Article

Free access

Modular verification of interrupt-driven software

Authors:

Chao WangAuthors Info & Claims

ASE '17: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

Pages 206 - 216

Published: 30 October 2017 Publication History

Abstract

Interrupts have been widely used in safety-critical computer systems to handle outside stimuli and interact with the hardware, but reasoning about interrupt-driven software remains a difficult task. Although a number of static verification techniques have been proposed for interrupt-driven software, they often rely on constructing a monolithic verification model. Furthermore, they do not precisely capture the complete execution semantics of interrupts such as nested invocations of interrupt handlers. To overcome these limitations, we propose an abstract interpretation framework for static verification of interrupt-driven software that first analyzes each interrupt handler in isolation as if it were a sequential program, and then propagates the result to other interrupt handlers. This iterative process continues until results from all interrupt handlers reach a fixed point. Since our method never constructs the global model, it avoids the up-front blowup in model construction that hampers existing, non-modular, verification techniques. We have evaluated our method on 35 interrupt-driven applications with a total of 22,541 lines of code. Our results show the method is able to quickly and more accurately analyze the behavior of interrupts.

References

[1]

Vikram Adve, Chris Lattner, Michael Brukman, Anand Shukla, and Brian Gaeke. LLVA: A Low-level Virtual Instruction Set Architecture. In ACM/IEEE international symposium on Microarchitecture, 2003.

Digital Library

[2]

Martin Bravenboer and Yannis Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, pages 243–262, 2009.

Digital Library

[3]

Doina Bucur and Marta Kwiatkowska. On software verification for sensor nodes. Journal of Systems and Software, 84(10):1693–1707, 2011.

Digital Library

[4]

E. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 168–176, 2004.

[5]

Patrick Cousot and Radhia Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 238–252, 1977.

Digital Library

[6]

Patrick Cousot, Radhia Cousot, Jérˆome Feret, Laurent Mauborgne, Antoine Miné, David Monniaux, and Xavier Rival. The ASTRE É analyzer. In European Symposium on Programming Languages and Systems, pages 21–30, 2005.

[7]

Azadeh Farzan and Zachary Kincaid. Verification of parameterized concurrent programs by modular reasoning about data and control. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 297–308, 2012.

Digital Library

[8]

Jeanne Ferrante, Karl J. Ottenstein, and Joe D. Warren. The program dependence graph and its use in optimization. ACM Transactions on Programming Languages and Systems, 9(3):319–349, July 1987.

Digital Library

[9]

Shengjian Guo, Markus Kusano, and Chao Wang. Conc-iSE: Incremental symbolic execution of concurrent software. In IEEE/ACM International Conference On Automated Software Engineering, 2016.

Digital Library

[10]

Shengjian Guo, Markus Kusano, Chao Wang, Zijiang Yang, and Aarti Gupta. Assertion guided symbolic execution of multithreaded programs. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 854–865, 2015.

Digital Library

[11]

Shengjian Guo, Meng Wu, and Chao Wang. Symbolic execution of programmable logic controller code. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 326–336, 2017.

Digital Library

[12]

Makoto Higashi, Tetsuo Yamamoto, Yasuhiro Hayase, Takashi Ishio, and Katsuro Inoue. An effective method to control interrupt handler for data race detection. In Proceedings of the 5th Workshop on Automation of Software Test, pages 79–86, 2010.

Digital Library

[13]

Krystof Hoder, Nikolaj Bjørner, and Leonardo de Moura. muZ - an efficient engine for fixed points with constraints. In International Conference on Computer Aided Verification, pages 457–462, 2011.

Digital Library

[14]

The intAbs tool and benchmark programs for evaluating intAbs.

[15]

Franjo Ivanˇci´c, I. Shlyakhter, Aarti Gupta, M.K. Ganai, V. Kahlon, Chao Wang, and Z. Yang. Model checking C program using F-Soft. In International Conference on Computer Design, pages 297–308, 2005.

Digital Library

[16]

Bertrand Jeannet and Antoine Miné. Apron: A library of numerical abstract domains for static analysis. In International Conference on Computer Aided Verification, pages 661–667, 2009.

Digital Library

[17]

Jonathan Kotker, Dorsa Sadigh, and Sanjit A. Seshia. Timing analysis of interrupt-driven programs under context bounds. In International Conference on Formal Methods in Computer-Aided Design, pages 81–90, 2011.

Digital Library

[18]

Daniel Kroening, Lihao Liang, Tom Melham, Peter Schrammel, and Michael Tautschnig. Effective verification of low-level software with nested interrupts. In Proceedings of the Design, Automation & Test in Europe Conference, pages 229–234, 2015.

Digital Library

[19]

Markus Kusano and Chao Wang. Flow-sensitive composition of threadmodular abstract interpretation. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 799–809, 2016.

Digital Library

[20]

Markus J. Kusano and Chao Wang. Thread-modular static analysis for relaxed memory models. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 337–348, 2017.

Digital Library

[21]

Monica S. Lam, John Whaley, V. Benjamin Livshits, Michael C. Martin, Dzintars Avots, Michael Carbin, and Christopher Unkel. Context-sensitive program analysis as database queries. In ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, pages 1–12, 2005.

Digital Library

[22]

Leslie Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, 21(7):558–565, 1978.

Digital Library

[23]

V. Benjamin Livshits and Monica S. Lam. Finding security vulnerabilities in Java applications with static analysis. In USENIX Security Symposium, 2005.

Digital Library

[24]

Antoine Miné. Static analysis of run-time errors in embedded critical parallel C programs. In Programming Languages and Systems, pages 398–418. 2011.

Digital Library

[25]

Antoine Miné. Static analysis by abstract interpretation of sequential and multi-thread programs. In Proc. of the 10th School of Modelling and Verifying Parallel Processes, pages 35–48, 2012.

[26]

Antoine Miné. Static analysis of run-time errors in embedded real-time parallel C programs. Logical Methods in Computer Science, 8(1), 2012.

[27]

Antoine Miné. Relational thread-modular static value analysis by abstract interpretation. In International Conference on Verification, Model Checking, and Abstract Interpretation, pages 39–58, 2014.

Digital Library

[28]

Antoine Miné. Static analysis of embedded real-time concurrent software with dynamic priorities. Electr. Notes Theor. Comput. Sci., 331:3–39, 2017.

[29]

Mayur Naik, Alex Aiken, and John Whaley. Effective static race detection for Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 308–319, 2006.

Digital Library

[30]

John Regehr. Random testing of interrupt-driven software. In International Conference on Embedded Software, pages 290–298, 2005.

Digital Library

[31]

John Regehr and Nathan Cooprider. Interrupt verification via thread verification. Electron. Notes Theor. Comput. Sci., 174(9):139–150, 2007.

Digital Library

[32]

John Regehr, Alastair Reid, and Kirk Webb. Eliminating stack overflow by abstract interpretation. ACM Trans. Embedded Comput. Syst., 4(4):751– 778, 2005.

Digital Library

[33]

Bastian Schlich, Thomas Noll, Jörg Brauer, and Lucas Brutschy. Reduction of interrupt handler executions for model checking embedded software. In Haifa Verification Conference, pages 5–20, 2009.

Digital Library

[34]

Martin D. Schwarz, Helmut Seidl, Vesal Vojdani, Peter Lammich, and Markus Müller-Olm. Static analysis of interrupt-driven programs synchronized via the priority ceiling protocol. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 93–104, 2011.

Digital Library

[35]

Chungha Sung, Markus Kusano, Nishant Sinha, and Chao Wang. Static DOM event dependency analysis for testing web applications. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 447–459, 2016.

Digital Library

[36]

Thilo V´ortler, Benny H’”ockner, Petra Hofstedt, and Thomas Klotz. Formal verification of software for the Contiki operating system considering interrupts. In IEEE International Symposium on Design and Diagnostics of Electronic Circuits & Systems, pages 295–298, 2015.

Digital Library

[37]

Chao Wang and Kevin Hoang. Precisely deciding control state reachability in concurrent traces with limited observability. In International Conference on Verification, Model Checking, and Abstract Interpretation, pages 376–394, 2014.

Digital Library

[38]

Chao Wang, Z. Yang, Franjo Ivancic, and Aarti Gupta. Disjunctive image computation for emebedded software verification. In Proceedings of the Design, Automation & Test in Europe Conference, 2006.

Digital Library

[39]

Yu Wang, Junjing Shi, Linzhang Wang, Jianhua Zhao, and Xuandong Li. Detecting data races in interrupt-driven programs based on static analysis and dynamic simulation. In Proceedings of the 7th Asia-Pacific Symposium on Internetware, pages 199–202, 2015.

Digital Library

[40]

Yu Wang, Linzhang Wang, Tingting Yu, Jianhua Zhao, and Xuandong Li. Automatic detection and validation of race conditions in interrupt-driven embedded software. In International Symposium on Software Testing and Analysis, pages 113–124, 2017.

Digital Library

[41]

John Whaley and Monica S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 131–144, 2004.

Digital Library

[42]

Xueguang Wu, Liqian Chen, Antoine Miné, Wei Dong, and Ji Wang. Static analysis of runtime errors in interrupt-driven programs via sequentialization. ACM Trans. Embedded Comput. Syst., 15(4):70:1– 70:26, 2016.

Digital Library

[43]

Xueguang Wu, Yanjun Wen, Liqian Chen, Wei Dong, and Ji Wang. Data race detection for interrupt-driven programs via bounded model checking. In International Conference on Software Security and Reliability, pages 204–210, 2013.

Digital Library

[44]

Z. Yang, Chao Wang, Franjo Ivanˇci´c, and Aarti Gupta. Mixed symbolic representations for model checking software programs. In International Conference on Formal Methods and Models for Codesign, pages 17–24, 2006.

Digital Library

[45]

Naling Zhang, Markus Kusano, and Chao Wang. Dynamic partial order reduction for relaxed memory models. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 250–259, 2015. Introduction Motivation Testing Model Checking Abstract Interpretation Abstract Interpretation for Interrupts Preliminaries Modeling of Interrupts Abstract Interpretation for Threads Feasibility of Data Flows between Interrupts Inference Rules The Running Examples Soundness of the Analysis The Overall Analysis Procedure Experiments Results Infeasible Pairs Related Work Conclusions Acknowledgments References

Digital Library

Cited By

Khakpour NHong JPark J(2024)Verification of Concurrent Machine Code Running on a Single-Core MachineProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3635924(1675-1683)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1145/3605098.3635924
Wu MWang CMcKinley KFisher K(2019)Abstract interpretation under speculative executionProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314647(802-815)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314647
Sung CLahiri SEnea CWang CHuchard MKästner CFraser G(2018)Datalog-based scalable semantic diffing of concurrent programsProceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering10.1145/3238147.3238211(656-666)Online publication date: 3-Sep-2018
https://dl.acm.org/doi/10.1145/3238147.3238211

Recommendations

Numerical static analysis of interrupt-driven programs via sequentialization
EMSOFT '15: Proceedings of the 12th International Conference on Embedded Software

Embedded software often involves intensive numerical computations and thus can contain a number of numerical run-time errors. The technique of numerical static analysis is of practical importance for checking the correctness of embedded software. ...
Static Analysis of Runtime Errors in Interrupt-Driven Programs via Sequentialization
Special Issue on ESWEEK2015 and Regular Papers

Embedded software often involves intensive numerical computations and suffers from a number of runtime errors. The technique of numerical static analysis is of practical importance for checking the correctness of embedded software. However, most of the ...
Detection of Uncaught Exceptions in Functional Programs by Abstract Interpretation
Programming Languages and Systems
Abstract
Exception handling is a key feature in modern programming languages. Exceptions can be used to deal with errors, or as a means to control the flow of execution of a program. Since they might unexpectedly terminate a program, unhandled exceptions ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

ASE '17: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

October 2017

1033 pages

ISBN:9781538626849

General Chair:
Grigore Rosu
University of Illinois at Urbana-Champaign, USA
,
Program Chairs:
Massimiliano Di Penta
University of Sannio, Italy
,
Tien N. Nguyen
University of Texas at Dallas, USA

Sponsors

Publisher

IEEE Press

Publication History

Published: 30 October 2017

Author Tags

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
118
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)8

Reflects downloads up to 15 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Khakpour NHong JPark J(2024)Verification of Concurrent Machine Code Running on a Single-Core MachineProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3635924(1675-1683)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1145/3605098.3635924
Wu MWang CMcKinley KFisher K(2019)Abstract interpretation under speculative executionProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314647(802-815)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314647
Sung CLahiri SEnea CWang CHuchard MKästner CFraser G(2018)Datalog-based scalable semantic diffing of concurrent programsProceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering10.1145/3238147.3238211(656-666)Online publication date: 3-Sep-2018
https://dl.acm.org/doi/10.1145/3238147.3238211

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten