A View on the Past and Future of Fault Injection Nuno Silva, Ricardo Barbosa Critical Software SA Coimbra, Portugal {nsilva, rbarbosa}@criticalsoftware.com João Carlos Cunha Polytechnic Institute of Coimbra/CISUC Coimbra, Portugal jcunha@isec.pt Marco Vieira CISUC-University of Coimbra Coimbra, Portugal mvieira@dei.uc.pt Abstract—Fault injection is a well-known technology that enables assessing dependability attributes of computer systems. Many works on fault injection have been developed in the past, and fault injection has been used in different application domains. This fast abstract briefly revises previous applications of fault injection, especially for embedded systems, and puts forward ideas on its future use, both in terms of application areas and business markets. Keywords-Fault Injection, Dependability, Fault Models I. INTRODUCTION In the past decades, research on fault injection (FI) has specially targeted the emulation of hardware faults, where a large number of works has shown that it is possible to emu- late these faults in a quite realist way. More recently the interest on the injection of software faults has increased, giving raise to several works. In terms of application areas and business markets, fault injection has been mainly used in the context of validation of safety critical embedded systems. The aerospace market is an unavoidable example, where fault injection for embedded systems has been largely ap- plied. The problem is that injection tools are quite dependent on the computer technology being used, thus they have to evolve according to the evolution of the application domains, systems complexity, criticality and new technology trends. This paper briefly discusses the past of fault injection, namely in what concerns basic concepts, typical fault mod- els, and well-known tools. Based on this analysis we then put forward ideas on new application areas, fault models, needs and markets. With this we want to contribute towards start- ing the discussion on what should be the future of fault injec- tion research and technology development. II. FAULT INJECTION BASICS Critical systems are designed to include fault and error handling mechanisms, able to tolerate development, physical or interaction faults [1]. A classical application of fault injec- tion is to study the effectiveness of such fault tolerant mech- anisms during system development. Fault injection tools provide means for measuring fault coverage, error detection latency, or the impact of fault tolerance in the system. Other successful application of fault injection is on the robustness testing of embedded systems. By deliberately corrupting parameters provided to operating system calls, the systems under test are evaluated by their resilience in terms of avoiding crashes. In distributed environments, the injec- tion of faults in messages has been useful for designers, system integrators and users to test protocol implementations or even system security. A. Typical Fault Models A fault model describes the scope of the faults considered for the injection experiments. These models are a representa- tion of real faults, and are usually limited by the capacity of the tool to reproduce them, or to emulate their closest effects. When considering hardware faults, the most common models consider the corruption of bits, in the form of bit-flip or stuck-at, representing the effects of radiation or power disturbances at memory or connection elements. Other mod- els may consider bridging, emulating the effects of short circuits, or open, representing broken lines. These models are complemented by defining the location of the faults, persis- tence, activation time, dimension, and duration. On the other hand, software fault models describe real mistakes by soft- ware developers. These models may describe common de- fects or the manifestation of such defects at the program state. B. Fault Injection Tools Several fault injection tools have been developed in the past, for both hardware faults and software faults. The first include hardware-implemented fault injection, software- implemented fault injection, and radiation-based fault injec- tion. The later include the mutation of source code and of machine-code. An overview of tools can be found at [2]. Among the many hardware fault injection tools devel- oped, csXception is the unique commercial fault injector available today (www.xception.org) for embedded systems. It uses the debugging and monitoring capabilities of the modern processors. This tool provides a set of spatial, tem- poral, and data manipulation fault triggers like FERRARI or FTAPE, but with a minimal intrusion on the target system, besides being able to target also system space. For the injection of software faults FINE and DEFINE were among the first tools implementing mutations. An ad- vanced technique, called Generic Software Fault Injection Technique (G-SWFIT), for emulation of software faults by mutations at the machine-code level is presented in [3]. However, existing tools are limited to prototypes and no commercial tool has been developed so far (although csX- ception implements some operators). Other tools do exist but are more oriented towards specif- ic utilization and not really applicable for the safety critical embedded systems. For example the Holodeck tool uses fault injection to simulate real-world application and system errors for Windows applications and services. Moreover, several of the commercial automated testing tools (e.g. LDRA and VectorCast) are starting to consider and name some of the tests they allow as fault injection tests, providing facilities to exercise boundary values and unit tests, for example.