Analyzing Embedded Systems Code for Mixed-Critical Systems Using Hybrid Memory Representations

This paper presents a low-level memory and hardware model suitable for analyzing embedded systems software written in high-level languages such as C. The key feature of this approach is that it combines information that can be discovered from the C code itself with information from the executable binary program. Further, it also integrates effects caused through hardware dependencies. We describe the benefits of this model by showing its applicability to thev erification of properties related to software partitioning, which is crucial for systems of mixed criticality. Furthermore, wede monstrate that our model can easily be integrated into abstract interpretation frameworks for high-level languages so as to increase analysis precision.

[1]  Ralf Huuck,et al.  Some Assembly Required - Program Analysis of Embedded System Code , 2008, 2008 Eighth IEEE International Working Conference on Source Code Analysis and Manipulation.

[2]  Helmut Veith,et al.  An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries , 2008, VMCAI.

[3]  Susan Horwitz,et al.  The Effects of the Precision of Pointer Analysis , 1997, SAS.

[4]  Hosik Choi,et al.  An empirical study on classification methods for alarms from a bug-finding static C analyzer , 2007, Inf. Process. Lett..

[5]  Thomas W. Reps,et al.  Analyzing Memory Accesses in x86 Executables , 2004, CC.

[6]  Thomas W. Reps,et al.  DIVINE: DIscovering Variables IN Executables , 2007, VMCAI.

[7]  Kwangkeun Yi,et al.  Taming False Alarms from a Domain-Unaware C Analyzer by a Bayesian Statistical Post Analysis , 2005, SAS.

[8]  Hakjoo Oh,et al.  Access Analysis-Based Tight Localization of Abstract Memories , 2011, VMCAI.

[9]  Thomas W. Reps,et al.  WYSINWYX: What You See Is Not What You eXecute , 2005, VSTTE.

[10]  Jörg Brauer,et al.  Goanna: Syntactic Software Model Checking , 2008, ATVA.

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Bastian Schlich,et al.  Model checking of software for microcontrollers , 2010, TECS.

[13]  Chris Hankin,et al.  Efficient field-sensitive pointer analysis of C , 2007, TOPL.

[14]  Christel Baier,et al.  Principles of model checking , 2008 .

[15]  Jörg Brauer,et al.  Interval analysis of microcontroller code using abstract interpretation of hardware and software , 2010, SCOPES.

[16]  Dawson R. Engler,et al.  A few billion lines of code later , 2010, Commun. ACM.

[17]  Niklas Holsti Analysing Switch-Case Tables by Partial Evaluation , 2007, WCET.

[18]  Bastian Schlich,et al.  Automatic Bug Detection in Microcontroller Software by Static Program Analysis , 2009, SOFSEM.

[19]  Michael Hind,et al.  Assessing the Effects of Flow-Sensitivity on Pointer Alias Analyses , 1998, SAS.

[20]  Stefan Kowalewski,et al.  Model checking C source code for embedded systems , 2009, International Journal on Software Tools for Technology Transfer.

[21]  Junfeng Yang,et al.  Correlation exploitation in error ranking , 2004, SIGSOFT '04/FSE-12.

[22]  Carsten Sinz,et al.  A Precise Memory Model for Low-Level Bounded Model Checking , 2010, SSV.

[23]  Gerwin Klein,et al.  A Unified Memory Model for Pointers , 2005, LPAR.

[24]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[25]  John Regehr,et al.  HOIST: a system for automatically deriving static analyzers for embedded systems , 2004, ASPLOS XI.