TY - GEN

T1 - ACTOR

T2 - 41st SAFECOMP: International Conference on Computer Safety, Reliability, and Security, 2022

AU - Thomas, Tim-Marek

AU - Dietrich, Christian

AU - Pusz, Oskar

AU - Lohmann, Daniel

PY - 2022/8/25

Y1 - 2022/8/25

N2 - Fault-injection (FI) campaigns provide an in-depth resilience analysis of safety-critical systems in the presence of transient hardware faults. However, FI campaigns require many independent injection experiments and, combined, long run times, especially if we aim for a high coverage of the fault space. Besides reducing the number of pilot injections (e.g., with def-use pruning) in the first place, we can also speed up the overall campaign by speeding up individual experiments. From our experiments, we see that the timeout failure class is especially important here: Although timeouts account only for 8% (QSort) of the injections, they require 32% of the campaign run time. In this paper, we analyze and discuss the nature of timeouts as a failure class, and reason about the general design of dynamic timeout detectors. Based on those insights, we propose ACTOR, a method to identify and abort stuck experiments early by performing autocorrelation on the branch-target history. Applied to seven MiBench benchmarks, we can reduce the number of executed post-injection instructions by up to 30%, which translates into an end-to-end saving of 27%. Thereby, the absolute classification error of experiments as timeouts was always less than 0.5%.

AB - Fault-injection (FI) campaigns provide an in-depth resilience analysis of safety-critical systems in the presence of transient hardware faults. However, FI campaigns require many independent injection experiments and, combined, long run times, especially if we aim for a high coverage of the fault space. Besides reducing the number of pilot injections (e.g., with def-use pruning) in the first place, we can also speed up the overall campaign by speeding up individual experiments. From our experiments, we see that the timeout failure class is especially important here: Although timeouts account only for 8% (QSort) of the injections, they require 32% of the campaign run time. In this paper, we analyze and discuss the nature of timeouts as a failure class, and reason about the general design of dynamic timeout detectors. Based on those insights, we propose ACTOR, a method to identify and abort stuck experiments early by performing autocorrelation on the branch-target history. Applied to seven MiBench benchmarks, we can reduce the number of executed post-injection instructions by up to 30%, which translates into an end-to-end saving of 27%. Thereby, the absolute classification error of experiments as timeouts was always less than 0.5%.

UR - http://www.scopus.com/inward/record.url?scp=85137998003&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-14835-4_17

DO - 10.1007/978-3-031-14835-4_17

M3 - Conference contribution

SN - 978-3-031-14834-7

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 252

EP - 266

BT - Computer Safety, Reliability, and Security - 41st International Conference, SAFECOMP 2022, Proceedings

A2 - Trapp, Mario

A2 - Saglietti, Francesca

A2 - Spisländer, Marc

A2 - Bitsch, Friedemann

Y2 - 6 September 2022 through 9 September 2022

ER -