CRC16 checksum reliability
Not so long ago on duty faced a rather interesting problem.
We have a device that performs intensive exchange on the internal RS485 bus, the number of passing packets is of the order of several thousand per second, each packet has a length of 7 bytes, two of which are designed to store the CRC16 checksum in its CMS version (polynomial = 0x8005, starting value = 0xFFFF). Reception is carried out in the FIFO buffer, which is shifted upward with displacement after receiving each subsequent byte. An indicator of the receipt of a real packet is the fact that its checksum coincides with the value transmitted in the packet itself. No headers or additional parameters.
The problem was the following - periodically, approximately once every 5 minutes, during data transmission, a packet was skipped, the data of which gave a burst of data for one of the channels, and most often the burst occurred to the same value. At first we looked in the direction of physical collisions, but the case turned out to be different - from time to time in the buffer where the data was collected, it turned out to be a packet consisting of the end of the previous packet and the beginning of the next one, and the checksum of such a combined packet turned out to be correct. That is, there is a checksum collision: the packet does not make sense, but gives the correct checksum.
Naturally, the error was already at the system design level, since the packets did not have any headers, the introduction of an additional byte header reduced the number of errors to an undetectable level, but this seemed to me a little. I decided to check how different types of 16-bit checksums differ from each other in real conditions. Actually, this article.
')
For comparison, I chose several of the most commonly used 16-bit checksums with different polynomials, starting values, and a bit arrival mechanism. The amounts I selected are summarized in the following table:
In this case:
When emulating packet damage, I implemented the following models:
Then, the program generated 100,000,000 packets randomly, each of them carried out the above operations, after which the checksums of the original and the upgraded packet were compared. Packages that did not change during conversion were discarded. If the checksum matches, an error has been logged.
As a result, the following table was obtained with the number of errors:
Obviously, the starting value of the algorithm does not affect the result, which is logical, the starting value gives us only a different value of the checksum, but the calculation mechanism itself does not change. Therefore, I excluded these checksums from further consideration. Similarly, it does not make sense to consider errors in single bits, all checksums coped with this without error, which, in fact, was required from them during creation.
Well, the final table of the quality of the checksum, without taking into account duplicate algorithms:
The remaining conclusions leave readers. From myself I will only note that the number of units in the checksum polynom has a certain influence on the results. But this is just my personal subjective opinion. I will be glad to hear other explanations.
The source code of the program is given below.
As a result, in the next version of the product for the internal bus, the CCITT checksum was chosen, mostly because its implementation was available in the hardware of the microcontroller used.
We have a device that performs intensive exchange on the internal RS485 bus, the number of passing packets is of the order of several thousand per second, each packet has a length of 7 bytes, two of which are designed to store the CRC16 checksum in its CMS version (polynomial = 0x8005, starting value = 0xFFFF). Reception is carried out in the FIFO buffer, which is shifted upward with displacement after receiving each subsequent byte. An indicator of the receipt of a real packet is the fact that its checksum coincides with the value transmitted in the packet itself. No headers or additional parameters.
The problem was the following - periodically, approximately once every 5 minutes, during data transmission, a packet was skipped, the data of which gave a burst of data for one of the channels, and most often the burst occurred to the same value. At first we looked in the direction of physical collisions, but the case turned out to be different - from time to time in the buffer where the data was collected, it turned out to be a packet consisting of the end of the previous packet and the beginning of the next one, and the checksum of such a combined packet turned out to be correct. That is, there is a checksum collision: the packet does not make sense, but gives the correct checksum.
Naturally, the error was already at the system design level, since the packets did not have any headers, the introduction of an additional byte header reduced the number of errors to an undetectable level, but this seemed to me a little. I decided to check how different types of 16-bit checksums differ from each other in real conditions. Actually, this article.
')
For comparison, I chose several of the most commonly used 16-bit checksums with different polynomials, starting values, and a bit arrival mechanism. The amounts I selected are summarized in the following table:
| Designation | Polynomial | Init | Refin | Refout | Xorout |
| CMS | 0x8005 | 0xFFFF | false | false | 0x0000 |
| CCITT | 0x1021 | 0xFFFF | false | false | 0x0000 |
| AUG-CCITT | 0x1021 | 0x1D0F | false | false | 0x0000 |
| BYPASS | 0x8005 | 0x0000 | false | false | 0x0000 |
| CDMA2000 | 0xC867 | 0xFFFF | false | false | 0x0000 |
| DDS-110 | 0x8005 | 0x800D | false | false | 0x0000 |
| DECT-X | 0x0589 | 0x0000 | false | false | 0x0000 |
| EN-13757 | 0x3D65 | 0x0000 | false | false | 0xFFFF |
| Modbus | 0x8005 | 0xFFFF | true | true | 0x0000 |
| T10-DIF | 0x8BB7 | 0x0000 | false | false | 0x0000 |
| TELEDISK | 0xA097 | 0x0000 | false | false | 0x0000 |
| XMODEM | 0x1021 | 0x0000 | false | false | 0x0000 |
In this case:
- RefIn - the order of receipt of bits from the data buffer: false - starting with the most significant bit (MSB first), true - LSB first;
- RefOut - flag to invert the order of bits on the output: true - to invert.
When emulating packet damage, I implemented the following models:
- Shuffle: Filling a random number of bytes in a packet with random values.
- Bit shift: shift random bytes in the packet to the left
- Roll packet: ring byte offset in packet to the left
- Right shift: shift of the packet to the right by one byte, 0xFF is added to the left (transmission goes via UART)
- Left shift: shift packet left by one byte, 0xFF appended to the right
- Fill zeros: filling a random number of bytes in a packet with 0x00 bytes (all zeros)
- Fill ones: fill a random number of bytes in a packet with 0xFF bytes (all units)
- Byte injection: insertion of a random byte into a packet in a random place, bytes behind the inserted one are shifted in the direction of the tail
- Single bit: damage to a single random bit.
Then, the program generated 100,000,000 packets randomly, each of them carried out the above operations, after which the checksums of the original and the upgraded packet were compared. Packages that did not change during conversion were discarded. If the checksum matches, an error has been logged.
As a result, the following table was obtained with the number of errors:
| Designation | Shuffle | Bit shift | Roll packet | Right shift | Left shift | Fill zeros | Fill ones | Byte injection | Sum |
| CMS | 5101 | 3874 | 2937 | 1439 | 1688 | 3970 | 4010 | 1080 | 24099 |
| CCITT | 2012 | 1127 | 3320 | 1494 | 1486 | 1063 | 1096 | 1130 | 12728 |
| AUG-CCITT | 2012 | 1127 | 3320 | 1494 | 1486 | 1063 | 1096 | 1130 | 12728 |
| BYPASS | 5101 | 3874 | 2937 | 1439 | 1688 | 3970 | 4010 | 1080 | 24099 |
| CDMA2000 | 1368 | 1025 | 1946 | 1462 | 1678 | 1043 | 1028 | 1112 | 10662 |
| DDS-110 | 5101 | 3874 | 2937 | 1439 | 1688 | 3970 | 4010 | 1080 | 24099 |
| DECT-X | 1432 | 1189 | 5915 | 1779 | 1580 | 1215 | 1209 | 1093 | 15412 |
| EN-13757 | 1281 | 2209 | 3043 | 1520 | 1528 | 2193 | 2187 | 1039 | 15,000 |
| Modbus | 5090 | 3888 | 3086 | 1282 | 1582 | 3947 | 3897 | 1073 | 23845 |
| T10-DIF | 1390 | 922 | 1424 | 1421 | 1630 | 994 | 938 | 1093 | 9812 |
| TELEDISK | 1394 | 1049 | 5398 | 1451 | 1512 | 1096 | 1066 | 1065 | 14031 |
| XMODEM | 2012 | 1127 | 3320 | 1494 | 1486 | 1063 | 1096 | 1130 | 12728 |
Obviously, the starting value of the algorithm does not affect the result, which is logical, the starting value gives us only a different value of the checksum, but the calculation mechanism itself does not change. Therefore, I excluded these checksums from further consideration. Similarly, it does not make sense to consider errors in single bits, all checksums coped with this without error, which, in fact, was required from them during creation.
Well, the final table of the quality of the checksum, without taking into account duplicate algorithms:
| Designation | Number of collisions | Place |
| CMS | 24099 | eight |
| CCITT | 12728 | 3 |
| CDMA2000 | 10662 | 2 |
| DECT-X | 15412 | 6 |
| EN-13757 | 15,000 | five |
| Modbus | 23845 | 7 |
| T10-DIF | 9812 | one |
| TELEDISK | 14031 | four |
The remaining conclusions leave readers. From myself I will only note that the number of units in the checksum polynom has a certain influence on the results. But this is just my personal subjective opinion. I will be glad to hear other explanations.
The source code of the program is given below.
Source
#include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <stdbool.h> #include <string.h> #include <time.h> #define PACKET_LEN (7) #define NUM_OF_CYCLES (100000) static unsigned char reverse_table[16] = { 0x0, 0x8, 0x4, 0xC, 0x2, 0xA, 0x6, 0xE, 0x1, 0x9, 0x5, 0xD, 0x3, 0xB, 0x7, 0xF }; uint8_t reverse_bits(uint8_t byte) { // Reverse the top and bottom nibble then swap them. return (reverse_table[byte & 0b1111] << 4) | reverse_table[byte >> 4]; } uint16_t reverse_word(uint16_t word) { return ((reverse_bits(word & 0xFF) << 8) | reverse_bits(word >> 8)); } uint16_t crc16_common(uint8_t *data, uint8_t len, uint16_t poly, uint16_t init, uint16_t doXor, bool refIn, bool refOut) { uint8_t y; uint16_t crc; crc = init; while (len--) { if (refIn) crc = ((uint16_t)reverse_bits(*data++) << 8) ^ crc; else crc = ((uint16_t)*data++ << 8) ^ crc; for (y = 0; y < 8; y++) { if (crc & 0x8000) crc = (crc << 1) ^ poly; else crc = crc << 1; } } if (refOut) crc = reverse_word(crc); return (crc ^ doXor); } uint16_t crc16_ccitt(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x1021, 0xFFFF, 0x0000, false, false); } uint16_t crc16_bypass(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x8005, 0x0000, 0x0000, false, false); } uint16_t crc16_xmodem(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x1021, 0x0000, 0x0000, false, false); } uint16_t crc16_teledisk(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0xA097, 0x0000, 0x0000, false, false); } uint16_t crc16_augccitt(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x1021, 0x1d0f, 0x0000, false, false); } uint16_t crc16_cdma2000(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0xc867, 0xffff, 0x0000, false, false); } uint16_t crc16_dds110(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x8005, 0x800d, 0x0000, false, false); } uint16_t crc16_dect(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x0589, 0x0000, 0x0000, false, false); } uint16_t crc16_en13757(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x3d65, 0x0000, 0xffff, false, false); } uint16_t crc16_t10dif(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x8bb7, 0x0000, 0x0000, false, false); } uint16_t crc16_cms(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x8005, 0xFFFF, 0x0000, false, false); } uint16_t crc16_modbus(uint8_t *data, uint8_t len) { return crc16_common(data, len, 0x8005, 0xFFFF, 0x0000, true, true); } bool compare_buf(uint8_t *buf1, uint8_t *buf2) { uint8_t x; for (x = 0; x < PACKET_LEN; x++) { if (buf1[x] != buf2[x]) return true; } return false; } bool method_shuffle(uint8_t *buf) { uint8_t i, j; uint16_t rnd; uint8_t copy[PACKET_LEN]; memcpy(copy, buf, PACKET_LEN); for (i = 0; i < PACKET_LEN; i++) { for (j = 0; j < 10; j++) { rnd = (uint16_t)rand(); if (rnd % 7 == 0) buf[i] ^= (1 << (rnd % 8)); } } return compare_buf(buf, copy); } bool method_bitshift(uint8_t *buf) { uint8_t x, i, j; uint8_t copy[PACKET_LEN]; memcpy(copy, buf, PACKET_LEN); x = (uint8_t)(rand() % PACKET_LEN) + 1; for (j = 0; j < x; j++) { i = (uint8_t)(rand() % PACKET_LEN); if (buf[i] == 0) buf[i] = 0x01; else buf[i] <<= 1; } return compare_buf(buf, copy); } bool method_packetroll(uint8_t *buf) { uint8_t x, i, j; uint8_t temp; uint8_t copy[PACKET_LEN]; memcpy(copy, buf, PACKET_LEN); x = (uint8_t)(rand() % (PACKET_LEN - 1)) + 1; for (j = 0; j < x; j++) { temp = buf[0]; for (i = 0; i < PACKET_LEN - 1; i++) buf[i] = buf[i + 1]; buf[PACKET_LEN - 1] = temp; } return compare_buf(buf, copy); } bool method_shiftright(uint8_t *buf) { uint8_t i; uint8_t copy[PACKET_LEN]; memcpy(copy, buf, PACKET_LEN); for (i = 0; i < PACKET_LEN - 1; i++) buf[i + 1] = buf[i]; buf[0] = 0xff; return compare_buf(buf, copy); } bool method_shiftleft(uint8_t *buf) { uint8_t i; uint8_t copy[PACKET_LEN]; memcpy(copy, buf, PACKET_LEN); for (i = 0; i < PACKET_LEN - 1; i++) buf[i] = buf[i + 1]; buf[PACKET_LEN - 1] = 0xff; return compare_buf(buf, copy); } bool method_zero(uint8_t *buf) { uint8_t x, i, j; uint8_t copy[PACKET_LEN]; memcpy(copy, buf, PACKET_LEN); x = (uint8_t)(rand() % PACKET_LEN) + 1; for (j = 0; j < x; j++) { i = (uint8_t)(rand() % PACKET_LEN); if (buf[i] != 0x00) buf[i] = 0x00; else buf[i] = 0xFF; } return compare_buf(buf, copy); } bool method_one(uint8_t *buf) { uint8_t x, i, j; uint8_t copy[PACKET_LEN]; memcpy(copy, buf, PACKET_LEN); x = (uint8_t)(rand() % PACKET_LEN) + 1; for (j = 0; j < x; j++) { i = (uint8_t)(rand() % PACKET_LEN); if (buf[i] != 0xFF) buf[i] = 0xFF; else buf[i] = 0x00; } return compare_buf(buf, copy); } bool method_injection(uint8_t *buf) { uint8_t x, i; uint8_t copy[PACKET_LEN]; memcpy(copy, buf, PACKET_LEN); x = (uint8_t)(rand() % PACKET_LEN); for (i = PACKET_LEN - 1; i > x; i--) { buf[i] = buf[i - 1]; } buf[x] = (uint8_t)rand(); return compare_buf(buf, copy); } bool method_single(uint8_t *buf) { uint8_t x; x = (uint8_t)(rand() % (PACKET_LEN * 8)); buf[(uint8_t)(x / 8)] ^= (1 << (x % 8)); return true; } typedef struct { uint16_t crc1; uint16_t crc2; uint32_t errors; uint16_t (*fn)(uint8_t *data, uint8_t len); char name[32]; } tCRC; typedef struct { bool (*fn)(uint8_t *buf); char name[32]; } tMethod; static tMethod methods[] = { {method_shuffle, "Shuffle"}, {method_bitshift, "Bit shift"}, {method_packetroll, "Roll packet"}, {method_shiftright, "Right shift"}, {method_shiftleft, "Left shift"}, {method_zero, "Fill zeros"}, {method_one, "Fill ones"}, {method_injection, "Byte injection"}, {method_single, "Single bit"} }; static tCRC crcs[] = { {0, 0, 0, crc16_cms, "CMS"}, {0, 0, 0, crc16_ccitt, "CCITT"}, {0, 0, 0, crc16_augccitt, "AUG-CCITT"}, {0, 0, 0, crc16_bypass, "BYPASS"}, {0, 0, 0, crc16_cdma2000, "CDMA2000"}, {0, 0, 0, crc16_dds110, "DDS-110"}, {0, 0, 0, crc16_dect, "DECT-X"}, {0, 0, 0, crc16_en13757, "EN-13757"}, {0, 0, 0, crc16_modbus, "Modbus"}, {0, 0, 0, crc16_t10dif, "T10-DIF"}, {0, 0, 0, crc16_teledisk, "TELEDISK"}, {0, 0, 0, crc16_xmodem, "XMODEM"} }; int main(int argc, char * argv[]) { uint32_t num_of_cycle; uint32_t num_of_sums; uint8_t packet[PACKET_LEN]; uint8_t i; uint8_t m; //uint8_t buf[8] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17}; srand(time(NULL)); printf("------------------------- CRC16 comparison -------------------------\n"); num_of_sums = sizeof(crcs) / sizeof(tCRC); for (m = 0; m < sizeof(methods) / sizeof(tMethod); m++) { printf("\r%s:\n", methods[m].name); for (i = 0; i < num_of_sums; i++) { crcs[i].errors = 0; } for (num_of_cycle = 0; num_of_cycle < NUM_OF_CYCLES; num_of_cycle++) { for (i = 0; i < PACKET_LEN; i++) packet[i] = (uint8_t)rand(); for (i = 0; i < num_of_sums; i++) crcs[i].crc1 = crcs[i].fn(packet, PACKET_LEN); if (!methods[m].fn(packet)) continue; for (i = 0; i < num_of_sums; i++) { crcs[i].crc2 = crcs[i].fn(packet, PACKET_LEN); if (crcs[i].crc1 == crcs[i].crc2) crcs[i].errors++; } if (num_of_cycle % 1000 == 0) printf("\r%.2f%%", (float)num_of_cycle / NUM_OF_CYCLES * 100); } for (i = 0; i < num_of_sums; i++) printf("\r %20s: %10d\n", crcs[i].name, crcs[i].errors); } return 0; } As a result, in the next version of the product for the internal bus, the CCITT checksum was chosen, mostly because its implementation was available in the hardware of the microcontroller used.
Source: https://habr.com/ru/post/428746/
All Articles