software mechanisms for tolerating soft errors in an
play

Software Mechanisms for Tolerating Soft Errors in an Automotive - PowerPoint PPT Presentation

Sep 21, 2023 •285 likes •432 views

Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller Daniel Skarin Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology G oteborg, Sweden June 29, 2009 Introduction

  1. Software Mechanisms for Tolerating Soft Errors in an Automotive Brake-Controller Daniel Skarin Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology G¨ oteborg, Sweden June 29, 2009

  2. Introduction ◮ Soft errors are becoming an increasingly important source of computer failures, also in embedded systems. ◮ The dominant cause of soft errors are terrestrial cosmic rays. ◮ Circuit- and architectural level mechanisms in microprocessors may not provide perfect error coverage. ⇒ Soft errors can reach the architected state. ◮ Goal: Investigate the possibility of building a brake controller program, which is fail-bounded with respect to soft errors.

  3. Fail-bounded control systems ◮ Control systems can produce incorrect outputs and still provide acceptable performance. ◮ A fail-bounded system is allowed to produce incorrect outputs, which have a benign effect on the controlled object. ◮ Error detection mechanisms must enforce an upper bound on the difference between an incorrect output and the corresponding fault-free output. ◮ The concept of fail-bounded systems was introduced by Silva et al. in 1998.

  4. Example brake-by-wire system Wheel ECU Wheel ECU Pedal Wheel ECU ECU Wheel ECU

  5. Research questions General question ◮ Can we make a non-redundant control ECU fail-bounded with respect to soft errors? Question addressed by this work ◮ Can we make a non-redundant control ECU fail-bounded with respect to single bit-flip errors in ISA registers and the data segment of the main memory?

  6. Contributions Extensive evaluation of two simple software mechanisms aimed at achieving a fail-bounded brake controller. ◮ The error coverage of the mechanisms have been determined for single bit-flips in ISA registers and the data segment of the main memory. ◮ Exhaustive evaluation for three control loops: All possible single bit-flips injected. ◮ All ISA registers including the program counter tested.

  7. Limitations of the single bit-flip fault model ◮ We emulate soft errors in the architected state as single bit-flip errors in registers and memory. ◮ Single bit-flips are injected via the debug port of the target microcontroller. Uncertainties ◮ Soft errors may not manifest themselves as single bit-flips. ◮ Out-of-specification behaviors of the processor are not considered.

  8. Prototype brake controller ◮ Actuator commands are produced by a PI-controller ◮ We distinguish between benign failures and critical failures . Brake actuator command Brake actuator command 1 1 Incorrect output Incorrect output 0.8 0.8 Fault-free output Fault-free output 0.6 0.6 0.4 0.4 0.2 0.2 Wheel speed Wheel speed 0 30 30 0 -0.2 -0.2 25 25 -0.4 -0.4 -0.6 20 20 -0.6 -0.8 Speed [m/s] Speed [m/s] -0.8 -1 15 15 0 0.5 1 1.5 2 2.5 3 3.5 0 0.5 1 1.5 2 2.5 3 3.5 Time [s] 10 10 5 5 0 0 0 0.5 1 1.5 2 2.5 3 3.5 0 0.5 1 1.5 2 2.5 3 3.5 Time [s] Time [s]

  9. Low-cost error detection and recovery Software mechanisms ◮ Error detection: ◮ Run-time check for invalid transitions of the controller’s integral state. ◮ Stack pointer protected by duplication and comparison check. ◮ Error recovery: ◮ Rollback to previous controller state ◮ Soft reset Hardware exceptions for error detection ◮ Machine check exception, Alignment exception, Floating point assist exception, . . .

  10. Experimental evaluation We evaluated two versions of the brake controller: ◮ Basic version – Hardware exceptions for error detection. ◮ Robust version – Hardware exceptions and software implemented error detection and recovery. Extensive fault injection experiments conducted for each version. ◮ For three control loops, we injected all possible single bit-flips in “live” ISA registers and the data segment of the memory. ◮ About 30 000 errors were injected for each program version and control loop iteration.

  11. Important observations ◮ Our software mechanisms combined with hardware exceptions reduced the proportion of critical failures significantly. ◮ Only 0.04% of the injected errors resulted in critical failures, compared to 1.2% for the basic version. ◮ A dominant cause of critical failures was control-flow errors. ◮ In total, about 56% of the injected errors caused incorrect outputs in the robust version. ◮ These errors had no significant impact on the brake performance.

  12. Conclusions ◮ Our results show that simple mechanisms for error detection and recovery can effectively enforce fail-bounded semantics for the brake controller with respect to single bit errors. ◮ Open issues ◮ How valid is the single bit-flip assumption? ◮ How do we model multiple bit-flips? ◮ What is the impact of out-of-specification behaviors of the microprocessor?

  13. Fault injection data available on-line http://www.amber-project.eu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FlipBack: Automatic Target Protection Against Soft Errors Xiang Ni Parallel Programming Lab

FlipBack: Automatic Target Protection Against Soft Errors Xiang Ni Parallel Programming Lab

FlipBack: Automatic Target Protection Against Soft Errors Xiang Ni Parallel Programming Lab Soft Errors Common source of soft errors Electrical noise External radiation Manufacturing fault Data corruption: we may or

737 views • 50 slides
Modeling Soft-Error Propagation in Programs Siva Hari Guanpeng (Justin) Li Michael Sullivan

Modeling Soft-Error Propagation in Programs Siva Hari Guanpeng (Justin) Li Michael Sullivan

Modeling Soft-Error Propagation in Programs Siva Hari Guanpeng (Justin) Li Michael Sullivan Karthik Pattabiraman Timothy Tsai Motivation: Soft Errors [1] = 0001 = 0101 Soft errors becoming more common in processors 2 [1]

556 views • 21 slides
BBBBBBBBBBBBBBBB Soft errors are: dependent on circuit inputs. dependent on the

BBBBBBBBBBBBBBBB Soft errors are: dependent on circuit inputs. dependent on the

BBBBBBBBBBBBBBBB Soft errors are: dependent on circuit inputs. dependent on the signal values on inputs to logic gates for example input of 01 has different probability of soft error relative to input of 10 to any of two-

625 views • 28 slides
Soft Errors A curse from the heavens Smruti R. Sarangi Department of Computer Science Indian

Soft Errors A curse from the heavens Smruti R. Sarangi Department of Computer Science Indian

Introduction Mechanism Prevention and Recovery Soft Errors A curse from the heavens Smruti R. Sarangi Department of Computer Science Indian Institute of Technology New Delhi, India Smruti R. Sarangi Soft Errors Introduction Mechanism

1.22k views • 47 slides
Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin-Madison Current state of OS-hardware interaction Many device drivers assume device perfection Common Linux

779 views • 45 slides
Architectural Methods to Understand Soft Errors/ Process Variations in DSN 2012 Jun YAO Nara

Architectural Methods to Understand Soft Errors/ Process Variations in DSN 2012 Jun YAO Nara

Architectural Methods to Understand Soft Errors/ Process Variations in DSN 2012 Jun YAO Nara Institute of Science and Technology yaojun@is.naist.jp Brief Introduction of DSN12 DSN12 The 42 nd Annual IEEE/IFIP International

370 views • 21 slides
How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech

How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech

April 6 th 2015 San Jos, CA How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech Motivation: Automotive Applications Pedestrian Detection System: embedded GPUs increase cars security Paolo Rech

895 views • 61 slides
Basic Errors Compiling in Unix Syntax errors Common Errors, and Debugging Run-Time errors

Basic Errors Compiling in Unix Syntax errors Common Errors, and Debugging Run-Time errors

Basic Errors Compiling in Unix Syntax errors Common Errors, and Debugging Run-Time errors CS-121 Logic errors Syntax Errors Syntax Errors An error in which a C++ grammar rule has been violated. Are flagged at compile time Missing ;

338 views • 5 slides
Coping with Soft Errors in Asynchronous Burst-Mode Machines Sobeeh Almukhaizim Feng Shi &

Coping with Soft Errors in Asynchronous Burst-Mode Machines Sobeeh Almukhaizim Feng Shi &

Coping with Soft Errors in Asynchronous Burst-Mode Machines Sobeeh Almukhaizim Feng Shi & Yiorgos Makris Computer Engineering Dept. Electrical Engineering Dept. Kuwait University, Kuwait Yale University, USA 4/11/2008 1 ASYNC08

217 views • 19 slides
Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai Zhang Michael D. Ernst Google Research University of Washington Goal : helping developers improve software error diagnostic messages Input data

806 views • 38 slides
Inevitability Mechanisms for Inevitability Mechanisms for Software Transactional Memory Software

Inevitability Mechanisms for Inevitability Mechanisms for Software Transactional Memory Software

Inevitability Mechanisms for Inevitability Mechanisms for Software Transactional Memory Software Transactional Memory Michael Spear (Rochester) Maged Michael (IBM) Michael Scott (Rochester) Why Inevitability Why Inevitability

396 views • 24 slides
Self-defending software: g Automatically patching errors in deployed software Michael Ernst

Self-defending software: g Automatically patching errors in deployed software Michael Ernst

Self-defending software: g Automatically patching errors in deployed software Michael Ernst Michael Ernst University of Washington Joint work with: Joint work with: Saman Amarasinghe, Jonathan Bachrach, Michael Carbin, Sung Kim, Samuel

873 views • 44 slides
FreeSurfer: Troubleshooting surfer.nmr.mgh.harvard.edu 1 Hard and Soft Failures Categories of

FreeSurfer: Troubleshooting surfer.nmr.mgh.harvard.edu 1 Hard and Soft Failures Categories of

FreeSurfer: Troubleshooting surfer.nmr.mgh.harvard.edu 1 Hard and Soft Failures Categories of errors: Hard & Soft Failures Hard = recon-all quits before it finishes Soft = recon-all finishes but results need modification -recon-all

628 views • 47 slides
Solving Linear Systems Sanzheng Qiao Department of Computing and Software McMaster University

Solving Linear Systems Sanzheng Qiao Department of Computing and Software McMaster University

Intro GE Errors Software Summary Solving Linear Systems Sanzheng Qiao Department of Computing and Software McMaster University July, 2012 Intro GE Errors Software Summary Outline Introduction 1 Gaussian Elimination Methods 2

854 views • 72 slides
Tolerating Latency in Replicated State Machines through Client Speculation April 22, 2009

Tolerating Latency in Replicated State Machines through Client Speculation April 22, 2009

Tolerating Latency in Replicated State Machines through Client Speculation April 22, 2009 Benjamin Wester 1 , James Cowling 2 , Edmund B. Nightingale 3 , Peter M. Chen 1 , Jason Flinn 1 , Barbara Liskov 2 University of Michigan 1 , MIT CSAIL 2 ,

664 views • 27 slides
Mining Patterns and Building Classifiers From Software Data: Addressing Soft. Maintenance &

Mining Patterns and Building Classifiers From Software Data: Addressing Soft. Maintenance &

Mining Patterns and Building Classifiers From Software Data: Addressing Soft. Maintenance & Reliability Issues David Lo School of Information Systems Singapore Management University Presentation at UIUC July 31, 2009 1 Motivation:

693 views • 58 slides
DIVIDE AND CONQUER IN THE CLOUD : One BIG SERVER OR MANY SMALL ONES? Justin Swanhart FOSDEM 2013

DIVIDE AND CONQUER IN THE CLOUD : One BIG SERVER OR MANY SMALL ONES? Justin Swanhart FOSDEM 2013

DIVIDE AND CONQUER IN THE CLOUD : One BIG SERVER OR MANY SMALL ONES? Justin Swanhart FOSDEM 2013 PLMCE 2013 Agenda Introduction The new age of multi-core (terminology and background) Enter Shard-Query Performance

703 views • 68 slides
Formal Verification of Gate-Level Computer Systems: ECU Sergey Tverdyshev Saarland University,

Formal Verification of Gate-Level Computer Systems: ECU Sergey Tverdyshev Saarland University,

Introduction Computer System Computer System Examples Summary Formal Verification of Gate-Level Computer Systems: ECU Sergey Tverdyshev Saarland University, Saarbruecken, Germany November 18, 2009 Introduction Computer System Computer

655 views • 40 slides
Security and Privacy on the Road Janne Lindqvist WINLAB Research Review May 14, 2015 Very Hard

Security and Privacy on the Road Janne Lindqvist WINLAB Research Review May 14, 2015 Very Hard

Security and Privacy on the Road Janne Lindqvist WINLAB Research Review May 14, 2015 Very Hard (and Fun!) Problem Is it possible to track you when we just know your: Starting location and Your driving speed with timestamps? Elastic

324 views • 17 slides
A Formal Model: Media Access Control and Frame and Symbol Processing FlexRay Seminar Peter

A Formal Model: Media Access Control and Frame and Symbol Processing FlexRay Seminar Peter

A Formal Model: Media Access Control and Frame and Symbol Processing FlexRay Seminar Peter Bhm, 21.10.2005 Overview The Model Architecture Clock Synchronization Schedule Main Theorem Proof of Theorem Peter Bhm 2

529 views • 22 slides
TCAN: Authentication Without Cryptography on a CAN Bus Based on Nodes Location on the Bus Eli

TCAN: Authentication Without Cryptography on a CAN Bus Based on Nodes Location on the Bus Eli

TCAN: Authentication Without Cryptography on a CAN Bus Based on Nodes Location on the Bus Eli Biham, Sara Bitan, Eli Gavril Computer Science Dept., Technion 1 * Patent Pending Introduction Cars have become extremely sophisticated in recent

1.37k views • 31 slides
RIOT and CAN Vincent Dupont OTA keys RIOT Summit September 25-26, 2017 Vincent Dupont (OTA

RIOT and CAN Vincent Dupont OTA keys RIOT Summit September 25-26, 2017 Vincent Dupont (OTA

RIOT and CAN Vincent Dupont OTA keys RIOT Summit September 25-26, 2017 Vincent Dupont (OTA keys) RIOT and CAN RIOT Summit 2017 1 / 34 Who am I? What is OTA keys? Me: Embedded software engineer: 6 years, 3 at OTA keys RIOT: 1.5 year

1.09k views • 64 slides
The TIMMO Methodology Guest Lecture at Chalmers University February 9 th , 2010 Stefan Kuntz,

The TIMMO Methodology Guest Lecture at Chalmers University February 9 th , 2010 Stefan Kuntz,

ITEA 2 06005: TIMMO Timing Model The TIMMO Methodology Guest Lecture at Chalmers University February 9 th , 2010 Stefan Kuntz, Continental Automotive GmbH 2010-02-09 Chalmers University, Gteborg Slide 1 Objectives TIMMO Solving

643 views • 27 slides
Visual Analysis 09.25.15 || English 1301: Composition & Rhetoric II || D. Glen Smith,

Visual Analysis 09.25.15 || English 1301: Composition & Rhetoric II || D. Glen Smith,

Visual Analysis 09.25.15 || English 1301: Composition & Rhetoric II || D. Glen Smith, instructor Visual Analysis A casual reading only supplies surface details of any artwork. On the other hand, a close reading seeks out possible cultural

472 views • 15 slides

More recommend