Predictability, Safety, and Security for FPGA System-on-Chip platforms

In the last decade, the advancements in artificial intelligence and deep neural networks gave rise to new classes of embedded applications, including real-time language translators, autonomous robots, and self-driving cars. Such systems typically combine high-performance requirements for the execution of deep neural networks with the energy efficiency, required for battery-powered systems. Such multi-objective requirements made FPGA SoC platforms emerging as promising computing platforms for the implementation of next-generation cyber-physical systems (CPS) -- the reason is that FPGA platforms combine a traditional multi-processor subsystem with a programmable logic able to host high-performance, yet energy-efficient custom hardware accelerators enhancing the performance of some system functions. However, performance and energy efficiency are not the only requirements demanded in next-generation CPS. Typically, CPS are required to fulfill the safety-critical requirements mandated by the certification process (i.e., predictability, fault-tolerance, etc.) and the requirements mandated by a security-critical system. Unfortunately, commercial-off-the-shelf (COTS) FPGA SoC platforms are mainly developed for achieving high-performance objectives, rather than safety and timing predictability. As an example, the most popular vendors of FPGA SoC platforms are generally not explicitly addressing timing predictability for hardware accelerators. They either declare that no guarantee can be provided or design their platforms under the assumption that hardware accelerators always behave correctly when interacting with the rest of the system. To further complicate the scenario, part of the standard security functionalities available for COTS FPGA SoC platforms (i.e. the hypervisor technologies) provide limited supervising functionalities for the hardware devices deployed in the FPGA fabric. This thesis proposes a set of analysis and tools addressing such challenges, thus enforcing a predictable, safe, and secure execution of real-time applications on COTS FPGA SoC platforms. At first, this thesis evaluates how the design choices made in popular COTS FPGA SoC platforms enable the generation of critical conditions threatening the predictability, safety, and security of the system. In particular, it describes how a single misbehaving (i.e., buggy, faulty, malicious, etc.) hardware accelerator can dispose of multiple options to easily deviate the execution of one or multiple target hardware accelerator(s) from nominal conditions. In such a condition, critical functionalities relying on hardware accelerators can be deviated from their nominal execution, up to missing their deadline --- this is unacceptable in any safety-critical system, preventing any timing analysis required for certification purposes. Second, it studies each of the discovered threats and proposes a set of easy-to-integrate novel tools enforcing predictable, safe, and secure system execution, even in the presence of misbehaving hardware modules. Each proposed tool is supported by deep analyses conducted on commercial FPGA SoC platforms. Third, it proposes a new concept of AXI interconnect called AXI HyperConnect, becoming a hypervisor-level component and integrating the novel tools proposed in this thesis. The AXI HyperConnect enforces a predictable, safe, and secure execution of the hardware accelerators and enables direct management of the devices deployed into the FPGA fabric in hypervisor technologies. Finally, this thesis presents a timing analysis bounding the response times of hardware accelerators deployed in an arbitrary, hierarchical bus structure implemented on the FPGA fabric. The obtained results enable the worst-case execution time analysis of hardware accelerators to be deployed on commercial FPGA SoC platforms. The advancements presented in this thesis are supported by a set of realistic experiments carried out on popular commercial FPGA SoC platforms, thus demonstrating the effectiveness of the proposed solutions for real applications. This thesis advances the state-of-the-art providing the predictability, safety, and security features required in security- and safety-critical systems to COTS FPGA SoC platforms, thus enabling the development of safe and secure high-performance, yet energy-efficient computing systems. The advancements proposed in this thesis directly impact the development of next-generation safety- and security-critical intelligent systems executing highly computational-demanding neural networks and that cannot be deployed on GPU SoC platforms due to safety/certification reasons. Examples of such systems are autonomous vehicles, advanced autonomous robots, and avionic systems.