SW-Based Fault Detection Mechanisms
in Microprocessor Control Flow
Execution
[email protected]
 Faults Affecting Microprocessor Control-Flow Execution:
 1) Control-Flow Checking by Software Signatures
(CFCSS) [McCluskey et al.]
Principle: Modification of a Basic Block
[email protected]
 Faults Affecting Microprocessor Control-Flow Execution:
 1) Control-Flow Checking by Software Signatures
(CFCSS) [McCluskey et al.]
Basically, the approach consists of six steps:
1)
Divide the program into basic blocks. A basic block is a minimal set of ordered
instructions in which its execution begins from the first instruction and
terminates at the last instruction. There is no branching instruction in a basic
block except possibly for the last one. A basic block terminates at either an
instruction branching to another basic block or an instruction receiving transfer
of control flow (CF) from two or more places in the program. Notations: (a) V =
{vi: i = 1, 2,…, n}: set of vertices denoting basic blocks. (b) E: set of edges
denoting possible CF between basic blocks.
2) Construct a graph for the program according to the instructions flow (each node
represents a basic block). Note that a program can be represented by a programgraph, P, where bri,j are not necessarily explicit branch instructions; they also
represent fall-through execution paths, jumps, subroutine calls, and returns. Fig.
2.5 is an example. Notation: P: Program Graph {V, E}.
3)
Arbitrarily assign a signature for each node (compilation time).
4)
Compute the signature difference between the source and the destiny blocks.
5)
Compute the new signature for each node (execution time).
[email protected]
6)
Compare both signatures.
 Faults Affecting Microprocessor Control-Flow Execution:
 1) Control-Flow Checking by Software Signatures
(CFCSS) [McCluskey et al.]
General Form
f = f(G, di) = G XOR di
G2 = f(G1, d2) = G1 XOR d2 = s1 XOR (s1 XOR s2) = s2
G4 = f(G1, d4) = G1 XOR d4 = G1 XOR (s3 XOR s4) = s1 XOR s3 XOR s4 ≠ s4
Sequence of instructions
and its graph.
[email protected] of illegal branch.
 Faults Affecting Microprocessor Control-Flow Execution:
 1) Control-Flow Checking by Software Signatures
(CFCSS) [McCluskey et al.]
Detection of an illegal branch: a numerical example
[email protected]
 Faults Affecting Microprocessor Control-Flow Execution:
 1) Control-Flow Checking by Software Signatures
(CFCSS) [McCluskey et al.]
Node v1 and node v3 have the same signatures: Branch Fan-in Nodes
[email protected]
 Faults Affecting Microprocessor Control-Flow Execution:
 1) Control-Flow Checking by Software Signatures
(CFCSS) [McCluskey et al.]
Node v1 and node v3 have different signatures: Adjusting Signature D
[email protected]
 Faults Affecting Microprocessor Control-Flow Execution:
 1) Control-Flow Checking by Software Signatures
(CFCSS) [McCluskey et al.]
G5 = f(G1, d5, D1) = G1 XOR d5 XOR D1 = s1 XOR (s1 XOR s5) EXOR “000” = s5
G5 = f(G3, d5, D3) = G3 XOR d5 XOR D3 = s3 XOR (s1 XOR s5) EXOR “s1 EXOR s3” = s5
Node v1 and node v3 have different signatures: Adjusting Signature D
[email protected]
 Faults Affecting Microprocessor Control-Flow Execution:
 1) Error Capturing Instructions (ECI) [Miremadi et al.]

Insertion of trap instructions in the program area, in the data
area, and in the unused area of the memory.

The ECIs are inserted in the main memory locations that are
not used by the CPU during normal execution. Thus, the
execution of an ECI is a indication that a control flow error has
occurred.

The task of an ECI is to initiate a recovery process.
[email protected]