Automatic generation of diversified
program variants optimized to detect
hardware faults
Markus Jochim
University of Essen
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
07.05.99
Structure of the presentation...
• Designing a VDS to detect hardware faults
-- state of the art -• Problems and drawbacks
• Proposal of a system: „Diversifier“
• Components of the Diversifier
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
2
07.05.99
Virtual Duplexsystem (VDS) / Diversity
Compiler A
Input
Source A,
©99 by Smith
for (i=1; i<10; i++)
{ ... }
Compiler B
Source B,
©99 by Miller
Program
A
Program
B
while (i++ <10)
{...}
Output
VDS:
1) Execute Prog. A
2) Execute Prog. B
3) Compare results
Processor
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
3
Faultinjector
07.05.99
Our aim...
Diversifier
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
4
07.05.99
What‘s inside the system we would like to have ?
The Diversifier:
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
5
07.05.99
The Modificator module
• A kind of simple compiler
• Compilation rules selected
by the Optimizer
• Semantical equivalence
• Easy to extend
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
6
07.05.99
Original code:
addl (%eax,%edi,4) , %ecx
Add the content of the
address eax+4*edi to the
register ecx.
Resulting code:
pushl %eax
pushl %ebx
movl (%eax, %edi, 4),%eax
movl %eax,.VEAX
movl %ecx ,.VEBX
movl .VEAX,%eax
movl .VEBX,%ebx
andl
andl
andl
andl
addl
addl
movl
addl
eax, ebx will be used temporarily,
therefore save them on the stack.
After this block copies of:
-the source operand is in eax and .VEAX
-the dest. operand is in ebx and .VEBX
11111111111111110000000000000000,.VEAX
00000000000000001111111111111111,%eax
10101010101010101010101010101010,.VEBX
01010101010101010101010101010101,%ebx
%ebx,.VEAX
%eax,.VEBX
.VEAX,%eax
%eax,.VEBX
popl %ebx
popl %eax
movl .VEBX,%ecx
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
Mask out some bits.
Sum up the values of eax,
ebx, .VEAX and .VEBX.
Pop the initially saved
values and place the result
where it is expected.
7
07.05.99
A modification rule should...
• be as far as possible independent of
addressing modes.
• take care of the processor status word.
• take care of the size of intermediate results.
• not assume any register to be unused.
• produce short code.
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
8
07.05.99
A pitfall...
Apply rule to:
addl (%eax),%eax
addl %eax, %eax

A simple way to
multiply by 2.
Solution:
Let the Diversifier build VDS‘s
of the form: PA1, PBn
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
Take the content of
the memory location
described by register
%eax and add this
content to the
register value
itself.
9
Availability may
decrease !!!
07.05.99
Different kinds of rules
Rules may refer to . . .
• a single instruction
• an instruction blocks
• addressing modes
Rules may . . .
• diversify
• perform checks
• rearrange code
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
10
07.05.99
Two modules in two minutes...
The Fault-Injector:
• Intels single step mode
• Trace routine =
fault injection routine
• Experiment environment
+ target system on the
same machine
• Part of the operating system (Linux)
• Logfiles
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
11
07.05.99
Last module in one minute...
The Optimizer:
• Decisions based on
error detection rates
and logfiles
• Stop criterion
• May restrict itself not to modify modified code
(guaranteed execution times for VDS)
• Roll-back
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
12
07.05.99
That‘s all folks
Markus Jochim
University of Essen, CS Department
Dependablility of Computing Systems
13
07.05.99