Modular verification of interrupt-driven software

Sung, Chungha; Kusano, Markus; Wang, Chao

doi:10.1109/ase.2017.8115634

Cited by 19 publications

(8 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Abstract interpretation [14] is a static analysis framework that considers all paths and inputs to obtain a sound overapproximation of the state at every program location [31,32,52]. For efficiency reasons, the state is kept abstract and often represented by a set of constraints in a certain abstract domain.…”

Section: Abstract Interpretationmentioning

confidence: 99%

Abstract interpretation under speculative execution

Wang

2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

Analyzing the behavior of a program running on a processor that supports speculative execution is crucial for applications such as execution time estimation and side channel detection. Unfortunately, existing static analysis techniques based on abstract interpretation do not model speculative execution since they focus on functional properties of a program while speculative execution does not change the functionality. To fill the gap, we propose a method to make abstract interpretation sound under speculative execution. There are two contributions. First, we introduce the notion of virtual control flow to augment instructions that may be speculatively executed and thus affect subsequent instructions. Second, to make the analysis efficient, we propose optimizations to handle merges and loops and to safely bound the speculative execution depth. We have implemented and evaluated the proposed method in a static cache analysis for execution time estimation and side channel detection. Our experiments show that the new method, while guaranteed to be sound under speculative execution, outperforms state-of-the-art abstract interpretation techniques that may be unsound.CCS Concepts • Software and its engineering → Formal software verification; Compilers; • Security and privacy → Cryptanalysis and other attacks. SpeculativeAbstract Interpretation Architectural Parameters (cache config., speculation depth) Control Flow Analysis

show abstract

Section: Abstract Interpretationmentioning

confidence: 99%

Abstract interpretation under speculative execution

Wang

2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

show abstract

“…Our work differs in several ways: Their analysis is directed towards applications (we target libraries where task priorities do not matter), their analyses are specific (we provide a basis for carrying out a variety of value-set and relational analyses, targeting race-free programs), they consider priority and flag-based synchronization (but not disable-enable and suspend-resume based synchronization). Sung and others [27] consider interrupt-driven applications in the form of ISRs with different priorities, and perform interval-based static analysis for checking assertions. They do not handle libraries and do not leverage race-freedom.…”

Section: Related Workmentioning

confidence: 99%

Data Races and Static Analysis for Interrupt-Driven Kernels

Chopra

Pai

D’Souza

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We consider a class of interrupt-driven programs that model the kernel API libraries of some popular real-time embedded operating systems and the synchronization mechanisms they use. We define a natural notion of data races and a happens-before ordering for such programs.The key insight is the notion of disjoint blocks to define the synchronizeswith relation. This notion also suggests an efficient and effective lockset based analysis for race detection. It also enables us to define efficient "sync-CFG" based static analyses for such programs, which exploit data race freedom. We use this theory to carry out static analysis on the FreeRTOS kernel library to detect races and to infer simple relational invariants on key kernel variables and data-structures.

show abstract

“…In the context of static analysis of concurrent programs, for example, Kusano and Wang [30,31] used Datalog in a thread-modular abstract interpretation to check the feasibility of inter-thread data-flow edges on sequentially consistent and weaker memory models. Sung et al [45] used a similar technique for modeling preemption scheduling of interrupts and thus improving the accuracy of static analysis for interrupt-driven programs. However, none of these existing methods computes the synchronization differences of evolving programs.…”

Section: Related Workmentioning

confidence: 99%

Datalog-based scalable semantic diffing of concurrent programs

Sung

Lahiri

Enea

et al. 2018

Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering

Self Cite

View full text Add to dashboard Cite

When an evolving program is modified to address issues related to thread synchronization, there is a need to confirm the change is correct, i.e., it does not introduce unexpected behavior. However, manually comparing two programs to identify the semantic difference is labor intensive and error prone, whereas techniques based on model checking are computationally expensive. To fill the gap, we develop a fast and approximate static analysis for computing synchronization differences of two programs. The method is fast because, instead of relying on heavy-weight model checking techniques, it leverages a polynomial-time Datalog-based program analysis framework to compute differentiating data-flow edges, i.e., edges allowed by one program but not the other. Although approximation is used our method is sufficiently accurate due to careful design of the Datalog inference rules and iterative increase of the required data-flow edges for representing a difference. We have implemented our method and evaluated it on a large number of multithreaded C programs to confirm its ability to produce, often within seconds, the same differences obtained by human; in contrast, prior techniques based on model checking take minutes or even hours and thus can be 10x to 1000x slower. CCS CONCEPTS• Software and its engineering → Software verification and validation;

show abstract

Modular verification of interrupt-driven software

Cited by 19 publications

References 45 publications

Abstract interpretation under speculative execution

Abstract interpretation under speculative execution

Data Races and Static Analysis for Interrupt-Driven Kernels

Datalog-based scalable semantic diffing of concurrent programs

Contact Info

Product

Resources

About