Fault Tolerant Code

Hacker Perspective: Example of Fault Tolerant Programming

Introduction

Certain kinds of electrical noise on the address buss could cause the CPU to inadvertently jump from the middle of one routine to another (e.g. enter routine-2 but exit through the return of routine-3). This can be detected by adding bookkeeping code to the entry and exit points.

The following pseudo code example is just a schematic demo
This technique is routinely used by the aerospace industry
I wonder (but have no idea) if this technique is used by the auto industry but they would be crazy not to. This is a self-defensive programming technique where the humble, yet careful, programmer is always asking "what happens if this fails?"

monitor routine

note: here we initialize each sanity counter to 0 (then later test for zero) but you might wish to consider a better choice like 85 (01010101)

cold_start:                                  !
    initialize system                        ! init all variables
warm_start:                                  !
    increment warm_count                     !
    if warm_count > 20 then goto cold_start  ! jump if too many warm starts
    init all sanity counters                 ! fall through to main_loop
main_loop:                                   !
    increment sanity0                        !
    gosub routine1                           !
    gosub routine2                           !
    gosub routine3                           !
    decrement sanity0                        !
    !
    !    do primary sanity tests
    !
    if sanity0 <> 0 then goto warm_start     ! oops
    if sanity1 <> 0 then goto warm_start     ! oops
    if sanity2 <> 0 then goto warm_start     ! oops
    if sanity3 <> 0 then goto warm_start     ! oops
    increment loop_count                     !
    if loop_count > 65000                    !
    then                                     !
        loop_count = 0                       ! re-init this variable
        if warm_count > 0                    !
        then                                 !
            decrement warm_count             ! we will decrement warm_count every 65000 loops 
        endif                                !
    endif                                    !
    goto main_loop                           !

sub-routines

routine1:                          !
    increment sanity1              ! check in
    do something                   ! this could be many lines of code
    decrement sanity1              ! check out
    gosub secondary_sanity_tests   ! make sure we aren't locked out of main
    return                         !

routine2:                          !
    increment sanity2              ! check in
    do something                   ! this could be many lines of code
    decrement sanity2              ! check out
    gosub secondary_sanity_tests   ! make sure we aren't locked out of main
    return                         !

routine3:                          !
    increment sanity3              ! check in
    do something                   ! this could be many lines of code
    decrement sanity3              ! check out
    gosub secondary_sanity_tests   ! make sure we aren't locked out of main
    return                         !

Back to Home
Neil Rieck
Waterloo, Ontario, Canada.