Nail: Not Another Fault-Injection Framework for Chisel-generated RTL

Abstract

Nail is a new open-source fault injection (FI) framework designed for Chisel-generated RTL that overcomes limitations imposed by coarse, instruction-level controllability in existing tools. It introduces state-based faults, enabling complex scenarios that depend on specific system states rather than requiring precise timing for activation. Nail enhances usability and speed by automatically generating a software interface, allowing users to fine-tune fault parameters at runtime during high-speed FPGA emulation with minimal resource overhead.

Report

Key Highlights

• Novel Framework: Introduces Nail, an open-source Fault Injection (FI) framework specifically tailored for hardware designed using the Chisel high-level hardware description language.
• State-Based FI: Moves beyond instruction-level fault triggers by utilizing state-based faults, which activate based on specific system conditions, thus simplifying complex vulnerability modeling.
• Runtime Controllability: Automatically generates a software interface, allowing users to arbitrarily modify internal fault trigger states during active FI campaigns (runtime configuration).
• High Efficiency: Successfully validated in FPGA emulation environments with a resource overhead of less than 1%.
• Bridging Gap: Aims to combine the high speed of emulation-based FI frameworks with the fine-grained controllability traditionally found only in software simulation.

Technical Details

• Language Focus: Built atop Chisel, facilitating rapid development and modification of complex fault scenarios within the high-level design flow.
• Trigger Mechanism: Faults are triggered by internal system states, removing the requirement for precise clock-cycle timing typically necessary in cycle-accurate simulation approaches.
• Software Interface Generation: The framework automates the creation of a dedicated software pathway (interface) to the instrumented RTL, enabling dynamic modification of fault parameters (e.g., location, condition) without requiring hardware synthesis changes.
• Use Case: Demonstrated by modeling a faulty general-purpose register (GPR) in a RISC-V processor, a scenario previously challenging or impossible without fundamental design modifications.
• Validation Platforms: The approach was successfully validated in both simulation and high-speed FPGA emulation environments.

Implications

• Improved Hardware Dependability: Nail provides a more precise and flexible method for evaluating integrated circuit dependability, enabling hardware designers to identify vulnerabilities earlier and implement more effective mitigation strategies.
• Advancement of Chisel Ecosystem: By offering a state-of-the-art FI solution, Nail makes the Chisel HDL a more robust choice for designing complex, reliable hardware, especially processors and critical systems.
• RISC-V Security/Reliability: This framework is particularly beneficial for the RISC-V ecosystem, as many modern RISC-V cores are developed using Chisel (e.g., projects like Rocket Chip). Nail allows thorough and fast validation of these designs against faults and potential side-channel attacks.
• Accelerated Verification Cycle: The runtime configurability is critical for FPGA-based testing, significantly reducing the time spent on synthesis and recompilation. This speeds up the overall verification cycle for hardware prototypes.