WO2002056177A1 - Procede d'injection d'erreurs par interruptions - Google Patents
Procede d'injection d'erreurs par interruptions Download PDFInfo
- Publication number
- WO2002056177A1 WO2002056177A1 PCT/FR2002/000167 FR0200167W WO02056177A1 WO 2002056177 A1 WO2002056177 A1 WO 2002056177A1 FR 0200167 W FR0200167 W FR 0200167W WO 02056177 A1 WO02056177 A1 WO 02056177A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- register
- program
- stack
- content
- error
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2205—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing using arrangements specific to the hardware being tested
- G06F11/2215—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing using arrangements specific to the hardware being tested to test error correction or detection circuits
Definitions
- the present invention relates generally to the testing of the ability of electronic and logic systems based on integrated circuits, for example systems intended for space applications, to function correctly under irradiation. However, given the miniaturization of integrated circuits, these become more and more sensitive to the effects of radiation and the invention also finds applications in the testing of integrated circuits used on earth.
- the present invention relates more particularly to the verification of systems capable of executing a set of instructions or commands (microprocessor, microcontroller, signal processing processor, etc.).
- the present invention relates to a method for injecting bit (s) error at any locations of an integrated circuit while a main program is executed on this circuit.
- the present invention relates to a method in which the fictitious error injection is carried out by means of an interrupt program.
- the present invention relates to a digital architecture organized around a processor capable of executing a sequence of instructions or commands stored in a memory (external or internal) and of taking into account the effect of signals. asynchronous input such as interrupts.
- the processor can be programmed to directly or indirectly perform read and write operations in each of the locations of the external memory, as well as registers and areas of internal memory.
- Single bit toggles or toggles, or events commonly referred to by the acronym SEU from the Anglo-Saxon expression Single Event Upset may be caused in processors as a result of the execution of adequate code which will depend essentially on certain characteristics of the target. This code will be called here CEU (Code Emulâting an Upset). Likewise the memory location disturbed as a result of the execution of the CEU code will be called the target of the CEU. The switches that result from the execution of the CEU code will also be called CEU (Code Emulâted Upset).
- a processor In response to the activation of an interrupt, a processor will typically carry out the following steps: - stopping the execution of the current program after having completed the execution of the current instruction,
- the present invention aims to access all the memory areas of a processor which are accessible via the instruction set of any program associated with this processor.
- these accessible memory areas include in particular the input / output ports, the accumulators, the special registers, the program counter register and the internal RAM memory.
- Only a very small number of the memory areas of a processor remains inaccessible to the introduction of CEU.
- These areas include the unit's input registers arithmetic and logic, memory switches (latch), address registers, and cache memory.
- a calculation carried out in the case of the 8051 microprocessor and which can extend to many types of microprocessors shows that these inaccessible areas represent less than 7% of all the memory areas of the processor.
- the efficiency of the error injection it becomes possible to evaluate a real error rate for a given processor associated with a given program.
- This actual error rate or system sensitivity can be estimated by calculation.
- a CEU bit error
- the present invention makes it possible to show that on N SEU, only n are capable of disturbing a given program running on a given processor. Then, the sensitivity of the system can be estimated as equal to n / NP.
- the method can be applied to a system made up of the same material element on which other software runs. It will be possible to be certain that the method according to the present invention provides a correct result and it will not be necessary to redo validation under real or simulated disturbance conditions since P is constant for a given material and a given type of particles. It will also be noted that the method for analyzing the sensitivity of a system to CEU type disturbances can be carried out completely randomly or systematically. A systematic analysis could in particular be carried out for a given program on the successive stages of the progress of this program.
- Sensitivity windows can thus be defined for each program. This can be useful in systems providing for redundancies to perform redundant operations only on particularly sensitive parts of a given program.
- the present invention provides a method of injecting bit errors into hardware operating under the control of a given main program, consisting in interrupting and introducing the bit error during the course of the interrupt program, in which, at the time of the interrupt, the return value of the program counter register and possibly the content of other registers such as status indicator registers are stored in a stack under control of a stack pointer.
- the interrupt program comprises the following steps: put the contents of a register into the stack, transfer the contents of the memory word to the register target, modify the copied content of the target memory word in the register to inject the chosen error, transfer the modified target memory word to its original location, unstack the register, and end the interrupt program and return to The main program address indicated by the program counter.
- the interrupt program comprises the following steps: put in the stack the contents of a first register, put in the stack the contents of an accumulator, transfer the value of the stack pointer register (corresponding to the address in the stack of the return address of the program counter) in the first register, transfer the contents of the program counter register as indicated by the first register in the accumulator, modify the value of the program counter in the accumulator to inject the chosen error there, reload the value of the modified program counter in the stack at the address contained in the first register, unstack the accumulator , and unstack the first register.
- the interrupt program comprises the following steps: write an unconditional jump code to a determined memory box at a determined address, point using the stack pointer to the return value of the program counter, transfer the contents of the stack pointer to a first register, transfer the return address of the program counter stored in the stack to a second register, transfer the contents of the second register following said code unconditional jump, modify the first register to inject the chosen error in the stack pointer register an unconditional jump to said determined address of the unconditional jump mentioned first to obtain the return value of the main program.
- FIG. 1 is a symbolic representation of elements of a hardware / software system to which the present invention applies; and FIGS. 2 to 5 show examples of interrupt program sequences respectively applicable to a register accessible directly, to a register with indirect access, to the program counter, and to the stack pointer.
- FIG. 1 represents in symbolic form elements of a hardware / software system.
- a main program 10 has been represented which can be considered either from a logical point of view as a succession of instructions or else from a material point of view as a memory containing the instructions.
- the system also includes one or more interrupt programs 20 and a stack 30 as well as a stack pointer 40.
- the program context is saved, that is to say essentially the value of the counter of the PC program corresponding to the return address (10 (i + D) of the main program, and possibly the content of various registers indicating d state (flag) and other key parameters of the system; this saving of the context is conventionally carried out in a stack 30 of the first-in / last-out type under the control of a stack pointer register (SP) 40;
- SP stack pointer register
- step 10 (i) This has been symbolically represented in FIG. 1 by indicating that an IT interruption is likely to occur in step 10 (i), which then passes to the START phase of the interruption program 20, which this START phase controls.
- the stack pointer 40 which points to stack 30 (conventionally, we consider that the stack pointer SP points to the last free cell of the stack).
- the interruption program runs until it reaches its final phase END. At this time, it provides an order to the stack pointer to perform the stacking of the contents of the stack, that is to say that all the information relating to the context which was memorized at the time of the interruption is updated. in their original locations.
- the last step of this stacking we arrive at the content of the program counter which corresponds to the address i + 1 of the main program and we resume the program at step 10 (i + 1) as symbolized by the link 31.
- the object of the invention is to introduce single or multiple bit errors (SEU) from generic CEU codes at any chosen location of the system during a chosen step of the main program progress.
- SEU single or multiple bit errors
- the address contained in the program counter is transferred to the stack 30, or more precisely the return address [10 (i + 1)] of the program counter.
- step 202 transfer (push) into the stack 30, if this is not already provided for by the normal program for interrupting the system concerned, status indicators (flag or F) and possibly d 'other key registers.
- step 203 the change (chg) of one or more bit positions (pos.bit) is carried out in a directly accessible memory word.
- Step 204 is an optional step which is carried out if step 202 has been carried out, namely that the elements of the context of the computer which have been stacked in step 202 at the time of stacking are unstacked (pop). 'interruption.
- An interrupt program conventionally ends with a final step 205 which refers to the continuation of the execution of the interrupted program.
- FIG. 3 An example of an interrupt program intended to allow an error injection into a register or memory word not directly accessible is illustrated in FIG. 3.
- the initial steps 301 and 302 are identical to steps 201 and 202 described in relation to FIG. 2.
- step 303 the program puts the contents of an ACC register or accumulator into the stack (push).
- step 304 the content of the target internal memory area (ZMI) is transferred (Ld) to the register ACC.
- step 305 the desired modification is made to the target memory word. This modification is now carried out in the ACC register which is accessible, in a similar manner to the modification described in relation to step 203 of FIG. 2.
- step 306 the modified content of the ACC register is sent back to the memory area in which the target word was found.
- FIG. 4 An interrupt program allowing error injection into the program counter is illustrated in FIG. 4.
- An error injection program in the content of the program counter begins with steps 401 and 402 similar to steps 201 and 202 described in relation to FIG. 2.
- step 403 the content of a first register R0 is put in the stack.
- step 404 the content of a second register ACC, commonly called accumulator, is also incorporated into the stack.
- a second register ACC commonly called accumulator
- step 405 the content of the stack pointer SP which corresponds to the address in the stack of the return address of the program counter is transferred to the register R0.
- step 406 the content (CP) of the program counter register is indicated in the accumulator ACC as indicated by the first register R0.
- step 407 the chosen error injection is carried out on the content of the register ACC, that is to say the value of the program counter.
- step 408 the content of the register ACC is transferred back to the stack at the address indicated by the register R0.
- step 409 to unstack the accumulator
- step 410 to unstack the register R0
- steps 411 and 412 to the final steps similar to steps 204 and 205.
- An error injection program in the content of the stack pointer begins with steps 501 and 502 similar to steps 201 and 202 described in relation to FIG. 2.
- step 503-504 a code (JMP) of unconditional jump to a determined memory cell is written to an determined address (adbranch). This is usually done through an R register.
- JMP code of unconditional jump to a determined memory cell
- step 505 we point (DEC) using the stack pointer to the return value of the program counter.
- step 506 we transfer the contents of the stack pointer (the address in the stack of the 'return address of the program counter) in a first RI register,
- step 507 the return address of the program counter stored in the stack is transferred to a second register R2.
- step 508 the content of the second register is transferred to the address (adbranch + 1) which follows the address (adbranch) to which said unconditional jump code has been written, so as to fix the address (that which contains the return value of the program counter) to which the unconditional jump will return.
- step 509 the first register RI is modified to inject the chosen error into the stack pointer register.
- step 510 a first unconditional jump to the address (adbranch) is executed at which said unconditional jump code has been written and this unconditional jump is executed to arrive at the return value of the main program.
- the present invention can be easily adapted by those skilled in the art of the programming field to specific hardware or software provisions.
- the transfer may be broken down into several transfers elementary, for example by separating the most significant bits of the least significant bits.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/466,597 US20040153794A1 (en) | 2001-01-16 | 2002-01-16 | Method for error injection by interruptions |
JP2002556368A JP2004526230A (ja) | 2001-01-16 | 2002-01-16 | 割込みによる誤り注入方法 |
EP02700331A EP1352325A1 (fr) | 2001-01-16 | 2002-01-16 | Procede d'injection d'erreurs par interruptions |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR01/00518 | 2001-01-16 | ||
FR0100518A FR2819603B1 (fr) | 2001-01-16 | 2001-01-16 | Procede d'injecteur d'erreurs par interruptions |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002056177A1 true WO2002056177A1 (fr) | 2002-07-18 |
Family
ID=8858855
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2002/000167 WO2002056177A1 (fr) | 2001-01-16 | 2002-01-16 | Procede d'injection d'erreurs par interruptions |
Country Status (5)
Country | Link |
---|---|
US (1) | US20040153794A1 (fr) |
EP (1) | EP1352325A1 (fr) |
JP (1) | JP2004526230A (fr) |
FR (1) | FR2819603B1 (fr) |
WO (1) | WO2002056177A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130139008A1 (en) * | 2011-11-29 | 2013-05-30 | Advanced Micro Devices, Inc. | Methods and apparatus for ecc memory error injection |
WO2014196059A1 (fr) | 2013-06-06 | 2014-12-11 | 株式会社日立製作所 | Procédé et système d'injection de défaut dans un microcontrôleur |
US10019576B1 (en) * | 2015-04-06 | 2018-07-10 | Intelligent Automation, Inc. | Security control system for protection of multi-core processors |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4999837A (en) * | 1989-03-20 | 1991-03-12 | International Business Machines Corporation | Programmable channel error injection |
US5793770A (en) * | 1996-11-18 | 1998-08-11 | The Regents Of The University Of California | High-performance parallel interface to synchronous optical network gateway |
US6182248B1 (en) * | 1998-04-07 | 2001-01-30 | International Business Machines Corporation | Method and tool for computer bus fault isolation and recovery design verification |
US6587961B1 (en) * | 1998-06-15 | 2003-07-01 | Sun Microsystems, Inc. | Multi-processor system bridge with controlled access |
US6304984B1 (en) * | 1998-09-29 | 2001-10-16 | International Business Machines Corporation | Method and system for injecting errors to a device within a computer system |
US6604211B1 (en) * | 1999-08-31 | 2003-08-05 | Seagate Technology Llc | Tool for initiating and analyzing error recovery procedures in data storage devices |
US6560720B1 (en) * | 1999-09-09 | 2003-05-06 | International Business Machines Corporation | Error injection apparatus and method |
US6701460B1 (en) * | 1999-10-21 | 2004-03-02 | Sun Microsystems, Inc. | Method and apparatus for testing a computer system through software fault injection |
US6484276B1 (en) * | 1999-10-25 | 2002-11-19 | Lucent Technologies Inc. | Method and apparatus for providing extensible object-oriented fault injection |
US6519718B1 (en) * | 2000-02-18 | 2003-02-11 | International Business Machines Corporation | Method and apparatus implementing error injection for PCI bridges |
US6799287B1 (en) * | 2000-05-01 | 2004-09-28 | Hewlett-Packard Development Company, L.P. | Method and apparatus for verifying error correcting codes |
-
2001
- 2001-01-16 FR FR0100518A patent/FR2819603B1/fr not_active Expired - Fee Related
-
2002
- 2002-01-16 WO PCT/FR2002/000167 patent/WO2002056177A1/fr not_active Application Discontinuation
- 2002-01-16 US US10/466,597 patent/US20040153794A1/en not_active Abandoned
- 2002-01-16 EP EP02700331A patent/EP1352325A1/fr not_active Withdrawn
- 2002-01-16 JP JP2002556368A patent/JP2004526230A/ja active Pending
Non-Patent Citations (3)
Title |
---|
GERARDIN J PH: "THE DEF.INJECTOR TEST INSTRUMENT, ASSISTANCE IN THE DESIGN OF RELIABLE AND SAFE SYSTEMS", COMPUTERS IN INDUSTRY, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 11, no. 4, 1 February 1989 (1989-02-01), pages 311 - 319, XP000111018, ISSN: 0166-3615 * |
TSAI T K ET AL: "AN APPROACH TOWARDS BENCHMARKING OF FAULT-TOLERANT COMMERCIAL SYSTEMS", PROCEEDINGS OF THE 26TH. INTERNATIONAL SYMPOSIUM ON FAULT-TOLERANT COMPUTING. SENDAI, JP., JUNE 25 - 27, 1996, PROCEEDINGS OF THE INTERNATIONAL SYMPOSIUM ON FAULT-TOLERANT COMPUTING, LOS ALAMITOS, IEEE COMP. SOC. PRESS, US, vol. CONF. 26, 25 June 1996 (1996-06-25), pages 314 - 323, XP000679295, ISBN: 0-8186-7261-7 * |
VELAZCO R ET AL: "Transient bitflip injection in microprocessor embedded applications", PROCEEDINGS 6TH IEEE INTERNATIONAL ON-LINE TESTING WORKSHOP (CAT. NO.PR00646), 6TH IEEE INTERNATIONAL ON-LINE TESTING WORKSHOP, PALMA DE MALLORCA, SPAIN, 3-5 JULY 2000, 2000, Los Alamitos, CA, USA, IEEE Comput. Soc, USA, pages 80 - 84, XP002178948, ISBN: 0-7695-0646-1 * |
Also Published As
Publication number | Publication date |
---|---|
JP2004526230A (ja) | 2004-08-26 |
FR2819603A1 (fr) | 2002-07-19 |
EP1352325A1 (fr) | 2003-10-15 |
US20040153794A1 (en) | 2004-08-05 |
FR2819603B1 (fr) | 2003-06-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
FR2977694A1 (fr) | Microprocesseur protege contre un debordement de pile | |
EP2453356B1 (fr) | Procédé, programme d'ordinateur et dispositif de sécurisation de code intermédiaire de programmation pour son exécution par une machine virtuelle | |
FR2857115A1 (fr) | Compatibilite des revisions de modules interchangeables | |
EP1960934B1 (fr) | Procede pour securiser l'execution d'un code logiciel en langage intermediaire dans un appareil portatif | |
EP2188725A2 (fr) | Procédé de débogage d'un logiciel de fonctionnement d'un système embarqué à bord d'un aéronef et dispositif de mise en oeuvre | |
US20140115720A1 (en) | License verification method and apparatus | |
EP1881404A1 (fr) | Procédé de protection dynamique des données lors de l'exécution d'un code logiciel en langage intermédiaire dans un appareil numérique | |
EP4042277A1 (fr) | Procédé de simulation parallèle reproductible de niveau système électronique mis en oeuvre au moyen d'un système informatique multi-coeurs de simulation à événements discrets | |
FR2789502A1 (fr) | Procede et outil d'analyse et de localisation de pannes materielles dans une machine informatique | |
WO2002056177A1 (fr) | Procede d'injection d'erreurs par interruptions | |
KR102117209B1 (ko) | 바이너리 취약점 패치 방법 및 장치 | |
EP3610372A1 (fr) | Procédé d'exécution d'un code machine d'une fonction sécurisée | |
WO2001002955A1 (fr) | Procede de verification de transformateurs de codes pour un systeme embarque, notamment sur une carte a puce | |
EP3182286A1 (fr) | Procede de verification de fonctionnalites d'un logiciel destine a etre embarque dans un composant cryptographique, systeme | |
US20080052587A1 (en) | Unit Test Extender | |
WO2008125479A1 (fr) | Procédé d'exécution sécurisée d'une application | |
EP3685259B1 (fr) | Procédé d'exécution d'un code machine d'une fonction sécurisée | |
EP1775595B1 (fr) | Simulateur de test de circuits intégrés | |
EP3828695A1 (fr) | Procédé de construction d'une signature caractéristique des accès, par un microprocesseur, à une mémoire | |
EP2229648A1 (fr) | Methode de transfert securise de donnees | |
EP1503288B1 (fr) | Cellule de détection d'erreurs pour processeur intégré | |
EP0573314A1 (fr) | Unité d'automate ou d'automatisme programmable | |
WO2013014239A1 (fr) | Procédé de caractérisation de sensibilité d'un composant électronique pour procédé de conception d'équipement électronique | |
EP4131041A1 (fr) | Procédé de vérification d'une exécution d'un programme logiciel | |
FR3107608A1 (fr) | Dispositif electronique et procede de generation d'au moins un code informatique, programme d'ordinateur associe |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002556368 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002700331 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002700331 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10466597 Country of ref document: US |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2002700331 Country of ref document: EP |