Exploiting the Background Debugging Mode in a Fault Injection system

Paolo PRINETTO, Maurizio REBAUDENGO, Matteo SONZA REORDA Politecnico di Torino - Dipartimento di Automatica e Informatica Torino, Italy
This note1 describes a software-implemented Fault Injection system (Fig. 1) suited to be used with embedded microprocessor-based boards and based on some features available in the most recent microprocessors and microcontrollers. Although these features were originally introduced to easy code development and debugging, they are very well suited for supporting the implementation of efficient and barely intrusive Fault Injection Systems. In particular, our Fault Injection system exploits the Background Debugging Mode (BDM) [1], available in the last microprocessors and microcontrollers produced by Motorola. During the fault injection experiment, the application program is executed in debugging mode and BDM is in charge of resetting the system, downloading the application target program, executing the fault injection, and triggering possible time-out conditions. The tool is able to inject faults both in the memory image of the process (data and code) and in the internal registers of the processor. The adopted fault model is the single bit-flip transient fault, but the approach can be easily extended to different fault models such as permanent stuck-at, transient bridging, multiple bit-flip. Faults are injected at the assembly level. This means that the system inject every fault between one instruction and another, and it is not possible to inject a fault during the execution cycle of a single assembly instruction. The fault injection is controlled by the host processor, which sets a breakpoint in correspondence of a specified instruction; at the n-th execution of the specified instruction, the fault is injected by means of a debugging command that modifies a memory location or a user register. We developed a case study based on the LA-7902 tool by Lauterbach GmbH, which interfaces a host computer with a target board based on a MC68332 microcontroller. The behavior of such a board in presence of faults is evaluated using a prototypical implementation of our fault injection system.
1Contact author: Matteo SONZA REORDA, Politecnico di Torino, Dip. Automatica e Informatica, Corso Duca degli Abruzzi 24, I-10129 Torino, Italy, E-mail: sonza@polito.it, http://www.polito.it/~sonza

Preliminary experiments on some benchmark programs show that our system is well suited for evaluating the fault coverage for embedded microprocessor-based boards, it does not depend on any Operating System facility, and it allows the injection of faults in both memory and internal registers. Moreover, our approach does not require any change in the source code of the target software, thus minimizing its intrusiveness. Finally, BDM-based Fault Injection systems are time efficient, as the ratio between the time for analyzing every fault and the one for executing the fault-free program ranges between 70 and 100 even for the current prototypical version of our system. With respect to FERRARI [2] and Doctor [3], our approach does not insert software traps or fault injection routines in the target software. Moreover, the target system is not supposed to provide either Operating System calls, or any sophisticated exception routines or built-in debugging features, such as the ones exploited by the Xception tool [4] unique to the PowerPC processor.
BDM port BDM interface

Target System

Host Computer

Fig. 1: BDM environment.

References
[1] Motorola Inc., A Background Debugging Mode Driver Package for Modular Microcontrollers, by S. Howard, Motorola Semiconductor Application Note AN1230/D, 1996 [2] G.A. Kanawati, N.A. Kanawati, J.A. Abraham, FERRARI: A Flexible Software-Based Fault and Error Injection System, IEEE Trans. on Computers, Vol. 44, N. 2, February 1995, pp. 248-260 [3] S. Han, K.G. Shin, H.A. Rosenberg, Doctor: An Integrated Software Fault-Injection Environment for Distributed Real-Time Systems, Proc. IEEE Int. Comp. Performance and Dependability Symp., 1995, pp. 204213 [4] J. Carreira, H. Madeira, J. Silva, Xception: Software Fault Injection and Monitoring in Processor Functional Units, DCCA-5, 1995, pp. 135-149

Authorized licensed use limited to: Rajalakshmi Engineering College. Downloaded on July 26,2010 at 07:01:27 UTC from IEEE Xplore. Restrictions apply.