posted on 2023-08-30, 14:10authored byJonathan R. R. Kimmitt
The increasing commoditization of computers in modern society has exceeded the
pace of associated developments in reliability. Although theoretical computer science
has advanced greatly in the last thirty years, many of the best techniques have yet to
find their way into embedded computers, and their failure can have a great potential
for disrupting society.
This dissertation presents some approaches to improve computer reliability using
software and hardware techniques, and makes the following claims for novelty: innovative
development of a toolchain and libraries to support extraction from dependent type
checking in a theorem prover; conceptual design and deployment in reconfigurable
hardware; an extension of static type-safety to hardware description language and
FPGA level; elimination of legacy C code from the target and toolchain; a novel
hardware error detection scheme is described and compared with conventional triple
modular redundancy. The elimination of any user control of memory management
promotes robustness against buffer overruns, and consequently prevents vulnerability
to common Trojan techniques.
The methodology identifies type punning as a key weakness of commonly encountered
embedded languages such as C, in particular the extreme difficulty of determining if
an array access is in bounds, or if dynamic memory has been properly allocated and
released. A method of eliminating dependence on type-unsafe libraries is presented, in
conjunction with code that has optionally been proved correct according to user-defined
criteria. An appropriately defined subset of OCaml is chosen with support for the Coq
theorem prover in mind, and then evaluated with a custom backend that supports
behavioural Verilog, as well as a fixed execution unit and associated control store.
Results are presented for this alternative platform for reliable embedded systems
development that may be used in future industrial flows.
To provide assurance of correct operation, the proven software needs to be executed in
an environment where errors are checked and corrected in conjunction with appropriate
exception processing in the event of an uncorrectable error. Therefore, the present
author’s previously published error detection scheme based on dual-rail logic and
self-checking checkers is further developed and compared with traditional N-modular
redundancy.