SW-Based Fault Detection Mechanisms in Microprocessor Control Flow Execution
Principle: Modification of a Basic Block Faults Affecting Microprocessor Control-Flow Execution: 1) Control-Flow Checking by Software Signatures (CFCSS) [McCluskey et al.]
Basically, the approach consists of six steps: Dividebasic blocks 1) Divide the program into basic blocks. A basic block is a minimal set of ordered instructions in which its execution begins from the first instruction and terminates at the last instruction. There is no branching instruction in a basic block except possibly for the last one. A basic block terminates at either an instruction branching to another basic block or an instruction receiving transfer of control flow (CF) from two or more places in the program. Notations: (a) V = {v i : i = 1, 2,…, n}: set of vertices denoting basic blocks. (b) E: set of edges denoting possible CF between basic blocks. Constructgraph 2) Construct a graph for the program according to the instructions flow (each node represents a basic block). Note that a program can be represented by a program- graph, P, where br i,j are not necessarily explicit branch instructions; they also represent fall-through execution paths, jumps, subroutine calls, and returns. Fig. 2.5 is an example. Notation: P: Program Graph {V, E}. Arbitrarily assign signatureeach node 3) Arbitrarily assign a signature for each node (compilation time). Computesignaturedifference 4) Compute the signature difference between the source and the destiny blocks. Computenew signatureeach node 5) Compute the new signature for each node (execution time). Comparesignatures 6) Compare both signatures. Faults Affecting Microprocessor Control-Flow Execution: 1) Control-Flow Checking by Software Signatures (CFCSS) [McCluskey et al.]
Sequence of instructions and its graph. Detection of illegal branch. General Form f = f(G, d i ) = G XOR d i G 2 = f(G 1, d 2 ) = G 1 XOR d 2 = s 1 XOR (s 1 XOR s 2 ) = s 2 G 4 = f(G 1, d 4 ) = G 1 XOR d 4 = G 1 XOR (s 3 XOR s 4 ) = s 1 XOR s 3 XOR s 4 ≠ s 4 Faults Affecting Microprocessor Control-Flow Execution: 1) Control-Flow Checking by Software Signatures (CFCSS) [McCluskey et al.]
Detection of an illegal branch: a numerical example Faults Affecting Microprocessor Control-Flow Execution: 1) Control-Flow Checking by Software Signatures (CFCSS) [McCluskey et al.]
Node v 1 and node v 3 have the same signatures: Branch Fan-in Nodes Faults Affecting Microprocessor Control-Flow Execution: 1) Control-Flow Checking by Software Signatures (CFCSS) [McCluskey et al.]
Node v 1 and node v 3 have different signatures: Adjusting Signature D Faults Affecting Microprocessor Control-Flow Execution: 1) Control-Flow Checking by Software Signatures (CFCSS) [McCluskey et al.]
Node v 1 and node v 3 have different signatures: Adjusting Signature D G5 = f(G1, d5, D1) = G1 XOR d5 XOR D1 = s1 XOR (s1 XOR s5) EXOR “000” = s5 G5 = f(G3, d5, D3) = G3 XOR d5 XOR D3 = s3 XOR (s1 XOR s5) EXOR “s1 EXOR s3” = s5 Faults Affecting Microprocessor Control-Flow Execution: 1) Control-Flow Checking by Software Signatures (CFCSS) [McCluskey et al.]
Insertion of trap instructions in the program area, in the data area, and in the unused area of the memory. The ECIs are inserted in the main memory locations that are not used by the CPU during normal execution. Thus, the execution of an ECI is a indication that a control flow error has occurred. The task of an ECI is to initiate a recovery process. Faults Affecting Microprocessor Control-Flow Execution: 1) Error Capturing Instructions (ECI) [Miremadi et al.]