Abstract
Simulation-based fault injection (SFI) represents a valuable solution for early analysis of software dependability and fault tolerance properties before the physical prototype of the target platform is available. Some SFI approaches base the fault injection strategy on cycle-accurate models implemented by means of Hardware Description Languages (HDLs). However, cycle-accurate simulation has revealed to be too time-consuming when the objective is to emulate the effect of soft errors on complex microprocessors. To overcome this issue, SFI solutions based on virtual prototypes of the target platform have started to be proposed. However, current approaches still present some drawbacks, like, for example, they work only for specific CPU architectures, or they require code instrumentation, or they have a different target (i.e., design errors instead of dependability analysis). To address these disadvantages, this paper presents an efficient fault injection approach based on QEMU, one of the most efficient and popular instruction-accurate emulator for several microprocessor architectures. As main goal, the proposed approach represents a non intrusive technique for simulating hardware faults affecting CPU behaviours. Permanent and transient/intermittent hardware fault models have been abstracted without losing quality for software dependability analysis. The approach minimizes the impact of the fault injection procedure in the emulator performance by preserving the original dynamic binary translation mechanism of QEMU. Experimental results for both x86 and ARM processors proving the efficiency and effectiveness of the proposed approach are presented.
Notes
For the program status register, we considered 4 flags in case of ARM (CF, VF, NF, ZF) and 6 flags in case of x86 (CF, PF, AF, ZF, SF, OF).
RTL model of x86 was not available in our laboratory, thus this kind of comparison has not been conducted for x86.
References
Abramovici M, Breuer MA, Friedman AD (1994) Digital systems testing and testable design. Wiley-IEEE Press, pp 1–672
Arlat J, Aguera M, Amat L, Crouzet Y, Fabre J, Laprie J, Martins E, Powell D (1990) Fault injection for dependability validation: a methodology and some applications. IEEE Trans Softw Eng 16(2):166–182
Becker M, Baldin D, Kuznik C, Joy MM, Xie T, Mueller W (2012) Xemu: An efficient qemu based binary mutation testing framework for embedded software. In: Proceedings of ACM EMSOFT, pp 33–42
Bell R (2006) Introduction to iec 61508. In: Proceedings of SCS, SCS ’05, pp 3–12
Bellard F (2005) QEMU, a fast and portable dynamic translator. In: Proceedings of USENIX ATEC
Benso A, Prinetto P (eds) (2003) Fault injection techniques and tools for embedded systems reliability evaluation. Springer
Cabodi G, Murciano M, Violante M (2010) Boosting software fault injection for dependability analysis of real-time embedded applications. ACM Trans Embed Comput Syst 10(2):24
Carreira J, Madeira H, Silva J (1998) Xception: a technique for the experimental evaluation of dependability in modern computers. IEEE Trans Softw Eng 24(2):125–136
Chylek S, Goliszewski M (2012) Qemu-based fault injection framework. Studia Informatica 33(4):25–42
Civera P, Macchiarulo L, Rebaudengo M, Sonza Reorda M, Violante M (2001) Exploiting fpga for accelerating fault injection experiments. In: Proceedings of IEEE IOLTS, pp 9–13
de Aguiar Geissler F, Lima Kastensmidt F, Pereira Souza J (2014) Soft error injection methodology based on qemu software platform. In: Proceedings of IEEE LATW, pp 1–5
Di Guglielmo G, Ferraretto D, Fummi F, Pravadelli G (2013) Efficient fault simulation through dynamic binary translation for dependability analysis of embedded software. In: Proceedings of IEEE ETS, pp 1–6
Ebcioglu K, Altman E, Gschwind M, Member S, Member S, Sathaye S (2001) Dynamic binary translation and optimization. IEEE Trans Comput 50:529–548
Entrena L, López-Ongil C, García-Valderas M, Portela-García M, Nicolaidis M (2011) Hardware fault injection. In: Nicolaidis M (ed) Soft errors in modern electronic systems, frontiers in electronic testing, vol 41. Springer, pp 141–166
Ferraretto D, Pravadelli G (2015) Efficient fault injection in QEMU. In: Proceedings of IEEE Latin American Test Symposium (LATS)
Fin A, Fummi F, Pravadelli G (2001) Amleto: A multi-language environment for functional test generation. In: Proceedings of IEEE International Test Conference (ITC), pp 821–829
Gil D, Baraza J, Gracia J, Gil P (2004) Vhdl simulation-based fault injection techniques. In: Fault injection techniques and tools for embedded systems reliability evaluation. Springer, pp 159–176
Gil D, Gracia J, Baraza JC, Gil PJ (2000) A study of the effects of transient fault injection into the vhdl model of a fault-tolerant microcomputer system. In: Proceedings of IEEE international on-line testing workshop (IOLTW), pp 73–79
Guarnieri V, Fummi F, Chakrabarty K (2012) Reduced-complexity transition-fault test generation for non-scan circuits through high-level mutant injection. In: Proceedings of IEEE Asian Test Symposium (ATS)
Holler A, Krieg A, Rauter T, Iber J, Kreiner C (2015) QEMU-based fault injection for a system-level analysis of software countermeasures against fault attacks. In: Proceedings of Euromicro Conference on Digital Systems Design (DSD)
International Organization for Standardization (2011) Product development: Software level. ISO 26262-6
Jia Y, Harman M (2011) An analysis and survey of the development of mutation testing. IEEE Trans Softw Eng 37(5):649–678
Kanawati G, Kanawati N, Abraham J (1995) Ferrari: a flexible software-based fault and error injection system. IEEE Trans Comput 44(2):248–260
Karlsson J, Folkesson P, Arlat J, Crouzet Y, Leber G, Reisinger J (1995) Application of three physical fault injection techniques to the experimental assessment of the mars architecture. In: Proceedings of IFIP working conference on dependable computing for critical applications, pp 267–287
Karlsson J, Liden P, Dahlgren P, Johansson R, Gunneflo U (1994) Using heavy-ion radiation to validate fault-handling mechanisms. IEEE Micro 14(1):8–23
Kooli M, Di Natale G (2014) A survey on simulation-based fault injection tools for complex systems. In: Proceedings of IEEE DTIS, pp 1–6
Krishnamurthy N, Jhaveri V, Abraham J (1998) A design methodology for software fault injection in embedded systems. In: Proceedings of IFIP International Workshop on Dependable Computing and its Applications, pp 12–14
Larrucea X, Combelles A, Favaro J (2013) Safety-critical software [guest editors’ introduction]. IEEE Softw 30(3):25–27
Le M, Tamir Y (2014) Fault injection in virtualized systems–challenges and applications. IEEE Trans Dependable Secure Comput PrePrints. doi:10.1109/TDSC.2014.2334300
Leveson N, Turner C (1993) An investigation of the Therac-25 accidents. Computer 26(7):18–41
Li Y, Xu P, Wan H (2013) A fault injection system based on QEMU simulator and designed for BIT software testing. In: Proceedings of ISCCCA
McCluskey E, Tseng CW (2000) Stuck-fault tests vs. actual defects. In: Proceedings of IEEE ITC, pp 336–342
Mueller W, Pétrot F (2011) 1st International QEMU Users’ Forum. Grenoble
NASA (2004) NASA software safety guidebook. NASA-GB-8719. 13
Natella R, Cotroneo D, Duraes J, Madeira H (2013) On fault representativeness of software fault injection. IEEE Trans SW Eng 39(1):80–96
Potyra S, Sieh V, Cin MD (2007) Evaluating fault-tolerant system designs using faumachine. In: Proceedings of ACM EFTS
Seong PH (ed) (2009) Reliability and risk issues in large scale safety-critical digital control systems. Springer
Sieh V, Buchacker K (2002) Umlinux - a versatile swifi tool. In: Proceedings of EDCC, pp 159–171
Team AS (2008) Amazon S3 availability event: July 20, 2008. http://status.aws.amazon.com/s3-20080720.html
Waicukauski J, Lindbloom E, Rosen BK, Iyengar V (1987) Transition fault simulation. IEEE Des Test Comput 4(2):32– 38
Wang F, Agrawal V (2010) Soft error considerations for computer web servers. In: In the proceedings of southeastern symposium on system theory. IEEE, pp 269–274
Wang N, Quek J, Rafacz T, Patel S (2004) Characterizing the effects of transient faults on a high-performance processor pipeline. In: Proceedings of IEEE International Conference on Dependable Systems and Networks, pp 61–70
Yount C, Siewiorek D (1996) A methodology for the rapid injection of transient hardware errors. IEEE Trans Comput 45(8):881–891
Yuste P, Ruiz J, Lemus L, Gil P (2003) Non-intrusive software-implemented fault injection in embedded systems. In: de Lemos R, Weber T, Camargo JoãoBatista J (eds) Dependable computing, lecture notes in computer science, vol 2847. Springer, pp 23– 38
Author information
Authors and Affiliations
Corresponding author
Additional information
Responsible Editor: L. M. Bolzani Pöhls
Rights and permissions
About this article
Cite this article
Ferraretto, D., Pravadelli, G. Simulation-based Fault Injection with QEMU for Speeding-up Dependability Analysis of Embedded Software. J Electron Test 32, 43–57 (2016). https://doi.org/10.1007/s10836-015-5555-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10836-015-5555-z