TY - GEN

T1 - SailFAIL

T2 - Model-Derived Simulation-Assisted ISA-Level Fault-Injection Platforms.

AU - Dietrich, Christian

AU - Bargholz, Malte

AU - Loeck, Yannick

AU - Budoj, Marcel

AU - Nedaskowskij, Luca

AU - Lohmann, Daniel

PY - 2022

Y1 - 2022

N2 - For systematic fault injection (FI), we deterministically re-execute a program, introduce faults, and observe the program outcome to assess its resilience in the presence of transient hardware faults. For this, simulation-assisted ISA-level FI provides a good trade-off between result quality and the required time to execute the FI campaign. However, for each architecture, this requires a specialized ISA simulator with tracing, injection, and error observation capabilities; a dependency that not only increases the bar for the exploration of ISA-level hardening mechanisms, but which can also deviate from the behavior of the actual hardware, especially when an error propagates through the system and triggers semantic edge cases. With SailFAIL, we propose a model-driven approach to derive FI platforms from Sail models, which formally describe the ISA semantics. Based on two existing (RISC-V, CHERI RISC-V) and one newly introduced (AVR) Sail models, we use the Sail toolchain to derive emulators that we combine with the FAIL* framework into multiple new FI platforms. Furthermore, we extend Sail to automatically introduce bit-wise dynamic register tracing into the emulator, which enables us to harvest bit-wise access information that we use to improve the well-known def-use pruning technique. Thereby, we further reduce the number of necessary injections by up to 19%.

AB - For systematic fault injection (FI), we deterministically re-execute a program, introduce faults, and observe the program outcome to assess its resilience in the presence of transient hardware faults. For this, simulation-assisted ISA-level FI provides a good trade-off between result quality and the required time to execute the FI campaign. However, for each architecture, this requires a specialized ISA simulator with tracing, injection, and error observation capabilities; a dependency that not only increases the bar for the exploration of ISA-level hardening mechanisms, but which can also deviate from the behavior of the actual hardware, especially when an error propagates through the system and triggers semantic edge cases. With SailFAIL, we propose a model-driven approach to derive FI platforms from Sail models, which formally describe the ISA semantics. Based on two existing (RISC-V, CHERI RISC-V) and one newly introduced (AVR) Sail models, we use the Sail toolchain to derive emulators that we combine with the FAIL* framework into multiple new FI platforms. Furthermore, we extend Sail to automatically introduce bit-wise dynamic register tracing into the emulator, which enables us to harvest bit-wise access information that we use to improve the well-known def-use pruning technique. Thereby, we further reduce the number of necessary injections by up to 19%.

KW - ISA-level fault injection

KW - Simulation-assisted fault injection

KW - Transient hardware faults

UR - http://www.scopus.com/inward/record.url?scp=85137992380&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-14835-4_14

DO - 10.1007/978-3-031-14835-4_14

M3 - Conference contribution

SN - 978-3-031-14834-7

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 207

EP - 221

BT - Computer Safety, Reliability, and Security - 41st International Conference, SAFECOMP 2022, Proceedings

A2 - Trapp, Mario

A2 - Saglietti, Francesca

A2 - Spisländer, Marc

A2 - Bitsch, Friedemann

ER -