In the program checking paradigm, the original program is run on the desired input, and its output is checked by another program called achecker. Recently, the notion of program checking has been extended from its original formulation of checking functions to checking a sequence of operations which query and alter the state of an object external to the program, e.g., checking the interactions between a client and the manager (server) of a data structure. In this expanded paradigm, the checker acts as an intermediary between the client, which generates the requests, and the server, which processes them. The checker is allowed a small amount of reliable memory and may provide a probabilistic guarantee of correctness for the client. We present off-line and on-line checkers for data structures such as linked lists, trees, and graphs. Previously, the only data structures for which such checkers existed were random access memories, stacks, and queues.

In this paper we describe a general technique for checking the integrity of data structures which can be corrupted by memory faults. Our approach is based on a recursive checksum technique. Basic methods of using checksums have been previously seen to be useful for detecting faults at the bit or word level; among our results will be their extension to the node level. The major contributions of our paper are threefold. First, we show how the recursive checksum procedure can be applied to tree data structures that are dynamically changing, whereas the previous work concentrated on trees that were static in their structure. This results in a asymptotic improvement in running time for applications where it is natural to model the underlying data as a tree. Second, we present a C ++ implementation of this scheme. Significantly, it is seen that our software can be used with existing applications which manipulate trees with only minor modification of the application programs. Finally, we ha...

Programs written in type-unsafe languages such as C and C++ incur costly memory errors that result in corrupted data structures, program crashes, and incorrect results. We present a data-centric solution to memory corruption called critical memory, a memory model that allows programmers to identify and protect data that is critical for correct program execution. Critical memory defines operations to consistently read and update critical data, and ensures that other non-critical updates in the program will not corrupt it. We also present Samurai, a runtime system that implements critical memory in software. Samurai uses replication and forward error correction to provide probabilistic guarantees of critical memory semantics. Because Samurai does not modify memory operations on non-critical data, the majority of memory operations in programs run at full speed, and Samurai is compatible with third party libraries. Using both applications, including a Web server, and libraries (an STL list class and a memory allocator), we evaluate the performance overhead and fault tolerance that Samurai provides. We find that Samurai is a useful and practical approach for the majority of the applications and libraries considered.

this paper, we consider the problem of detecting errors in the answers given in response to data structure queries. For many programs a substantial fraction of the intricate error-prone code resides in the routines associated with data structure access. In addition, a significant fraction of total program running time is spent executing the code of these routines. Data structures are often used to implement abstract data types (ADTs) and in recent years a number of different ADTs have been shown to be efficiently checkable. Checkers which are also referred to as error monitors in this paper have been developed for priority queues, the union/find data type, and most recently mergeable priority queues and have been shown to require only O(n) time to check a sequence of n operations [5, 21, 23]. These checkers detect any errors in query answers and since each of these checkers is based on an ADT

Abstract: We propose a formal approach for adding fault detection to software. An assertion-based formalism is used to represent specifications and verify completeness and consistency. This specifcation is used to generate aflowgraph, which is used to construct an exemplar-path tree. This representation is then used to generate an input set to exercise and verify the implementation. Previous software fault-tolerance (SFT) techniques emphasized algorithm-based fault tolerance (ABFT) which focused on detecting hardware faults that corrupted data structure contents. We propose a method that also detects hardware faults, which cause program flow errors. Our technique embeds two types of software checks. The first is based on the ABFT techniques described in the literature. The second type of check is used to detect faults that cause program flow errors. The exemplar-path tree provides information that can be used to predict a future program location, given the current location. During execution, program locations are recorded, along with expected locations, as determined from the exemplar-path tree. This information then is used to verifr that the future location is executed as expected. Hardware fault coverage has been estimated through experiments with the fault injection tool, SOFIT. Faults of differing durations were injected into memory, address bus, data bus, and CPU registers. The data presented, demonstrate the effectiveness of the method for detecting hardware faults.