Guidelines for Implementing Control Flow Checking into Automotive Embedded Applications Developed with C Language

Embedded systems, such as automotive applications, are increasingly used in safety-critical systems. The correct and reliable implementation of such systems depends on many factors, including the design of the system hardware, software, fault- tolerance mechanisms, and the choice of programming language, followed by the test, verification, and validation techniques employed. Even well-designed systems are not exempt from having defects that stem from their physical properties, and these imperfections can cause unforeseen and dangerous actions in safety critical systems. This paper focuses on isolating or mitigating the effects of Random Hardware Failures(RHFs). Hardening strategies are employed to mitigate RHFs in em- bedded systems, either by adding specialized hardware or us- ing Software-Implemented Hardware Fault Tolerance (SIHFT) methods. SIHFT methods are applied to various applications to harden them against Control Flow Errors (CFEs). This paper presents a guideline for applying a subset of SIHFT methods called Control Flow Checking (CFC) methods to application code written in C language. The motivation is that in the literature few guidelines can be found that provide insight on implementing CFC methods with high-level programming languages. Most proposals implement CFC methods in low-level languages such as assembly. The rationale behind developing high-level language implementations lies in the pursuit of architecture independence as well as the inadequacy of a certified compiler for the target platform that can conveniently incorporate Certified Functionally Correct into the compiled assembly/machine language code.