Control Flow Errors: A Discussion of Different Injection Strategies

Inhalt:
Among the available dependability assessment techniques, fault injection (FI) is widely adopted and strongly recommended by safety standards for the validation that functional and technical safety mechanisms are implemented correctly and effectively. The main challenge in fault injection assessments is the increasing complexity of system-on-chips as well as the increasing size of memory, which leads to enormous efforts to test every possible fault introduced to the system. Therefore, a number of publicly available fault injection frameworks utilize fault space pruning techniques to reduce the overall fault space and consequently the overall experiment duration. Most of the fault space pruning techniques mainly discuss the reduction of the number of data errors which have to be injected into registers and memory locations. However, control flow errors represent a further domain of possible errors on the application level. Usually for the evaluation of effectiveness of fault tolerance mechanisms against data errors, a single fault assumption at microarchitectural level (e.g. bit-flips) is assumed. In most cases, this assumption is equivalently applied to the program counter to investigate possible control flow errors. Due to this approach, the error space is consciously or unconsciously reduced to the possible erroneous jump targets that can be reached by a specific set of bit-flips in the program counter at a specified time during the program execution. This approach is considered valid regarding the corresponding fault assumption, but leads to negative effects on the significance of the injection and the resulting effectiveness of the tested fault tolerance mechanism. In this paper, we discuss different strategies for the analysis and injection of control flow errors and the resulting differences by considering the single fault assumption at microarchitectural and application level.