Overview
The extended Xception suite of products expands the applicability of Xception by incorporating non-SWIFI fault-injection technology. For non processor-centric designs, as found in Telecommunications, Networking and Automotive Embedded solutions, direct fault placement in ASICs (Application Specific Integrated Circuits), chipset devices or even nodes in a PCB (Printed Circuit Board) may be a requirement. Even when considering internal processor locations, standard programming access does not reach all functional units - caches being one good example.
The extended approach relies on a modular architecture that uses the same experiment definition and control front-ends (Xception EME) and the same database with two new hardware modules. These hardware modules deliver pin-level forcing injection and scan chain implemented fault injection (SCIFI). Each technique - pin-level injection, SCIFI or SWIFI - is totally independent from the others and it may be used alone or concurrently, depending on the evaluation goals and features of the target system to consider.
The communication between the host and the injection modules is based on the TCP/IP connection. Under this scheme, the target system location is independent from the host (it might be even placed in a different physical location, e.g. another building). The target should have an hardware-reset interface in order to reinitiate the system between injection runs. If such a feature is not available, eXception operation is still possible, but fully unattended activity might be compromised. The host computer can perform simultaneously experiments on different targets.
SCIFI - Scan Chain Implemented Fault Injection
Scan chain implemented fault injection is based on the Boundary-scan (BSCAN) hardware specification adopted in the early nineties by IEEE to test devices functionality on-board. BSCAN is supported by the most complex ICs (processors, ASICs, DSPs) and its standard scan-cell and TAP (Test Access Port) controller macros are also easily customized and added to IC designs.
In the Xception extended implementation, BSCAN module receives the fault parameters from the host and controls/monitors the target through BSCAN chain (a serial standard channel through the ICs board).
The fault definition module sets up the breakpoint condition and defines the fault model (type, location and duration). The workload begins its execution and it is left running, being halted only when it reaches the breakpoint. Fault injection takes place by reading the contents of all the scan-chains, inverting the bits stated in the configuration data and writing back the fault injected scan-chains to the target. The workload is resumed and the experiment follows the general proceedings.
Pin-level Forcing Fault Injection
The forcing technique is performed by the pin-level module, which uses fault actuators (forcing probes) to insert stuck-at faults on specific target system locations.
At the fault definition interface, it is possible to define which probes will be actuated and the type of fault to be performed: stuck-at-0 or stuck-at-1. Upon receiving the fault parameters from the host, the pin-level module actuates the probes.
The fault actuators are independent from the pin-level module. Choosing the best actuators to use on each system is dependent on the target specific characteristics. These actuators are available as COTS components for TTL, CMOS and ECL signals at 5V and 3,3V, raging from high-speed actuators (transistors based) to electro-mechanical relays.
The major advantages of this technique are the ability to insert faults where none of the other methods are able to access and to inject realistic permanent faults (none of the other methods are able to emulate these faults).