[LLVMdev] Fault-injector for LLVM

[Karthik Pattabiraman]

Hi,

I'm a PhD student at UIUC and I am using LLVM to add fault-tolerance
capabilities to applications. I would like to evaluate my framework by
performing fault-injections (fault-insertions) in the application.
Essentially, I want to corrupt an LLVM value at the time of its definition
and study the behavior of the program under this condition. I would like to
be able to do this in a generic way without recompiling the program between
injections (I will not know which value(s) I am going to fault-inject at
compile-time).

I would like to know if similar tools/capabilities already exist for LLVM,
and if not, which of the following methods is easiest to implement and would
give me what I need:

1. Extending the LLVM debugging interface to support modification of program
variables: My understanding is that the current version of the debugging
interface only allows inspecting a program's state and not modifying it. I
don't know how difficult it would be to implement this modification, but it
seems to be the most straightforward way to inject faults. However, I would
be limited by the resolution of the debugging interface, and would be able
to inject faults only to source-level variables.

2. Changing the LLVM Interpreter to randomly corrupt data values when the
bytecode instruction is executed. This would probably involve extensive
modifications of the interpreter, but would give me fine-grained control
over when and where I inject faults. However, the cost of doing this would
be very high and also it is unclear whether the behavior of the interpreted
code and the behavior of the real code would be the same under faults.

3. Adding a new intrinsic to perform fault-injections similar to how the
current debugging intrinsics work: This would probably be the most efficient
way to inject a fault and would also give me fine-grained control over where
the fault is injected, but from what I've read about adding intrinsics, it
also seems to be a lot of work. Or maybe I could somehow extend the current
debugging intrinsics to also perform fault-injections ?

Of course, I could simply perform fault-injections on the compiled binaries,
but then I would not be able to map the data value I corrupted to its LLVM
equivalent (or would I ?). Also, this would not allow me to trace the
propagation of the fault in a fine-grained fasion, which is essential for me
to understanding its effects.

What do people think of the above methods ? Or is there some simple way to
do this using existing capabilities that I'm missing ?

Thanks,

- Karthik Pattabiraman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20060214/2efbc9db/attachment.html>