Physical Fault Injection Techniques

Physical Injection Techniques are the most realistic and fast way to inject faults in SRAM-Based FPGA systems since they can simulate the real environment in a direct fashion. In addition, they don not require to have access to RTL and netlists of designs. They consist in exposing the DUT to a certain radiation level by utilizing specific instrumentation. The most common physical fault injection techniques are laser testing and particle beam testing. Although the utilization of these techniques provides the most realistic results, they require the utilization of very expensive machinery (in the range of $100K per day) and they provide a small sample of faults. Despite the combination of multiple techniques is not the most extended practice, the work [20] proposes a complete and deep fault toler-ance evaluation which performs multiple tests. It includes simulation modeling, fault emulation and laser fault injection. Nevertheless, the most remarkable fact is that the DUT has been also tested in a flight experiment, as part of the Space Test Program-Houston 4-ISS SpaceCube Experiment 2.0 (STP-H4-ISE 2.0). Ex-posing devices to space radiation in real-time is one the most accurate approaches that can be adopted. However, this is not an available alternative for regular de-signers, since the economical cost and the time. In addition, as is mentioned in [296], in some cases it is necessary to reset and reprogram the device increasing the time requirements.

The characterization of the resistance of a device to induced errors is done by the cross section (σ), given by expression 3.1 [297]. Fluence (φ) is the particle density (particle number per 1 cm² area), utilized to describe the output of the laser beam. n in the quantity of configuration bits utilized in the DUT. Finally, e is the number of detected errors.

σ= e

φ × n (3.1)

There are two validation schemes to evaluate the fault tolerance when utilizing these fault injection methods [298]:

• Static test This test type is useful to determine the device static cross area, which is defined as the ratio between the fluence of hitting particles and the SEU quantity. Their main advantage is that they provide a way to quantify the device’s susceptibility to a particular radiation type. Static test are based on initializing the DUT with a golden copy of the bitstream, which is used as a reference in periodical comparisons between it and the bitstreams read after the different radiation exposures.

• Dynamic test These test are utilized to evaluate the device dynamic cross section, which is defined as the ratio between the fluence of hitting particles and the quantity of SEUs that cause incorrect outputs. These test are a valuable tool to determine the sensitivity of a particular FPGA implemen-tation to a particular radiation type. Dynamic tests consists in checking outputs during the running of a specific application implemented in a de-vice. To obtain valuable information, the inputs have to be predefined and the outputs have to be pre-calculated. An alternative, solution is a parallel-execution of an equal or equivalent application implemented in a stable and secure platform and utilize it as a reference. There is also the possibility of reading back the bitstream of the DUT in case of mismatch in order to determine the faulty resource.

After performing one of these or both tests the results have to be collected and analysed in order to identify the modifications in the resources of the FPGA induced by SEUs [70, 298]. In [298], the CILANTO (CIrcuit-Level ANalysis TOol) is utilized for this task. This tool takes advantage of a database with a relation of configuration memory bits and the related FPGA resources. In this way, it can be used to carry out a bit-level comparison between the gold copy of the bitstream and the recollected data.

Depending on the technology and physical principles used, physical fault injection techniques can be divided in two groups: Particle-beam testing and laser testing.

Particle-Beam Testing

Particle beam testing is the most extended physical fault injection method [128, 178, 297–300]. This testing consists in exposing the DUT to radiation beams that produce a particular quantity of particles per second per area. The SEU is generated when an ionized particle interacts with a sensitive area portion of the FPGA, producing bit-flips. Three different particle types can be produced for these test: Heavy-ion, Proton and Neutron. Each of them is more relevant in specific environments at certain time intervals. Based on these concepts different tests can be performed, like in [301] where neutrons test, high energy protons test, thermal neutrons test and alpha foil test were conducted.

The concept of Linear Energy Transfer (LET) is closely related to particle-beam testing. LET is the amount of ionizing energy transferred to the material in the from of ionizations and excitations. Hence, LET can help to determine the potential radiation damage.

The main objective of heavy-ion tests is to determine the lowest LET rate that produces detectable SEUs. Despite different LET ranges can be found in the space, the more prevalent LET for heavy-ion particles are those with high LET.

Before performing heavy-ion tests the adequate dose has to be determined [299].

Protons commonly present lower LET rates compared with heavy-ions. Protons can produce ionization directly or indirectly. While in direct ionization the proton itself creates the charge that provokes the SEU, in indirect ionization the charge is produced by a collinsion a proton-nucleus. Despite both ways can generate SEEs in electronics, only indirect ionization has been demonstrated to affect FPGA’s logic. This is because the direct ionization does not generate sufficient charge.

The configuration memory of SRAM FPGAs have shown to be highly susceptible to protons [302]. Figure 3.18 shows the Isochronous-Cyclotron located at the Nuclear Physics Institute of the Academy of Sciences of the Czech Republic, which can provide proton beams tests. Scheduling of particle beam facilities is quite difficult and rigid.

Neutrons are generated by the spallation process [298], which consists in bom-barding a heavy-metal target (tungsten) with pulses of highly energetic protons.

Due to this process neutrons are produced from the nuclei of the target atoms.

The energy of the produced neutrons is normally reduced through a modera-tor module. Due the high cost of the infrastructure, only a limited number of dedicated facilities able to perform test based on neutron beams matching the terrestrial flux are available, such as, ISIS, LANSCE, TRIUMF, and RCNP.

In general terms, fault tolerance evaluation by particle beam technologies presents

Figure 3.18: The Isochronous Cyclotron U-120M.

Figure 3.19: ISIS pulsed neutron source at the Science and Technology Facilities

the challenge of synchronizing, locating and controlling the bean precisely. Hence, the implementation of an accurate SEU injection at a precise area in the FPGA is a complicated task. Moreover, the risks that come with the utilization of this technology demand special precautions for managing the radiation source, and running with the vacuum interface.

Laser Testing

The principle of this type of test is that when the laser energy is accumulated in a semiconductor it produces free charge carriers that are able to generate upsets.

In fact, the impact of laser induced faults in SRAM-based FPGAs are analogous to SEUs produced by energetic particles [303]. Unlike particle beam, laser testing offers a finer control in means of space and time. Due to this, laser tests permit

to have a precise control of the injection target to the micron level. Different laser-testing setups are shown in Figure 3.20(a) and Figure 3.20(b).

(a) Laser testing setup from [303]. (b) Laser testing setup by Riscure Inc.

Figure 3.20: Different laser testing setups.

The laser pulse can ionize a specific region of the DUT, inducing bit-flips in both, combinational or sequential logic elements. Unlike collision tests, due to the differences in the physical fault mechanisms of both methods, laser testing is not able to characterize the rates of raw faults. Nevertheless, thanks to the precision in the transient fault generation it is possible to characterize the fault-to-error probability. Another interesting characteristic is that, unlike bitstream based fault injections, the laser testing permits to create realistic multi-bit upsets and SETs.

Like in particle bean testing, one of the main drawbacks of this method is that the technology necessary perform the test is highly costly. The preparation and development efforts demanded for a system-level test are high also. Another problem when utilizing laser testing at application-levels is to inject single faults per application execution [304]. The work [295] circumvents this problem by driving a trigger signal to a control block that opens or closes a specific shutter in the laser path, while the energy magnitude is measured by a photo-detection based module. Maintaining the laser correctly aligned during the entire test is another challenging task.