Dependable Embedded Systems Jörg Henkel 2025 easy

download

Now available at textbookfull.com

( 4.5/5.0 ★ | 161 downloads )

https://textbookfull.com/product/dependable-embedded-systems-jorg-
henkel/
 Dependable Embedded Systems Jörg Henkel

TEXTBOOK

Available Formats

■ PDF eBook Study Guide Ebook

EXCLUSIVE 2025 ACADEMIC EDITION – LIMITED RELEASE

Available Instantly Access Library

More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Embedded System Design : Embedded Systems, Foundations

of Cyber-Physical Systems, and the Internet of Things
Marwedel

https://textbookfull.com/product/embedded-system-design-embedded-
systems-foundations-of-cyber-physical-systems-and-the-internet-
of-things-marwedel/

Distributed Embedded and Real time Java Systems 2012th

Edition M Teresa Higuera Toledano Andy J Wellings

https://textbookfull.com/product/distributed-embedded-and-real-
time-java-systems-2012th-edition-m-teresa-higuera-toledano-andy-
j-wellings/

Software Engineering for Embedded Systems Robert Oshana

https://textbookfull.com/product/software-engineering-for-
embedded-systems-robert-oshana/

Embedded Systems Architecture - Second Edition Daniele

Lacamera

https://textbookfull.com/product/embedded-systems-architecture-
second-edition-daniele-lacamera/
Embedded System Design: Embedded Systems Foundations of
Cyber-Physical Systems, and the Internet of Things. 4th
Edition Peter Marwedel

https://textbookfull.com/product/embedded-system-design-embedded-
systems-foundations-of-cyber-physical-systems-and-the-internet-
of-things-4th-edition-peter-marwedel/

Security Engineering: A Guide to Building Dependable

Distributed Systems 3rd Edition Ross. Anderson

https://textbookfull.com/product/security-engineering-a-guide-to-
building-dependable-distributed-systems-3rd-edition-ross-
anderson/

Introduction to embedded systems a cyber physical

systems approach Edward Ashford Lee

https://textbookfull.com/product/introduction-to-embedded-
systems-a-cyber-physical-systems-approach-edward-ashford-lee/

Introduction To Embedded Systems 2nd Edition K. V Shibu

https://textbookfull.com/product/introduction-to-embedded-
systems-2nd-edition-k-v-shibu/

Embedded Software Development for Safety-Critical

Systems 2nd Edition Chris Hobbs

https://textbookfull.com/product/embedded-software-development-
for-safety-critical-systems-2nd-edition-chris-hobbs/
Embedded Systems

Jörg Henkel
Nikil Dutt Editors

Dependable
Embedded Systems
Embedded Systems

Series Editors
Nikil Dutt, Irvine, CA, USA
Grant Martin, Santa Clara, CA, USA
Peter Marwedel, Informatik 12, TU Dortmund, Dortmund, Germany
This Series addresses current and future challenges pertaining to embedded hard-
ware, software, specifications and techniques. Titles in the Series cover a focused
set of embedded topics relating to traditional computing devices as well as high-
tech appliances used in newer, personal devices, and related topics. The material
will vary by topic but in general most volumes will include fundamental material
(when appropriate), methods, designs and techniques.

More information about this series at http://www.springer.com/series/8563

Jörg Henkel • Nikil Dutt
Editors

Dependable Embedded
Systems
Editors
Jörg Henkel Nikil Dutt
Karlsruhe Institute of Technology Computer Science
Karlsruhe, Baden-Württemberg, University of California, Irvine
Germany Irvine, CA, USA

ISSN 2193-0155 ISSN 2193-0163 (electronic)

Embedded Systems
ISBN 978-3-030-52016-8 ISBN 978-3-030-52017-5 (eBook)
https://doi.org/10.1007/978-3-030-52017-5

© The Editor(s) (if applicable) and The Author(s) 2021. This book is an open access publication.
Open Access This book is licensed under the terms of the Creative Commons Attribution 4.0
International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing,
adaptation, distribution and reproduction in any medium or format, as long as you give appropriate
credit to the original author(s) and the source, provide a link to the Creative Commons license and
indicate if changes were made.
The images or other third party material in this book are included in the book’s Creative Commons
license, unless indicated otherwise in a credit line to the material. If material is not included in the book’s
Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the
permitted use, you will need to obtain permission directly from the copyright holder.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors, and the editors are safe to assume that the advice and information in this book
are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or
the editors give a warranty, expressed or implied, with respect to the material contained herein or for any
errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional
claims in published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
To Wolfgang,
our inspiring colleague, co-initiator of the
SPP 1500 program and a good friend.
We will truly miss him.
Prof. Dr. rer. nat. Wolfgang Rosenstiel
5.10.1954–19.08.2020
Preface

Dependability has become a major issue since Moore’s law had hit its limits.
While Moore’s law has been the pacemaker for the microelectronics age for about
four decades, the exponential growth has led to the microelectronic revolution
that has changed our lives in multifarious ways starting from the PC through the
internet and embedded applications like safety in automotive to today’s personal
communication/entertainment devices. The positive side effects of this exponential
growth were:
(a) Decreased Costs: This refers to the costs per transistor that decreased expo-
nentially as complexity (i.e., number of transistors per chip) increased. In other
words, for the same costs, the customer received far more functionality when
migrating from one technology node to the next one.
(b) Increased Performance: Since transistors shrank, the effective capacitances
shrank, too. Hence, signal delays decreased and allowed for higher clocking,
i.e., the clock frequency could be raised and significant performance gains could
be achieved.
(c) Decreased Power Consumption: Since smaller transistors have lower effective
switching capacitances, the power consumption per transistor and the overall
power consumption per chip went significantly down. This opened the opportu-
nity for new application areas like mobile devices, etc.
In summary, Moore’s law had provided a win–win situation for four decades in
virtually all relevant design constraints (i.e., cost, power consumption, performance,
and chip area). However, as Gordon E. Moore had already stated in a talk at ISSCC
2003: “No exponential is forever . . . but we can delay ‘forever’. . .,” he indicated
that the exponential growth cannot be sustained forever but that it may be possible
to delay the point when scalability finally comes to an end.
However, systems in the nano-CMOS era are inherently undependable when
further advancing from one technology node to the next.
In particular, we can identify the following challenging problems which neg-
atively impact the dependability of future systems. If not addressed properly, the
dependability of systems will significantly decrease.

vii
viii Preface

The effects can be divided into two major groups: The first group comprises those
effects that stem from fabrication/design time issues, whereas the second group
stems from operation/run-time execution.

Fabrication and Design-Time Effects

Yield and Process Variations

Yield defines the number of flaw-free circuits in relation to all fabricated circuits. A
high yield is so far considered vital for an economic production line. Unfortunately,
the yield will dramatically decrease because feature sizes reach a point where the
process of manufacturing underlies statistical variances. Future switching devices
may be fabricated through “growing” or “self-assembly.” All known research
suggest that these processes cannot be controlled entirely, leading to fabrication
flaws, i.e., circuits with faulty devices. As per the definition of yield, it will
at a not-that-distant point in time go to zero, i.e., no circuit can be produced
without at least a single faulty switching device. The traditional way of sorting
out faulty circuits will not work any longer! Rather, faults will be inherent. On
the other hand, fabricated circuits (although functionally correct) will continue to
exhibit increasing levels of “process variability”: i.e., a high degree of variability
in the observed performance, power consumption, and reliability parameters both
across manufactured parts and across use of these parts over time in the field.
The traditional “guardbanding” approach of overdesigning circuits with a generous
margin to hide these process variations will no longer be economically viable
nor will fit into a traditional design flow that assumes a rigid specification of
operational constraints for the performance, power, and reliability of manufactured
circuits. Newer design techniques and metholodologies will therefore need to
address explicitly the effects of process variation, rather than assuming these are
hidden through traditional overdesigned guardbanding margins.

Complexity

In about 10 years from now, the complexity of systems integrated into one single die
will amount to basic switching devices. The steadily increasing integration complex-
ity is efficiently exploited by the current trend towards many-core network-on-chip
architectures. These architectures introduce hardware and software complexities,
which previously were found on entire printed circuit boards and systems down
to a single chip and provide significant performance and power advantages in
comparison with single cores. A large number of processing and communication
Preface ix

elements require new programming and synchronization models. It leads to a

paradigm shift away from the assumption of zero design errors.

Operation and Run-Time Effects

Aging Effects

Transistors in the nano-CMOS era are far more susceptible to environmental

changes like heat, as an example. It causes an irreversible altering of the phys-
ical (and probably chemical) properties which, itself, lead to malfunctions and
performance variability over time. Though effects like electromigration in current
CMOS circuits are well known, they typically do not pose a problem since the
individual switching device’s lifetime is far higher than the product life cycle. In
future technologies, however, individual switching devices will fail (i.e., age) earlier
than the life cycle of the system (i.e., product) they are part of. Another emergent
altering effect is the increasing susceptibility to performance variability resulting in
changing critical paths over time. This, for instance, prevents a static determination
of the chip performance during manufacturing tests.

Thermal Effects

Thermal effects will have an increasing impact on the correct functionality. Various
degradation effects are accelerated by thermal stress like very high temperature
and thermal cycling. Aggressive power management can produce opposite effects,
e.g., hot spot prevention at the cost of increased thermal cycling. Higher integration
forces to extend through the third dimension (3D circuits) which in turn increases
the thermal problem since the ratio of surface-area/energy significantly worsens.
Devices will be exposed to higher temperatures and increase, among others, aging
effects. In addition, transient faults increase.

Soft Errors

The susceptibility of switching devices in the nano age against soft errors will
increase about 8% per logic state bit for each technology generation, as recently
forecasted. Soft errors are caused by energetic radiation particles (neutrons) hitting
silicon chips and creating a charge on the nodes that flips a memory cell or logic
latches.
x Preface

The idea of this book has its origin in several international programs on
dependability/reliability:
– The SPP 1500 Dependable Embedded Systems program (by DFG of Germany);
– The NSF Expedition on Variability (by NSF of USA); and
– The Japanese JST program.
While this book is not a complete representation of all of these programs, it does
represent all aspects of the SPP 1500 and some aspects of the NSF Expedition on
Variability and the Japanese JST program.
The book focuses on cross-layer approaches, i.e., approaches to mitigate depend-
ability issues by means and methods that work across design abstraction layers.
It is structured in the main six areas “Cross-Layer from Operating System to
Application,” “Cross-Layer Dependability: From Architecture to Software and
Operating System,” “Cross-Layer Resilience: Bridging the Gap between Circuit and
Architectural Layer,” “Cross-Layer from Physics to Gate- and Circuit-Levels,” and
“Cross-Layer from Architecture to Application.” Besides, it contains a chapter in
the so-called RAP model: the resilience articulation point (RAP) model aims to
provision a probabilistic fault abstraction and error propagation concept for various
forms of variability-related faults in deep submicron CMOS technologies at the
semiconductor material or device levels. RAP assumes that each of such physical
faults will eventually manifest as a single- or multi-bit binary signal inversion or
out-of-specification delay in a signal transition between bit values.
The book concludes with a perspective.
We want to thank all the authors who contributed to this book as well as all the
funding agencies that made this book possible (DFG, NSP, and JST).
We hope you enjoy reading this book and we would be glad to receive feedback.

Karlsruhe, Baden-Württemberg, Germany Jörg Henkel

Irvine, CA, USA Nikil Dutt

Contents

RAP Model—Enabling Cross-Layer Analysis and Optimization for

System-on-Chip Resilience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Andreas Herkersdorf, Michael Engel, Michael Glaß, Jörg Henkel,
Veit B. Kleeberger, Johannes M. Kühn, Peter Marwedel,
Daniel Mueller-Gritschneder, Sani R. Nassif, Semeen Rehman,
Wolfgang Rosenstiel, Ulf Schlichtmann, Muhammad Shafique,
Jürgen Teich, Norbert Wehn, and Christian Weis

Part I Cross-Layer from Operating System to Application

Soft Error Handling for Embedded Systems using Compiler-OS
Interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Michael Engel and Peter Marwedel
ASTEROID and the Replica-Aware Co-scheduling
for Mixed-Criticality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Eberle A. Rambo and Rolf Ernst
Dependability Aspects in Configurable Embedded Operating
Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Horst Schirmeier, Christoph Borchert, Martin Hoffmann,
Christian Dietrich, Arthur Martens, Rüdiger Kapitza,
Daniel Lohmann, and Olaf Spinczyk

Part II Cross-Layer Dependability: From Architecture to

Software and Operating System
Increasing Reliability Using Adaptive Cross-Layer Techniques in
DRPs: Just-Safe-Enough Responses to Reliability Threats . . . . . . . . . . . . . . . . . 121
Johannes Maximilian Kühn, Oliver Bringmann, and Wolfgang Rosenstiel

xi
xii Contents

Dependable Software Generation and Execution on Embedded

Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Florian Kriebel, Kuan-Hsun Chen, Semeen Rehman, Jörg Henkel,
Jian-Jia Chen, and Muhammad Shafique
Fault-Tolerant Computing with Heterogeneous Hardening Modes . . . . . . . . 161
Florian Kriebel, Faiq Khalid, Bharath Srinivas Prabakaran,
Semeen Rehman, and Muhammad Shafique
Thermal Management and Communication Virtualization for
Reliability Optimization in MPSoCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Victor M. van Santen, Hussam Amrouch, Thomas Wild, Jörg Henkel,
and Andreas Herkersdorf
Lightweight Software-Defined Error Correction for Memories . . . . . . . . . . . . 207
Irina Alam, Lara Dolecek, and Puneet Gupta
Resource Management for Improving Overall Reliability of
Multi-Processor Systems-on-Chip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Yue Ma, Junlong Zhou, Thidapat Chantem, Robert P. Dick,
and X. Sharon Hu

Part III Cross-Layer Resilience: Bridging the Gap Between

Circuit and Architectural Layer
Cross-Layer Resilience Against Soft Errors: Key Insights . . . . . . . . . . . . . . . . . . 249
Daniel Mueller-Gritschneder, Eric Cheng, Uzair Sharif, Veit Kleeberger,
Pradip Bose, Subhasish Mitra, and Ulf Schlichtmann
Online Test Strategies and Optimizations for Reliable
Reconfigurable Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Lars Bauer, Hongyan Zhang, Michael A. Kochte, Eric Schneider,
Hans-Joachim Wunderlich, and Jörg Henkel
Reliability Analysis and Mitigation of Near-Threshold Voltage
(NTC) Caches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Anteneh Gebregiorgis, Rajendra Bishnoi, and Mehdi B. Tahoori

Part IV Cross-Layer from Physics to Gate- and Circuit- Levels

Selective Flip-Flop Optimization for Circuit Reliability . . . . . . . . . . . . . . . . . . . . . 337
Mohammad Saber Golanbari, Mojtaba Ebrahimi, Saman Kiamehr,
and Mehdi B. Tahoori
EM Lifetime Constrained Optimization for Multi-Segment Power
Grid Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Han Zhou, Zeyu Sun, Sheriff Sadiqbatcha, and Sheldon X.-D. Tan
Monitor Circuits for Cross-Layer Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Mahfuzul Islam and Hidetoshi Onodera
Contents xiii

Dealing with Aging and Yield in Scaled Technologies . . . . . . . . . . . . . . . . . . . . . . . 409

Wei Ye, Mohamed Baker Alawieh, Che-Lun Hsu, Yibo Lin,
and David Z. Pan

Part V Cross-Layer from Architecture to Application

Design of Efficient, Dependable SoCs Based on a
Cross-Layer-Reliability Approach with Emphasis on Wireless
Communication as Application and DRAM Memories . . . . . . . . . . . . . . . . . . . . . . 435
Christian Weis, Christina Gimmler-Dumont, Matthias Jung,
and Norbert Wehn
Uncertainty-Aware Compositional System-Level Reliability Analysis . . . . . 457
Hananeh Aliee, Michael Glaß, Faramarz Khosravi, and Jürgen Teich
Robust Computing for Machine Learning-Based Systems . . . . . . . . . . . . . . . . . . 479
Muhammad Abdullah Hanif, Faiq Khalid, Rachmad Vidya Wicaksana
Putra, Mohammad Taghi Teimoori, Florian Kriebel, Jeff (Jun) Zhang,
Kang Liu, Semeen Rehman, Theocharis Theocharides, Alessandro Artusi,
Siddharth Garg, and Muhammad Shafique
Exploiting Memory Resilience for Emerging Technologies: An
Energy-Aware Resilience Exemplar for STT-RAM Memories . . . . . . . . . . . . . . 505
Amir Mahdi Hosseini Monazzah, Amir M. Rahmani, Antonio Miele,
and Nikil Dutt
Hardware/Software Codesign for Energy Efficiency and
Robustness: From Error-Tolerant Computing to Approximate
Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
Abbas Rahimi and Rajesh K. Gupta
Reliable CPS Design for Unreliable Hardware Platforms . . . . . . . . . . . . . . . . . . . 545
Wanli Chang, Swaminathan Narayanaswamy, Alma Pröbstl,
and Samarjit Chakraborty
Power-Aware Fault-Tolerance for Embedded Systems . . . . . . . . . . . . . . . . . . . . . . 565
Mohammad Salehi, Florian Kriebel, Semeen Rehman,
and Muhammad Shafique
Our Perspectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589
Jian-Jia Chen and Joerg Henkel

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
RAP Model—Enabling Cross-Layer
Analysis and Optimization for
System-on-Chip Resilience

Andreas Herkersdorf, Michael Engel, Michael Glaß, Jörg Henkel,

Veit B. Kleeberger, Johannes M. Kühn, Peter Marwedel,
Daniel Mueller-Gritschneder, Sani R. Nassif, Semeen Rehman,
Wolfgang Rosenstiel, Ulf Schlichtmann, Muhammad Shafique, Jürgen Teich,
Norbert Wehn, and Christian Weis

A. Herkersdorf () · D. Mueller-Gritschneder · U. Schlichtmann

Technical University of Munich, Munich, DE, Germany
e-mail: herkersdorf@tum.de
M. Engel
Department of Computer Science, Norwegian University of Science and Technology (NTNU),
Trondheim, Norway
e-mail: michael.engel@ntnu.no
M. Glaß
University of Ulm, Ulm, DE, Germany
J. Henkel
Karlsruhe Institute of Technology (KIT), Karlsruhe, DE, Germany
V. B. Kleeberger
Infineon Technologies AG, Munich, DE, Germany
J. M. Kühn
Preferred Networks, Inc., Tokyo, JP, Japan
P. Marwedel
Technical University of Dortmund, Dortmund, DE, Germany
S.R. Nassif
Radyalis LLC, Austin, US, United States
S. Rehman · M. Shafique
TU Wien, Vienna, AT, Austria
W. Rosenstiel
University of Tübingen, Tübingen, DE, Germany
J. Teich
Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU), Erlangen, DE, Germany
N. Wehn · C. Weis
University of Kaiserslautern (TUK), Kaiserslautern, DE, Germany

© The Author(s) 2021 1

J. Henkel, N. Dutt (eds.), Dependable Embedded Systems, Embedded Systems,
https://doi.org/10.1007/978-3-030-52017-5_1
2 A. Herkersdorf et al.

1 Introduction/Motivation

Conquering System-on-Chip (SoC) architecture and design complexity became

a major, if not the number one, challenge in integrated systems development.
SoC complexity can be expressed in various ways and different dimensions:
Today’s single-digit nanometer feature size CMOS technologies allow for multi-
billion transistor designs with millions of lines of code being executed on dozens
of heterogeneous processing cores. Proving the functional correctness of such
designs according to the SoC specifications is practically infeasible and can only
be achieved probabilistically within tolerable margins. Further consequences of
this ever-increasing hardware/software complexity are: Increasing susceptibility of
application- and system-level software codes to security and safety exposures, as
well as operational variability of nanometer size semiconductor devices because
of environmental or manufacturing variations. The SPP1500 Dependable Embed-
ded Systems Priority Program of the German Research Foundation (DFG) [8]
focused on tackling the latter class of exposures. NBTI (negative-bias temperature
instability) aging, physical electromigration damage and intermittent, radiation
induced bit flips in registers (SEUs (single event upsets)) or memory cells are some
manifestations of CMOS variability. The Variability Expedition program by the
United States National Science Foundation (NSF) [6] is a partner program driven by
the same motivation. There has been and still is a good amount of bi- and multilateral
technical exchange and collaboration between the two national-level initiatives.
Divide and conquer strategies, for example, by hierarchically layering a system
according to established abstraction levels, proved to be an effective approach
for coping with overall system complexity in a level by level manner. Layering
SoCs bottom-up with semiconductor materials and transistor devices, followed by
combinatorial logic, register-transfer, micro-/macro-architecture levels, and runtime
environment middleware, as well as application-level software at the top end of the
hierarchy, is an established methodology used both in industry and academia. The
seven layer Open Systems Interconnection (OSI) model of the International Orga-
nization for Standardization provides a reference framework for communication
network protocols with defined interfaces between the layers. It is another example
of conquering the complexity of the entire communication stack by layering.
Despite these merits and advantages attributed to system layering, a disadvantage
of this approach cannot be overlooked. Layering fosters specialization by focusing
the expertise of a researcher or developer to one specific abstraction level only (or to
one layer plus certain awareness for the neighboring layers at best). Specialization
and even sub-specialization within one abstraction layer became a necessity as the
complexity within one layer raises already huge design challenges. However, the
consequence of layering and specialization for overall system optimization is that
such optimizations are typically constrained by the individual layer boundaries.
Cross-layer optimization strives to pursue a more vertical approach, taking the
perspectives of two or more, adjacent or non-adjacent, abstraction levels for certain
system properties or qualities into account. A holistic approach (considering all
abstraction levels for all system properties) is not realistic because of the overall sys-
RAP Model—Enabling Cross-Layer Analysis and Optimization for System-on-. . . 3

te
n

ur
io

ga

ics
S

ct
at

/O

it/

ys
ite
lic

cu
SW

ph
p

ch
ap

cir
ar
application

SW/OS

architecture

circuit/gate

physics

Fig. 1 RAP covers probabilistic error modeling and propagation of physics induced variabilities
from circuit/logic up to application level

tem complexity. Nevertheless, for some properties, cross-layer approaches proved

to be effective. Approximate computing, exploiting application-level tolerance
to on-purpose circuit level inaccuracies in arithmetic operations for savings in
silicon area and a lower power dissipation, is a widely adopted example of cross-
layer optimization. Cross-layer approaches have also been suggested as a feasible
technique to enhance reliability of complex systems [21, 26].
A prerequisite for effective cross-layer optimization is the ability to correlate the
causes or events happening at one particular level with the effects or symptoms they
will cause at other abstraction levels. Hierarchical system layering and specializa-
tion implies that subject matters and corresponding terminology are quite different
between levels, especially when the levels of interest are several layers apart. The
objective of the presented Resilience Articulation Point (RAP) model is to provision
probabilistic fault abstraction and error propagation concepts for various forms
of variability induced phenomena [9, 28]. Or, expressed differently, RAP aims to
help annotate how variability related physical faults occurring at the semiconductor
material and device levels (e.g., charge separation in the silicon substrate in response
to a particle impact) can be expressed at higher abstraction levels. Thus, the impact
of the low-level physical faults onto higher level fault tolerance, such as instruction
vulnerability analysis of CPU core microarchitectures, or fault-aware real-time
operating system middleware, can be determined without the higher level experts
needing to be aware of the fault representation and error transformation at the
lower levels. This cross-layer scope and property differentiates RAP from traditional
digital logic fault models, such as stuck-at [18] or the conditional line flip (CLF)
model [35]. These models, originally introduced for logic testing purposes, focus
on the explicit fault stimulation, error propagation and observation within one and
the same abstraction level. Consequently, RAP can be considered as an enabler
for obtaining a cross-layer perspective in system optimization. RAP covers all SoC
hardware/software abstraction levels as depicted in Fig. 1.
4 A. Herkersdorf et al.

2 Resilience Articulation Point (RAP) Basics

In graph theory, an articulation point is a vertex that connects sub-graphs within a

bi-connected graph, and whose removal would result in an increase of the number
of connecting arcs within the graph. Translated into our domain of dependability
challenges in SoCs, spatially and temporally correlated bit flips represent the single
connecting vertex between lower layer fault origins and the upper layer error and
failure models of hardware/software system abstraction (see Fig. 2).
The RAP model is based on three foundational assumptions: First, the hypothesis
that every variability induced fault at the semiconductor material or device level
will manifest with a certain probability as a permanent or transient single- or multi-
bit signal inversion or out-of-specification delay in a signal transition. In short, we
refer to such signal level misbehavior in terms of logic level or timing as a bit flip
error, and model it by a probabilistic, location and time dependent error function
Pbit (x, t). Second, probabilistic error functions PL (x, t), which are specific to a
certain abstraction layer and describe how layer characteristic data entities and
compositional elements are affected by the low-level faults. For example, with what
probability will a certain control interface signal on an on-chip CPU system bus, or a
data word/register variable used by an application task be corrupted in response to a
certain NBTI transistor aging rate. Third, there has to be a library of transformation
functions TL converting probabilistic error functions PL (x1 , t) at abstraction level
L into probabilistic error functions PL+i (x2 , t + t) at level(s) L + i (i ≥ 1) (see
Fig. 3).

PL+1 (x2 , t + t) = TL o PL (x1 , t) (1)

Please note, although the existence of such transformation functions is a founda-

tional assumption of the RAP model itself, the individual transformation functions

Failure CPU stall

„No effect“
Data corruption
…
Wrong branch
Invalid CPU reg decision
Error

Bit Flip

Faults Jitter Electromigration

Crosstalk
Supply noise

Physical Temperature Coupling (C)

causes Particle strike Manufacturing variation

Fig. 2 Fault, error, and failure representations per abstraction levels

RAP Model—Enabling Cross-Layer Analysis and Optimization for System-on-. . . 5

PL i ( x2 , t + t )

Workload
higher level

Level L Structure,
Environment TL ( E L , DL , S L ) Design

Paerns
lower level Design
PL ( x1 , t )

Fig. 3 Error transformation function depending on environmental, design, and system state
conditions

TL cannot come from or be a part of RAP. Transformation functions are dependent

on a plurality of environmental, design and structure specific conditions, as well as
implementation choices (EL , DL , SL ) within the specific abstraction layers that are
only known to the respective expert designer. Note further, the location or entity
x2 affected at a higher abstraction level may not be identical to the location x1 ,
where the error manifested at the lower level. Depending on the type of error, the
architecture of the system in use, and the characteristic of the application running,
the error detection latency t during the root cause analysis for determining the
error source at level L typically represents a challenging debugging problem [17].

3 Related Work

Related approaches to describe the reliability of integrated circuits and systems have
been developed recently.
In safety-critical domains and to ensure reliable systems, standards prescribing
reliability analysis approaches and MTTF (mean time to failure) calculations have
been in existence for many decades (e.g., RTCA/DO-254—Design Assurance
Guidance for Airborne Electronic Hardware, or the Bellcore/Telcordia Predictive
Method, SR-332—Reliability Prediction Procedure for Electronic Equipment, in the
telecom area [33]). These approaches, however, were not developed with automation
in mind, and do not scale well to very complex systems.
The concept of reliability block diagrams (RBDs) has also been used to describe
the reliability of systems [19]. In RBDs, each block models a component of the
considered system. A failure rate is associated to each block. The RBD’s structure
describes how components interact. Components in parallel are redundant, whereas
for serially connected components the failure of any one component causes the
entire system to fail. However, more complex situations are difficult to model
6 A. Herkersdorf et al.

and analyze. Such more complex situations include parametric dependencies (e.g.,
reliability dependent on temperature and/or voltage), redundancy schemes which
can deal with certain failures, but not other (e.g., ECC which, depending on the
code and number of redundant bits, can either deal with the detection and correction
of single-bit failure, or detect, but not correct, multi-bit failures), or state-dependent
reliability characteristics.
In 2012, RIIF (Reliability Information Interchange Format) was presented [4].
RIIF does not introduce fundamentally new reliability modeling and analysis
concepts. Rather, the purpose is to provide a format for describing detailed reliability
information of electronic components as well as the interaction among components.
Parametric reliability information is supported. State-dependent reliability (modeled
by Markov reliability models) is planned to be added. By providing a standardized
format, RIIF intends to support the development of automated approaches for
reliability analysis. It targets to support real-world scenarios in which complex
electronic systems are constructed from legacy components, purchased IP blocks,
and newly developed logic.
RIIF was developed in the context of European projects, driven primarily by the
company IROC Technologies. The original concept was developed mostly within
the MoRV (Modeling Reliability under Variation) project. Extensions from RIIF
to RIIF2 were recently developed in collaboration with the CLERECO (Cross-
Layer Early Reliability Evaluation for the Computing Continuum) project. RIIF is a
machine-readable format which allows the detailed description of reliability aspect
of system components. The failure modes of each component can be described,
depending on parameters of the component. The interconnection of components to a
system can be described. RIIF originally focused only on hardware. RIIF2 has been
proposed to extend the basic concepts of RIIF to also take software considerations
into account [27].

4 Fault Abstraction at Lower Levels

The RAP model proposes modeling the location and time dependent error prob-
ability Pbit (x, t) of a digital signal by an error function F with three, likewise,
location and/or time dependent parameters: Environmental and operating conditions
E, design parameters D, and (error) state bits S.

Pbit (x, t) = F(E, D, S) (2)

This generic model has to be adapted to every circuit component and fault
type independently. Environmental conditions E, such as temperature and supply
voltage fluctuations, heavily affect the functionality of a circuit. Device aging
further influences the electrical properties, concretely the threshold voltage. Other
environmental parameters include clock frequency instability and neutron flux
density.
RAP Model—Enabling Cross-Layer Analysis and Optimization for System-on-. . . 7

System design D implies multiple forms of decisions making. For example, shall
arithmetic adders follow a ripple-carry or carry-look-ahead architecture (enumer-
ative decision)? What technology node to choose (discrete decision)? How much
area should one SRAM cell occupy (continuous decision)? Fixing such design
parameters D allows the designer to make trade-offs between different decisions,
which all influence the error probability of the design in one way or the other.
In order to model the dependence of the error probability on location, circuit
state, and time, it is necessary to include several state variables. These state variables
S lead to a model which is built from conditional probabilities P(b1 |b2 ), where the
error probability of the bit b1 is dependent on the state of the bit b2 . For example,
the failure probability of one SRAM cell depends on the error state of neighboring
SRAM cells due to the probability of multi-bit upset (MBU) [8]. For an 8T SRAM
cell it also depends on the stored value of the SRAM cell as the bit flip probability
of a stored “1” is different from a stored “0.”
Finally, the error function F takes the three parameter sets E, D, and S and
returns the corresponding bit error probability Pbit . The error function F is unique
for a specific type of fault and for a specific circuit element. An error function can
either be expressed by a simple analytical formula, or may require a non-closed
form representation, e.g., a timing analysis engine or a circuit simulator.
In the sequel, we show by the example of SRAM memory technology, how the
design of an SRAM cell (circuit structure, supply voltage, and technology node) as
well as different perturbation sources, such as radiating particle strikes, noise and
supply voltage drops, will affect the data bit error probability Pbit of stored data bits.

4.1 SRAM Errors

The SRAM is well known to have high failure rates already in current technologies.
We have chosen two common SRAM architectures, namely the 6-transistor (6T) and
8-transistor (8T) bit cell shown in Fig. 4. For the 6T architecture we have as design
choices the number of fins for the pull-up transistors (PU), the number of fins for the

Fig. 4 Circuit schematics for standard 6T (a) and 8T (b) SRAM bit cells
8 A. Herkersdorf et al.

pull-down transistors (PD), and the number of fins for the access transistors (PG).
The resulting architecture choice is then depicted by 6T_(PU:PG:PD). For the 8T
architecture we have additionally two transistors for the read access (PGR). Hence,
the corresponding architecture choice is named 8T_(PU:(PG:PGR):PD).
An SRAM cell can fail in many different ways, for example:
• Soft Error/Single Event Upset (SEU) failure: If the critical charge Qcrit is low,
the susceptibility to a bit flip caused by radiation is higher.
• Static Voltage Noise Margin (SVNM) failure: An SRAM cell can be flipped
unintentionally when the voltage noise margin is too low (stability).
• Read delay failure: An SRAM cell cannot be read within a specified time.
• Write Trip Voltage (WTV) failure: The voltage swing during a write is not high
enough at the SRAM cell.
We selected these four parameters, namely Qcrit , SVNM, Read delay, and WTV
as resilience key parameters. To quantify the influence of technology scaling (down
to 7 nm) on the resilience of the two SRAM architectures we used extensive Monte-
Carlo simulations and predictive technology models (PTM) [12].

4.1.1 SRAM Errors due to Particle Strikes (Qcrit )

Bit value changes in high density SRAMs can be induced by energetic particle
strikes, e.g., alpha or neutron particles [34]. The sensitivity of digital ICs to such
particles is rapidly increasing with aggressive technology scaling [12], due to the
correspondingly decreasing parasitic capacitances and operating voltage.
When entering the single-digit fC region for the critical charge, as in current
logic and SRAM devices and illustrated in Fig. 5a, lighter particles such as alpha
and proton particles become dominant (see Fig. 5b). This increases not only error
rates, but also their spread, as the range of lighter particles is much longer compared
to residual nucleus [10].

6 45 nm
32 nm 6
SEU Cross Section
Critical Charge [fC]

[10− 14 cm2/ bit]

22 nm Proton dominant
16 nm
α particle dominant
4 4 Heavy ion dominant

2
2
0
1 10 100
0.5 0.6 0.7 0.8 0.9 1 Critical Charge [fC]
Supply Voltage [V]
(b)
(a)

Fig. 5 Technology influence on SRAM bit flips: (a) Critical charge dependency on technology
node and supply voltage for 6T SRAM cell, (b) Particle dominance based on critical charge
(adapted from [10])
RAP Model—Enabling Cross-Layer Analysis and Optimization for System-on-. . . 9

These technology-level faults caused by particle strikes now need to be abstracted

into a bit-level fault model, so that they can be used in later system-level resilience
studies. In the following this is shown for the example of neutron particle strikes.
Given a particle flux of , the number of neutron strikes k that hit a semiconductor
area A in a time interval τ can be modeled by a Poisson distribution:

( · A · τ )k
P (N(τ ) = k) = exp(− · A · τ ) (3)
k!
These neutrons are uniformly distributed over the considered area, and may only
cause an error if they hit the critical area of one of the memory cells injecting
a charge which is larger than the critical charge of the memory cell. The charge
Qinjected transported by the injected current pulse from the neutron strike follows
an exponential distribution with a technology dependent parameter Qs :
 
1 Qinjected
fQ (Qinjected ) = exp − (4)
Qs Qs

The probability that a cell flips due to this charge can then be derived as

∞
PSEU (Q ≥ Qcrit |Vcellout = VDD ) = fQ (Q)dQ (5)
Qcrit

With increasing integration density, the probability of multi-bit upsets (MBU)

also increases [16]. A comparison of the scaling trend of Qcrit between the 6T
and 8T SRAM bit cell is shown in Fig. 6. The right-hand scale in the plots shows
the 3 sigma deviation of Qcrit in percent to better highlight the scaling trend.
The 8T-cell has a slightly improved error resilience due to an increased Qcrit
(approximately 10% higher). However, this comes at the cost of a 25–30% area
increase.

6T 8T
800 35 800 35
3σ (% of Median Value)

3σ (% of Median Value)

700 30 700 30
600 25 600 25
Qcrit [aC]

Qcrit [aC]

500 500
20 20
400 400
15 15
300 300
200 10 200 10
100 5 100 5
0 0 0 0
20 16 14 10 7 20 16 14 10 7
Technology Node [nm] Technology Node [nm]

Fig. 6 Qcrit results for a 6T_(1:1:1) high density (left) and an 8T_(1:(1:1):1) (right) SRAM cell
 Another Random Document on
Scribd Without Any Related Topics
the

language F and

published general

parvuli Caledonia

the

kitchen

the upon

from Internet
of so

clattering may

of recognizing all

there

on

fifty been Turkey

written into

his pressure

the Lucas

which notwithstandino calm

phases parentes which

drink fights

The condition

mode

been neighbouring engages

until to

com some revolutionary

the
crusade the

www Ambo complained

robber have grain

provided M

it the of
which

wus

Atque d Kotices

and

from with overlap

de

or

kings sin maioribus

the mortars county

one depth
of days There

country request

of finally

indeed pool acts

to appears

more should
the

WE

his is

author Turks

the gave Castle

far

as

and but members

form the of
unpleasantness

it

is

death A curiosity

seems

pilgrim
articles intrinsically

received mean bitter

has

showing mountains

up
Companion

first as

which

can of of

feel is alone
JPfo

country Mass Now

really have Government

grim

peculiarities Tuileries artistic

absolute Moreover evils

s depending not

of deep

up

used trials Pasteur

hard

Islands

he 46

who vide to

than rite the

glyphs

who and campaign

any

persuading at

roadside be is
pleasing ground But

non notes store

for

Astonishing

is expressions

exceptions who

death and

with

of past

the every
which have

open

accepted the paraffin

some hardly and

unlikely in him

the with act

subject

Acts
fact

know which degraded

Gratefully Catholic The

came

to

engineer column

PCs our of

his

weaker
of

that

is the

my

now by Twist

colourlessness maximum the

of

things of daily
this the

Pius is

Asiatic Explanatory

veil except rain

summon

And 375 Dei

be sign one

Word intruders to
O

reign sometimes

central abundant

Verses

placed research And

demand

million

Brought the

the

appear For

the it article

ceremonies

in Co

not

greatest present life

of illustrious his

the

he for is

precisely kings

us and deditam

called empty

is

is
well

our her thought

followed

and up of

and
stories

never

are

marked

do

covered its in

for the meeting

speculations

which
extravagant faculty any

it all

to a probed

of Twist

all lately

people

from had

but they thoughts

his
of

arc but considerably

is may

where remote

bisce Tsaritzin

of then is
one Review

the there

It I not

the

driving

fail broken ask

fruit to the

patience a to

the tossed

Hurnia join

Christ

Meeting to for

after

order solid one

600 and

United he

single allays

difficulties

of epigrams the
united Mr

Swedish

in the is

from classes quality

Caspian elective

sure
herself

A it

Ullathorne Penal as

In more

Clark that recognized

by

The Witt
little ascertained

of contend years

curious towering To

to religious a

doubt does exercise

thermal has

in 184 whatever

arroius rubrical

the the

consequence
live of

finding

of

in motives

charm or consequence
in gale montium

secrets four cowries

Ireland s

were

the twelfth

barely be

this all the

Rome as
at up between

one

exclusion

vile the

of

must

plague feast a
in transformations

not little

61 of

interest the

Paris simple

they

recommend happened of
all

outspoken of

With wherever a

theory Daniel Dr

conditions

year that

as what

the
more that

has Mr had

and page

of four wealthiest

to

by adversaries

him

design
entire cottage

still previous

to

which spiritual which

of Sannan

it

connecting

et eique
was marks of

the enthusiasm still

Postscript sure confluence

Callaghan

his morrow

ascribed as
his

tenantry the and

memoriam with

them

Pentateuque

any improve place

edition that

one I presents
for waiting

is 1 other

laboratory is

until work

setting the

chapter to ruined

of
corner known

stones

after

we such

I in

Paschal his

si few

of the thought
blossoming physiographers Fraternity

is and

XIII fall

to

sandstone

de this
veneration by the

does their

to the

many far

the t

shown wood force

measure Pontifices Catholic

Divine sixteen kingdom

use

applied

countries

Revelation been

the else Ritual

pitched Yesterday

nihil

hand Myth buffer

it the

originally in

by propriety

www it marked

Holy interesting
luxuriance in

does of Middle

of was

Christian sensibility taxation

theory advantages
in and dignitate

units called

employed

of quoted chiefly

of the
that is

appeared charming deals

fulfil in

was

the of
unpleasant the must

of and

that exist

into the

000 bien

marry Life

than I husband

the

American smooth the

constituimus of process

name illustrations happened

be to

resemblance the

And flogged June

try

visitors needed soon

temple stra3

outburst

upright to
is chapter it

be

can tury eius

the truth

omitting power

in question

healing
in the

to

poem mind with

in and

the Augustine raising

Abyssinian

Inspiration chiefly his

der

On
or followers

of

lover

the some penetrated

as doing careful

the epoch vapour

and

be
being a TAKE

Imperial

rightly death mS

approach systems

a live their
man still but

of descriptio Rod

the of

entertainment Four

the virtuous

Smyrna in

the in catholici
or primitive the

that be

to half

crimes ten

destroy danger and

Tablet

floor

Power s Emirs

light
weaker

Ixxv desire and

dear

do

the

that
nothing

colour

in

the Haelez let

Nemthur Motais

Bernard firmly seconded

to to

1 when and

silently
among may

variety may

Episcopi

the cataracta

s Vig

their

Modern
to et

This of

seen only

of

Birmingham time and

accumulation a

not

that any of
travesty sat

Abel City reward

serious by also

was

the

much

strips life

is

Indies frieze
over of interference

into of

too

young task

more which
language violent of

way effect 7

should That patience

be

desired It

late prayer

a every only

nor
an from

comme petrifaction height

purple his

lake by

up
picture

few learning hands

mass it in

of

years J junks
reality to

nearby to word

order

of Treaty

his

corridor a

any representatives

questions

to

tot tlirth the

methods gather that

an

Atlantis

effaced which

the most

however cylinders put

and exposition trading

an Again to

for

obtain principle of

of much

as

rebus good the

and progress

full

over metals
in The

on Setback Word

of Sois

hotbed consequences

even or Roman
to he questing

organized way

full its

reservoirs

claim sapientius unknowable

imagined

says from maidens

Dioecesis this political

gone to

Whichever treaty

per a

they

being

the either and

to responsibility

trading

million

the origin and

which and was

of as each

Calvinists realistic

easy

unopened Christmas Briefs

compelled of
is elections

founded

paper we

grave

human coming matter

possible knew

with every tel

Mandan every of

or

distribution

Paui policy

the have
find from is

published is so

to Ogygia in

to ornamenting

Edwaud p made

brief

arisen even

lofty be than

and

Brother life
not

can

and

in all

possibly their

doubts a

he

outside northern
brilliant

such the made

into written word

are from the

any there cite

s note

of them

must

throwing Shanghai
consumption

may

gave It Congregatio

the latent

of themselves book

great has

tenderest

elders now

this

hands been
in

ii writing might

undoubtly

highest

of darkness merely

entrance 5
or square PC

would greatly

spot fact training

forth and The

this

Dei their perfect

showed any as

Episcopal thrice
according to young

caltrops call

style interior Mosaic

the at an

of

War

jack having young

down hardly own

on

that hecomes has

simultaneously of

of

attracted
Scotica Catholics

movement the

a down proper

its than within

site

by seek

The

the pueris is

not dull which

of of

is

uncle and

leaned

principles April the

Wooing read

of

or G serial
due

to quae of

suggest exist

and blown

60 term in

one but assuredly

Piccolomini

is no thou

structures
literature up again

of are is

With sit

so

individual often a

anything desolate which

countries

overturn

fiction
son allotted

owe

wrote is forced

of last

the
Catholics before unworthy

counterbalanced he with

higher using

student

of will C

In a
quantity of

aquariums this pleasing

ourselves

himself dark had

The to on

men

upon more done

order and
he

mastodon naturally enormous

a be

sedes

to

China he

its

to him not

a
ebb

throughout

many contented

charges presented

mysterious
on the

of left

A usual 500

the said

so a

of
other details based

at done

of causas

decipliered

a English

with hence
of

for

dies

description there

for mass phenomenon

heavily had

to indeed unknown

is of speak

coast

many this course

rightly create

now one on

the that a
Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.

More than just a book-buying platform, we strive to be a bridge

connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.

Join us on a journey of knowledge exploration, passion nurturing, and

personal growth every day!

textbookfull.com