Michael Rogenmoser,Nils Wistoff,Pirmin Vogel,Frank Gürkaynak,Luca Benini

DOI: https://doi.org/10.1109/ISVLSI54635.2022.00089

2023-10-03

Abstract:With the shrinking of technology nodes and the use of parallel processor clusters in hostile and critical environments, such as space, run-time faults caused by radiation are a serious cross-cutting concern, also impacting architectural design. This paper introduces an architectural approach to run-time configurable soft-error tolerance at the core level, augmenting a six-core open-source RISC-V cluster with a novel On-Demand Redundancy Grouping (ODRG) scheme. ODRG allows the cluster to operate either as two fault-tolerant cores, or six individual cores for high-performance, with limited overhead to switch between these modes during run-time. The ODRG unit adds less than 11% of a core's area for a three-core group, or a total of 1% of the cluster area, and shows negligible timing increase, which compares favorably to a commercial state-of-the-art implementation, and is 2.5$\times$ faster in fault recovery re-synchronization. Furthermore, when redundancy is not necessary, the ODRG approach allows the redundant cores to be used for independent computation, allowing up to 2.96$\times$ increase in performance for selected applications.

Distributed, Parallel, and Cluster Computing,Hardware Architecture,Signal Processing

Douglas A. Santos,Pablo M. Aviles,André M. P. Mattos,Mario García-Valderas,Luis Entrena,Almudena Lindoso,Luigi Dilillo

DOI: https://doi.org/10.1109/tns.2024.3406021

IF: 1.703

2024-08-21

IEEE Transactions on Nuclear Science

Abstract:The New Space era has driven a wide array of applications in novel space missions with an increasing demand for processors with high computational capabilities while simultaneously maintaining low power consumption, flexibility, and reliability. Soft-core processors based on commercial off-the-shelf (COTS) technologies have emerged as a viable alternative that can meet these requirements but need to be hardened to operate in harsh environments. In this work, we propose and apply fault tolerance strategies based on software recovery using checkpoint and rollback operations to extend the capabilities of a hardened soft-core RISC-V-based system-on-chip. The proposed strategy relies on the fault awareness provided by the system-on-chip hardening to trigger the software recovery without the addition of dedicated structures or processor cores. Notably, we investigate the effectiveness of this multilayer hardening strategy, which combines software recoverability and hardware redundancy. For that, a neutron irradiation campaign was performed. The results show the effectiveness of the proposed approach, achieving 45.09% of effective software recovery operations with low overhead for performance and resource utilization.

engineering, electrical & electronic,nuclear science & technology

Francesco Vigli,Marcello Barbirotta,Abdallah Cheikh,Francesco Menichelli,Antonio Mastrandrea,Mauro Olivieri

DOI: https://doi.org/10.1109/access.2024.3366806

IF: 3.9

2024-03-06

IEEE Access

Abstract:The low probability of single event upsets (SEU) within particular satellite orbits, makes Commercial-off-the-shelf (COTS) electronic components a viable solution for space system implementation, thanks to the introduction of design-level fault tolerance techniques at the expense of some performance/energy/area penalty. This paper illustrates the design and validation of a novel RISC-V dual-core architecture, based on a computing paradigm that we refer to as full/partial heterogeneous multi-core protection. The approach relies on a small, low-performance, fully fault-tolerant core (LP core) coupled with a high-performance partially fault-tolerant core (HP core). The computing paradigm assumes the failure-exposed HP core executes computation intensive routines for relatively short periods of time, making the occurrence of failures a statistically unlikely situation, while the fully fault-tolerant LP core operates in critical control tasks and manages the failure recovery of the high-performance core. The execution time percentage in the LP core varies from a minimum of 11.4% up to a maximum of 91.3% while in the HP core it is between 8.7% and 88.6%, depending on the application. In the proposed study, both the cores belong to the RISC-V compliant Klessydra core family. The dual-core architecture also includes a watchdog timer controlled by the LP core and monitoring the non-protected HP core, and a context switch FIFO that speeds up the code and data switch between the two cores during failure recovery. A dedicated run-time software environment coordinates the execution of tasks on the high-performance core in a resilient fashion. The dual-core processor has been validated through extensive RTL simulations running in an UVM-based fault-injection environment, which emulates SEUs at various rates. Experimental results illustrate the benefits and limits obtained by using a heterogeneous architecture with different levels of protection and performance. The failure probability assuming a SEU fault occurrence can be reduced by a factor between 10X and 30X with respect to the non-protected architecture, leading to an average failure rate of up to 4.00E-06 per second with respect to 1.80E-05 per second in the non-protected architecture.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hanfei Chen,Jingxiang Dong,Youxian Sun

DOI: https://doi.org/10.1109/wcica.2004.1342252

2004-01-01

Abstract:N-modular redundancy are widely used in the ultra-reliable real-time fault-tolerant systems. Previous NMR systems often relay on special hardware and special operating systems, and the relationship between the critical tasks and operating system is tight, so it's difficult to system's porting, updating and maintenance. In this paper, we present a new task model for COTS-based NMR systems. By taking full advantage of COTS operating system's kernel function, this model not only satisfies the real-time requirement, but also masks the complexity of NMR system, and gets rid of the defect of previous systems. We also analyzed the real time performance of the tasks that adopt this new model.

AN Peng,SHAO Beibei,ZHANG Jian

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.11.001

2009-01-01

Abstract:The standby-state switching time impacts system performance of quadruple modular redundancy structures. The paper describes a parallel structure for a quadruple modular redundancy system, and analyzes the reliability and security. The high-reliability computing platform design uses PowerPC serial processors, two sets of state evaluations based on field programmable gate array (FPGA) in a dual-core system and embedded software-core Nios Ⅱ. The use of competitive output at the output module gives seamless switching. Tests show that the entire system provides excellent real-time reliability for use in all kinds of systems demanding reliability and safety.

Douglas A. Santos,André M. P. Mattos,Douglas R. Melo,Luigi Dilillo

DOI: https://doi.org/10.3390/electronics12122557

IF: 2.9

2023-06-06

Electronics

Abstract:Recent research has shown interest in adopting the RISC-V processors for high-reliability electronics, such as aerospace applications. The openness of this architecture enables the implementation and customization of the processor features to increase their reliability. Studies on hardened RISC-V processors facing harsh radiation environments apply fault tolerance techniques in the processor core and peripherals, exploiting system redundancies. In prior work, we present a hardened RISC-V System-on-Chip (SoC), which could detect and correct radiation-induced faults with limited fault awareness. Therefore, in this work, we propose solutions to extend the fault observability of the SoC implementation by providing error detection and monitoring. For this purpose, we introduce observation features in the redundant structures of the system, enabling the report of valuable information that supports enhanced radiation testing and support the application to perform actions to recover from critical failures. Thus, the main contribution of this work is a solution to improve fault awareness and the analysis of the fault models in the system. In order to validate this solution, we performed complementary experiments in two irradiation facilities, comprehending atmospheric neutrons and a mixed-field environment, in which the system proved to be valuable for analyzing the radiation effects on the processor core and its peripherals. In these experiments, we were able to obtain a range of error reports that allowed us to gain a deeper understanding of the faults mechanisms, as well as improve the characterization of the SoC.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yan Li,Yufeng Li,Han Jie,Jianhao Hu,Fan Yang,Xuan Zeng,Bruce Cockburn,Jie Chen

DOI: https://doi.org/10.1109/tvlsi.2018.2819896

2018-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Triple-modular redundancy (TMR), which consists of three identical modules and a voting circuit, is a common architecture for soft-error tolerance. However, the original TMR suffers from two major drawbacks: the large area overhead and the vulnerability of the voter. In order to overcome these drawbacks, we propose a new complementary dual-modular redundancy (CDMR) scheme for mitigating the effect of soft errors. Inspired by the Markov random field (MRF) theory, a two-stage voting system is implemented in CDMR, including a first-stage optimal MRF structure and a second-stage high-performance merging unit. The CDMR scheme can reduce the voting circuit area by 20% while saving the area of one redundant module, achieving at least 26% error-rate reduction at an ultralow supply voltage of 0.25 V with 8.33% faster timing compared to previous voter designs.

Sergio Mazzola,Samuel Riedel,Luca Benini

DOI: https://doi.org/10.1109/tvlsi.2024.3415486

2024-08-28

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Systolic arrays and shared-L1-memory manycore clusters are commonly used architectural paradigms that offer different trade-offs to accelerate parallel workloads. While the first excel with regular dataflow at the cost of rigid architectures and complex programming models, the second are versatile and easy to program but require explicit dataflow management and synchronization. This work aims at enabling efficient systolic execution on shared-L1-memory manycore clusters. We devise a flexible architecture where small and energy-efficient RISC-V cores act as the systolic array's processing elements (PEs) and can form diverse, reconfigurable systolic topologies through queues mapped in the cluster's shared memory. We introduce two low-overhead RISC-V instruction set architecture (ISA) extensions for efficient systolic execution, namely Xqueue and queue-linked registers (QLRs), which support queue management in hardware. The Xqueue extension enables single-instruction access to shared-memory-mapped queues, while QLRs allow implicit and autonomous access to them, relieving the cores of explicit communication instructions. We demonstrate Xqueue and QLRs in MemPool, an open-source shared-memory cluster with 256 PEs, and analyze the hybrid systolic-shared-memory architecture's trade-offs on several digital signal processing (DSP) kernels with diverse arithmetic intensity. For an area increase of just 6%, our hybrid architecture can double MemPool's compute unit utilization, reaching up to 73%. In typical conditions (TT/0.80 V/25 °C), in a 22-nm FDX technology, our hybrid architecture runs at 600 MHz with no frequency degradation and is up to 65% more energy efficient than the shared-memory baseline, achieving up to 208 GOPS/W, with up to 63% of power spent in the PEs.

engineering, electrical & electronic,computer science, hardware & architecture

Sergio Mazzola,Samuel Riedel,Luca Benini

2024-02-20

Abstract:Systolic arrays and shared L1-memory manycore clusters are commonly used architectural paradigms that offer different trade-offs to accelerate parallel workloads. While the first excel with regular dataflow at the cost of rigid architectures and complex programming models, the second are versatile and easy to program but require explicit data flow management and synchronization. This work aims at enabling efficient systolic execution on shared L1-memory manycore clusters. We devise a flexible architecture where small and energy-efficient RISC-V cores act as the systolic array's processing elements (PEs) and can form diverse, reconfigurable systolic topologies through queues mapped in the cluster's shared memory. We introduce two low-overhead RISC-V ISA extensions for efficient systolic execution, namely Xqueue and Queue-linked registers (QLRs), which support queue management in hardware. The Xqueue extension enables single-instruction access to shared-memory-mapped queues, while QLRs allow implicit and autonomous access to them, relieving the cores of explicit communication instructions. We demonstrate Xqueue and QLRs in MemPool, an open-source manycore cluster with 256 PEs, and analyze the hybrid systolic-shared-memory architecture's trade-offs on matrix multiplication, convolution, and FFT kernels. For an area increase of just 6%, our hybrid architecture almost doubles MemPool's compute unit utilization to up to 95% and significantly improves energy efficiency, achieving up to 63% of power spent in the PEs. In typical conditions (TT/0.80V/25{\deg}C) in a 22nm FDX technology, our hybrid architecture runs at 600MHz with no frequency degradation and is up to 64% more energy efficient than the shared-memory baseline, achieving up to 208GOPS/W.

Hardware Architecture

Michael Rogenmoser,Luca Benini

DOI: https://doi.org/10.1109/ICECS58634.2023.10382727

2023-10-03

Abstract:One of the key challenges when operating microcontrollers in harsh environments such as space is radiation-induced Single Event Upsets (SEUs), which can lead to errors in computation. Common countermeasures rely on proprietary radiation-hardened technologies, low density technologies, or extensive replication, leading to high costs and low performance and efficiency. To combat this, we present Trikarenos, a fault-tolerant 32-bit RISC-V microcontroller SoC in an advanced TSMC 28nm technology. Trikarenos alleviates the replication cost by employing a configurable triple-core lockstep configuration, allowing three Ibex cores to execute applications reliably, operating on ECC-protected memory. If reliability is not needed for a given application, the cores can operate independently in parallel for higher performance and efficiency. Trikarenos consumes 15.7mW at 250MHz executing a fault-tolerant matrix-matrix multiplication, a 21.5x efficiency gain over state-of-the-art, and performance is increased by 2.96x when reliability is not needed for processing, with a 2.36x increase in energy efficiency.

Hardware Architecture

Riccardo Tedeschi,Luca Valente,Gianmarco Ottavi,Enrico Zelioli,Nils Wistoff,Massimiliano Giacometti,Abdul Basit Sajjad,Luca Benini,Davide Rossi

2024-08-12

Abstract:Symmetric Multi-Processing (SMP) based on cache coherency is crucial for high-end embedded systems like automotive applications. RISC-V is gaining traction, and open-source hardware (OSH) platforms offer solutions to issues such as IP costs and vendor dependency. Existing multi-core cache-coherent RISC-V platforms are complex and not efficient for small embedded core clusters. We propose an open-source SystemVerilog implementation of a lightweight snoop-based cache-coherent cluster of Linux-capable CVA6 cores. Our design uses the MOESI protocol via the Arm's AMBA ACE protocol. Evaluated with Splash-3 benchmarks, our solution shows up to 32.87% faster performance in a dual-core setup and an average improvement of 15.8% over OpenPiton. Synthesized using GF 22nm FDSOI technology, the Cache Coherency Unit occupies only 1.6% of the system area.

Systems and Control

Qingsong Shi,Chen Jian,Nan Zhang,Mingteng Cao,Tianzhou Chen

DOI: https://doi.org/10.1109/SEC.2008.29

2008-01-01

Abstract:Chip multiprocessor (CMP) will become more popular in embedded systems. As clock frequency increases, dependency among core blocks rises, which therefore tends to reduce performance of system and be more unstable. Redundancy is a way to improve the dependability of the system. But the traditional methods cannot make full use of the computing capacity of CMP. In this paper, we propose a new redundancy mechanism. The whole system is reorganized using lightweight virtualization. A group of processors and a block of memory are treated as a single logical computing unit each of which corresponds to a processer separately. In this way, only a distributor and an arbiter need to be added into operating system with least effort. The distributor dispatches one task to all the logical computing units. After execution, the arbiter gathers all results to analyze whether they are dependable. Because the distributor and the arbiter are very simple, total overhead of the system are very low. Experiment results show the proposed method is practical with average overhead less than 8%.

Padmanabhan Balasubramanian

DOI: https://doi.org/10.3390/technologies11030080

2023-06-19

Technologies

Abstract:Electronic circuits/systems operating in harsh environments such as space are likely to experience faults or failures due to the impact of high-energy radiation. Given this, to overcome any faults or failures, redundancy is usually employed as a hardening-by-design approach. Moreover, low power and a small silicon footprint are also important considerations for space electronics since these translate into better energy efficiency, less system weight, and less cost. Therefore, the fault-tolerant design of electronic circuits and systems should go hand in hand with the optimization of design metrics, especially for resource-constrained electronics such as those used in space systems. A single circuit or system (also called a simplex implementation) is not fault-tolerant as it may become a single point of failure and is not used for a space application. As an alternative, a triple modular redundancy (TMR) implementation, which uses three identical copies of a circuit or system and a voter to perform majority voting of the circuits and systems outputs, may be used. However, in comparison with a simplex implementation, a TMR implementation consumes about 200% more area and dissipates 200% more power when circuits or systems are triplicated. To mitigate the area and power overheads of a TMR implementation compared to a simplex implementation, researchers have suggested alternative redundancy approaches such as selective TMR (STMR) insertion, partially approximate TMR (PATMR), fully approximate TMR (FATMR), and majority voting-based reduced precision redundancy (VRPR). Among these, VRPR appears to be promising, especially for inherently error-tolerant applications such as digital image/video/audio processing, which is relevant to space systems. However, the alternative redundancy approaches mentioned are unlikely to be suitable for the implementation of control logic. In this work, we analyze various redundancy approaches and evaluate the performance of TMR and VRPR for a digital image processing application. We provide MATLAB-based image processing results corresponding to TMR and VRPR and physical implementation results of functional units based on TMR and VRPR using a 28-nm CMOS technology.

Shengyang Mao,Leibo Liu

DOI: https://doi.org/10.1109/iceiec.2016.7589689

2016-01-01

Abstract:Hardware Trojans have become a significant threat to computing reliability and data security in reconfigurable hardware. One of the most effective techniques of run-time detection and recovery is based on Triple Modular Redundancy (TMR) mechanism; however, this mechanism causes a large resource overhead because the protected circuit needs to be totally duplicated twice for detection stage and decision stage. This paper proposes a novel methodology called Optimal Partitioning Triple Modular Redundancy (OPTMR) that optimizes the Data Flow Graph (DFG) partitioning to reduce the total overhead of TMR. The mathematical relationship between DFG partitioning and total overhead is discussed and the principle of DFG node division is presented. The efficiency and effectiveness of OPTMR is verified through simulation on an actual Field Programmable Gate Array (FPGA) device.

Florian Glaser,Giuseppe Tagliavini,Davide Rossi,Germain Haugou,Qiuting Huang,Luca Benini

DOI: https://doi.org/10.48550/arXiv.2004.06662

2020-04-15

Abstract:The steeply growing performance demands for highly power- and energy-constrained processing systems such as end-nodes of the internet-of-things (IoT) have led to parallel near-threshold computing (NTC), joining the energy-efficiency benefits of low-voltage operation with the performance typical of parallel systems. Shared-L1-memory multiprocessor clusters are a promising architecture, delivering performance in the order of GOPS and over 100 GOPS/W of energy-efficiency. However, this level of computational efficiency can only be reached by maximizing the effective utilization of the processing elements (PEs) available in the clusters. Along with this effort, the optimization of PE-to-PE synchronization and communication is a critical factor for performance. In this work, we describe a light-weight hardware-accelerated synchronization and communication unit (SCU) for tightly-coupled clusters of processors. We detail the architecture, which enables fine-grain per-PE power management, and its integration into an eight-core cluster of RISC-V processors. To validate the effectiveness of the proposed solution, we implemented the eight-core cluster in advanced 22nm FDX technology and evaluated performance and energy-efficiency with tunable microbenchmarks and a set of real-life applications and kernels. The proposed solution allows synchronization-free regions as small as 42 cycles, over 41 times smaller than the baseline implementation based on fast test-and-set access to L1 memory when constraining the microbenchmarks to 10% synchronization overhead. When evaluated on the real-life DSP-applications, the proposed SCU improves performance by up to 92% and 23% on average and energy efficiency by up to 98% and 39% on average.

Hardware Architecture,Signal Processing

Michael Rogenmoser,Philip Wiese,Bruno Endres Forlin,Frank K. Gürkaynak,Paolo Rech,Alessandra Menicucci,Marco Ottavi,Luca Benini

2024-07-08

Abstract:We present a fault-tolerant by-design RISC-V SoC and experimentally assess it under atmospheric neutrons and 200 MeV protons. The dedicated ECC and Triple-Core Lockstep countermeasures correct most errors, guaranteeing a device cross-section lower than $5.36 \times 10^{-12}$ cm$^2$.

Instrumentation and Detectors,Hardware Architecture,High Energy Physics - Experiment

Yimao Cai,Yuanfu Zhao,Lidong Lan

DOI: https://doi.org/10.1109/icssem.2011.6081320

2011-01-01

Abstract:High reliability is usually the most important requirement in space applications. There is no hardware repair for them. Long mission times and harsh environment are a challenge for electronic circuits, and particular error mitigation techniques have to be implemented in order to be able to cope with the expected error effects. Always, Triple Modular Redundancy (TMR) is relied mostly to prevent SEUs from causing functional errors. And in recent decades, SRAM-based FPGAs are used a lot in space for its high performance and flexibility. However, use of FPGAs in space applications can also be challenging. They are too susceptible to transient faults, such as SEUs. Reconfiguration provides more possibilities for SRAM-based FPGAs into space. Reconfigurable technology solves the disadvantage that the TMR modules cannot heal the error themselves. Additionally, reconfiguration is an improvement in terms of resource utilization and costs. In this paper, TMR and reconfigurable computing are combined to level up the reliability of the space applications. The paper proposed a reconfigurable computing architecture based on a TMR system. A new kind of reconfigurable architecture using SoP (system-on-a-package) technology is presented. Also, a whole space application will be presented.

Dmitrii Kuvaiskii,Oleksii Oleksenko,Pramod Bhatotia,Pascal Felber,Christof Fetzer

DOI: https://doi.org/10.48550/arXiv.1604.00500

2016-08-24

Abstract:Instruction-Level Redundancy (ILR) is a well-known approach to tolerate transient CPU faults. It replicates instructions in a program and inserts periodic checks to detect and correct CPU faults using majority voting, which essentially requires three copies of each instruction and leads to high performance overheads. As SIMD technology can operate simultaneously on several copies of the data, it appears to be a good candidate for decreasing these overheads. To verify this hypothesis, we propose Elzar, a compiler framework that transforms unmodified multithreaded applications to support triple modular redundancy using Intel AVX extensions for vectorization. Our experience with several benchmark suites and real-world case-studies yields mixed results: while SIMD may be beneficial for some workloads, e.g., CPU-intensive ones with many floating-point operations, it exhibits higher overhead than ILR in many applications we tested. We study the sources of overheads and discuss possible improvements to Intel AVX that would lead to better performance.

Distributed, Parallel, and Cluster Computing

Lucas Matana Luza,D. Melo,D. Santos,André M. P. Mattos,L. Dilillo,C. Cazzaniga,M. Kastriotou

DOI: https://doi.org/10.1109/DFT56152.2022.9962335

2022-10-19

Abstract:The radiation in harsh environments affects electronic systems, inducing permanent and temporary errors. These effects lead to unpredictable behaviors detrimental to critical applications and fail-safe systems. This work evaluates the reliability of a fault-tolerant RISC-V System-on-Chip (SoC) under atmospheric neutron irradiation in a particle accelerator. Prior work has analyzed the effectiveness of the hardening techniques of this SoC in simulation and provided a preliminary characterization in an irradiation facility. The applied hardening techniques showed a significant reliability improvement compared to the unhardened implementation of the SoC. The system executed a performance benchmark as workload, which finished correctly in most runs despite suffering from Single Event Effects (SEEs). This work presents a detailed analysis of the experimental results, reporting error rates and classification, extending the analysis given in previous works. Finally, a comprehensive discussion of implementation limitations and the proposition of further improvements are provided.

Physics,Engineering,Computer Science

Andrea Höller,Tobias Rauter,Johannes Iber,Georg Macher,Christian Kreiner

DOI: https://doi.org/10.48550/arXiv.1511.03528

2015-11-22

Abstract:The ever growing demands of embedded systems to satisfy high computing performance and cost efficiency lead to the trend of using commercial off-the-shelf hardware. However, due to their highly integrated design they are becoming increasingly susceptible to hardware errors (e.g. caused by radiation-induced soft-errors or wear-out effects). Since such faults cannot be fully prevented, systems have to cope with their effects. At the same time there is the trend of multi-core processors in embedded systems. Approaches to achieve fault tolerance by using the multiple cores to establish redundancy have been presented in literature. However, typically only homogeneous redundancy techniques are considered to tolerate soft errors. However, there is a lack of appropriate reaction mechanisms for restoring the system in case of permanent hardware faults. Here, we propose the basic idea of enhancing multi-core redundancy techniques with a cost-efficient automated introduction of diversity in the executed software replicas. Recently, these automated software diversity techniques have attracted attention in the security domain. We propose to use these techniques to recover from permanent hardware faults. This is achieved by adapting the software execution in such a way that permanent faults are mitigated.

Software Engineering,Emerging Technologies