Protecting the dynamic dispatch in C++ by dependability aspects

Abstract

Computer systems, especially devices with highly-miniaturized feature sizes, are unreliable. Data memory is susceptible to a number of physical effects that cause faults, which can be observed as spontaneous bit flips. Although in many application scenarios corrupt data is harmless (“almost” correct result often suffices), control-flow transitions are very sensitive to faults. Indirect jumps, such as the dynamic dispatch of virtual functions in C++, often crash the system in case of a single bit flip. This paper describes a suitable software-based fault-tolerance mechanism, which can be applied to arbitrary C++ software by source-to-source compilation. The overall cost for this mechanism is below 10 % for both runtime and memory overhead. Our evaluation results show that this approach eliminates 67.1 % of all irregular program terminations in a case study using an embedded weather-station software, whose entire data memory is corrupted by single-bit flips.