Hardware and Software Mechanisms for Control Flow Checking
Doctoral thesis, 1995
The improvement of dependability in computing systems requires the evaluation of fault tolerance mechanisms such as error detection, error recovery and reconfiguration. Central to this thesis is an experimental evaluation of several hardware and/or software implemented mechanisms for the concurrent detection of control flow errors. Presented in addition is a characterization of the effects of heavy-ion induced faults as well as power supply disturbances on the operation of a microprocessor. Characterization of fault effects on the behaviour of processor operation provides essential input in designing and developing fault tolerant mechanisms.
The majority of the mechanisms evaluated is based on signature monitoring and requires a division of an application program into basic blocks. In the error detection mechanisms using hardware, new methods of control flow checking were implemented by combining several rather simple and very cost-effective error detection mechanisms. The idea was to exploit: (i) intensive use of execution time, (ii) the number of bytes in the basic blocks, (iii) the entry and exit addresses of the basic blocks, and (iv) a cyclic code to encode the instructions in the basic blocks, in order to detect one or several specific types of control flow errors. A watchdog processor supporting these hardware error detection mechanisms was developed using a small Field Programmable Gate Array (FPGA) circuit. To provide the watchdog processor with run-time behaviour, extra software must be added immediately before and after of the basic blocks.
In the error detection mechanisms based on software, the idea was to implement the control flow checking by the use of software alone and, thereby, to eliminate the use of a watchdog processor or monitor. A new simple mechanism is suggested. The software mechanisms were evaluated in order to compare them with the hardware mechanisms in terms of their effectiveness, overhead and complexity. An advantage of the software mechanisms evaluated is their ease of usage in applications for which only the use of an off-the-shelf component is reasonable.
The error detection mechanisms were implemented for the Motorola MC6809E 8-bit microprocessor. A software utility called a postprocessor was developed that modifies an application program by calculating and inserting signatures and necessary software into the absolute machine code produced by a loader/link editor. The advantage of a postprocessor is that it can be used together with compilers, loaders and link editors that are already available. The error detection mechanisms were experimentally evaluated, in a series of experiments, by physical fault injection using heavy-ion radiation. In some of the experiments, power supply disturbances were also used as an alternative fault injection method. The efficiency of the error detection mechanisms was measured in terms of error detection coverage and error detection latency.
fault tolerance
error detection latency
signature monitoring
watchdog processor
dependability evaluation
transient faults
physical fault injection
concurrent error detection
control flow checking
error detection coverage