You are on page 1of 7

2009 International Conference on Availability, Reliability and Security

An Analysis of Fault Effects and Propagations in AVR Microcontroller ATmega103(L)*


Alireza Rohani1, Hamid. R. Zarandi1, 2 Department of Computer Engineering and Information Technology Amirkabir University of Technology 2 School of Computer Science, Institute for Studies in Theoretical Physics and Mathematics (IPM) E-mails :{ alirezarohani, h_zarandi}@aut.ac.ir
1

Abstract
This paper presents an analysis of the effects and propagations of transient faults by simulation-based fault injection into the AVR microcontroller. This analysis is done by injecting 20000 transient faults into main components of the AVR microcontroller that is described in VHDL language. The sensitivity level of various points of the AVR microcontroller such as ALU, InstructionRegister, Program-Counter, Register-file and Flag Registers against fault manifestation is considered and evaluated. The behavior of AVR microcontroller against injected faults is reported and shown that about 41.46% of faults are recovered in simulation time, 53.84% of faults are effective faults and reminding 4.70% of faults are latent faults; moreover a comparison of the behavior of AVR microcontroller in fault injection experiments against some common microprocessors is done. Results of fault analyzing will be used in the future research to propose the fault-tolerant AVR microcontroller.

1. Introduction
In recent years, reliability is becoming the major factor in designing microprocessor and microcontroller architectures [1]. After critical bugs in Pentium FDIV in 1994 and Sun Microsystems in early 2000 [2] designers are concentrated to include fault-tolerant techniques or alternatively they need an estimation of behavior of designed architecture against various faults. First step to design a fault-tolerant architecture is to analyze the effects and propagations of faults in designed architecture. One of the best methods to estimate behavior of architecture against various faults is simulation-based fault injection that described the architecture in one of HDL languages such as VHDL or VERILOG and then injecting faults in desired points and observed important targets. We have used simulation-based fault injection since it has capability of high controllability and high observability compared to other fault injection methods. Simulation-based fault injection is used in several works. In [3], an analysis of the effect of transient faults

on Algha 21264 and AMD Athlon by simulation-based fault injection was characterized. An analysis of the effects of faults in the cache memories of the SPARC V8 architecture by simulation-based fault injection was reported in [4]. The effect of temporary faults located in the pipeline stages and cache memories is studied in [5]. In [6] fault injection using heavy ions proved the efficiency of the LEON-FT microprocessor. In [7] the behavior of SEUs on the 8051 microcontroller protected by a single error correction code is analyzed. In [8] simulation-based fault injection in a 32-bit processor, namely DP32 and an arithmetic processor called ARP is done and the effect of faults in the various points of these processors is reported. An analysis of the effects and propagation of faults in the 32-bit OpenRisc1200 microprocessor by simulation-based fault injection is done in [9]. This paper presents an analyzing of fault effects and propagations in one of AVR microcontroller families, named ATmega103(L). This microcontroller is a good candidate for being studied, for several reasons: 1) This microcontroller is high performance and low power RISC architecture and has many useful peripheral features such as Analog- comparator, Watchdog-timer, Universal Asynchronous Receiver/Transmitter (UART) and etc [11], 2) This microcontroller is the most well-known among industrial applications, 3) It is used in many highcritical applications in recent years, such as modern automotives [12], airplanes [13], air traffic controllers [14], military applications, hospital equipments, nuclear equipments [10, 14] that any bugs can effect serious damage on human life, therefore finding out behavior of the AVR microcontroller against various faults and tolerating AVR architecture against faults is necessary . The reminder of this paper is composed of four sections. Section 2 describes an overview of the AVR microcontroller architecture, section 3 presents the characteristics of simulation-based fault injection and fault characteristics. Fault injection results and data analyzing are presented in section 4 and finally section 5 concludes the paper.

This research was in part supported by a grant from IPM. (No. CS1386-4-04) *
978-0-7695-3564-7/09 $25.00 2009 IEEE DOI 10.1109/ARES.2009.169 166

Authorized licensed use limited to: Bu Ali Sina Univ Trial User. Downloaded on December 22, 2009 at 00:57 from IEEE Xplore. Restrictions apply.

Figure 1. Overview of ATmega103(L) architecture [10]

Figure 2. Core of ATmega103(L) architecture [10]

2. AVR Microcontroller Architecture


AVR microcontroller is a high-performance and low power microcontroller which utilized Harvard architecture. AVRs are generally classified into four groups: 1) tinyAVRs, 2) megaAVRs, 3) xmegaAVRS and 4) specific AVRS. megaAVRs have special features not found on other members of the AVR families such as LCD controller, USB controller, CAN [10, 14], therefore a member of megaAVRs named ATmega103(L) is studied here. ATmega103(L) is a 8-bit RISC architecture that executes powerful instruction set in a single clock cycle and this feature allowing the designer to optimize power consumption versus speed. Rich instruction set with 32 general working registers that are directly connected to the ALU and various addressing modes is a major architectural benefit in the design of ATmega103(L). An overview of the ATmega103(L) architecture is shown in Figure 1. It has 8-bit Data-Buss, 16-bit AddressBuss that feeds through Data-Buss, 16-bit Program Counter (PC), 12-bit Instruction-Register (IR) and many additional features such as 128K bytes of in-system programmable flash, 4K bytes SRAM memory, real time counters, UART and etc. Figure 2 illustrates the core of ATmega103(L) without peripheral features, moreover fault injection points are shown in that figure. As shown in Figure 2, all points of core in AVR ATmega103(L) are chosen for fault injection and therefore the results can specify

exhaustively the behavior of AVR microcontroller in the presence of various transient faults.

3. Fault Injection Characteristics


Three well-known workloads are considered in fault injection experiments [4, 5, 8, 9 and 15], the Quick Sort, the Matrix Multiplication and the linked List manager for insert and delete nodes in the linked List. Thanks to these well-know workloads, we can compare the results of fault injection experiments with other related work. The workloads are coded in C++ and are compiled with CodeVisionAVR C Compiler [16, 17] which can generates machine code for the ATmega103(L) microcontroller. The SINJECT fault injection tool [8] is used for injecting different fault models into the VHDL model of the ATmega103(L) [18], for all of workloads, the same set of fault injection is used. In the experiments, transient faults were injected only in the core of microcontroller. These faults have not been injected in the peripheral devices such as Universal Asynchronous Receiver/Transmitter (UART) and timers since these parts play no role in executing implicit workloads. The faults were injected in different parts of the core including the ALU, the Control-Unit, the PC register, the Register-file, the IR register and the programmable memory. For having comprehensive fault injection experiments, different fault models are considered for various parts of the ATmega103(L) microcontroller, so gate-replacement
167

Authorized licensed use limited to: Bu Ali Sina Univ Trial User. Downloaded on December 22, 2009 at 00:57 from IEEE Xplore. Restrictions apply.

model is considered for inside the ALU and stuck-at-fault model considered for inputs and outputs of the ALU unit. The PC, IR and Register-file consisting of registers so bitflip model are considered for these parts and stuck-at and bridging model are considered in inputs and outputs wires of these parts. The Control-Unit of this microcontroller is described in behavioral level so it is possible to inject stuck-at-then and stuck-at-else models in this part of core, last part of core for fault injection is programmable memory that bit-flip fault model considered for this part. Table 1 presents the characteristics of the injected faults and their locations. In the experiments, a total of 20000 transient faults are injected into mentioned parts of the microcontroller in the ATmega103(L) core. The ATmega103(L) is simulated using a 50ns clock period and all of the faults are randomly injected by the average duration 50ns (The fault duration is exponentially distributed). The fault injection time, during workload execution time is randomly distributed with uniform distribution. The experiments have 100 fault injection points and 200 faults are injected to each point (totally 20000 experiments).
Table 1. The characteristic of the injected faults # of Fault injection points injected Fault models faults ALU 4 Gate-replacement ALU Input Lines 8 Stuck-at Stuck-Else, Control Unit 16 Stuck-Then Control Unit 8 Micro-operation PC 4 Bit-flip PC Output Lines 8 Stuck-at PC Output Lines 8 Bridging IR 4 Bit-flip IR Input Lines 6 Stuck-at IR Output Lines 6 Bridging REG. File 8 Bit-flip REG. File Input Lines 8 Stuck-at Programmable 10 Bit-flip Memory

workload that stored in Register-file. In the Linked List workload, the connectivity of inserted node to adjacent nodes and connectivity of consecutive nodes when a node is deleted means that this workload runs successfully, otherwise a failure is happen in some parts of microcontroller.

4.1. Fault Effects in Critical Points


In this section, the propagation of injected faults is monitored and it is determined how percentage of injected faults reaches to critical points of AVR microcontroller. Table 2 illustrates fault latencies and error manifestation in critical points of AVR microcontroller for each workload. This table shows fault propagation in critical points of AVR microcontroller. In each workload first column indicates observation points that are similar in all experiments, two next columns show respectively minimum and maximum times that an error detected in observed points. Useful information can be extracted from column 4 of this table that labeled with mean that shows when an error is observed in observed point averagely in time; if this number is low it means that injected faults rapidly transform to error. Last column of table 2 shows percentage of faults that cause to an error in selected points. In Quick Sort workload, error manifestation is 83% for ALU, 58% for PC, 55% for Register-file and 51% for IR. It means that ALU, PC and Register-file are most sensitive points for Quick Sort workload; moreover table 2 shows that the mean number is 178.85ns for PC, 307.52ns for Register-file and 211.77ns for ALU, extracted that errors are detected first in PC and then in ALU and Register-file respectively; Error manifestation is 60% and 59% in Negative Flag and Sign Flag respectively, thus this flags are most sensitive in Flagregister. This Information means that ALU, PC and Negative flag are most sensitive points in Quick Sort workload. This analyze can be done for Matrix Multiplication and Linked List workloads similarly. Figure 3 helps us utilize most sensitive points of the AVR microcontroller for fault-tolerant purposes. This table shows error manifestation in all selected points in average of three workloads; this figure shows that ALU, PC and IR have respectively about 73%, 52% and 50% contribution of faults into the error. The mean number is 203.84ns for PC, 212.28ns for IR and 361.50ns for ALU in average of three workloads, thus faults propagated rapidly in PC and IR and much slower in ALU. Figure 3 illustrates that ALU, PC and IR are most sensitive points according to error manifestation in AVR microcontroller and must be targeted for the fault-tolerance purposes in the future researches.

4. Experimental Results
This section presents the results of the fault injection experiments. The results partitioned into two subsections, at the first, the effects of injected faults in the critical points of AVR microcontroller like PC, Register-file, IR and etc is studied and propagations of faults is observed. At the second, behavior of AVR microcontroller at the presence of injected faults is presented. In this paper, the failure is wrong result which is stored in proper region, for example the final result matrix in the Matrix Multiplication workload that must be stored in Registerfile or the proper stored numbers in the Quick Sort

168

Authorized licensed use limited to: Bu Ali Sina Univ Trial User. Downloaded on December 22, 2009 at 00:57 from IEEE Xplore. Restrictions apply.

80% E rro r m a n ife s ta tio n 60% 40% 20% 4% 0%


PC IR F S i la g gn Ov Fl ag er f lo w Ne g a f l ag ti v eF Z e la g ro Fl a Ca r ry g Fl ag Fi

73% 52% 50% 47%

45%

45% 46%

Table 3 shows that about 53.84% of faults are effective faults in AVR microcontroller and therefore it is necessary to propose a fault-tolerant architecture to reduce effective faults in AVR microcontroller.

5. Conclusions
15% 6%

Figure 3. Error manifestation in critical points

4.2. AVR Behavior Against of Injected Faults


This section analyzed results of three workloads to find out the behavior of AVR microcontroller in the presence of fault; this results show that how percentage of faults recover in simulation time and how percentage of them have no impact on final output (latent faults). All the fault characteristics are the same as section 2 of this paper. Figure 4 shows behavior of AVR microcontroller in the presence of fault for each workload. This figure shows that in average about 6% of injected faults are recovered in four first clock pulse (period of clock pulse is 50ns) and then fault recovery is stable when time increases. Moreover this figure shows that in average 41% of faults recover in 20 cycles after fault activation, and about 34% of injected faults are recovered in the start of experiments, this means that they might AND with 0 value, or OR with 1 value some moments after fault activation. Simulating goes on for 5000ns and observed that fault recovery is stable on 41%; it means that about 41% of faults recover in AVR microcontroller. Table 3 shows detailed results of fault injection analysis for each workload, this table shows that about 47.82% of faults are recovered in run time for Quick Sort workload, this number is 38.79% and 37.67% for Matrix Multiplication and Linked List workloads respectively. Last row in table 3 shows average of recovery coverage for these workloads that can be considered for general behavior in AVR microcontroller. Not recovered faults partition into two categories, 1) Latent faults that not transform to error in simulation time and 2) Effective faults that cause a failure in system and produce wrong results as final results. Percentages of Effective faults are 46.78 and 54.91 for Quick Sort and Matrix Multiplication respectively, because of second workload widely uses ALU and this part is very sensitive against faults as presented in previous subsection.
169

In this work, an analysis of the effects and propagations of various transient faults into the AVR microcontroller was analyzed. The results provided by simulation-based fault injection at HDL model that identify all portion of AVR microcontroller. A comparison of various points of the microcontroller including Program-Counter, Instruction-Register, Register-file, ALU and various flags against fault injection was presented. Results showed that ALU, PC and IR are most sensitive points against fault injection; therefore they must be targeted for fault-tolerance purposes. In Flag register Negative-Flag and Sign-Flag are most sensitive flags and must be concentrated in faulttolerance purposes. Furthermore the behavior of AVR microcontroller against fault injection was analyzed and showed that about 41.46% of faults recovered in simulation time and 53.84% of faults are effective faults that cause on failure of microcontroller, 4.70% of faults are latent faults that have no effect on final results in simulation time. Figure 5 shows a comparison among OpenRisc1200 microprocessor, DP32 microprocessor and AVR microcontroller in error manifestation for Registerfile and ALU. The reason of comparison is that all of them are analyzed by similar fault-injection method (simulation-based fault injection and similar workloads that are Quick Sort and Matrix Multiplication workloads). This comparison shows that the sensitivity of Register-file in AVR is about other two microprocessors but the sensitivity of ALU in AVR is much higher from OpenRisc1200 microprocessor and DP32. This means that ALU in AVR is more critical and there should be considered some fault-tolerant mechanism in AVR for high-computational workloads.
100%
OpenRISC DP32 AVR

er

st

Re

Ha

l f-

ca

gi

rr

AL U

le

AVR

80% Error Manifestation

60%
DP32 OpenRISC AVR OpenRISC DP32

40%

20%

0% Register-file ALU

Figure 5. Error manifestation in critical points

Authorized licensed use limited to: Bu Ali Sina Univ Trial User. Downloaded on December 22, 2009 at 00:57 from IEEE Xplore. Restrictions apply.

Table 2. Fault effects, latencies and error manifestations Parameter Workload Observation Point PC IR Register File Half-Carry Sign Overflow Flags Negative Zero Carry ALU PC IR Register File Half-Carry Sign Overflow Flags Negative Zero Carry ALU PC IR Register File Half-Carry Sign Overflow Flags Negative Zero Carry ALU Fault Latency (ns) Minimum 1 1 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 Maximum 1197 513 892 1944 1443 1822 1443 1443 2597 2345 3716 743 1699 291 2499 1958 2499 2499 1654 2499 1094 796 2597 1660 2823 2123 2769 2171 1660 2769 Median 96 132 301 100 240 151 240 234 51 82 140 238 761 110 1002 26 1002 822 12 49 86.5 248 294 200 472 240 335 228 260 59 Mean 178.85 136.46 307.52 240.91 280.10 399.57 280.29 273.70 576.86 211.77 311.76 240.02 762.21 10.64 986.81 342.24 986.82 864.96 222.15 646.19 120.91 260.36 401.01 138.14 718.25 496.50 548.30 377.83 382.22 226.56 Standard deviation 213.39 76.82 187.45 573.89 260.13 447.63 260.35 263.48 843.82 254.02 451.90 134.59 429.97 28.311 777.99 544.86 777.99 806.49 386.11 782.36 121.99 139.42 431.53 333.20 714.43 581.09 591.34 476.87 355.13 478.03 manifested Errors (%) 58 51 55 3 59 22 60 58 6 83 55 51 46 5 55 12 55 61 4 86 44 50 40 6 22 13 20 20 9 50

Quick Sort

Matrix Multiplication

Linked List

Workload Quick Sort Matrix Multiplication Linked List Average

Table 3. Behavior of faults in AVR Microcontroller Not Recovered Faults (%) Recovery Coverage (%) Average of Fault Recovery (ns) Latent Faults Effective Faults 5.40 343 47.82 46.91 6.30 807 38.79 54.91 2.50 59.83 557 37.67 41.46 4.70 53.84 569

170

Authorized licensed use limited to: Bu Ali Sina Univ Trial User. Downloaded on December 22, 2009 at 00:57 from IEEE Xplore. Restrictions apply.

48 46
% of faults recovered

Quick Sort

44 42 40 38 36 34 32 30
10 0 20 0 30 0 40 0 50 0 60 0 70 0 80 0 90 0 10 00 11 00 12 00 12 99 13 99 14 99 15 99 16 99 17 99 18 99 19 99
time(ns) after fault activation
Figure 4. Fault recovery in AVR

average Matrix Multiplication Linked List

References
[1] G. T. Subramanian, Control Cashing: A Faulttolerant Architecture for SEU Mitigation in Microprocessor Control Logic, M.S thesis, Dep. Comp. Eng., Iowa State University, Ames, Iowa, pp. 2-3, 2006. [2] R. Baumann, Soft Errors in Commercial Semiconductor Technology: Overview and Scaling Trends, in the Proceedings of the Reliability Physics Tutorial Notes, 2002. [3] N. J. Wang, J. Quek, T. M. Rafacz and S. J. Patel, Characterizing the Effects of Transient Faults on a High-Performance Processor Pipeline, in the Proceedings of the International Conference on Dependable Systems and Networks, pp. 61-70, 2004. [4] M. Rebaudengo, M. Sonza Reorda and M. Violante, An Accurate Analysis of the Effects of Soft Errors in the Instruction and Data Caches of a Pipelined Microprocessor, in the proceedings of the Design, Automation and Test in Europe Conference and Exhibition, pp. 602-607, 2003. [5] M. Rebaudengo, M. Sonza Reorda, and M. Violante, Analysis of SEU Effects in a Pipelined Processor, in the Proceedings of the IEEE international On-Line Testing Workshop, pp. 206-210, 2002. [6] J. Gaisler, A Portable and Fault-Tolerant Microprocessor Based on the SPARC V8 Architecture, in the Proceedings of the International Conference on Dependable Systems and Networks, pp. 409-415, 2002. [7] F. Lima, L. Carro, R. Velazco and R. Reis, Injecting Multiple Upsets in a SEU Tolerant 8051
171

Microcontroller, in the Proceedings of the IEEE International On-Line Testing Workshop, pp. 194199, 2002. [8] H. R. Zarandi, G. Miremadi and A. R. Ejlali, Dependability Analysis Using a Fault Injection Tool Based on Synthesizability of HDL Models, in the Proceedings of the International Symposium on Defect and Fault Tolerance in VLSI Systems, pp, 485-492, 2003. [9] N. Mehdizadeh, M. Shokrolah-Shirazi and G. Miremadi, Analyzing Fault Effects in the 32-bit OpenRISC 1200 Microprocessor, in the Proceedings of the International Conference on Availability, Reliability and Security, vol. 00, pp. 648-652, 2008. [10] Atmel, 8-bit AVR Atmega103l User Manual, www.atmel.com, 2007. [11] D. de Andres, J. C. Ruiz, D. Gil and P. Gil, Fault Emulation for Dependability Evaluation of VLSI Systems, IEEE Transactions on Very Large Scale Integration Systems, vol. 16, issue 4, pp. 422-431, 2008. [12] M. Short and M. J. Pont, Assessment of Highintegrity Embedded Automotive Control Systems Using Hardware in the Loop Simulation, Journal of Systems and Software, vol. 81, 2008. [13] A. V. Lovato, E. Araujo and J. D. S. da Silva, Fuzzy Decision in Airplane Speed Control, in the proceedings of the IEEE International Conference on Fuzzy Systems, vol. 0, pp. 1578-1583, 2006.

Authorized licensed use limited to: Bu Ali Sina Univ Trial User. Downloaded on December 22, 2009 at 00:57 from IEEE Xplore. Restrictions apply.

[14] S. Korbel, V Janes, Interesting Applications of Atmel AVR Microcontrollers, in the Symposium on Digital System Design, pp. 499-506, 2004. [15] H. R. Zarandi, G. Miremadi, and A. R. Ejlali, Fault Injection into Verilog Models for Dependability Evaluation of Digital Systems, in the Proceedings of the International Symposium on Parallel and Distributed Computing, pp. 281-287,2003.

[16] T. fryza, Basic C Code Implementations for AVR Microcontrollers, 14th International Workshop on Processing, Multimedia Communications and Services, vol. 27, pp. 434-437, 2007. [17] HP InfoTech, CodeVision AVR, V2.03.6, http://www.hpinfotech.ro. [18] Open Cores, www.opencores.org, [accessed: July 2008].

172

Authorized licensed use limited to: Bu Ali Sina Univ Trial User. Downloaded on December 22, 2009 at 00:57 from IEEE Xplore. Restrictions apply.