Current approaches to provide hardware
safety will not be sufficient in the future,
because they become too costly. SIListra Systems develops
cost-effective and safe software-only solution to these problems.
Because our solutions are based on the Software Coded Processing
technology they are flexible and universally deployable.
Cheaper commodity hardware can be used in critical systems,
because we implement the hardware error detection in software.
The gained flexibility can be used to increase the utilization of
systems by executing critical and non-critical applications on the same hardware component.
We provide the following tools providing error detection and evaluation of error resilience:
SIListra Safety Transformer
The upcoming automotive safety standard (ISO 26262) names Coded Processing explicitly as one technique to achieve the highest safety level (ASIL D). In addition to the automotive industry, system architects working in any other safety-critical application area, for instance, railway, aerospace, and medical devices, will profit from using our SIListra Safety Transformer. Any application where the risk of erroneous executions is unacceptable high can apply our SIListra Safety Transformer and the principles of Coded Processing in software to minimize the risk introduced by erroneous outputs caused by execution errors to an acceptable level.
In summary the advantages of our SIListra Safety Transformer are:
- Safety (Resilience against hardware errors).
- Safety (Resilience against some bugs in 3rd-party software).
- Simple integration into development workflow.
- Support for distributed systems.
- Adaptable scope of protection and thereby minimization of costs.
The figure shows the work-flow of the SIListra Safety Transformer:
The tool automatically transforms an unsafe original program to a safe program version.
The functionality of both versions is equivalent.
But while the unsafe original version is vulnerable to hardware execution errors,
the safe version is with very high probability not.
If an execution error disturbs the execution of the safe version,
i.e., introduces an erroneous state, this error will be detected.
As a consequence, the error can be handled before erroneous output will be produced.
The SIListra Safety Transformer provides the safe program version in generic source code format that can be
compiled for the target platform.
Brief two page overview about SIListra Safety Tools (PDF)
SIListra Safety Replicator
The SIListra Safety Replicator is a C to C source code transformer. It transforms a C module (in ANSI C, given in source code, and including all header files) into a protected C module. The protected C module detects soft errors that influence its execution. The SIListra Safety Replicator does this by replicating the complete data-flow (including inter-procedural data-flow and global and local state) of the module. Additionally, the SIListra Safety Replicator inserts checks to detect control-flow errors. Wrappers for integrating non-replicated external functions are automatically generated.
In summary the advantages of our SIListra Safety Replicator are:
- The workflow is similar to the SIListra Safety Transformer.
- Optimized for the detection of transient faults (soft errors) only.
- Automatically replicates any instruction and memory region in an application or module.
- Full ANSI-C (C99) language support.
- Adaptable scope of protection and thereby minimization of costs.
Brief two page overview about SIListra Safety Tools (PDF)
SIListra Safety Evaluator
Error injection is a well accepted method to evaluate hardware error detection mechanisms.
The results of error injection campaigns provide information about how well error detection
mechanisms cope with errors.
For a good representativeness of the error injection, the error model used has to mirror real
world errors as accurately as possible.
We provide the SIListra Safety Evaluator which emulates the symptoms of hardware errors detailed.
One especially interesting result of the error injection campaigns executed with the SIListra Safety Evaluator
is the percentage of errors which cause a silently corrupted output, that is, the generated output is different from
the output of the fault-free run and no error is reported by the software.
Furthermore, the SIListra Safety Evaluator provides means to debug single injection runs using slicing.
This facilitates the identification of safety issues.
With the SIListra Safety Evaluator we make the following novel contributions:
- Easy usage through hardware independence. It requires no hardware description or model.
- A symptom-based, flexible and comprehensive error model that extends the mostly used only-bit-flips model.
- Support for debugging of silent data corruptions to improve the detection coverage of the evaluated error detection mechanism.
The Evaluator supports two different execution modes:
Deterministic: In this mode per run exactly one error is triggered.
Usually several thousands of such runs are executed where in each run another error of the
same type is triggered. This tests the ability of a detection mechanism to cope with rarely occurring errors.
Furthermore, we can determine if an error detection mechanism is especially susceptible to some error types.
Probabilistic: This mode combines all error types.
The user has to provide the probability that an error will occur.
Thus, one execution might be hit by several different errors. This mode allows to mirror the fact that for an error
detection mechanism which increases code size, the protected program version is more probable to collect
errors than the program version without error detection.
Most hardware error detection tools only detect a certain amount of silently corrupted output failures. However, the question arises, if the remaining undetected failures are caused by the incomplete coverage of the detection approach or by bugs in the error detection. Our debugging support helps to analyse and debug undetected failures. Therefore, the SIListra Safety Evaluator presents the developer the complete data flow of an injected error through the application. By inspecting the data flow the developers can find missing checks and missing redundancy in their detection mechanism or just plain bugs in their implementation. Hence, SIListra Safety Evaluator’s debugging support is two-fold. First, it helps to improve the coverage of the error detection approach. Second, it helps to debug the error detection implementation.
Technical documentation about the SIListra Safety Evaluator (PDF)