Control flow errors (CFEs) pose a serious threat to the reliability of embedded systems, particularly under increasing integration density and shrinking feature sizes. Existing CFE detection techniques typically rely on coarse-grained analysis and uniform checking strategies, lacking fine-grained awareness of structural and runtime characteristics. This limitation often leads to considerable overhead, making such approaches less suitable for resource-constrained embedded systems. To tackle this shortcoming, we propose a CFE Detection approach guided by Basic block Vulnerability Analysis (CDBVA) that aims to strike a balance between the detection effectiveness and the overhead. Specifically, we first extract the CFE-related structural and execution features to characterize basic block vulnerability. Then, we train a learning-based model to predict basic blocks that are vulnerable to CFEs. Finally, we design a hybrid signature checking strategy that performs appropriate checks on vulnerable and non-vulnerable basic blocks separately. Experimental results demonstrate that CDBVA achieves an average prediction accuracy of 86.2% and an average CFE coverage of 95.79%, outperforming state-of-the-art approaches. While maintaining high CFE coverage, CDBVA improves the evaluation factor by 12.14%–20.82%, achieving a favorable trade-off between detection effectiveness and overhead. In addition, CDBVA demonstrates stable performance across diverse input conditions and heterogeneous hardware architectures.
Liu et al. (Mon,) studied this question.