Executable assertions for detecting data errors in embedded control systems

Hiller, Martin

doi:10.1109/icdsn.2000.857510

Cited by 61 publications

(37 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Runtime error detectors are specified by the designer using rule-based templates in [19]. Daikon [15] and DIDUCE [14] are systems which dynamically detects program invariants.…”

Section: Using Program Invariants and Patternsmentioning

confidence: 99%

Assuring application-level correctness against soft errors

Cong

Gururaj

2011

2011 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

View full text Add to dashboard Cite

show abstract

“…Runtime error detectors are specified by the designer using rule-based templates in [19]. Daikon [15] and DIDUCE [14] are systems which dynamically detects program invariants.…”

Section: Using Program Invariants and Patternsmentioning

confidence: 99%

Assuring application-level correctness against soft errors

Cong

Gururaj

2011

2011 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

View full text Add to dashboard Cite

show abstract

“…We do not address the problem of tolerating the failure of an entire multicore chip or system software (e.g., RTOS), which can be addressed using space redundancy, for example, by replicating all the channels using triple modular redundancy (TMR). In this paper, errors are assumed to be detected using some existing hardware-or software-based error detection mechanisms that are already available on the target platform (Meixner et al 2008;Al-Asaad et al 1998;Jhumka et al 2002;Hiller 2000). The FTM algorithm employs time-redundant execution of multiple backups to tolerate multiple errors.…”

Section: Fault-tolerant Real-time Schedulingmentioning

confidence: 99%

“…Errors are assumed to be detected using some existing hardware/software based error-detection mechanisms, for example, built-in error detection capabilities in modern processors (Meixner et al 2008;Al-Asaad et al 1998) or executable assertions (Jhumka et al 2002;Hiller Hiller:2000), etc. The analysis presented in this paper is not changed for undetected errors.…”

Section: Error Fault and Application Modelmentioning

confidence: 99%

Real-time scheduling algorithm for safety-critical systems on faulty multicore environments

Pathan

2016

Real-Time Syst

View full text Add to dashboard Cite

An algorithm (called FTM) for scheduling of real-time sporadic tasks on a multicore platform is proposed. Each task has a deadline by which it must complete its non-erroneous execution. The FTM algorithm executes backups in order to recover from errors caused by non-permanent and permanent hardware faults. The worst-case schedulability analysis of FTM algorithm is presented considering an applicationlevel error model, which is independent of the stochastic behavior of the underlying hardware-level fault model. Then, the stochastic behavior of hardware-level fault model is plugged in to the analysis to derive the probability of meeting all the deadlines. Such probabilistic guarantee is the level of assurance (i.e., reliability) regarding the correct functional and timing behaviors of the system. One of the salient features of FTM algorithm is that it executes some backups in active redundancy to exploit the parallel multicore architecture while other backups passively to avoid unnecessary execution of too many active backups. This paper also proposes a scheme to determine for each task the number of backups that should run in active redundancy in order to increase the probability of meeting all the deadlines. The effectiveness of the proposed approach is demonstrated using an example application.

show abstract

“…Even with access to source code, legal reasons may prohibit modifying the code. Typical robustness enhancing modifications include addition of error checking and handling code, such as executable assertions [Voas and Miller, 1994b;Hiller, 2000]. For systems geared towards high performance it may not be viable to add time-consuming checks to the components involved, especially for general-purpose systems such as OS's.…”

Section: Robustness Enhancing Wrappersmentioning

confidence: 99%

Robustness Evaluation of Operating Systems

Johansson

2008

Information Assurance

View full text Add to dashboard Cite

SummaryThe premise behind this thesis is the observation that Operating Systems (OS), being the foundation behind operations of computing systems, are complex entities and also subject to failures. Consequently, when they do fail, the impact is the loss of system service and the applications running thereon. While a multitude of sources for OS failures exist, device drivers are often identified as a prominent cause behind failures.In order to characterize the impact of driver failures, at both the OS and application levels, this thesis develops a framework for error propagation-based robustness profiling for an OS. The framework is first developed conceptually and then experimentally validated on a real OS, namely Windows CE .Net. The choice of Windows CE is driven by its representativeness for a multitude of OS's, as well as the ability to customize the OS components for particular needs.For experimental validation, fault injection is a prominent technique that can be used to simulate faults (or errors) in the system by inserting synthetic ones and study their effect. Three key questions with such a technique are where, what and when to inject faults. This thesis shows how injecting errors at the interface between drivers and the OS can be very effective in evaluating the effects driver faults can have.To quantify the OS's robustness, this thesis defines a series of error propagation measures, specifically tailored for device drivers. These measures allow for quantifying and comparing both individual services and device drivers on their susceptibility and diffusing abilities.This thesis compares three contemporary error models on their suitability for robustness evaluation. The classical bit-flip model is found to identify a higher number of severe failures in the system. It also identifies failures for more services than both other models, data type and fuzzing. However, its main drawback is that it requires substantially more injections than the other two. Fuzzing, even though not giving rise to as many failures is able to find new additional services with severe failures.A careful study of the injections performed with the bit-flip model shows that only a few bits are generally useful for identifying new services with robustness weaknesses. Consequently, a new composite model is proposed, combining the most effective bits of the bit-flip model with the fuzzing model's ability to identify new services, giving rise to new model without loss of important information and at the same time incurring a moderate number of injections.To answer the question of when to inject an error this thesis proposes a novel model of a driver's usage profile, focusing on high-level operations being carried out. It guides the injection of errors to instances when the driver is carrying out specific operations. Results from extensive fault injection experiments show that more service vulnerabilities can be discovered. Furthermore, a priori profiling of the drivers can show how effective the proposed approach will be. vi

show abstract

Executable assertions for detecting data errors in embedded control systems

Abstract: Abstract

Cited by 61 publications

References 14 publications

Assuring application-level correctness against soft errors

Assuring application-level correctness against soft errors

Real-time scheduling algorithm for safety-critical systems on faulty multicore environments

Robustness Evaluation of Operating Systems

Contact Info

Product

Resources

About