08-demo.tex 9.09 KB
Newer Older
1
2
3
4
5
6
\section{Demo: TMR VGA}

\subsection{Use Case}
The \ac{TMR} \ac{VGA} demo design is intended to demonstrate the effects of fault injection in an TMR

A sprite engine draws a sprite of a small airplane on the screen in front
7
of a blue-red gradient background. The sprite of the airplane is moved across the
8
screen in successive frames, changing direction when it reaches any of
9
the visible screen borders. A screenshot can be seen in \Cref{fig:tmrvga_screenshot}.
10
11
12
13
14
15
16
17
18
The left side shows the error-free case, a stuck-open error in the sprite
engine can be seen on the right side.

\begin{figure}[htb]
\centering
\includegraphics[width=0.8\linewidth]{img/tmrvga_screenshot.jpg}
\caption{\ac{TMR} \ac{VGA} Screenshot}
\label{fig:tmrvga_screenshot}
\end{figure}
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

The use case is designated for use with the Cyclone III-based DE0 development
board from Terasic\footnote{\url{http://de0.terasic.com.tw/}, visited on August 29,2016}
or the Zynq-based Zybo\footnote{\url{https://www.xilinx.com/products/boards-and-kits/1-4azfte.html}, visited on August 29, 2016}
but is portable to other boards providing a \ac{VGA} connector with little effort.

\begin{figure}[htb]
\centering
\input{img/blockdiagram-usecase.tex}
\caption{\ac{TMR} \ac{VGA} Use Case}
\label{fig:tmrvga}
\end{figure}

The design contains a \ac{VGA} timing generator module, which provides
HSync and VSync signals as well as the row and column in the current frame.
The output of the sprite engine is the color of the current pixel, blanked in the non-visible area of the \ac{VGA} timing. 
This sprite engine is triplicated, as an analogy to triplicated avionics in an actual airplane.
Majority voting is performed over the three color channels before outputting the color value to a parallel \ac{DAC}.
37
The voters are also able to determine if a 2:1 mismatch has occurred.
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
A coarse block diagram of the design can be seen in \Cref{fig:tmrvga}.

An important thing to note is that the sprite position registers within the sprite engines are not converged using majority voting.
Thus, faults affecting the direction register will cause the domain 0 to permanently diverge from the others until the design is reset.
In a real-world design the states of the redundant units would usually be determined by the voter.

\subsection{Hardware Setup}

Board setup (DE0):
\begin{itemize}
    \item Connect a 3V3 Serial TTL cable to the DE0:
        \begin{itemize}
            \item Connect \textit{Ground} to any GND pin on GPIO1 (e.g., J5.30)
            \item Connect \textit{TXD (Host-to-Device)} to GPIO1\_D31 (J5.40)
            \item Connect \textit{RXD (Device-to-Host)} to GPIO1\_D30 (J5.39)
            \item Leave \textit{\#RTS} unconnected
            \item Connect \textit{\#CTS} to GND (or leave unconnected if your cable
                  pulls it down)
            \item If your cable requires an I/O voltage input (e.g., FTDI TTL-232R-VIP),
                  connect the correspondig wire to any 3V3 pin on GPIO1 (e.g., J5.29)
        \end{itemize}
59
60
61
62
63
64
65
66
67
68
    \item Connect a VGA-compatible monitor to the VGA port. The design
          generates a 640x480 \@ 25Mhz VGA signal.
    \item The dip-switch SW0 controls if TMR is enabled.
    \item BUTTON0 resets the design
    \item The green LEDs above the three buttons (LEDG0-LEDG3) show the
          error detection state:
        \begin{itemize}
            \item LEDG0 shows if any error has been detected
            \item LEDG1-3 show which voter (Red,Green,Blue) detected the error
        \end{itemize}
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
\end{itemize}

Board setup (Zybo):
\begin{itemize}
    \item Connect a 3V3 Serial TTL cable to the Zybo:
        \begin{itemize}
            \item Connect \textit{Ground} to PMOD JE6
            \item Connect \textit{TXD (Host-to-Device)} to PMOD JE1
            \item Connect \textit{RXD (Device-to-Host)} to PMOD JE2
            \item Leave \textit{\#RTS} unconnected
            \item Connect \textit{\#CTS} to GND (or leave unconnected if your cable
                  pulls it down)
            \item If your cable requires an I/O voltage input (e.g., FTDI TTL-232R-VIP),
                  connect the correspondig wire to PMOD JE6
        \end{itemize}
84
85
86
87
88
89
90
91
92
    \item Connect a VGA-compatible monitor to the VGA port.
    \item The dip-switch SW0 controls if TMR is enabled.
    \item BTN0 resets the design when pressed
    \item The LEDs above the dip switches (LD0-LD3) show the
          error detection state:
        \begin{itemize}
            \item LD0 shows if any error has been detected
            \item LD1-3 show which voter (Red,Green,Blue) detected the error
        \end{itemize}
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
\end{itemize}

\subsection{Work Flow}

All paths hereinafter are relative to \texttt{<FIJI ROOT>/docs/demos/tmr\_vga}.

To reconstruct the execution of the flow to configure, instrument and synthesis the design with injection logic, the following steps have to be executed.

\subsubsection{Run setup}
    \begin{lstlisting}[style=shell,gobble=8]
        $ perl ../../../bin/fiji_setup.pl -s fiji/de0_test_1/fiji/fiji.cfg \
                                          -n synp/de0/de0/spriteflyer_top.vqm
    \end{lstlisting}

\subsubsection{Instrumentation}
    \begin{lstlisting}[style=shell,gobble=8]
        $ perl ../../../bin/fiji_instrument.pl -s fiji/de0_test_1/fiji/fiji.cfg \
                                               -n synp/de0/de0/spriteflyer_top.vqm \
                                               -o fiji/de0_test_1/fiji \
                                               -p tmr_vga_demo
    \end{lstlisting}
\subsubsection{Synthesis using Synplify Pro}
\begin{enumerate}
    \item Create a new Synplify project file named 'spriteflyer\_top.prj' in \texttt{fiji/de0\_test\_1/synp}
    \item Open the project
    
    \item Rename the default implementation to 'de0' and enter the following settings:

    \begin{itemize}
        \item Device: Cyclone III EP3C16-F484-C6
        \item Output Filename: spriteflyer\_top.vqm
        \item Quartus Version: 13.0
        \item Verilog toplevel module: fiji\_top
    \end{itemize}

    \item
        \begin{plainlisting}[gobble=12]
            fiji/de0_test_1/fiji/tmr_vga_demo_instrumented.vqm
            fiji/de0_test_1/fiji/tmr_vga_demo_config_pkg.vhd
            fiji/de0_test_1/fiji/tmr_vga_demo_wrapper.vhd
            fiji/de0_test_1/fiji/tmr_vga_demo_constraints.synplify.fdc
            fiji/de0_test_1/synp/spriteflyer_top.fdc
            <FIJI PUBLIC ROOT>/hw/rtl/*.vhd
        \end{plainlisting}
    The constraints have already been entered for this demo.
    In a ``real'' flow, they have to be manually transferred from
    the original Synplify project

    \item Run \keystroke{F8}
\end{enumerate}
\subsubsection{Place-and-Route using Quartus II 13.0}

\begin{enumerate}
    \item Copy the following files into the \texttt{fiji/de0\_test\_1/quartus} directory:
        \begin{plainlisting}[gobble=12]
            synp/de0/de0/spriteflyer_top_p_sprite_rom_s_sprit.hex
            synp/de0/de0/spriteflyer_top_p_sprite_rom_s_spritmif1.hex
            synp/de0/de0/spriteflyer_top_p_sprite_rom_s_spritmif2.hex
        \end{plainlisting}
    \item Create a new project named 'de0\_test\_1.qpf'

        Set Cyclone III - EP3C16-F484-C6 as device

    \item Add the following files to the project
        \begin{plainlisting}[gobble=12]
            fiji/de0_test_1/fiji/tmr_vga_demo_instrumented.vqm
            fiji/de0_test_1/fiji/tmr_vga_demo_constraints.quartus.qsf
            fiji/de0_test_1/quartus/fiji_top.sdc
        \end{plainlisting}

    \item Import the assignments from
        \begin{plainlisting}[gobble=12]
            boards/pins_de0.qsf
            fiji/de0_test_1/fiji_pins.qsf
        \end{plainlisting}

        The clock and pin constraints have already been entered for this demo.
        In a ``real'' project, you would have to manually enter them in Quartus.

    \item Perform ``Analysis and Synthesis''

    \item Check the imported pin assignments in the Pin Planner

    \item Perform ``Full Compilation'

\end{enumerate}

\subsection{Runtime Fault Injection}

\begin{enumerate}
    \item Download the FPGA bitstream via Quartus Downloader
    \item Run the \ac{FIJIEE} GUI
        \begin{lstlisting}[style=shell,gobble=12]
            $ perl ../../../bin/fiji_ee_gui.pl -s fiji/de0_test_1/fiji/tmr_vga_demo_download.cfg \
                                               -t fiji/de0_test_1/fiji/tmr_vga_demo_test.tst
        \end{lstlisting}
    \item Execute tests:
    \begin {itemize}
        \item Pre-defined sequence in \texttt{fiji/de0\_test\_1/fiji/tmr\_vga\_demo\_test.tst}
        \item Manual tests
        \item Random tests
    \end {itemize}
\end{enumerate}

When the \emph{\ac{TMR} Enable} switch is in ``0'' position, the output from
\ac{TMR} domain 0 is directly relayed to the \ac{VGA} output. All faults are directly
visible. The fault detection LEDs remain dark.

When the \emph{\ac{TMR} Enable} switch is in ``1'' position, the \ac{VGA} output is
generated by majority voting over the three \ac{TMR} domains. Faults in \ac{TMR}
domain 0 are masked and thus are not visible. When \ac{TMR} is enabled, the LEDs on
the board show (1) if an error is detected by the voter (one domain disagrees
with the others) and (2) in which voter (Red, Green, Blue) the error is detected.