrição de hardware supra citada, inserindo todos os blocos integrantes da estrutura num só ficheiro, contendo apenas um dos tipos de linguagem (Verilog ou VHDL), escolhida previamente pelo utilizador. No caso dos LFSRs e do MISR, o programa deve permitir ao utilizador a escolha de LFSRs do tipo linear ou do tipo modular (também conhecidos por fibonacci ou galois), e deve também possuir suporte para automaticamente seleccionar de uma base de dados quais as realimentações necessárias que conduzem à definição do polinómio primitivo para o LFSR. Será necessário ainda criar uma estrutura em base de dados para gerir os nomes e o número de entradas e saídas do circuito submetido a teste, a que chamamos CUT, de forma a simplificar o processo de renomeação que o utilizador poderá ter de efectuar. Dar a conhecer ao programa os nomes das entradas e saídas do CUT é de relevante importância, uma vez que a atribuição de nomes para as entradas e saídas pode vir em qualquer língua ou dialecto, não coincidindo com os nomes padrão normalmente atribuídos. Relativamente às duas linguagens que o programa recebe através do CUT na sua entrada, no caso VHDL após inserir BIST o ficheiro final terá sempre uma estrutura semelhante, qualquer que seja o ficheiro a ser tratado, variando apenas com o hardware apresentado pelo CUT. No entanto, para o caso Verilog a situação será diferente, uma vez que o programa tem de permitir que o ficheiro final gerado possa surgir de duas formas dependendo da escolha desejada. A primeira forma que o software deve permitir para o caso Verilog é gerar um ficheiro contendo módulos, de uma forma semelhante ao que acontece no caso VHDL. No entanto, deve permitir também a obtenção, caso o utilizador solicite, de um ficheiro unificado, sem sub-módulos nos blocos, para que o ficheiro final contenha apenas uma única estrutura, facilitando a sua simulação e análise de envelhecimento nas etapas seguintes. Relativamente ao segundo objectivo, com base no trabalho anterior já efectuado em metodologias para detectar faltas de delay em circuitos com BIST, foi definida uma metodologia de teste para, durante a vida útil dos circuitos, permitir avaliar como vão envelhecendo, tratando-se assim de uma metodologia de monitorização de envelhecimento para circuitos com BIST. Um aspecto fundamental para a realização deste segundo objectivo é podermos prever como o circuito vai envelhecer. Para realizar esta tarefa, sempre subjectiva, utilizou-se uma ferramenta desenvolvida no ISE-UAlg em outra tese de mestrado anterior a esta, a ferramenta AgingCalc. Esta ferramenta inicia-se com a definição, por parte do utilizador, das probabilidades de operação das entradas primárias do circuito (probabilidades de cada entrada estar a ‘0’ ou a ‘1’). De notar que este é o processo subjectivo existente na análise de envelhecimento, já que é impossível prever como um circuito irá ser utilizado. Com base nestas probabilidades de operação, o programa utiliza a estrutura do circuito para calcular, numa primeira instância, as probabilidades dos nós do circuito estarem a ‘0’ ou a ‘1’, e numa segunda instância as probabilidades de cada transístor PMOS estar ligado e com o seu canal em stress (com uma tensão negativa aplicada à tensão VGS e um campo eléctrico aplicado ao dieléctrico da porta). Utilizando fórmulas definidas na literatura para modelação do parâmetro Vth (tensão limiar de condução) do transístor de acordo com um envelhecimento produzido pelo efeito NBTI (Negative Bias Temperature Instability), o programa calcula, para cada ano ou tempo de envelhecimento a considerar, as variações ocorridas no Vth de cada transístor PMOS, com base nas probabilidades e condições de operação previamente definidas, obtendo um novo Vth para cada transístor (os valores prováveis para os transístores envelhecidos). Em seguida, o programa instancia o simulador HSPICE para simular as portas lógicas do circuito, utilizando uma descrição que contém os Vth calculados. Esta simulação permite calcular os atrasos em cada porta para cada ano de envelhecimento considerado, podendo em seguida calcular e obter a previsão para o envelhecimento de cada caminho combinatório do circuito. É de notar que, embora a previsão de envelhecimento seja subjectiva, pois depende de uma previsão de operação, é possível definir diferentes probabilidades de operação de forma a estabelecer limites prováveis para o envelhecimento de cada caminho. Tendo uma ferramenta que permite prever como o circuito irá envelhecer, é possível utilizá-la para modificar a estrutura do circuito e introduzir faltas de delay produzidas pelo envelhecimento por NBTI ao longo dos anos de operação (modelados pelo Vth dos transístores PMOS). Assim, no capítulo 5 irá ser mostrado que testes multi-VDD em circuitos com infra-estruturas de BIST podem ser usados para detectar faltas de atraso grosseiras durante a operação no terreno, podendo em alguns casos identificar variações provocadas pelo envelhecimento em caminhos curtos, e consequentemente, estes testes podem ser usados como uma metodologia de sensor de envelhecimento durante o tempo de vida dos circuitos. Um número discreto de sessões BIST multi-VDD geram uma Colecção de Assinaturas de Tensão (Voltage Signature Collection, VSC) e a presença de uma falta de atraso (ou um defeito físico) faz modificar a colecção VSC, comportando-se como sensor de envelhecimento. O objectivo será, especificando, fazer variar a tensão de alimentação, baixando o seu valor dentro de um determinado intervalo e submetendo o circuito a sucessivas sessões de BIST para cada valor de tensão, até que o circuito retorne uma assinatura diferente da esperada. Este procedimento de simulação será feito para uma maturidade de até 20 anos, podendo o incremento não ser unitário. Na realidade os circuitos nos primeiros anos de vida em termos estatísticos não sofrem envelhecimento a ponto de causar falhas por esse efeito. As falhas que podem acelerar o processo de envelhecimento estão relacionadas com defeitos significativos no processo de fabrico mas que ainda assim não são suficientes para no início do seu ciclo de vida fazer o circuito falhar, tornando-se efectivas após algum tempo de utilização. Os métodos e ferramentas propostos de DfT são demonstrados com extensas simulações VHDL e SPICE, utilizando circuitos de referência

Design-for-delay-testability techniques for high-speed digital circuits

The importance of delay faults is enhanced by the ever increasing clock rates and decreasing geometry sizes of nowadays' circuits. This thesis focuses on the development of Design-for-Delay-Testability (DfDT) techniques for high-speed circuits and embedded cores. The rising costs of IC testing and in particular the costs of Automatic Test Equipment are major concerns for the semiconductor industry. To reverse the trend of rising testing costs, DfDT is\ud getting more and more important

Développement des techniques de test et de diagnostic pour les FPGA hiérarchique de type mesh

The evolution trend of shrinking feature size and increasing complexity in modern electronics is being slowed down due to physical limits that generate numerous imperfections and defects during fabrication steps or projected life time of the chip. Field Programmable Gate Arrays (FPGAs) are used in complex digital systems mainly due to their reconfigurability and shorter time-to-market. To maintain a high reliability of such systems, FPGAs should be tested thoroughly for defects. FPGA architecture optimization for area saving and better signal routability is an ongoing process which directly impacts the overall FPGA testability, hence the reliability. This thesis presents a complete strategy for test and diagnosis of manufacturing defects in mesh-based FPGAs containing a novel multilevel interconnects topology which promises to provide better area and routability. Efficiency of the proposed test schemes is analyzed in terms of test cost, respective fault coverage and diagnostic resolution.L’évolution tendant à réduire la taille et augmenter la complexité des circuits électroniques modernes, est en train de ralentir du fait des limitations technologiques, qui génèrent beaucoup de d’imperfections et de defaults durant la fabrication ou la durée de vie de la puce. Les FPGAs sont utilisés dans les systèmes numériques complexes, essentiellement parce qu’ils sont reconfigurables et rapide à commercialiser. Pour garder une grande fiabilité de tels systèmes, les FPGAs doivent être testés minutieusement pour les defaults. L’optimisation de l’architecture des FPGAs pour l’économie de surface et une meilleure routabilité est un processus continue qui impacte directement la testabilité globale et de ce fait, la fiabilité. Cette thèse présente une stratégie complète pour le test et le diagnostique des defaults de fabrication des “mesh-based FPGA” contenant une nouvelle topologie d’interconnections à plusieurs niveaux, ce qui promet d’apporter une meilleure routabilité. Efficacité des schémas proposes est analysée en termes de temps de test, couverture de faute et résolution de diagnostique

Autonomous Recovery Of Reconfigurable Logic Devices Using Priority Escalation Of Slack

Field Programmable Gate Array (FPGA) devices offer a suitable platform for survivable hardware architectures in mission-critical systems. In this dissertation, active dynamic redundancy-based fault-handling techniques are proposed which exploit the dynamic partial reconfiguration capability of SRAM-based FPGAs. Self-adaptation is realized by employing reconfiguration in detection, diagnosis, and recovery phases. To extend these concepts to semiconductor aging and process variation in the deep submicron era, resilient adaptable processing systems are sought to maintain quality and throughput requirements despite the vulnerabilities of the underlying computational devices. A new approach to autonomous fault-handling which addresses these goals is developed using only a uniplex hardware arrangement. It operates by observing a health metric to achieve Fault Demotion using Recon- figurable Slack (FaDReS). Here an autonomous fault isolation scheme is employed which neither requires test vectors nor suspends the computational throughput, but instead observes the value of a health metric based on runtime input. The deterministic flow of the fault isolation scheme guarantees success in a bounded number of reconfigurations of the FPGA fabric. FaDReS is then extended to the Priority Using Resource Escalation (PURE) online redundancy scheme which considers fault-isolation latency and throughput trade-offs under a dynamic spare arrangement. While deep-submicron designs introduce new challenges, use of adaptive techniques are seen to provide several promising avenues for improving resilience. The scheme developed is demonstrated by hardware design of various signal processing circuits and their implementation on a Xilinx Virtex-4 FPGA device. These include a Discrete Cosine Transform (DCT) core, Motion Estimation (ME) engine, Finite Impulse Response (FIR) Filter, Support Vector Machine (SVM), and Advanced Encryption Standard (AES) blocks in addition to MCNC benchmark circuits. A iii significant reduction in power consumption is achieved ranging from 83% for low motion-activity scenes to 12.5% for high motion activity video scenes in a novel ME engine configuration. For a typical benchmark video sequence, PURE is shown to maintain a PSNR baseline near 32dB. The diagnosability, reconfiguration latency, and resource overhead of each approach is analyzed. Compared to previous alternatives, PURE maintains a PSNR within a difference of 4.02dB to 6.67dB from the fault-free baseline by escalating healthy resources to higher-priority signal processing functions. The results indicate the benefits of priority-aware resiliency over conventional redundancy approaches in terms of fault-recovery, power consumption, and resource-area requirements. Together, these provide a broad range of strategies to achieve autonomous recovery of reconfigurable logic devices under a variety of constraints, operating conditions, and optimization criteria

Fehlercharakterisierung zuverlässiger Schaltungen im Selbsttest

Hochintegrierte Schaltungen können immer kleiner, höher getaktet und energieeffizienter hergestellt werden, allerdings können bedingt durch diese technologischen Trends auch vermehrt Schwachstellen im System entstehen. Diese Schwachstellen führen oft während des Produktionstests nicht zu einem Fehlverhalten der Schaltung, während des Betriebs allerdings droht durch die steigende Anfälligkeit gegenüber intrinsischen und äußeren Störeinflüssen sowie Alterungseffekten ein vorzeitiger Ausfall der Schaltung. Solche Frühausfälle werden „Early-Life Fehler“ genannt und können mit einem Standard- Test ohne weitere Anpassungen nicht erkannt werden. Indikatoren für einen Frühausfall können intermittierende Fehler, aber auch kleine Verzögerungsfehler sein. In dieser Arbeit wird ein Selbsttest vorgestellt, der eine Fehlercharakterisierung zur Erkennung von Systemschwachstellen und Vermeidung von Frühausfällen, speziell solche, die sich als intermittierender Fehler oder kleiner Verzögerungsfehler auswirken, mit geringem Hardware- und Zeitaufwand mittels eines Standard-Tests ermöglicht. Hierzu wird im Selbsttest zunächst zwischen permanenten und nicht-permanenten Fehlern unterschieden und eine Klassifikation der nicht- permanenten Fehler mit Hilfe eines voran geschalteten Diagnoseverfahrens und Bayesschen Berechnungen durchgeführt. Hierdurch lässt sich die Produktqualität ohne zusätzliche Ausbeuteverluste erhöhen. Zusätzlich wird ein Test mit erhöhter Betriebsfrequenz vorgestellt, der im Selbsttest kleine Verzögerungsfehler erkennt.As a result of the fact, that todays integrated circuits have smaller features sizes, higher frequencies and are more energy efficient, weak spots can occur in the system. These weak spots can be undetected by the production test, but during system operation they can lead to hard failures, because of increasing susceptibility to intrinsic and external disturbances or aging effects. This early system breakdown is called „early-life failure“ and cannot be detected by a standard test without any adjustments. Indicators of early-life failures could be intermittent faults and also small delay defects. In this thesis a built-in self-test is presented, which characterizes faulty behavior to detect weak spots and avoid early-life failures, especially caused by intermittent faults or small delay defects, with low hardware and time overhead by using a standard test set. In a first step, the test procedure can distinguish between permanent and non-permanent faults. After that, a diagnosis process and Bayesian reasoning implement the classification of the non-permanent faults. With this procedure the product quality can be increased without additional yield loss. Furthermore a Faster-than-at-Speed-Test (FAST) will be introduced, which allows detecting SDDs in a built-in self-test environment without any changes in the ATPG flow.von Dipl.-Wirt.-Ing. Thomas Indlekofer ; Erster Gutachter: Prof. Dr. Sybille Hellebrand, Zweiter Gutachter: Prof. Dr. Ilia PolianTag der Verteidigung: 03.03.2016Fakultät für Elektrotechnik, Informatik und Mathematik der Universität Paderborn, Univ., Dissertation, 201

Self-healing concepts involving fine-grained redundancy for electronic systems

The start of the digital revolution came through the metal-oxide-semiconductor field-effect transistor (MOSFET) in 1959 followed by massive integration onto a silicon die by means of constant down scaling of individual components. Digital systems for certain applications require fault-tolerance against faults caused by temporary or permanent influence. The most widely used technique is triple module redundancy (TMR) in conjunction with a majority voter, which is regarded as a passive fault mitigation strategy. Design by functional resilience has been applied to circuit structures for increased fault-tolerance and towards self-diagnostic triggered self-healing. The focus of this thesis is therefore to develop new design strategies for fault detection and mitigation within transistor, gate and cell design levels. The research described in this thesis makes three contributions. The first contribution is based on adding fine-grained transistor level redundancy to logic gates in order to accomplish stuck-at fault-tolerance. The objective is to realise maximum fault-masking for a logic gate with minimal added redundant transistors. In the case of non-maskable stuck-at faults, the gate structure generates an intrinsic indication signal that is suitable for autonomous self-healing functions. As a result, logic circuitry utilising this design is now able to differentiate between gate faults and faults occurring in inter-gate connections. This distinction between fault-types can then be used for triggering selective self-healing responses. The second contribution is a logic matrix element which applies the three core redundancy concepts of spatial- temporal- and data-redundancy. This logic structure is composed of quad-modular redundant structures and is capable of selective fault-masking and localisation depending of fault-type at the cell level, which is referred to as a spatiotemporal quadded logic cell (QLC) structure. This QLC structure has the capability of cellular self-healing. Through the combination of fault-tolerant and masking logic features the QLC is designed with a fault-behaviour that is equal to existing quadded logic designs using only 33.3% of the equivalent transistor resources. The inherent self-diagnosing feature of QLC is capable of identifying individual faulty cells and can trigger self-healing features. The final contribution is focused on the conversion of finite state machines (FSM) into memory to achieve better state transition timing, minimal memory utilisation and fault protection compared to common FSM designs. A novel implementation based on content-addressable type memory (CAM) is used to achieve this. The FSM is further enhanced by creating the design out of logic gates of the first contribution by achieving stuck-at fault resilience. Applying cross-data parity checking, the FSM becomes equipped with single bit fault detection and correction