Static analysis by abstract interpretation of functional properties of device drivers in TinyOS

We present an effective static analysis of device drivers in TinyOS.We focus on verifying the correctness of the software/hardware interactions.We consider a preemptive execution model with possibly nested interrupts.The analysis is based on Abstract Interpretation and is sound by construction.We present several experimental results performed on real-world TinyOS programs. In this paper, we present a static analysis by Abstract Interpretation of device drivers developed in the TinyOS operating system, which is considered as the de facto system in wireless sensor networks. We focus on verifying user-defined functional properties describing safety rules that programs should obey in order to interact correctly with the hardware. Our analysis is sound by construction and can prove that all possible execution paths follow the correct interaction patterns specified by the functional property. The soundness of the analysis is justified with respect to a preemptive execution model where interrupts can occur during execution depending on the configuration of specific hardware registers. The proposed solution performs a modular analysis that analyzes every interrupt independently and aggregates their results to over-approximate the effect of preemption. By doing so, we avoid reanalyzing interrupts in every context where they are enabled which improves considerably the scalability of the solution. A number of partitioning techniques are also presented in order to track precisely some crucial information, such as the hardware state and the tasks queue. We have performed several experiments on real-world TinyOS device drivers of the ATmega128 MCU and promising results demonstrate the effectiveness of our analysis.

[1]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[2]  David E. Culler,et al.  The nesC language: A holistic approach to networked embedded systems , 2003, PLDI '03.

[3]  Doina Bucur,et al.  Temporal Monitors for TinyOS , 2012, RV.

[4]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[5]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[6]  David A. Schmidt,et al.  The essence of computation: complexity, analysis, transformation , 2002 .

[7]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[8]  Antoine Miné,et al.  Static Analysis of Run-Time Errors in Embedded Critical Parallel C Programs , 2011, ESOP.

[9]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[10]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[11]  Klaus Wehrle,et al.  KleeNet: discovering insidious interaction bugs in wireless sensor networks before deployment , 2010, IPSN '10.

[12]  Doina Bucur,et al.  On software verification for sensor nodes , 2011, J. Syst. Softw..

[13]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[14]  Muneeb Ali,et al.  Protothreads: simplifying event-driven programming of memory-constrained embedded systems , 2006, SenSys '06.

[15]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[16]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[17]  J. Berstel,et al.  Context-free languages , 1993, SIGA.

[18]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[19]  David E. Culler,et al.  TinyOS: An Operating System for Sensor Networks , 2005, Ambient Intelligence.

[20]  Patrick Cousot,et al.  Why does Astrée scale up? , 2009, Formal Methods Syst. Des..

[21]  Antoine Miné,et al.  Relational Thread-Modular Static Value Analysis by Abstract Interpretation , 2014, VMCAI.

[22]  Jörg Brauer,et al.  Interval analysis of microcontroller code using abstract interpretation of hardware and software , 2010, SCOPES.

[23]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[24]  David Monniaux,et al.  Verification of device drivers and intelligent controllers: a case study , 2007, EMSOFT '07.

[25]  Luciano Baresi,et al.  Anquiro: enabling efficient static verification of sensor network software , 2010, SESENA '10.

[26]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[27]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[28]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[29]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[30]  Edsger Dijkstra,et al.  Software Verification , 2008 .

[31]  Nissim Francez,et al.  Finite-Memory Automata , 1994, Theor. Comput. Sci..

[32]  Tom Chen,et al.  Design and implementation , 2006, IEEE Commun. Mag..

[33]  Philip Levis,et al.  The nesC language: a holistic approach to networked embedded systems , 2003, SIGP.

[34]  John Regehr,et al.  Random testing of interrupt-driven software , 2005, EMSOFT.

[35]  Nadjib Badache,et al.  Poster abstract: Static analysis of device drivers in TinyOS , 2014, IPSN-14 Proceedings of the 13th International Symposium on Information Processing in Sensor Networks.

[36]  Antoine Miné Abstract Domains for Bit-Level Machine Integer and Floating-point Operations , 2012, ATx/WInG@IJCAR.

[37]  Daniel Kroening,et al.  Effective verification of low-level software with nested interrupts , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[38]  Peng Li,et al.  T-check: bug finding for sensor networks , 2010, IPSN '10.

[39]  Nigamanth Sridhar,et al.  Supporting the Specification and Runtime Validation of Asynchronous Calling Patterns in Reactive Systems , 2014, RV.

[40]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[41]  Antoine Miné Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics , 2006, LCTES '06.

[42]  Jérôme Feret,et al.  Occurrence Counting Analysis for the pi-Calculus , 2000, GETCO.