Off-Chip Control Flow Checking of On-Chip Processor-Cache Instruction Stream

Control flow checking (CFC) is a well known concurrent checking technique for ensuring that a program's instruction execution sequence follows permissible paths. Almost all CFC techniques require direct access to the CPU-cache bus, meaning that the checking hardware (generally called a watchdog processor (WP)) has to be on-chip. However, an on-chip WP directly accessing the CPU-cache bus has a few disadvantages chief among them being that it will use up appreciable chip real estate of a commodity processor, but may be unnecessary in most environments that do not have significant transient error rates. On the other hand, if an off-chip CFC technique can be developed that imposes minor hardware overheads on the processor chip, then such a WP can be plugged onto the external system bus when needed for concurrent checking, and will have very little of the disadvantages of on-chip WPs. Such an off-chip WP, however, is not generally be able to monitor all instructions due to the bandwidth difference between the CPU bus and the system or memory bus. The authors present techniques that allow generally effective off-chip CFC using partial access to the instruction execution stream that respects the CPU/system bus bandwidth factor (ratio) K, and still achieve reasonable block-level instruction error coverage ranging from 70-80% for K = 5 to about 94% for a K = 2. Furthermore, our experimental results show that the program-level error coverage is almost 100% even for K = 5 (i.e., the authors almost always detect the presence of an instruction error in a program sooner or later before it completes execution, which is useful for fail-safe operation), underscoring the efficacy of our methods

[1]  John P. Hayes,et al.  Low-cost on-line fault detection using control flow assertions , 2003, 9th IEEE On-Line Testing Symposium, 2003. IOLTS 2003..

[2]  Jean-Luc Gaudiot,et al.  A Compiler-Assisted On-Chip Assigned-Signature Control Flow Checking , 2004, Asia-Pacific Computer Systems Architecture Conference.

[3]  Pedro J. Gil,et al.  A study of the effects of transient fault injection into the VHDL model of a fault-tolerant microcomputer system , 2000, Proceedings 6th IEEE International On-Line Testing Workshop (Cat. No.PR00646).

[4]  Régis Leveugle,et al.  A new approach to control flow checking without program modification , 1991, [1991] Digest of Papers. Fault-Tolerant Computing: The Twenty-First International Symposium.

[5]  Edward J. McCluskey,et al.  Concurrent Error Detection Using Watchdog Processors - A Survey , 1988, IEEE Trans. Computers.

[6]  Johan Karlsson,et al.  Evaluation of error detection schemes using fault injection by heavy-ion radiation , 1989, [1989] The Nineteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[7]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[8]  Tao Zhang,et al.  Anomalous path detection with hardware support , 2005, CASES '05.

[9]  Yung-Yuan Chen,et al.  Concurrent detection of control flow errors by hybrid signature monitoring , 2005, IEEE Transactions on Computers.

[10]  Gabriele Saucier,et al.  Formalizing Signature Analysis for Control Flow Checking of Pipelined RISC Microprocessors , 1991, 1991, Proceedings. International Test Conference.

[11]  Edward J. McCluskey,et al.  Control-flow checking by software signatures , 2002, IEEE Trans. Reliab..

[12]  David J. Lu Watchdog Processors and Structural Integrity Checking , 1982, IEEE Transactions on Computers.

[13]  Marcus Rimén,et al.  A study of the effects of transient fault injection into a 32-bit RISC with built-in watchdog , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[14]  M. Rimen,et al.  Implicit signature checking , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[15]  Srivaths Ravi,et al.  Secure embedded processing through hardware-assisted run-time monitoring , 2005, Design, Automation and Test in Europe.