Presentation on theme: "Reliable SW/HW Co-Design for Wireless Communication System Integrating the Spin Model Checker and Celoxica's DK Suite Stefanos Skoulaxinos School of EPS."— Presentation transcript:
Reliable SW/HW Co-Design for Wireless Communication System Integrating the Spin Model Checker and Celoxica's DK Suite Stefanos Skoulaxinos School of EPS – School of MACS Heriot-Watt University, Edinburgh MAPLD2005/116 Skoulaxinos1 BOF-W “Verification of Large Designs and Related Design Methodologies ”
SW-HW Co-Design a trip from idealism to realism MAPLD2005/116 Skoulaxinos2 Dangers - Irrational Abstraction: Raising the design level at a theoretical and impractical level for targeted application - Flawed Synthesis process Potential - Increased system readability and testability, fast code turn-arounds, impressive productivity gains - Bridging the gap between software and hardware development methods and tools - Application of high level reliability enhancement strategies - Level of abstraction can lift the designer seat enabling more complex applications through a more testable development process - Possibility of monitoring and healing system defects (SW or HW) through a multi- layered software architecture (Operating System). Lower levels of fault tolerance (TMR) can be synthesized by the Compiler automatically.
Application Overview: LRID Tag Control Centre (User)Inaccessible Location Tolerate environmental noise Self monitor and heal Increased levels of survivability Minimal power consumption at remote station Maximal processing accuracy at base station Requirements MAPLD2005/116 Skoulaxinos3
LRID Tag - Main Operation MAPLD2005/116 Skoulaxinos4 Event from user Command Transmission by Base Station Signal Present? Command Reception by Remote Station ID Reception by Base Station ID Transmission by Remote Station
Reliability Enhancement Strategies MAPLD2005/116 Skoulaxinos5 2 Fault Tolerance__ Run Time monitoring (Watchdog Timers) Fault Location and Isolation SW/HW Redundancy N-Version Programming, Voting Schemes 1 Fault Prevention__ High Quality Specification Design Diversity Modeling, Formal Verification Testing Structured Design Principles V Applied to the Tag V V V V V V
The tag protocol was modelled and formally verified in the Spin Model Checker. Spin is considered one of the most efficient software verification tools currently available. It is actively used in safety critical NASA applications such as the application to Cassini (mission to Saturn) and the Mars Pathfinder. MAPLD2005/116 Skoulaxinos6 Formal Verification of Tag Application
Structured Design Flow The core of the application is developed in Promela. Simulation under Spin is performed in this phase. The Promela model is translated with the aid of Bison and Flex to a language compatible with the Synthesis tools for FPGAs (HandelC). Synthesis is performed in this stage. The HDL source code is then imported in Xilinx ISE. Generation of configuration file follows. In this phase, the design can be examined exhaustively through formal verification. It is checked for deadlock conditions, responsiveness, assertions and mutual exclusion violations. The abstract operation implemented by the system is briefly outlined. A number of languages can be deployed in this phase (UML, CORE, YSM). Programming of targeted FPGA hardware is performed and system testing takes place. MAPLD2005/116 Skoulaxinos7
MAPLD2005/116 Skoulaxinos8 Run Time Monitoring -Watchdog Timers are monitoring architectures utilised to detect if a system has deadlocked -Can cover a wide range of faults including software, hardware and real time bugs We have taken the proven watchdog timer scheme a step further by introducing access points and a multi-layered implementation. Access points are flags utilized to detect precise location in the embedded code from which watchdog reset has been initiated. Main controller Watchdog Timer Reset timer Monitored system Proof of system liveness Monitoring architecture SW or HW Mal-operation Fault Begins Propagating into system Exceptions on monitoring layers Acess Points utilised for fault location Peripheral / Function reset
FPGA platform utilized -utilized to control: data communication with user PC, ID reception from antenna and tag location computations, all processes executed in parallel -capable of correlating multiple IDs in a truly concurrent manner -100 MHz on board oscillator -can deploy 32 MB of on board SDRAM -the Spartan IIE board supports 3.3V and 2.5V I/O standards 1 Base Station Xilinx Spartan IIE FPGA 2 Remote Station Xilinx Coolrunner II CPLD -Optimized for very low power high performance systems, ideal for wireless applications -On board low power oscillator set at 32kHz -the board supports 1.8V and 3.3V I/O standards MAPLD2005/116 Skoulaxinos9
MTBF=50 seconds Fault Tolerance Enabled Reliability Estimation MTBF=18 seconds Fault Tolerance Disabled Notes: Test Results were analysed in the CASRE Reliability Estimation Tool (developed by JPL-NASA) MAPLD2005/116 Skoulaxinos10
11 MAPLD2005/116 Skoulaxinos Conclusions With the assistance of Hard and Soft-core processors embedded on state of the art programmable devices, FPGAs begin to move away from solitary DSP operation. They can handle complex control processing functions and form complete systems on chip. The increased complexity of such applications is beginning to move out of reach of traditional low level design routes. SW/HW Co- Design is evolving fast to match and bridge this design handicap. Lessons learned at lower levels of implementation can form a solid base for a multi-layered fault tolerant architecture on a single FPGA platform.