Safety-critical embedded systems in application domains, such as aerospace, automotive, and industrial automation, must satisfy dual requirements of fault-tolerance and real-time predictability. Control flow checking is an effective technique for improving embedded systems’ reliability by online monitoring and checking of software control flow to detect runtime deviations from the control flow graph. However, inserting instrumentation code in every basic block incurs significant execution time overhead, which may cause the program to violate its timing constraints. In this paper, we propose to selectively instrument a subset of code regions that are larger than basic blocks, called super-nodes, in order to make the program partially resilient to control flow errors while keeping the program worst-case execution time (WCET) below a given upper bound. WCET analysis is invoked to estimate the program WCET and to identify the corresponding worst-case execution path (WCEP). An ILP formulation is used to judiciously select a subset of super-nodes on the WCEP for instrumentation, so that the best fault detection coverage is achieved without violating the given WCET upper bound. The optimization is repeated for each identified WCEP until the program WCET satisfies the WCET upper bound. Experimental results demonstrate significant improvements of fault detection coverage compared with related work.
Read full abstract