An Experimental Evaluation of Control Flow Checking for Automotive Embedded Applications Compliant With ISO 26262
Random hardware failures (RHFs) may result in data corruption and Control Flow Errors (CFEs). Hardening strategies are employed to mitigate RHFs in embedded systems, either by adding specialized hardware or using Software-Implemented Hardware Fault Tolerance (SIHFT) methods. Numerous SIHFT methods h...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2023-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10132473/ |
_version_ | 1797812906972151808 |
---|---|
author | Mohammadreza Amel Solouki Jacopo Sini Massimo Violante |
author_facet | Mohammadreza Amel Solouki Jacopo Sini Massimo Violante |
author_sort | Mohammadreza Amel Solouki |
collection | DOAJ |
description | Random hardware failures (RHFs) may result in data corruption and Control Flow Errors (CFEs). Hardening strategies are employed to mitigate RHFs in embedded systems, either by adding specialized hardware or using Software-Implemented Hardware Fault Tolerance (SIHFT) methods. Numerous SIHFT methods have been presented over the years to improve the reliability of embedded systems. However, evaluating these methods can be challenging in terms of the introduced overhead to the code size and, particularly important for real-time application execution time. Most of them are implemented in the literature using low-level languages such as Assembly. Unfortunately, writing Assembly code is not the preferred development flow for embedded systems applications since functional safety standards require adopting high-level programming languages such as C. Nowadays, there is still a non-negligible portion of code written in the Assembly language where the compiler can automatically insert the SIHFT methods, but these are limited to some high-optimized routines or device drivers. It is possible to compile an application code and then harden the obtained assembly code. But this introduces a greater overhead than just protecting a single statement in the high-level programming language before compiling. Hence, the approach we present in this paper is to apply SIHFT methods against CFEs, known in the literature as Control Flow Checking (CFC), to the application code written in C language, before compiling the application code. To illustrate the proposal, two established software-based control flow error detection techniques implemented in the C programming language were compared, also considering the effects of the optimizations introduced by the compiler. Most SIHFT methods target only soft errors, such as single-event upsets, which typically appear as bit flips. As a result, the diagnostic figures provided in the literature are insufficient to characterize the techniques effectively. To address this gap, in this paper, we consider a scenario from the automotive industry in which the primary concern is permanent random hardware faults, particularly stuck-at faults. Moreover, we propose a classification compliant with ISO26262 to benefit those developers involved in the automotive market, where software-only strategies may be used to balance cost and safety requirements. |
first_indexed | 2024-03-13T07:45:21Z |
format | Article |
id | doaj.art-e7a49026df9d4faf875a8ed79d7fc437 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-03-13T07:45:21Z |
publishDate | 2023-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-e7a49026df9d4faf875a8ed79d7fc4372023-06-02T23:00:13ZengIEEEIEEE Access2169-35362023-01-0111511855119810.1109/ACCESS.2023.327973110132473An Experimental Evaluation of Control Flow Checking for Automotive Embedded Applications Compliant With ISO 26262Mohammadreza Amel Solouki0https://orcid.org/0000-0002-3430-9706Jacopo Sini1https://orcid.org/0000-0002-2163-9925Massimo Violante2https://orcid.org/0000-0002-5821-3418Department of Control and Computer Engineering, Politecnico di Torino, Turin, ItalyDepartment of Control and Computer Engineering, Politecnico di Torino, Turin, ItalyDepartment of Control and Computer Engineering, Politecnico di Torino, Turin, ItalyRandom hardware failures (RHFs) may result in data corruption and Control Flow Errors (CFEs). Hardening strategies are employed to mitigate RHFs in embedded systems, either by adding specialized hardware or using Software-Implemented Hardware Fault Tolerance (SIHFT) methods. Numerous SIHFT methods have been presented over the years to improve the reliability of embedded systems. However, evaluating these methods can be challenging in terms of the introduced overhead to the code size and, particularly important for real-time application execution time. Most of them are implemented in the literature using low-level languages such as Assembly. Unfortunately, writing Assembly code is not the preferred development flow for embedded systems applications since functional safety standards require adopting high-level programming languages such as C. Nowadays, there is still a non-negligible portion of code written in the Assembly language where the compiler can automatically insert the SIHFT methods, but these are limited to some high-optimized routines or device drivers. It is possible to compile an application code and then harden the obtained assembly code. But this introduces a greater overhead than just protecting a single statement in the high-level programming language before compiling. Hence, the approach we present in this paper is to apply SIHFT methods against CFEs, known in the literature as Control Flow Checking (CFC), to the application code written in C language, before compiling the application code. To illustrate the proposal, two established software-based control flow error detection techniques implemented in the C programming language were compared, also considering the effects of the optimizations introduced by the compiler. Most SIHFT methods target only soft errors, such as single-event upsets, which typically appear as bit flips. As a result, the diagnostic figures provided in the literature are insufficient to characterize the techniques effectively. To address this gap, in this paper, we consider a scenario from the automotive industry in which the primary concern is permanent random hardware faults, particularly stuck-at faults. Moreover, we propose a classification compliant with ISO26262 to benefit those developers involved in the automotive market, where software-only strategies may be used to balance cost and safety requirements.https://ieeexplore.ieee.org/document/10132473/Automotive applicationsfault detectionfault tolerancesoftware reliability |
spellingShingle | Mohammadreza Amel Solouki Jacopo Sini Massimo Violante An Experimental Evaluation of Control Flow Checking for Automotive Embedded Applications Compliant With ISO 26262 IEEE Access Automotive applications fault detection fault tolerance software reliability |
title | An Experimental Evaluation of Control Flow Checking for Automotive Embedded Applications Compliant With ISO 26262 |
title_full | An Experimental Evaluation of Control Flow Checking for Automotive Embedded Applications Compliant With ISO 26262 |
title_fullStr | An Experimental Evaluation of Control Flow Checking for Automotive Embedded Applications Compliant With ISO 26262 |
title_full_unstemmed | An Experimental Evaluation of Control Flow Checking for Automotive Embedded Applications Compliant With ISO 26262 |
title_short | An Experimental Evaluation of Control Flow Checking for Automotive Embedded Applications Compliant With ISO 26262 |
title_sort | experimental evaluation of control flow checking for automotive embedded applications compliant with iso 26262 |
topic | Automotive applications fault detection fault tolerance software reliability |
url | https://ieeexplore.ieee.org/document/10132473/ |
work_keys_str_mv | AT mohammadrezaamelsolouki anexperimentalevaluationofcontrolflowcheckingforautomotiveembeddedapplicationscompliantwithiso26262 AT jacoposini anexperimentalevaluationofcontrolflowcheckingforautomotiveembeddedapplicationscompliantwithiso26262 AT massimoviolante anexperimentalevaluationofcontrolflowcheckingforautomotiveembeddedapplicationscompliantwithiso26262 AT mohammadrezaamelsolouki experimentalevaluationofcontrolflowcheckingforautomotiveembeddedapplicationscompliantwithiso26262 AT jacoposini experimentalevaluationofcontrolflowcheckingforautomotiveembeddedapplicationscompliantwithiso26262 AT massimoviolante experimentalevaluationofcontrolflowcheckingforautomotiveembeddedapplicationscompliantwithiso26262 |