Soft errors are a threat to all kinds of software-controlled electronic devices and can cause silent data corruptions (SDCs). Software-based error detectors are a well-studied class of countermeasures, for example in the form of executable assertions that check application-specific invariants at runtime. These detectors must be – manually or automatically – placed at strategic positions in the software stack and trigger a transition to a safe system state, e.g. by rebooting. Although detectors can significantly reduce the occurrence of SDCs in the checked program state, they also increase the runtime of the program – and thus the figurative “attack surface” of the remaining program state, making more SDCs possible there. In light of this tradeoff, the SDC rate is minimal for a specific detector configuration enabling a subset of all detectors.In this paper, we investigate this tradeoff also for scenarios where enumerating and evaluating all detector configurations is infeasible. Exploiting compositionality properties of fault-injection results of program partitions, we propose a method to calculate SDC counts for unknown configurations. Based on this method, we formulate an integer-linear program that allows quickly finding an optimal solution. An evaluation with pre-existing executable assertions in FreeRTOS and eCos demonstrates applicability and accuracy in real-world use-case scenarios.
|Title of host publication||Proceedings - 2022 18th European Dependable Computing Conference, EDCC 2022|
|Number of pages||8|
|Publication status||Published - 15 Sept 2022|
|Title||2022 18th European Dependable Computing Conference (EDCC)|
|Duration||12 - 15 September 2022|