Towards device emulation code generation

For non-embedded software, binary translation has shown to be a successful method for retargeting legacy software onto new platforms. To apply binary translation to embedded software, two issues must be considered. First of all, embedded software often involves real-time constraints that must still be met after translation. Secondly, embedded software contains a significant amount of code dedicated to peripheral device communication which necessitates device emulation. This paper focuses on the last aspect. Usually, device emulation code is handcrafted which is tedious and error-prone. This paper presents a method to automatically generate device emulation code from a formal specification of source and target device operations. At the heart of the device operation semantics lie quantifier-free formulae in the theory of fixed width bit vector arithmetic which is a decidable fragment of first-order logic. To the best of our knowledge, this is the first attempt to generate device emulation code from a formal specification.

[1]  Roberto Bruttomesso,et al.  The MathSAT 4 SMT Solver ( Tool Paper ) , 2008 .

[2]  Jens Tröger,et al.  Specification-driven dynamic binary translation , 2005 .

[3]  Nikolaj Bjørner,et al.  Efficient E-Matching for SMT Solvers , 2007, CADE.

[4]  Alexander Aiken,et al.  Binary Translation Using Peephole Superoptimizers , 2008, OSDI.

[5]  Bryce Cogswell Timing insensitive binary-to-binary translation , 1995 .

[6]  Fredrik Larsson,et al.  Simics: A Full System Simulation Platform , 2002, Computer.

[7]  David L. Dill,et al.  Decision procedures for bit-vectors, arrays and integers , 2007 .

[8]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[9]  Cesare Tinelli,et al.  Solving Quantified Verification Conditions Using Satisfiability Modulo Theories , 2007, CADE.

[10]  Marco Benedetti,et al.  QBF-Based Formal Verification: Experience and Perspectives , 2008, J. Satisf. Boolean Model. Comput..

[11]  Stephen A. Edwards,et al.  NDL: a domain-specific language for device drivers , 2004, LCTES '04.

[12]  Norman Ramsey,et al.  The design of a resourceable and retargetable binary translator , 1999, Sixth Working Conference on Reverse Engineering (Cat. No.PR00303).

[13]  Richard L. Sites,et al.  Binary translation , 1993, CACM.

[14]  Chris Hawblitzel,et al.  Generating a Statically-Checkable Device Driver I/O Interface , 2007 .

[15]  Jun Sun,et al.  HAIL: a language for easy and correct device access , 2005, EMSOFT.

[16]  Reinhard Wilhelm Determining Bounds on Execution Times , 2009, Embedded Systems Design and Verification.

[17]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[18]  Cristina Cifuentes,et al.  Binary translation: static, dynamic, retargetable? , 1996, 1996 Proceedings of International Conference on Software Maintenance.

[19]  David K. Smith Theory of Linear and Integer Programming , 1987 .

[20]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[21]  Laurent Réveillère,et al.  Devil: an IDL for hardware programming , 2000, OSDI.

[22]  David L. Dill,et al.  A Decision Procedure for Bit-Vectors and Arrays , 2007, CAV.

[23]  Joël Ouaknine,et al.  Deciding Bit-Vector Arithmetic with Abstraction , 2007, TACAS.

[24]  Henrik Theiling,et al.  Control flow graphs for real-time systems analysis: reconstruction from binary executables and usage in ILP-based path analysis , 2002 .

[25]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[26]  Tzi-cker Chiueh,et al.  A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks , 2003, USENIX Annual Technical Conference, General Track.