【作者】 刘云飞；

【导师】 李静；

【作者基本信息】 南京航空航天大学 ， 工程硕士（专业学位）， 2020， 硕士

【摘要】 星载嵌入式计算机由于运行在外太空容易受到宇宙辐射和高能粒子的轰击而发生硬件瞬时故障,继而引发软件运行出错,错误主要包括程序崩溃、程序挂起和静默数据损坏(Silent Data Corruption,SDC)3种情况。其中,静默数据损坏问题由于其隐蔽性,会在毫无征兆的情况下导致软件结果错误,是目前嵌入式软件错误防护研究的重点之一。最近几年国内外虽然提出了故障注入、静态分析预测和指令插桩等防护SDC问题的技术,但是如何在资源有限的嵌入式软件中实现高效、精准的SDC防护仍然需要深入的研究。本文分析现有的防护SDC问题的方法,从数据流和控制流的角度分别对SDC防护进行了研究。本文针对SDC错误防护的主要研究工作如下:(1)通用寄存器中数据出错会引发程序中数据流错误,并最终导致的SDC错误,针对目前SDC数据流防护存在的性能开销大、防护效果差等问题,提出了基于LSTM(Long Short-Term Memory network)和动态执行流的数据流SDC脆弱性防护。将程序的执行视为指令的动态执行流,提取指令本身和传播路径的特征,最终利用LSTM网络对LLVM中间代码指令的SDC脆弱性进行预测。通过对预测的高脆弱性指令进行选择性冗余起到数据流防护作用,防护后的故障注入实验结果表明,该方法拥有较高的预测准确率和冗余后的检错率,同时减小了冗余带来的时间开销。(2)PC寄存器、跳转地址出错会引发控制流错误,是导致的SDC问题的重要原因之一,针对目前控制流检错方法存在的标签设计复杂、漏检基本块内和过程间控制流错误等问题,提出了基于基本块全局依赖图的控制流SDC脆弱性防护。构建基本块的全局依赖图,只需两个标签即可实现基本块间的控制流检错、基本块内的控制流检错和过程间的控制流检错,通过插桩检错指令起到防护作用。检错能力分析和实验结果表明该方法拥有较高的控制流检错率,且将性能开销限制在了一定范围内。(3)依据上述研究,设计了基于LLVM的嵌入式软件SDC脆弱性防护原型系统,并在嵌入式软件集合Mibench和QEMU(Quick EMUlator)模拟的嵌入式平台上通过数据流和控制流的故障注入实验验证了原型系统的有效性,实验结果表明,本文设计的嵌入式软件SDC脆弱性防护系统可以有效地对SDC脆弱性问题进行防护。更多还原

【Abstract】 Spaceborne computers are susceptible to transient hardware failure due to the bombardment of cosmic radiation and high-energy particles when they are running in outer space,which can cause software errors.The errors mainly include program crashes,program hangs and silent data corruption(SDC).Silent Data Corruption(SDC),due to its concealment,will lead to errors in software results without any warning,which is the focus of current research on embedded software fault protection.In recent years,although technologies such as fault injection,static analysis prediction and instruction instrumentation have been proposed,how to achieve efficient and accurate SDC protection in embedded software with limited resources still needs in-depth research.In this paper,we analyze existing methods which used to prevent SDC errors,and try to protect SDC errors from the data flow and control flow.The main research work of this paper for SDC error protection is as follows:1)Data errors in general registers will cause data flow errors in the program and eventually cause SDC errors.To address the problems of large performance overhead and poor protection effects of the current SDC data flow protection,a data flow SDC vulnerability protection based on LSTM(Long Short-Term Memory network)and dynamic execution flow is proposed.The execution of the program is regarded as the dynamic execution flow of the instructions,the features of the instruction itself and the propagation path are extracted,and finally the LSTM network is used to predict the SDC vulnerability of the LLVM intermediate code instructions.Selective redundancy of predicted highfragility instructions is performed to protect against errors in data flow which may cause SDCs.The result of fault injection after protection show that this method has high prediction accuracy and error detection rate after redundancy,while reducing the time overhead caused by redundancy.2)Errors in the PC register and jump address will cause control flow errors,which is also one of the important reasons for the SDC problem.Aiming at the problems of current control flow error detection methods,such as complex signature design,missing control flow errors in basic blocks and between processes,a control flow SDC vulnerability protection based on basic block global dependency graph is proposed.Global dependency graph of basic blocks is built,and only two signatures are needed to implement control flow error detection within basic blocks,in basic blocks,and between processes.Errors in control flow can be protected against by instrumentation.Detection capability Analysis and experimental results show that the method has a high control flow error detection rate and limits the performance overhead to a certain range.3)A prototype system of embedded software SDC vulnerability protection based on LLVM is designed,and the fault injection of data flow and control flow is performed on the embedded platform simulated by the embedded software set Mibench and QEMU(Quick EMUlator).The experiments verify the effectiveness of the prototype system and results show that the embedded software SDC vulnerability protection system designed in this paper can effectively protect the SDC vulnerability.更多还原