Off-Chip Control Flow Checking of On-Chip Processor-Cache Instruction Stream

Abstract

Control flow checking (CFC) is a well known concurrent checking technique for ensuring that a program's instruction execution sequence follows permissible paths. Almost all CFC techniques require direct access to the CPU-cache bus, meaning that the checking hardware (generally called a watchdog processor (WP)) has to be on-chip. However, an on-chip WP directly accessing the CPU-cache bus has a few disadvantages chief among them being that it will use up appreciable chip real estate of a commodity processor, but may be unnecessary in most environments that do not have significant transient error rates. On the other hand, if an off-chip CFC technique can be developed that imposes minor hardware overheads on the processor chip, then such a WP can be plugged onto the external system bus when needed for concurrent checking, and will have very little of the disadvantages of on-chip WPs. Such an off-chip WP, however, is not generally be able to monitor all instructions due to the bandwidth difference between the CPU bus and the system or memory bus. The authors present techniques that allow generally effective off-chip CFC using partial access to the instruction execution stream that respects the CPU/system bus bandwidth factor (ratio) K, and still achieve reasonable block-level instruction error coverage ranging from 70-80% for K = 5 to about 94% for a K = 2. Furthermore, our experimental results show that the program-level error coverage is almost 100% even for K = 5 (i.e., the authors almost always detect the presence of an instruction error in a program sooner or later before it completes execution, which is useful for fail-safe operation), underscoring the efficacy of our methods