Skip to main content
Log in

Simulation-based Fault Injection with QEMU for Speeding-up Dependability Analysis of Embedded Software

Journal of Electronic Testing Aims and scope Submit manuscript

Abstract

Simulation-based fault injection (SFI) represents a valuable solution for early analysis of software dependability and fault tolerance properties before the physical prototype of the target platform is available. Some SFI approaches base the fault injection strategy on cycle-accurate models implemented by means of Hardware Description Languages (HDLs). However, cycle-accurate simulation has revealed to be too time-consuming when the objective is to emulate the effect of soft errors on complex microprocessors. To overcome this issue, SFI solutions based on virtual prototypes of the target platform have started to be proposed. However, current approaches still present some drawbacks, like, for example, they work only for specific CPU architectures, or they require code instrumentation, or they have a different target (i.e., design errors instead of dependability analysis). To address these disadvantages, this paper presents an efficient fault injection approach based on QEMU, one of the most efficient and popular instruction-accurate emulator for several microprocessor architectures. As main goal, the proposed approach represents a non intrusive technique for simulating hardware faults affecting CPU behaviours. Permanent and transient/intermittent hardware fault models have been abstracted without losing quality for software dependability analysis. The approach minimizes the impact of the fault injection procedure in the emulator performance by preserving the original dynamic binary translation mechanism of QEMU. Experimental results for both x86 and ARM processors proving the efficiency and effectiveness of the proposed approach are presented.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Notes

  1. For the program status register, we considered 4 flags in case of ARM (CF, VF, NF, ZF) and 6 flags in case of x86 (CF, PF, AF, ZF, SF, OF).

  2. RTL model of x86 was not available in our laboratory, thus this kind of comparison has not been conducted for x86.

References

  1. Abramovici M, Breuer MA, Friedman AD (1994) Digital systems testing and testable design. Wiley-IEEE Press, pp 1–672

  2. Arlat J, Aguera M, Amat L, Crouzet Y, Fabre J, Laprie J, Martins E, Powell D (1990) Fault injection for dependability validation: a methodology and some applications. IEEE Trans Softw Eng 16(2):166–182

    Article  Google Scholar 

  3. Becker M, Baldin D, Kuznik C, Joy MM, Xie T, Mueller W (2012) Xemu: An efficient qemu based binary mutation testing framework for embedded software. In: Proceedings of ACM EMSOFT, pp 33–42

  4. Bell R (2006) Introduction to iec 61508. In: Proceedings of SCS, SCS ’05, pp 3–12

  5. Bellard F (2005) QEMU, a fast and portable dynamic translator. In: Proceedings of USENIX ATEC

  6. Benso A, Prinetto P (eds) (2003) Fault injection techniques and tools for embedded systems reliability evaluation. Springer

  7. Cabodi G, Murciano M, Violante M (2010) Boosting software fault injection for dependability analysis of real-time embedded applications. ACM Trans Embed Comput Syst 10(2):24

  8. Carreira J, Madeira H, Silva J (1998) Xception: a technique for the experimental evaluation of dependability in modern computers. IEEE Trans Softw Eng 24(2):125–136

    Article  Google Scholar 

  9. Chylek S, Goliszewski M (2012) Qemu-based fault injection framework. Studia Informatica 33(4):25–42

    Google Scholar 

  10. Civera P, Macchiarulo L, Rebaudengo M, Sonza Reorda M, Violante M (2001) Exploiting fpga for accelerating fault injection experiments. In: Proceedings of IEEE IOLTS, pp 9–13

  11. de Aguiar Geissler F, Lima Kastensmidt F, Pereira Souza J (2014) Soft error injection methodology based on qemu software platform. In: Proceedings of IEEE LATW, pp 1–5

  12. Di Guglielmo G, Ferraretto D, Fummi F, Pravadelli G (2013) Efficient fault simulation through dynamic binary translation for dependability analysis of embedded software. In: Proceedings of IEEE ETS, pp 1–6

  13. Ebcioglu K, Altman E, Gschwind M, Member S, Member S, Sathaye S (2001) Dynamic binary translation and optimization. IEEE Trans Comput 50:529–548

    Article  Google Scholar 

  14. Entrena L, López-Ongil C, García-Valderas M, Portela-García M, Nicolaidis M (2011) Hardware fault injection. In: Nicolaidis M (ed) Soft errors in modern electronic systems, frontiers in electronic testing, vol 41. Springer, pp 141–166

  15. Ferraretto D, Pravadelli G (2015) Efficient fault injection in QEMU. In: Proceedings of IEEE Latin American Test Symposium (LATS)

  16. Fin A, Fummi F, Pravadelli G (2001) Amleto: A multi-language environment for functional test generation. In: Proceedings of IEEE International Test Conference (ITC), pp 821–829

  17. Gil D, Baraza J, Gracia J, Gil P (2004) Vhdl simulation-based fault injection techniques. In: Fault injection techniques and tools for embedded systems reliability evaluation. Springer, pp 159–176

  18. Gil D, Gracia J, Baraza JC, Gil PJ (2000) A study of the effects of transient fault injection into the vhdl model of a fault-tolerant microcomputer system. In: Proceedings of IEEE international on-line testing workshop (IOLTW), pp 73–79

  19. Guarnieri V, Fummi F, Chakrabarty K (2012) Reduced-complexity transition-fault test generation for non-scan circuits through high-level mutant injection. In: Proceedings of IEEE Asian Test Symposium (ATS)

  20. Holler A, Krieg A, Rauter T, Iber J, Kreiner C (2015) QEMU-based fault injection for a system-level analysis of software countermeasures against fault attacks. In: Proceedings of Euromicro Conference on Digital Systems Design (DSD)

  21. International Organization for Standardization (2011) Product development: Software level. ISO 26262-6

  22. Jia Y, Harman M (2011) An analysis and survey of the development of mutation testing. IEEE Trans Softw Eng 37(5):649–678

    Article  Google Scholar 

  23. Kanawati G, Kanawati N, Abraham J (1995) Ferrari: a flexible software-based fault and error injection system. IEEE Trans Comput 44(2):248–260

    Article  MATH  Google Scholar 

  24. Karlsson J, Folkesson P, Arlat J, Crouzet Y, Leber G, Reisinger J (1995) Application of three physical fault injection techniques to the experimental assessment of the mars architecture. In: Proceedings of IFIP working conference on dependable computing for critical applications, pp 267–287

  25. Karlsson J, Liden P, Dahlgren P, Johansson R, Gunneflo U (1994) Using heavy-ion radiation to validate fault-handling mechanisms. IEEE Micro 14(1):8–23

    Article  Google Scholar 

  26. Kooli M, Di Natale G (2014) A survey on simulation-based fault injection tools for complex systems. In: Proceedings of IEEE DTIS, pp 1–6

  27. Krishnamurthy N, Jhaveri V, Abraham J (1998) A design methodology for software fault injection in embedded systems. In: Proceedings of IFIP International Workshop on Dependable Computing and its Applications, pp 12–14

  28. Larrucea X, Combelles A, Favaro J (2013) Safety-critical software [guest editors’ introduction]. IEEE Softw 30(3):25–27

    Article  Google Scholar 

  29. Le M, Tamir Y (2014) Fault injection in virtualized systems–challenges and applications. IEEE Trans Dependable Secure Comput PrePrints. doi:10.1109/TDSC.2014.2334300

  30. Leveson N, Turner C (1993) An investigation of the Therac-25 accidents. Computer 26(7):18–41

    Article  Google Scholar 

  31. Li Y, Xu P, Wan H (2013) A fault injection system based on QEMU simulator and designed for BIT software testing. In: Proceedings of ISCCCA

  32. McCluskey E, Tseng CW (2000) Stuck-fault tests vs. actual defects. In: Proceedings of IEEE ITC, pp 336–342

  33. Mueller W, Pétrot F (2011) 1st International QEMU Users’ Forum. Grenoble

  34. NASA (2004) NASA software safety guidebook. NASA-GB-8719. 13

  35. Natella R, Cotroneo D, Duraes J, Madeira H (2013) On fault representativeness of software fault injection. IEEE Trans SW Eng 39(1):80–96

    Article  Google Scholar 

  36. Potyra S, Sieh V, Cin MD (2007) Evaluating fault-tolerant system designs using faumachine. In: Proceedings of ACM EFTS

  37. Seong PH (ed) (2009) Reliability and risk issues in large scale safety-critical digital control systems. Springer

  38. Sieh V, Buchacker K (2002) Umlinux - a versatile swifi tool. In: Proceedings of EDCC, pp 159–171

  39. Team AS (2008) Amazon S3 availability event: July 20, 2008. http://status.aws.amazon.com/s3-20080720.html

  40. Waicukauski J, Lindbloom E, Rosen BK, Iyengar V (1987) Transition fault simulation. IEEE Des Test Comput 4(2):32– 38

    Article  Google Scholar 

  41. Wang F, Agrawal V (2010) Soft error considerations for computer web servers. In: In the proceedings of southeastern symposium on system theory. IEEE, pp 269–274

  42. Wang N, Quek J, Rafacz T, Patel S (2004) Characterizing the effects of transient faults on a high-performance processor pipeline. In: Proceedings of IEEE International Conference on Dependable Systems and Networks, pp 61–70

  43. Yount C, Siewiorek D (1996) A methodology for the rapid injection of transient hardware errors. IEEE Trans Comput 45(8):881–891

    Article  MATH  Google Scholar 

  44. Yuste P, Ruiz J, Lemus L, Gil P (2003) Non-intrusive software-implemented fault injection in embedded systems. In: de Lemos R, Weber T, Camargo JoãoBatista J (eds) Dependable computing, lecture notes in computer science, vol 2847. Springer, pp 23– 38

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Graziano Pravadelli.

Additional information

Responsible Editor: L. M. Bolzani Pöhls

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ferraretto, D., Pravadelli, G. Simulation-based Fault Injection with QEMU for Speeding-up Dependability Analysis of Embedded Software. J Electron Test 32, 43–57 (2016). https://doi.org/10.1007/s10836-015-5555-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10836-015-5555-z

Keywords

Navigation