[1] Widely studied physical fault injections include the application of high voltages, extreme temperatures and electromagnetic pulses on electronic components, such as computer memory and central processing units.
[2][3] By exposing components to conditions beyond their intended operating limits, computing systems can be coerced into mis-executing instructions and corrupting critical data.
Later specialised hardware was developed to extend this technique, such as devices to bombard specific areas of a circuit board with heavy radiation.
A simple example of this technique could be changing a = a + 1 to a = a – 1 Code mutation produces faults which are very similar to those unintentionally added by programmers.
Faults can be injected via a number of physical methods and triggers can be implemented in a number of ways, such as: Time Based triggers (When the timer reaches a specified time an interrupt is generated and the interrupt handler associated with the timer can inject the fault.
One kind of fault injection that is particularly useful to test protocol implementations (a type of software code that has the unusual characteristic in that it cannot predict or control its input) is fuzzing.
The hardware fault injection method consists in real electrical signals injection into the DUT (devices under testing) in order to disturb it, supposedly well working, at hardware low level, and deceive the control - detection chain (if present) in order to see how and if the fault management strategy is implemented.
This technique is based on a nail bed, necessary to contact the electronics of the products, where a specific test pad has been left free (Design for testability of PCB), and properly inject disturbance signals, in order to see the product's control- reaction arm's reaction if present.
It's a technique often used to certify and validate reaction to fault in high reliability products, where safety is involved (Military, Medical, Autonomous vehicle).
Any single components present in the DUT (from dipole type resistor, capacitor, diode) to tripolar transistors, CMOS, ECC) up to complex chip (Low voltage converter, power unit, CPU, RAM, ECC), is susceptible to a fault method (short, open, drift ECC) that can be studied during a FMEDA analysis using statistical method (MIL HBK) and determine the most dangerous with a Functional safety approach (ISO 26262 A), then real test shall be executed on any permutation there considered risky.
Hence, the testers need an efficient algorithm to choose critical faults that have a higher impact on system behavior.
Even a well designed fault injection test can sometimes produce situations that are impossible in the normal operation of the software.