The Art of Fault Injection

Classical greek philosopher considered the foremost virtues to be temperance, justice, courage, and prudence. In this paper we relate these cardinal virtues to the correct methodological approaches that researchers should follow when setting up a fault injection experiment. With this work we try to understand where the "straightforward pathway" lies, in order to highlight those common methodological errors that deeply influence the coherency and the meaningfulness of fault injection experiments. Fault injection is like an art, where the success of the experiments depends on a very delicate balance between modeling, creativity, statistics, and patience

Simulation-based Fault Injection with QEMU for Speeding-up Dependability Analysis of Embedded Software

Simulation-based fault injection (SFI) represents a valuable solu- tion for early analysis of software dependability and fault tolerance properties before the physical prototype of the target platform is available. Some SFI approaches base the fault injection strategy on cycle-accurate models imple- mented by means of Hardware Description Languages (HDLs). However, cycle- accurate simulation has revealed to be too time-consuming when the objective is to emulate the effect of soft errors on complex microprocessors. To overcome this issue, SFI solutions based on virtual prototypes of the target platform has started to be proposed. However, current approaches still present some draw- backs, like, for example, they work only for specific CPU architectures, or they require code instrumentation, or they have a different target (i.e., design errors instead of dependability analysis). To address these disadvantages, this paper presents an efficient fault injection approach based on QEMU, one of the most efficient and popular instruction-accurate emulator for several microprocessor architectures. As main goal, the proposed approach represents a non intrusive technique for simulating hardware faults affecting CPU behaviours. Perma- nent and transient/intermittent hardware fault models have been abstracted without losing quality for software dependability analysis. The approach mini- mizes the impact of the fault injection procedure in the emulator performance by preserving the original dynamic binary translation mechanism of QEMU. Experimental results for both x86 and ARM processors proving the efficiency and effectiveness of the proposed approach are presented

Model-based dependability analysis : state-of-the-art, challenges and future outlook

Abstract: Over the past two decades, the study of model-based dependability analysis has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models - typically state automata - to explore system behaviour through fault injection. This paper reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for model-based dependability analysis

Fault-Injection using Virtualization for Critical Software Validation in Automotive

International audienceIn the field of critical and embedded systems in the automotive industry, where human life is at stake, manufacturers and suppliers must develop robust and reliable systems while being confronted with real time, cost and energy consumption constraints. The increasing complexity of electronic and electronic control units (ECU) in the context of the automotive industry has positioned dependability in the heart of the concerns of manufacturers.The ISO 26262 safety standard published in November 2011 in the automotive industry refers to fault injection during software integration and testing (part 6, chapter 10, requirement 10.4.3, table 13, method 1c). It is recommended for ASIL A and B, and highly recommended for ASIL C and D. The meaning is that for ASIL C and D a rational shall be provided if the injection tests are not performed.In this paper, we first introduce the context concerning the fault injection technics, the software architecture in automotive, and the virtualisation technics. A state of the art and a quick discussion concerning each topic is presented to justify the choice we made in our work. In a second part we describe our proposal to perform fault injection using emulation on an x86 standard platform. In a third part we describe fault injection using virtualization with respect to specific embedded platform characteristics. We conclude on pros and cons of our proposals, by specifying the technical issues that were treated in each phase of our experimentations. We then present some prospective views for future work

Analysis and RTL Correlation of Instruction Set Simulators for Automotive Microcontroller Robustness Verification

© ACM 2015 This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ACM, In Proceedings of the 52nd Annual Design Automation Conference (p. 40). http://dx.doi.org/10.1145/2744769.2744798.Increasingly complex microcontroller designs for safety-relevant automotive systems require the adoption of new methods and tools to enable a cost-effective verification of their robustness. In particular, costs associated to the certification against the IS026262 safety standard must be kept low for economical reasons. In this context, simulation-based verification using instruction set simulators (ISS) arises as a promising approach to partially cope with the increasing cost of the verification process as it allows taking design decisions in early design stages when modifications can be performed quickly and with low cost. However, it remains to be proven that verification in those stages provides accurate enough information to be used in the context of automotive microcontrollers. In this paper we analyze the existing correlation between fault injection experiments in an RTL microcontroller description and the information available at the ISS to enable accurate ISS-based fault injection.The research leading to these results has received funding from the ARTEMIS Joint Undertaking VeTeSS project under grant agreement number 295311. This work has also been funded by the Ministry of Science and Technology of Spain under contract TIN2012-34557 and HiPEAC. Jaume Abella is partially supported by the Ministry of Economy and Competitiveness under Ramon y Cajal postdoctoral fellowship number RYC-2013-14717.Espinosa García, J.; Hernández Luz, C.; Abella, J.; Andrés Martínez, DD.; Ruiz García, JC. (2015). Analysis and RTL Correlation of Instruction Set Simulators for Automotive Microcontroller Robustness Verification. ACM. https://doi.org/10.1145/2744769.2744798SARTEMIS Joint Undertaking.VeTeSS project:www.vetess.eu.J.-C. Baraza, et al. Enhancement of fault injection techniques based on the modification of vhdl code.IEEE Transactions on VLSI, 16(6):693--706, June 2008.Alfredo Benso et al.Fault Injection Techniques and Tools for Embedded Systems Reliability Evaluation.Kluwer Academic Publishers, 2003.D. Borodin et al. Protective redundancy overhead reduction using instruction vulnerability factor. InCF, 2010.R. N. Charette. This car runs on code. InIEEE Spectrum online, 2009.Pedro Gil, et al. Fault representativeness. Technical report, DBench project, IST 2000-25425 [Online]. Available: http://www.laas.fr/DBench, 2002.C. Hernandez et al. Live: Timely error detection in light-lockstep safety critical systems. InDAC, 2014.Infineon. AURIX - TriCore datasheet. highly integrated and performance optimized 32-bit microcontrollers for automotive and industrial applications, 2012. http://www.infineon.com/.International Organization for Standardization.ISO/DIS 26262. Road Vehicles--Functional Safety, 2009.E. Jenn, et al. Fault injection into VHDL models: the mefisto tool. InFTCS, 1994.G. Leen et al. Expanding automotive electronic systems.IEEE Computer, 35(1), 2002.Man-Lap Li, et al. Accurate microarchitecture-level fault modeling for studying hardware faults. InHPCA, 2009.Michail Maniatakos, et al. Instruction-level impact analysis of low-level faults in a modern microprocessor controller.IEEE Transactions on Computers, 60(9):1260--1273, 2011.S. S. Mukherjee, et al. A systematic methodology to compute the architectural vulnerability factors for a high-performance microprocessor. InMICRO, 2003.J.-H. Oetjens, et al. Safety evaluation of automotive electronics using virtual prototypes: State of the art and research challenges. InDAC, 2014.J. Poovey.Characterization of the EEMBC Benchmark Suite.North Carolina State University, 2007.M. Psarakis, et al. Microprocessor software-based self-testing.Design Test of Computers, IEEE, 27(3):4--19, May 2010.S. Rehman, et al. Reliable software for unreliable hardware: Embedded code generation aiming at reliability. InCODES+ISSS, 2011.S. Rohr, et al. An integrated approach to automotive safety systems.SAE Automotive Engineering International magazine, September 2000.B. Sangchoolie, et al. A study of the impact of bit-flip errors on programs compiled with different optimization levels. InEDCC, 2014.STMicroelectronics.32-bit Power Architecture microcontroller for automotive SIL3/ASILD chassis and safety applications, 2014.http://www.gaisler.com/cms/index.php?option=com_content&task=view&id=13&Itemid=53.Leon3 Processor.Areroflex Gaisler