An efficient register fault injection method for embedded processors

By constructing an instruction and injection timing tree diagram structure for embedded processors, the low efficiency problem of register fault injection in embedded processors in existing technologies is solved, achieving accurate fault injection and hardware resource simulation, and supporting the design of protection schemes.

CN117472676BActive Publication Date: 2026-06-23XIAN INSTITUE OF SPACE RADIO TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
XIAN INSTITUE OF SPACE RADIO TECH
Filing Date
2023-10-25
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

Existing technologies cannot efficiently simulate the single-event flip effect of registers in embedded processors, resulting in low accuracy and efficiency of fault injection.

Method used

By parsing the processor instruction set, a tree diagram structure between instructions and injection timing is constructed to generate a fault injection model. Register faults are injected when specific instructions are executed to simulate the irradiation effect of hardware resources and achieve accurate fault injection.

Benefits of technology

It improves the efficiency and accuracy of fault injection, enabling more precise simulation of soft errors in hardware resources and supporting the design and verification of hardware resource protection schemes.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN117472676B_ABST
    Figure CN117472676B_ABST
Patent Text Reader

Abstract

The application relates to an efficient register fault injection method for an embedded processor, which comprises the following steps: analyzing the instruction structure of a processor instruction set, and extracting instructions related to register operation; classifying the instructions related to register operation according to injection timing, constructing a tree graph structure between the instructions and the injection timing, and obtaining a fault injection model of the instruction set related to register operation; obtaining user program instructions, constructing a register fault injection vector suitable for the user program according to the fault injection model; and executing fault injection according to the fault injection vector when the program executes to the instructions. The application realizes accurate injection timing, can more accurately simulate the real situation when the hardware resources are affected by irradiation and flipped, thereby improving the injection efficiency; and can be used in application occasions such as single event upset protection scheme design verification.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of reliability assessment technology and relates to an efficient register fault injection method for embedded processors. Background Technology

[0002] Embedded processors use load / store instruction sets, meaning that most instructions can only process data in registers, and the results must be placed back into the registers. However, registers, as core storage units, are radiation-sensitive and prone to single-event upsets, which can severely affect the execution of processor program instructions.

[0003] Traditional fault injection methods involve implanting fault tree programming instructions into the system under test (SUT), executing tasks, and determining the hardware system's execution results to dynamically reflect the impact of the fault tree on the system; or simulating the underlying hardware fault-driven mechanism through the SUT's hardware bus interface to simulate the impact of fault execution results in the system hardware; or injecting faults at random times. However, these methods lack sufficient targeting, resulting in inefficient and inaccurate fault injection. Therefore, none of these fault injection methods achieve efficient injection in terms of injection method, implementation efficiency, or effectiveness. Summary of the Invention

[0004] The technical problem solved by this invention is to overcome the shortcomings of the prior art and propose an efficient register fault injection method for embedded processors.

[0005] The solution of the present invention is:

[0006] An efficient register fault injection method for embedded processors includes:

[0007] The instruction structure of the processor instruction set is parsed to extract instructions related to register operations;

[0008] The instructions related to register operations are classified according to the injection timing, and a tree diagram structure between the instructions and the injection timing is constructed to obtain a fault injection model for the instruction set related to register operations.

[0009] Obtain user program instructions and construct a register fault injection vector adapted to the user program based on the fault injection model;

[0010] When the program executes this instruction, fault injection is performed according to the fault injection vector.

[0011] Preferably, the processor instruction set includes six major categories: data processing instructions, data loading and storing instructions, branch instructions, program status register processing instructions, coprocessor instructions, and exception generation instructions.

[0012] Preferably, the instruction structure format of the processor instruction set is as follows:

[0013] <opcode>{cond}{S}{Rd},{Rn},{<OP2>}

[0014] Wherein, opcode represents the opcode; cond represents the condition field for instruction execution; S indicates whether the result of instruction execution will affect the program status register, and this suffix indicates that the result of execution will affect the program status register; Rd represents the destination register; Rn represents the first operand, which is usually a register; OP2 represents the second operand, which is an immediate value, a register, or a register shift operand.

[0015] Preferably, when constructing the fault injection model, the opcodes in the instruction set are analyzed first. <opcode>The registers used by the opcode are analyzed to identify the registers to be injected in the instruction. For ordered injection instructions, the opcode has a unique and clear injection opportunity. If it is an unordered injection instruction, fault injection can be performed before and after the opcode is executed.

[0016] Preferably, when constructing the tree diagram structure between instructions and injection timing, the injection timing of instructions within the same class is consistent.

[0017] Preferably, the instruction injection timing classification set includes three main categories: post-execution injection set RA, pre-execution injection set RB, and injection both before and after execution set RR.

[0018] The preferred fault injection model is as follows:

[0019]

[0020] Where R is the instruction injection timing classification set, divided into three main categories: post-execution injection set RA, pre-execution injection set RB, and injection both before and after execution set RR. Ra, Rb, and Rc represent the instructions in the three main categories; R ij This refers to the injection feature vector of a certain instruction. `i` represents the injection timing classification set number, `j` represents the instruction number in the injection timing classification set, `INS` is the instruction name, `position` is the injection timing, and `resource` is the register to be injected with the fault. `mask` is the abnormal data mask, composed of "0" and "1", where the bit position of "1" represents the fault injection position, `a`, `b`, and `c` represent the subset numbers of the injection timing classification set, and `x`, `y`, and `z` represent the instruction sequence numbers in the subsets of the classification set. The abnormal data mask is XORed with the original data in the register to flip the original data bits, thus completing the fault injection.

[0021] Preferably, instructions related to register operations are extracted, and the extraction method is as follows:

[0022] First, the program is compiled, and the compiled instruction structure is parsed to obtain the compiled instruction sequence. Then, the instruction names related to register operations and the registers in the instructions are extracted from the instruction sequence.

[0023] Preferably, register operation-related instructions are categorized according to their injection timing, as follows:

[0024] Based on whether a fault occurs when the registers manipulated in the instruction are modified before and after execution, the appropriate injection timing is determined according to the analysis and classification results of the instruction set, based on each instruction and the registers involved. Then, the data in the registers is flipped at that timing.

[0025] A terminal device, comprising:

[0026] Memory, used to store at least one instruction executed by a processor;

[0027] A processor is used to execute instructions stored in memory to implement the above method.

[0028] This invention proposes a fault injection model based on a tree-graph structure to address the soft errors caused by single-event upsets (SWEs) in microprocessor internal resources under irradiation conditions. This method injects faults at a fine-grained temporal level, simulating different irradiation-affected hardware resources by injecting into registers during the execution of specific instructions. This achieves precise injection timing and enables a more accurate simulation of the actual situation when hardware resources are affected by irradiation and undergo fault flips, thereby improving injection efficiency. Furthermore, this method can be used in applications such as the design and verification of SWE protection schemes. Its advantages are as follows:

[0029] (1) This invention designs a tree graph structure fault injection model related to hardware structure and instruction set. The instruction set is classified according to function and divided into six different function instruction trees according to the tree data structure. The nodes of the instruction tree are associated with hardware resources in the form of a graph. Thus, the situation when various different hardware resources are flipped is simulated by injecting into the register, so as to better simulate the different soft error occurrence rates of hardware resources.

[0030] (2) This invention divides the timing of register injection during instruction execution into three categories: before instruction execution, after instruction execution, and both before and after instruction execution, based on the meaning of the instruction and the method of register injection. This allows for the selection of the most suitable fault injection timing for each instruction, effectively avoiding the situation where injection errors are masked and ensuring accurate and effective fault injection. Attached Figure Description

[0031] Figure 1 This is a schematic diagram showing the correspondence between instructions and injection timing.

[0032] Figure 2 This is a flowchart of the method of the present invention;

[0033] Figure 3 These are the actual instructions to be executed in the embodiments;

[0034] Figure 4 This refers to the state of the registers before instruction execution in the embodiment.

[0035] Figure 5 This is the result of executing the instructions normally in the example;

[0036] Figure 6 This shows the state of the register after injection in the embodiment;

[0037] Figure 7 This is the result of executing the instructions after injection in the example. Detailed Implementation

[0038] The present invention will be further described below with reference to the embodiments.

[0039] This invention aims to analyze the effective fault injection characteristics of hardware resources and program instructions, design fault injection methods for different categories of program instructions, find the matching relationship between hardware resources and program instructions, and construct a tree-graph structure fault injection model that associates program instructions with hardware resources. In its implementation, this invention takes the general embedded ARM processor instruction set as an example, dividing it into six categories: data processing instructions, data loading and storing instructions, branch instructions, program status register processing instructions, coprocessor instructions, and exception generation instructions.

[0040] The following is the design architecture of the fault injection model method based on the tree graph structure of this invention.

[0041] Step 1: Instruction Structure Analysis of ARM Processor Instruction Set for Fault Injection

[0042] Embedded processors complete specified tasks by executing programs, which consist of a series of ordered instructions. Instructions are commands that instruct the processor to perform a certain operation; the set of instructions is called the instruction set. Different series of microprocessors have different instruction sets due to their different core architectures.

[0043] For ARM processors, the general format of their instruction structure is shown in the following formula.

[0044] <opcode>{cond}{S}{Rd},{Rn},{<OP2>}

[0045] In this context, `opcode` represents the opcode, such as `ADD` for arithmetic addition; `cond` represents the condition field for instruction execution, such as `EQ` for equality conditions; `S` determines whether the instruction's execution result affects the program status register (PSU); `Rd` represents the destination register; `Rn` represents the first operand, usually a register; and `OP2` represents the second operand, which can be an immediate value, a register, or a register shift operand. Furthermore, the content within `<>` is mandatory, while the content within `{}` can be omitted. For example... <opcode>It is a command mnemonic and is required. And { <cond>The} symbol represents the execution condition of the instruction and is optional. By default, it means that the instruction will be executed unconditionally.

[0046] Functionally, the instruction set of embedded ARM processors is load / store type, meaning that most instructions in the instruction set can only process data in registers, and the processing results must be placed back into the registers. The ARM instruction set can be divided into six main categories: data processing instructions, data load and store instructions, branch instructions, program status register processing instructions, coprocessor instructions, and exception generation instructions, as shown in Table 1.

[0047] Table 1 Instruction Set Attribute Classification

[0048]

[0049] This invention primarily focuses on register fault injection, therefore it is necessary to extract instructions from the instruction set that involve register operations as the data foundation for constructing the register injection model.

[0050] The extraction method is as follows: First, compile the program and parse the compiled instruction structure to obtain the compiled instruction sequence. Then, extract the instruction names related to register operations and the registers in the instructions from the instruction sequence.

[0051] Step 2: Construct a fault injection model based on a tree graph structure

[0052] Different hardware resources support different processor functions. Before constructing a tree diagram of hardware resources and program instructions, the types of hardware resources in the processor must first be clearly defined. The Central Processing Unit (CPU) includes the Arithmetic Logic Unit (ALU) and the Control Unit. The ALU receives commands from the Control Unit and executes corresponding actions, processing and manipulating data. The ALU is the center of data processing in the processor and mainly consists of an arithmetic logic unit, temporary registers, an accumulator register, a general-purpose register set, a program status register, shifters, and a counter. The Control Unit works by generating control signals for each component of the processor based on the instruction opcode, the instruction execution steps (micro-command sequence), and condition signals. The Control Unit consists of a program counter, an instruction register, an instruction decoder, a memory address register, a memory data register, a timing system, and a micro-operation signal generator. Memory is the processor's storage component, used to store program instructions and data.

[0053] In fault injection, the effective fault injection types are destination register injection and operand injection. Operand injection types are divided into immediate values ​​and registers based on the data source.

[0054] Analysis of hardware resources and program instructions reveals that different hardware resources only use a fixed set of program instructions. Single-event soft errors in hardware resources often manifest in the data of registers or memory. Therefore, based on the effective fault injection type and the spatiotemporal relationship of fault injection effectiveness, the six major categories of processor instruction sets involving registers are categorized according to their injection timing (based on whether a fault occurs when the register manipulated by the instruction is modified before and after execution; based on each instruction and the registers involved, and according to the analysis and classification results of the instruction set, the appropriate injection timing is determined, and then the register data is flipped at that timing). This constructs a tree diagram structure between instructions and injection timing, ensuring that the injection timing of instructions within the same category is consistent. Figure 1 As shown.

[0055] Among them, I in the figure i 1≤i≤N represents the instructions in the instruction set, and R is a set of instruction injection timing classifications, divided into three main categories: post-execution injection (RA), pre-execution injection (RB), and injection both before and after execution (RR). ij These are the feature vectors in the injection model. By analyzing the spatiotemporal relationships between registers and program instructions, a register fault injection model suitable for this instruction set can be constructed.

[0056] Based on the above ideas, the injection model for instruction sets can be constructed as follows:

[0057]

[0058] Here, R represents the instruction injection timing classification set, divided into three categories: post-execution injection (RA), pre-execution injection (RB), and injection both before and after execution (RR). Ra., Rb., and Rc. represent instructions in these three categories. Rij refers to the injection feature vector of a specific instruction, where i represents the injection timing classification set number, j represents the instruction number within that set, INS is the instruction name, position is the injection timing, resource is the register to be injected with the fault, and mask is the abnormal data mask, composed of "0" and "1", where the bit position of "1" represents the fault injection position. a, b, and c represent the subset numbers of the injection timing classification set, and x, y, and z represent the instruction numbers within the subsets of the classification set. The abnormal data mask is XORed with the original register data to flip the original data bits, thus completing the fault injection.

[0059] When constructing an injection model, the opcodes in the instruction set must first be processed. <opcode>Preliminary Analysis. In practice, a detailed analysis of the registers used by the opcodes is conducted to identify the registers to be injected in the instruction. Taking the ARM instruction set as the analysis object, it is divided into three major categories and ten subcategories. Table 2 shows that for ordered injection instructions, the opcode has a unique and definite injection opportunity; if injecting unordered instructions, fault injection can be performed before and after the execution of these opcodes, but the effective injection location is still different.

[0060] Therefore, after analyzing each instruction according to the instruction list in the instruction set, a complete spatiotemporal relationship table is constructed according to Table 2, which constitutes the register fault injection model of this instruction set.

[0061] Table 2. Ordered subset of fault injection instructions

[0062]

[0063]

[0064] Step 3: Generate injection vectors for the user program.

[0065] Obtain the instructions of the user function program, and construct a register fault injection vector adapted to the user program according to the spatiotemporal relationship shown in Table 2, as shown in Table 3.

[0066] Table 3 Fault Injection Vector Table

[0067]

[0068] According to the timing and target location agreed upon by the above injection vector, the mask is XORed with the original register value to modify the register value and achieve fault injection into the register.

[0069] By constructing a tree diagram structure model, corresponding fault injection vectors are generated based on the instructions executed in the program flow, thereby performing fault injection.

[0070] Example:

[0071] It is necessary to inject the add instruction in the program execution flow. If the current add instruction is add x1, x0, #0x390, its specific meaning is to add the value of the x0 register to the immediate number 0x390 and store the added result in the x1 register. According to Table 2, first determine the type of the fault injection subset in the tree diagram structure where the add instruction is located. It can be seen from Table 2 that for the add instruction, it corresponds to pre-execution injection, and the injection resource is the second register. Therefore, assuming random single-bit fault injection, the generated fault injection vector is <add, pre-execution injection, x0, 0x0001>, that is, simulating a single-bit flip of the lowest bit of the register x0 to achieve fault injection. The specific injection process and the achieved injection effect are shown as follows:

[0072] (1) Since add is an addition instruction, after executing this instruction, the value of x1 will change to the result of adding the immediate number 0x390 to the value of the x0 register, that is, x1 = 0x390 + x0. Therefore, the execution instruction is Figure 3 The add x1, x0 #0x390 shown, whose specific meaning is to add the value of the x0 register to the immediate number 0x390 and store the result in the x1 register.

[0073] (2) In Figure 4 , enter the command: p / x $x1 to view the value of the register x1 before the execution of the above instruction, which is 0xd540; enter the command: p / x $x0 to view the value of the register x0 before the execution of this instruction, which is 0x2000. In Figure 5 , it is the result after the normal execution of this instruction, and the value stored in the register x1 is 0x2390, which is consistent with the value obtained by the calculation of x1 = 0x390 + x0.

[0074] (3) In Figure 5 , enter the command: p / x $x1 again to view the value of the register x1 where the result is stored after execution, which is 0x2390, which is consistent with the value obtained by the calculation of the previous instruction x1 = 0x390 + x0.

[0075] (4) Execute the generated fault injection vector <add, pre-execution injection, x0, 0x0001>. After execution, the value of the register x1 will change to the value obtained by XORing the x0 register with the fault mask 0x0001 and then adding the immediate number 0x390, that is, the execution instruction is Thus, simulating a single-bit flip, the specific fault injection effect is as follows. The change in the register value after injection is as Figure 6 shown. Use p / x $x0 to view that the value of the register x0 before the execution of this instruction changes to 0x2001, achieving the fault injection of a single-bit flip. The result of the instruction execution after injection is as Figure 7 As shown, use p / x$x1 again to view the value of register x1 and display it in hexadecimal format. The final result is as follows. The calculation is consistent; after injection, the value of the instruction becomes 0x2391, which is consistent with... Figure 5 The result shown only changed one bit compared to the normal result.

[0076] In this invention, the effective fault injection types during fault injection are destination register injection and operand injection. Operand injection types are further divided into immediate values ​​and registers based on the data source. By analyzing hardware resources and program instructions, hardware resources for different operational applications are concentrated into fixed types of program instructions. Single-event soft errors in hardware resources often manifest in the data of memory units. By simulating the data access process under different execution states through registers, and based on the spatiotemporal relationship of fault injection effectiveness, the six major categories of the processor instruction set are subdivided into several subsets, constructing a tree diagram structure relating hardware resources and program instructions, thereby achieving the goal of efficiently simulating fault injection.

[0077] Although the present invention has been disclosed above with reference to preferred embodiments, it is not intended to limit the present invention. Any person skilled in the art can make possible changes and modifications to the technical solutions of the present invention by utilizing the methods and techniques disclosed above without departing from the spirit and scope of the present invention. Therefore, any simple modifications, equivalent changes and alterations made to the above embodiments based on the technical essence of the present invention without departing from the content of the technical solutions of the present invention shall fall within the protection scope of the technical solutions of the present invention.< / opcode> < / cond> < / opcode> < / opcode>

Claims

1. A high-efficiency register fault injection method for embedded processors, characterized in that... include: The instruction structure of the processor instruction set is parsed to extract instructions related to register operations; the instruction structure format of the processor instruction set is as follows: in, opcode Indicates the opcode; cond The condition field indicating instruction execution; S Indicates whether the execution result of an instruction will affect the program status register. S The suffix indicates that the execution result affects the program status register; Rd Indicates the destination register; Rn This represents the first operand, which is usually a register; OP2 This indicates the second operand, which can be an immediate value, a register, or a register shift operand. Instructions related to register operations are categorized according to their injection timing. A tree diagram structure is constructed to establish the relationship between instructions and injection timing, resulting in a fault injection model for the instruction set related to register operations. When constructing the fault injection model, the opcodes in the instruction set are first analyzed. opcode The analysis of the registers used by the opcode identifies the registers to be injected in the instruction. For ordered injection instructions, the opcode has a unique and definite injection timing. For unordered injection instructions, fault injection can be performed both before and after opcode execution. When constructing the tree diagram structure between instructions and injection timing, the injection timing of instructions within the same category is consistent. The fault injection model is as follows: Where R is the instruction injection timing classification set, divided into three main categories: post-execution injection set RA, pre-execution injection set RB, and injection both before and after execution set RR. Ra, Rb, and Rc represent the instructions in the three main categories; R ij This refers to the injection feature vector of a certain instruction. `i` represents the injection timing classification set number, `j` represents the instruction number within the injection timing classification set, `INS` is the instruction name, `position` is the injection timing, and `resource` is the register to be injected with the fault. `mask` is the abnormal data mask, composed of "0"s and "1"s, where the bit position of "1" represents the fault injection position, `a`, `b`, and `c` represent the subset numbers of the injection timing classification set, and `x`, `y`, and `z` represent the instruction numbers within the subsets of the classification set. The abnormal data mask is XORed with the original data in the register to flip the original data bits, thus completing the fault injection. Obtain user program instructions and construct a register fault injection vector adapted to the user program based on the fault injection model; When the program executes this instruction, fault injection is performed according to the fault injection vector.

2. The efficient register fault injection method for embedded processors according to claim 1, characterized in that, The processor instruction set includes six main categories: data processing instructions, data load and store instructions, branch instructions, program status register processing instructions, coprocessor instructions, and exception generation instructions.

3. The efficient register fault injection method for embedded processors according to claim 1, characterized in that, The instruction injection timing classification set includes three main categories: post-execution injection set RA, pre-execution injection set RB, and injection both before and after execution set RR.

4. The efficient register fault injection method for embedded processors according to claim 1, characterized in that, Extract instructions related to register operations, using the following method: First, the program is compiled, and the compiled instruction structure is parsed to obtain the compiled instruction sequence. Then, the instruction names related to register operations and the registers in the instructions are extracted from the instruction sequence.

5. The efficient register fault injection method for embedded processors according to claim 1, characterized in that, Instructions related to register operations are categorized according to their injection timing, as follows: Based on whether a fault occurs when the registers manipulated in the instruction are modified before and after execution, the appropriate injection timing is determined according to the analysis and classification results of the instruction set, based on each instruction and the registers involved. Then, the data in the registers is flipped at that timing.

6. A terminal device, characterized in that, include: Memory, used to store at least one instruction executed by a processor; A processor for executing instructions stored in memory to implement the method as described in any one of claims 1-5.