7/30/2019 Debugging Mode in a Fault Injection systemDebugging Mode in a Fault Injection system

1/1

Exploiting the Background Debugging Mode in a Fault Injection system

Paolo PRINETTO, Maurizio REBAUDENGO, Matteo SONZA REORDA

Politecnico di Torino - Dipartimento di Automatica e Informatica

Torino, Italy

This note1 describes a software-implemented FaultInjection system (Fig. 1) suited to be used withembedded microprocessor-based boards and based on

some features available in the most recentmicroprocessors and microcontrollers. Although thesefeatures were originally introduced to easy codedevelopment and debugging, they are very well suitedfor supporting the implementation of efficient and

barely intrusive Fault Injection Systems. In particular,our Fault Injection system exploits the Background

Debugging Mode (BDM) [1], available in the last

microprocessors and microcontrollers produced byMotorola.

During the fault injection experiment, the applicationprogram is executed in debugging mode and BDM is in

charge of resetting the system, downloading theapplication target program, executing the fault injection,and triggering possible time-out conditions. The tool isable to inject faults both in the memory image of theprocess (data and code) and in the internal registers of

the processor.The adopted fault model is the single bit-flip

transient fault, but the approach can be easily extended

to different fault models such as permanent stuck-at,

transient bridging, multiple bit-flip. Faults are injectedat the assembly level. This means that the system inject

every fault between one instruction and another, and itis not possible to inject a fault during the executioncycle of a single assembly instruction.

The fault injection is controlled by the hostprocessor, which sets a breakpoint in correspondence ofa specified instruction; at the n-th execution of the

specified instruction, the fault is injected by means of adebugging command that modifies a memory locationor a user register.

We developed a case study based on the LA-7902tool by Lauterbach GmbH, which interfaces a host

computer with a target board based on a MC68332microcontroller. The behavior of such a board inpresence of faults is evaluated using a prototypicalimplementation of our fault injection system.

1Contact author: Matteo SONZA REORDA, Politecnico di

Torino, Dip. Automatica e Informatica, Corso Duca degliAbruzzi 24, I-10129 Torino, Italy, E-mail: sonza@polito.it,http://www.polito.it/~sonza

Preliminary experiments on some benchmarkprograms show that our system is well suited for

evaluating the fault coverage for embeddedmicroprocessor-based boards, it does not depend on anyOperating System facility, and it allows the injection of

faults in both memory and internal registers. Moreover,our approach does not require any change in the sourcecode of the target software, thus minimizing its

intrusiveness. Finally, BDM-based Fault Injectionsystems are time efficient, as the ratio between the timefor analyzing every fault and the one for executing the

fault-free program ranges between 70 and 100 even forthe current prototypical version of our system.

With respect to FERRARI [2] and Doctor [3], our

approach does not insert software traps or fault injectionroutines in the target software. Moreover, the targetsystem is not supposed to provide either Operating

System calls, or any sophisticated exception routines orbuilt-in debugging features, such as the ones exploitedby the Xception tool [4] unique to the PowerPCprocessor.

Fig. 1: BDM environment.

References[1] Motorola Inc., A Background Debugging Mode Driver

Package for Modular Microcontrollers, by S. Howard,Motorola Semiconductor Application Note AN1230/D,1996

[2] G.A. Kanawati, N.A. Kanawati, J.A. Abraham,

FERRARI: A Flexible Software-Based Fault and Error

Injection System, IEEE Trans. on Computers, Vol. 44, N.2, February 1995, pp. 248-260

[3] S. Han, K.G. Shin, H.A. Rosenberg, Doctor: AnIntegrated Software Fault-Injection Environment for

Distributed Real-Time Systems, Proc. IEEE Int. Comp.Performance and Dependability Symp., 1995, pp. 204-213

[4] J. Carreira, H. Madeira, J. Silva, Xception: Software

Fault Injection and Monitoring in Processor FunctionalUnits, DCCA-5, 1995, pp. 135-149

Target System Host Computer

B DM po rt B DM interface

Authorized licensed use limited to: Rajalakshmi Engineering College. Downloaded on July 26,2010 at 07:01:27 UTC from IEEE Xplore. Restrictions apply.