Christian Bartsch

• Hardware devices fabricated with recent process technology are intrinsically more susceptible to faults than before. Resilience against hardware faults is, therefore, a major concern for safety-critical embedded systems and has been addressed in several standards. These standards demand a systematic and thorough safety evaluation, especially for the highest safety levels. However, any attempt to cover all faults for all theoretically possible scenarios that a sys- tem might be used in can easily lead to excessive costs. Instead, an application- dependent approach should be taken: strategies for test and fault resilience must target only those faults that can actually have an effect in the situations in which the hardware is being used. In order to provide the data for such safety evaluations, we propose scalable and formal methods to analyse the effects of hardware faults on hardware/soft- ware systems across three abstraction levels where we: (1) perform a fault effect analysis at instruction set architecture level by em- ploying fault injection into a hardware-dependent software model called program netlist, (2) use the results from the program netlist analysis to perform a deductive analysis to determine “application-redundant” faults at the gate level by exploiting standard combinational test pattern generation, (3) use the results from the program netlist analysis to perform an inductive analysis to identify all faults of a given fault list that can have an effect on selected objects of the high-level software, such as specified safety functions, by employing Abstract Interpretation. These methods aid in the certification process for the higher safety levels by (a) providing formal guarantees that certain faults can be ignored and (b) pointing to those faults which need to be detected in order to ensure product safety. We consider transient and permanent faults corrupting data in program- visible hardware registers and model them using the single-event upset and stuck-at fault models, respectively. Scalability of our approaches results from combining an analysis at the ma- chine and hardware level with separate analyses on gate level and C level source code, as well as, exploiting certain properties that are characteristic for embedded systems software. We demonstrate the effectiveness and scalability of each method on industry-oriented software, including a software system with about 138 k lines of C code.