1 / 84

Symbolic Simulation based Transient Fault Injection Methodology

Symbolic Simulation based Transient Fault Injection Methodology. Ashish Darbari and Bashir Al Hashimi Technical Report No. 15376 Electronics and Computer Science Dept. University of Southampton EPSRC Grant No: EP/D057663/1 For Project on: Reliable Low Power Embedded Computing System

arlen
Download Presentation

Symbolic Simulation based Transient Fault Injection Methodology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symbolic Simulation basedTransient Fault Injection Methodology Ashish Darbari and Bashir Al Hashimi Technical Report No. 15376 Electronics and Computer Science Dept. University of Southampton EPSRC Grant No: EP/D057663/1 For Project on: Reliable Low Power Embedded Computing System Industrial Partner: ARM Ltd Cambridge, UK

  2. We draw inspiration from some of the limitations of existing work on transient fault injection especially in the context of a CPU [Civera01, Gonna05,Leveugle05,Krautz06]. Do we know a solution that is efficient Time Labour Computation Re-usablity Three crucial dimensions, one of which has been specifically overlooked. Spatial – covering all paths in the design, and all circuit nodes. Temporal – when to inject fault and how often Data – which benchmark programs Conventional simulation based fault injection is inadequate. Motivation } no free lunch however !

  3. A 32-bit RISC CPU

  4. Traditional Fault Injection Golden RTL is instrumented [Civera01,Leveugle05,Krautz06], to incorporate fault injection hardware, and a chosen set of benchmark programs is loaded onto the intrumented RTL. Faults are then injected via an API from a set of library, and its effect on the instrumented RTL is then compared to the fault-free Golden RTL. But how do we know which programs would best expose the vulnerability of the design (data). How do we know where to inject faults in the design (space) And lastly, when and how often (temporal)? Given the random nature of an SEU these factors become even more pertinent.

  5. Our Approach Counter examples Given RTL Develop properties Fault free property checking Golden RTL Golden RTL Verification of Golden RTL against faulty properties { Counter examples no Golden Properties Refine properties and RTL yes Faulty Properties Benefits of our approach include a program-independent method of assessing vulnerability due to faults, at all points in the circuit, at all times.

  6. Coverage vs. scale(David Dill et al. ICCAD 1999) Combination of Symbolic simulation, Model checking and Deductive Inference provides maximum coverage and also poses no limits on scale. Model checking Coverage FSM-based generation Symbolic simulation Manual test w/ coverage Random simulation 1 FSM 50K 250K 2M Scale (gates)

  7. c a out b Symbolic Simulation -Two input MUX a, b, c and out are “symbols” that denote Boolean variables out = ifc thena elseb • Benefits • More coverage per simulation • One expression covers a huge set of values. • Get a lot of coverage from a few simulations.

  8. Provides a structured approach to capture the run-time behaviour of a design through simulation. The structure of the circuit is mirrored by a property, which can then be simulated to evaluate run-time behaviour of the circuit, and all of this – symbolically. Properties can be composed and decomposed (syntax), thus providing ability to compose and decompose the behaviour (semantics) of the circuit. All of this happens without compromising soundness, due to a deductive inference system based in STE logic. Symbolic Simulation Using Properties

  9. STE [Seger95] extends the domain of simulation from Boolean to Ternary {0,1,X}, and incorporates symbolic simulation, over time, using Binary Decision Diagrams (BDDs). The framework of STE enables a seamless combination of symbolic simulation and model checking. Simple syntax, easy to write properties, compared to some others who have used PSL [Leveugle05,Krautz06]. A light-weight theorem prover adds inference capabilities. Has been used extensively at Intel, Motorola and IBM. Symbolic Trajectory Evaluation - STE

  10. STE – An Overview • STE provides specification and verification framework. • Specification is done by developing properties, which are • expressed in terms of trajectory formulas. • A property has the shape A)C, where both A and C are • trajectory formulas. • Intuitively A can be seen to provide a stimuli to the circuit, and C • denotes the expected values. • STE model checking engine computes sequences and • trajectories for C and A respectively, and checks for their • containment.

  11. STE – Trajectory Formula f := nis 0 node n has a value | n is 1 node n has a value 1 | f1andf2 conjunction of formulas | f whenP f is asserted only when P is true | N f f holds in the next time step f from i to j = Ni f and Ni+1 f and … Nj-1 f where N0 f = f “a” is (p Æ q) = (“a” is 1) when (pÆ q) and (“a” is 0) when (:(p Æ q))

  12. Fault free ` mux ² (“a” is a from 0 to 5) and (“b” is b from 0 to 5) and (“c” is c from 0 to 5) ) (“out” is (c ! a j b) from 0to 5) Fault at “a” at time point 1 mux ² (“a” is a from 0 to 1) and (“a” is :a from 1 to 2) and (“a” is a from 2 to 5) and (“b” is b from 0 to 5) and (“c” is c from 0to 5) ) (“out” is (c ! a j b) from 0to 5) Revisiting the MUX Example “c” “a” “out” “b” STE running in trace mode WARNING: Consequent failure at time 1 on node out Current value: (:c Æ b) Ç (b Æ:a) Ç (c Æ:a) Expected value: (b Æ a) Ç (c Æ a) Ç (:c Æ b) Strong disagreement when: c` `:c¾ (mux ²(“a” is a from 0 to 1) and (“a” is :a from 1 to 2) and (“a” is a from 2 to 5) and (“b” is b from 0 to 5) and (“c” is c from 0 to 5) )(“out” is (c ! a j b) from 0 to 5))

  13. A 32-bit RISC CPU Property checking is decomposed corresponding to each functional unit such as Fetch, Decode, Control, Execute, and Data Memory.

  14. Fetch Unit AddResult Branch Zero • Faults in the PC • Multiple bits of the PC • Single bit • Fault in AddResult • Faults in Instruction Memory • Any single bit • Multiple bits in a row

  15. PC works correctly in the absence of fault `clock and (“IFetch_IFE_PC[7:2]” is PC[7:2]) and Reset_is_low and (“Execute_EXE_ADDResult[7:2]” is AddResult[7:2]) and (“Execute_EXE_Zero” is Zero from 0 to 10) and (“control_CTL_Branch” is Branch from 0 to 10) ) ((“IFetch_IFE_NextPC[7:2]” is AddResult[7:2] when (Zero Æ Branch)) and ((“IFetch_IFE_NextPC[7:2]” is (PC[7:2] + 4) when (:Zero Ç:Branch))

  16. Multiple bits in the PC are faulty `clock and (“IFetch_IFE_PC[7:2]” is (map NOT PC[7:2])) and Reset_is_low and (“Execute_EXE_ADDResult[7:2]” is AddResult[7:2]) and (“Execute_EXE_Zero” is Zero from 0 to 10) and (“control_CTL_Branch” is Branch from 0 to 10) ) ((“IFetch_IFE_NextPC[7:2]” is AddResult[7:2] when (Zero Æ Branch)) and ((“IFetch_IFE_NextPC[7:2]” is (PC[7:2] + 4) when (:Zero Ç:Branch))

  17. Multiple bits in the PC are faulty `(Branch and Zero)¾ clock and (“IFetch_IFE_PC[7:2]” is PC[7:2]) and Reset_is_low and (“Execute_EXE_ADDResult[7:2]” is AddResult[7:2]) and (“Execute_EXE_Zero” is Zero from 0 to 10) and (“control_CTL_Branch” is Branch from 0 to 10) ) ((“IFetch_IFE_NextPC[7:2]” is AddResult[7:2] when (Zero Æ Branch)) and ((“IFetch_IFE_NextPC[7:2]” is (PC[7:2] + 4) when (:Zero Ç:Branch))

  18. Single bit in the PC is faulty `(Branch and Zero)¾ 8i. (clock and (“IFetch_IFE_PC[7:2]” is (fault i PC[7:2])) and Reset_is_low and (“Execute_EXE_ADDResult[7:2]” is AddResult[7:2]) and (“Execute_EXE_Zero” is Zero from 0 to 10) and (“control_CTL_Branch” is Branch from 0 to 10) ) ((“IFetch_IFE_NextPC[7:2]” is AddResult[7:2] when (Zero Æ Branch)) and ((“IFetch_IFE_NextPC[7:2]” is (PC[7:2] + 4) when (:Zero Ç:Branch))) The impact of fault in the PC can be tolerated if there is a branch instruction in the pipeline.

  19. Fault in Branch Address `(:Zero Ç:Branch)¾ clock and (“IFetch_IFE_PC[7:2]” is PC[7:2]) and Reset_is_low and (“Execute_EXE_ADDResult[7:2]” is (map NOT AddResult[7:2])) and (“Execute_EXE_Zero” is Zero from 0 to 10) and (“control_CTL_Branch” is Branch from 0 to 10) ) ((“IFetch_IFE_NextPC[7:2]” is AddResult[7:2] when (Zero Æ Branch)) and ((“IFetch_IFE_NextPC[7:2]” is (PC[7:2] + 4) when (:Zero Ç:Branch))

  20. Instruction Memory (IM) functions correctlyRead after write works correctly `clock and (“IFetch_IFE_WriteAddress[7:0]” is WriteAddress[7:0] from 0 to 1) and (“MemWrite” is we from 0 to 1) and (“MemWrite” is F from 1 to 10) and (“WriteData[31:0]” is WD from 0 to 1) and (“ IFetch_IFE_ReadAddress[7:2]” is ReadAddress[7:2] from 1 to 10) and (“MemRead” is F from 0 to 1) and (“MemRead” is T from 1 to 10) and InitialStateofMemory ) “Instr[31:0]” is ((ReadAddress=Zero) ! ((we Æ (WriteAddress=Zero)) ! WriteData jmem0) j(ReadAddress=One)! ((we Æ (WriteAddress=One)) ! WriteData j mem1)  (ReadAddress=TwoFifytfive) ! (we Æ (WriteAddress=Twofiftyfive)) ! WriteData j mem255) from 3 to 5

  21. Fault in row 255 of IM at time 0We get a counter-example ReadAddress gets updated on every clock cycle, with the PC values, and these can then be instantiated in the expression below to get impact of fault in Memory in terms of PC. clock and (“IFetch_IFE_WriteAddress[7:0]” is WriteAddress[7:0] from 0 to 1) and (“MemWrite” is we from 0 to 1) and (“MemWrite” is F from 1 to 10) and (“WriteData[31:0]” is WriteAddress from 0 to 1) and (“ IFetch_IFE_ReadAddress” is ReadAddress from 1 to 10) and (“MemRead” is F from 0 to 1) and (“MemRead” is T from 1 to 10) and (faultRow 255 InitialStateofMemory) ) “Instr[31:0]” is ((ReadAddress=Zero) ! ((we Æ (WriteAddress=Zero)) ! WriteData j mem0) j(ReadAddress=One) ! ((we Æ (WriteAddress=One)) ! WriteData j mem1)  (ReadAddress=TwoFifytfive) ! (we Æ (WriteAddress=Twofiftyfive)) ! WD j mem255) from 3 to 5 (WriteAddress[7] Æ WriteAddress[6] Æ WriteAddress[5] ÆWriteAddress[4] Æ WriteAddress[3] Æ WriteAddress [2] Æ WriteAddress[1] Æ WriteAddress[0] Æ we) Ç :ReadAddress[7] Ç:ReadAddress[6] Ç :ReadAddress[5] Ç:ReadAddress[4] Ç :ReadAddress [3] Ç:ReadAddress[2] Ç :ReadAddress[1] Ç:ReadAddress[0]

  22. Fault in row 255 of IMwe get a counter-example Between 1 and 2 The values of ReadAddress ReadAddress[7] = (:PC[2] Æ PC[7]) Ç (:PC[6] Æ PC[7]) Ç (:PC[5] Æ PC[7]) Ç (: PC[4] Æ PC[7]) Ç (:PC[3] Æ PC[7]) Ç ( PC[2] Æ PC[6] Æ PC[5] Æ PC[4] Æ PC[3] Æ:PC[7]) ReadAddress[6] = (:PC[2] Æ PC[6]) Ç (PC[2] Æ:PC[6] Æ PC[5] Æ PC[4] Æ PC[3]) Ç (PC[6] Æ:PC[5]) Ç (PC[6] Æ:PC[4]) Ç(PC[6] Æ:PC[3]) ReadAddress[5] = (:PC[2] Æ PC[5]) Ç (PC[2] Æ:PC[5] Æ PC[4] Æ PC[3]) Ç(PC[5] Æ:PC[4]) Ç ( PC[5] Æ:PC[3]) ReadAddress[4] = (: PC[2] Æ PC[4] Ç PC[2] Æ:PC[4] Æ PC[3] ÇPC[4] Æ:PC[3]) ReadAddress[3] = (:PC[2] Æ PC[3] ÇPC[2] Æ:PC[3]) ReadAddress[2] = (:PC[2])

  23. Decode

  24. Decode RegDest

  25. Decode Properties • Verifying that the read_data1 port of the register bank always gets the data from the register indexed by the address placed on read_register 1 port of the bank. • Verifying that the read_data2 port of the register bank always gets the data from the • register indexed by the address placed on the read_register 2 port of the bank. • WriteAddress port of the register bank takes on an address value selected by the RegDst. • WriteData port of the register bank takes on the data value selected by MemtoReg. • Registers get updated correctly on a write. • Read-After-Write works correctly for read_data1 port of the register bank. • Read-After-Write works correctly for read_data2 port of the register bank. • Sign-extension is correct.

  26. 1.Verifying that the read_data1 port of the register bank always gets the data from the register indexed by the address placed on read_register 1 port of the register bank `(clock and (“Instr[25:21]” is Instr[25:21] from 3 to 7) and RegisterBankInitialised) ) RegDataOut1 Decode Properties I “Idecode_ID_read_data1[31:0]” is R0 from 3 to 5 when (Instr[25:21] = 0) and “Idecode_ID_read_data1[31:0]” is R1 from 3 to 5 when (Instr[25:21] = 1) and . . “Idecode_ID_read_data1[31:0]” is R31 from 3 to 5 when (Instr[25:21] = 31)

  27. Decode Properties II 2.Verifying that the read_data2 port of the register bank always gets the data from the register indexed by the address placed on the read_register2 port of the bank` (clock and (“Instr[20:16]” is Instr[20:16] from 3 to 7) and RegisterBankInitialised) ))) RegDataOut2 “Idecode_ID_read_data2[31:0]” is R0 from 3 to 5 when (Instr[20:16] = 0) and “Idecode_ID_read_data2[31:0]” is R1 from 3 to 5 when (Instr[20:16] = 1) and . . “Idecode_ID_read_data2[31:0]” is R31 from 3 to 5 when (Instr[20:16] = 31)

  28. Decode Properties III 3. WriteAddress Port of the RegisterBank takes on an address value selected by the RegDst ` (clock and (“Instr[20:16]” is Instr[20:16] from 3 to 7) and (“Instr[15:11]” is Instr[15:11] from 3 to 7) and (“control_CTL_RegDst” is RegDst from 3 to 7) )) (((“IdecodeIDWriteRegisterAddress[4:0]” is Instr[15:11] from 3 to 7) when RegDst) and(“IdecodeIDWriteRegisterAddress[4:0]” is Instr[20:16] from 3 to 7) when :RegDst))

  29. 4. WriteData port of the RegisterBank takes on the data value selected by MemtoReg `(clock and ALUResult_asserted and ReadData_Asserted and MemtoReg_Asserted) ) Idecode_ID_WritePort_Asserted 5. Registers get updated correctly on a write `(clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and WriteRegisterAddress and ALUResult_asserted and ReadData_Asserted) ) (NewStateReg When (RegWrite=F))) Decode Properties IV

  30. 6. Read data from register bank after the initial state of the register bank has been modified - Read from Port 1 ` (clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and WriteRegisterAddress and ALUResult_Asserted and ReadData_Asserted and AddrForReadReg1_Asserted)) (RegisterDataOut1 When (RegWrite=F)) Decode Properties V 7. Read data from register bank after the initial state of the register bank has been modified - Read from Port 2 ` (clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and WriteRegisterAddress and ALUResult_Asserted and ReadData_Asserted and AddrForReadReg2_Asserted)) (RegisterDataOut2 When (RegWrite=F))

  31. 8. Sign Extension is okay `(clock and (“Instr[15:0]” is Instr_Imm from 0 to 7)) ) (“Idecode_ID_Extend[31:0]” is ((replicate 16 (el 1 Instr_Imm))@Instr_Imm) from 0 to 7) Decode Properties VI

  32. 1(a). Fault in a single bit of “Instr[25:21]” Each one is done by decomposing the consequent - 32 smaller properties. The same process is repeated for fault in all the other bits thus a total of 160 properties. Instr[25] Ç Instr[24] Ç Instr[23] Ç Instr[22] Ç Instr[21] Ç … ¾ `(clock and (fault_bit 1 (“Instr[25:21]” is Instr[25:21] from 3 to 7)) and RegisterBankInitialised) )) (el 1 RegDataOut1) } make sure at least one of the address pins is a logic 0, so that we can still read correctly from Location 0 of the register bank “Idecode_ID_read_data1[31:0]” is R0 from 3 to 5 when (Instr[25:21] = 0)

  33. 1(b). Fault in all bits of “Instr[25:21]” } make sure at least one of the address pins is a logic 0, so that we can still read correctly from Location 0 of the register bank Instr[25] Ç Instr[24] Ç Instr[23] Ç Instr[22] Ç Instr[21] Ç … ¾ `(clock and (“Instr[25:21]” is (map NOT Instr[25:21]) from 3 to 7) and RegisterBankInitialised) )) (el 1 RegDataOut1) “Idecode_ID_read_data1[31:0]” is R0 from 3 to 5 when (Instr[25:21] = 0)

  34. 1(c). Fault in a row of Register Bank Case similar to IMem 32 properties like this Each one is done by decomposing the consequent - 32 smaller properties. The same process is repeated for fault in all the other bits thus a total of 1024 properties. ` Instr[25] Ç Instr[24] Ç Instr[23] Ç Instr[22] Ç Instr[21] Ç ¾ `(clock and (“Instr[25:21]” is (Instr[25:21]) from 3 to 7) and (fault 1 RegisterBankInitialised)) )) RegDataOut1 All bits of first row is faulty

  35. 1(d). Fault in a random bit of Register Bank 1024 properties like this for each possible bit of the bank, And for each case we decompose the verification into 32 smaller runs – total of 1024 X 32 properties Instr[25] Ç Instr[24] Ç Instr[23] Ç Instr[22] Ç Instr[21] Ç ¾ `(clock and (“Instr[25:21]” is (Instr[25:21]) from 3 to 7) and (fault_bit 1 RegisterBankInitialised)) )) RegDataOut1

  36. 2. Fault in all bits of “Instr[20:16]” Verifying that the read_data2 port of the register bank always gets the data from the register indexed by the address placed on the read_register2 port of the bank Similar to the “Instr[25:21]” case ` (clock and (“InstrMemory[20:16]” is (map NOT Instr[20:16]) from 3 to 7) and RegisterBankInitialised) ))) RegDataOut2

  37. 3(a). Fault in “Instr[20:16]” WriteAddress Port of the RegisterBank takes on an address value selected by the RegDst RegDst¾ ` (clock and (“Instr[20:16]” is Instr[20:16] from 3 to 7) and (“Instr[15:11]” is Instr[15:11] from 3 to 7) and (“control_CTL_RegDst” is RegDst from 3 to 7) ) ) (((“IdecodeIDWriteRegisterAddress[4:0]” is Instr[15:11] from 3 to 7) when RegDst) and (“IdecodeIDWriteRegisterAddress[4:0]” is Instr[20:16] from 3 to 7) when :RegDst))

  38. 3(b). Fault in “Instr[15:11]” WriteAddress Port of the RegisterBank takes on an address value selected by the RegDst :RegDst¾ ` (clock and (“Instr[20:16]” is Instr[20:16] from 3 to 7) and (“Instr[15:11]” is Instr[15:11] from 3 to 7) and (“control_CTL_RegDst” is RegDst from 3 to 7) ) ) (((“IdecodeIDWriteRegisterAddress[4:0]” is Instr[15:11] from 3 to 7) when RegDst) and (“IdecodeIDWriteRegisterAddress[4:0]” is Instr[20:16] from 3 to 7) when :RegDst))

  39. 3(c). Fault in “control_CTL_RegDst” WriteAddress Port of the RegisterBank takes on an address value selected by the RegDst (Instr[20:16]=Instr[15:11])¾ ` (clock and (“Instr[20:16]” is Instr[20:16] from 3 to 7) and (“Instr[15:11]” is Instr[15:11] from 3 to 7) and (“control_CTL_RegDst” is (NOT RegDst) from 3 to 7) ) ) (((“IdecodeIDWriteRegisterAddress[4:0]” is Instr[15:11] from 3 to 7) when RegDst) and (“IdecodeIDWriteRegisterAddress[4:0]” is Instr[20:16] from 3 to 7) when :RegDst))

  40. 4. Fault in “ALUResult”, “ReadData”and “MemtoReg” WriteData port of the RegisterBank takes on the data value selected by MemtoReg MemtoReg¾`(clock and ALUResult_asserted and ReadData_Asserted and MemtoReg_Asserted) ))Idecode_ID_WritePort_Asserted :MemtoReg¾`(clock and ALUResult_asserted and ReadData_Asserted and MemtoReg_Asserted) ))Idecode_ID_WritePort_Asserted (ALUResult[31:0] = ReadData[31:0])¾ `(clock and ALUResult_asserted and ReadData_Asserted andMemtoReg_Asserted) ))Idecode_ID_WritePort_Asserted

  41. 5(a). Fault in “RegisterBank” Registers get updated correctly on a write RegWrite¾ `(clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and WriteRegisterAddress and ALUResult_asserted and ReadData_Asserted) ) NewStateReg When (RegWrite=F))

  42. 5(b). Fault in “WriteRegister Address” Registers still get updated correctly on a write `(clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and ALUResult_asserted and ReadData_Asserted and WriteRegisterAddress) ) NewStateReg When (RegWrite=F)) “Idecode_ID_write_register_address[4:0]” is Instr[15:11] from 3 to 5 when RegDst and “Idecode_ID_write_register_address[4:0]” is Instr[20:16] from 3 to 5 when :RegDst

  43. 5(c). Fault in “ALUResult” and “ReadData” Registers still get updated correctly on a write `(clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and ALUResult_asserted and ReadData_Asserted and WriteRegisterAddress) ) NewStateReg When (RegWrite=F)) Registers still get updated correctly on a write `(clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and ALUResult_asserted andReadData_Asserted and WriteRegisterAddress) ) NewStateReg When (RegWrite=F))

  44. 5(d). Fault in “RegDst” and “MemtoReg” Registers still get updated correctly on a write `(clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and ALUResult_asserted andReadData_Asserted and WriteRegisterAddress) ) NewStateReg When (RegWrite=F)) Registers still get updated correctly on a write `(clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and ALUResult_asserted and ReadData_Asserted and WriteRegisterAddress) ) NewStateReg When (RegWrite=F))

  45. 5(e). Fault in “RegWrite” Registers get updated on a write RegWrite¾ `(clock and reset_is_low and RegisterBankInitialised and RegWrite_Asserted and MemtoReg_Asserted and RegDest_Asserted and ALUResult_asserted andReadData_Asserted and WriteRegisterAddress) ) NewStateReg When (RegWrite=F))

  46. Control Unit • RegDst • Lw • Sw • Beq • MemWrite • MemRead • RegWrite • ALUSrc • Branch • ALUop1 • ALUop0

  47. 1. RegDst takes on the appropriate value `(clock and (“Instr[31:26]” is Instr[31:26] from 3 to 5)) ) (“control_CTL_RegDst” is (:Instr[31] Æ:Instr[30] Æ:Instr[29] Æ:Instr[28] Æ:Instr[27] Æ:Instr[26])) from 3 to 5) Control Unit We will show later on Fault in any of the bits of Instr[31:26] – six properties Fault in all the bits of Instr[31:26] - one property

  48. 2. Lw takes on the appropriate value `(clock and (“Instr[31:26]” is Instr[31:26] from 3 to 5)) ) (“control_CTL_Lw” is (Instr[31] Æ:Instr[30] Æ:Instr[29] Æ:Instr[28] ÆInstr[27] Æ Instr[26])) from 3 to 5) Control Unit - Lw

  49. 3. Sw takes on the appropriate value `(clock and (“Instr[31:26]” is Instr[31:26] from 3 to 5)) ) (“control_CTL_Sw” is (Instr[31] Æ:Instr[30] Æ Instr[29] Æ:Instr[28] ÆInstr[27] Æ Instr[26])) from 3 to 5) Control Unit – Sw

  50. 4. Beq takes on the appropriate value `(clock and (“Instr[31:26]” is Instr[31:26] from 3 to 5)) ) (“control_CTL_Beq” is (:Instr[31] Æ:Instr[30] Æ:Instr[29] Æ Instr[28] Æ :Instr[27] Æ:Instr[26])) from 3 to 5) Control Unit – Beq

More Related