Design and Evaluation of Preemptive Control Signature (PECOS) Checking

The paper presents the design and evaluation of PECOS, a PreEmptive COntrol Signature technique for on-line detection of control flow errors. The technique uses assertions that can be embedded in the assembly language code and that are triggered by control flow instructions in the code. The PECOS target error model is any corruption that causes the application to take an incorrect control flow path. This includes corrupted control flow instructions as well as any other corruption that subsequently affects the control flow. The proposed technique is shown to handle both static and dynamic control flow constructs. PECOS is evaluated through software-based error injection—both directed control flow injections and random injections into the text segment of the running application. The injected errors model the impact of failures in the address and data lines between a processor and memory. The effectiveness of PECOS is illustrated on a real application: the Dynamic Host Configuration Protocol (DHCP) server. It is shown that PECOS detects more than 87% of control flow errors, reducing the incidence of fail-silence violations from 3.6% to 0.1% and of process crashes from 54.6% to 7.1%. Performance studies show a degradation of 15-29% with instrumentation of the entire DHCP server, and a degradation of 513% with instrumentation of only the critical DHCP protocol engine.