best a binary executable slicing tool and its use to
play

BEST: a Binary Executable Slicing Tool and its use to improve Model - PowerPoint PPT Presentation

Feb 14, 2024 •281 likes •560 views

BEST: a Binary Executable Slicing Tool and its use to improve Model Checking-based WCET Analysis Armel Mangean 1 Jean-Luc Bchennec 2 Mikal Briday 3 Sbastien Faucou 3 IRCCyN, UMR CNRS 6597 1 cole Centrale de Nantes, 2 CNRS , 3 Universit

  1. BEST: a Binary Executable Slicing Tool and its use to improve Model Checking-based WCET Analysis Armel Mangean 1 Jean-Luc Béchennec 2 Mikaël Briday 3 Sébastien Faucou 3 IRCCyN, UMR CNRS 6597 1 École Centrale de Nantes, 2 CNRS , 3 Université de Nantes July 5, 2016 16th International Workshop on Worst-Case Execution Time Analysis 1 / 21

  2. 1. Introduction Motivation Challenge 2. Program Abstraction using Program Slicing Overview of Program Slicing Abstracting models of programs Tool implementation 3. Experimental results Methodology Results 4. Future work 2 / 21

  3. Introduction 1. Introduction Motivation Challenge 2. Program Abstraction using Program Slicing Overview of Program Slicing Abstracting models of programs Tool implementation 3. Experimental results Methodology Results 4. Future work 3 / 21

  4. Introduction Motivation 4 / 21

  5. Introduction Motivation modularity network of timed automata tightness exact cache analysis ◮ arbitrary policies (not only LRU nor PLRU) witness initial hardware and software configuration binary level no high level source code analysis ◮ compiler independent 5 / 21

  6. Introduction Challenge Limitations ◮ suffer of the state space explosion ◮ tailored for embedded microcontrollers Challenges ◮ abstracting models of hardware components [4] ◮ abstracting models of programs [1, 3, 6] ◮ Cassez et al., 2013 6 / 21

  7. Program Abstraction using Program Slicing 1. Introduction Motivation Challenge 2. Program Abstraction using Program Slicing Overview of Program Slicing Abstracting models of programs Tool implementation 3. Experimental results Methodology Results 4. Future work 7 / 21

  8. Program Abstraction using Program Slicing Overview of Program Slicing Introduced by Weiser in 1981 [7] ◮ given a program P ⊆ L × I , ∀ ( l , i ) , ( l , i ′ ) ∈ P , i = i ′ with ◮ L a finite set of labels ◮ I a finite set of instructions operating over V ◮ V the set of variables of P ◮ and a criterion C = ( l , v ) with ◮ l ∈ L a label and ◮ v ⊆ V a subset of variables ◮ a slice S C is a subset of P with the same semantics as P wrt. criterion C 8 / 21

  9. Program Abstraction using Program Slicing Overview of Program Slicing The slice S ( l , v ) ◮ is a valid program ◮ that computes values for the subset v ◮ same as with the original program P ◮ to the point of execution l ◮ is obtained by deleting zero or more “lines” from P 9 / 21

  10. Program Abstraction using Program Slicing Overview of Program Slicing 00003000 <_start>: 3000: li r1,1 ;r1 <- 1 3004: ori r1,r1,49296 ;ri <- r1 | 49296 3008: bl 3010 ;call main 0000300c <loop>: 300c: b 300c ;branch 00003010 <main>: 3010: li r8,29 ;r8 <- 29 3014: li r10,1 ;r10 <- 1 3018: mtctr r8 ;ctr <- r8 301c: li r9,1 ;r9 <- 1 3020: b 3028 ;branch 3024: mr r9,r3 ;r9 <- r3 3028: add r3,r9,r10 ;r3 <- r9+r10 302c: mr r10,r9 ;r10 <- r9 3030: bdnz 3024 ;ctr--, ;branch if ctr!=0 3034: blr ;return C = (3030 , { ctr } ) 10 / 21

  11. Program Abstraction using Program Slicing Overview of Program Slicing 00003000 <_start>: 3000: li r1,1 ;r1 <- 1 3004: ori r1,r1,49296 ;ri <- r1 | 49296 3008: bl 3010 ;call main 0000300c <loop>: 300c: b 300c ;branch 00003010 <main>: 3010: li r8,29 ;r8 <- 29 3014: li r10,1 ;r10 <- 1 3018: mtctr r8 ;ctr <- r8 301c: li r9,1 ;r9 <- 1 3020: b 3028 ;branch 3024: mr r9,r3 ;r9 <- r3 3028: add r3,r9,r10 ;r3 <- r9+r10 302c: mr r10,r9 ;r10 <- r9 3030: bdnz 3024 ;ctr--, ;branch if ctr!=0 3034: blr ;return C = (3030 , { ctr } ) 10 / 21

  12. Program Abstraction using Program Slicing Overview of Program Slicing ◮ dataflow equation-based or graph-based ◮ fixpoint computation or ◮ reachability analysis ◮ slicing binary executables ◮ a closed issue [5] (although not trivial) ◮ multiple graph computation from a CFG ◮ reachability analysis on the final graph 11 / 21

  13. Program Abstraction using Program Slicing Abstracting models of programs An instruction has ◮ a timing behavior due to its ◮ class of instruction → number of execution cycles ◮ data dependencies → pipeline stall ◮ memory access → cache delay ◮ and a semantics ◮ updates the system state → We can abstract semantics of some instructions while keeping the timing behavior of the program → Variables used only by abstracted instructions can be removed from the model thus reducing the overall state space 12 / 21

  14. Program Abstraction using Program Slicing Abstracting models of programs How to abstract a model of program? ( but not its timing behavior ) ◮ abstract model must contain all paths from original model ◮ i.e. contain all control instructions and their dependencies ◮ we can use program slicing to find these instructions ◮ criteria are chosen wrt. the previous constraint as follows: { ( l , v ) | ∃ i , ( l , i ) ∈ P and i is a conditional branching instruction and v is the subset of variables used by i at l } 13 / 21

  15. Program Abstraction using Program Slicing Abstracting models of programs 14 / 21

  16. Program Abstraction using Program Slicing Abstracting models of programs 14 / 21

  17. Program Abstraction using Program Slicing Tool implementation 15 / 21

  18. Experimental results 1. Introduction Motivation Challenge 2. Program Abstraction using Program Slicing Overview of Program Slicing Abstracting models of programs Tool implementation 3. Experimental results Methodology Results 4. Future work 16 / 21

  19. Experimental results Methodology ◮ use of Mälardalen WCET benchmarks ◮ excluding programs containing ◮ switch-case statements ◮ floating-point arithmetic ◮ recursive programs ◮ multiple compilers and optimization options ◮ Gcc 5.3.1 ( -O0 , -O1 , -O2 , -O3 ) ◮ Cosmic C 4.3.7 ( -no , default ) ◮ targeting the PowerPC 32 bits instruction set ◮ sums up to 96 binaries ◮ use of Trampoline RTOS [2] services ◮ not documented on our paper 17 / 21

  20. Experimental results Results Gcc Cosmic C Source file default -O0 -O1 -O2 -O3 -no 224 / 1858, 88% 357 / 966, 63% 421 / 1094, 62% 348 / 1775, 80% 398 / 1282, 69% 338 / 1064, 68% adpcm.c 78% 63% 62% 65% 66% 63% Average 67% 64% → number of instructions in the slice/total number of instructions, gain in percentage. → execution time negligible (always < 1 sec.) 18 / 21

  21. Experimental results Results Gcc Cosmic C Source file default -O0 -O1 -O2 -O3 -no 11 / 17, 35% 28 / 32, 13% 26 / 28, 7% 33 / 36, 8% 22 / 37, 41% 22 / 37, 41% adpcm.c 38% 35% 36% 37% 59% 54% Average 37% 57% → number of registers in the slice/total number of registers, gain in percentage. → execution time negligible (always < 1 sec.) 18 / 21

  22. Future work 1. Introduction Motivation Challenge 2. Program Abstraction using Program Slicing Overview of Program Slicing Abstracting models of programs Tool implementation 3. Experimental results Methodology Results 4. Future work 19 / 21

  23. Future work ◮ improve support of interprocedurality (straightforward) ◮ extend data dependency analysis to stack frames and initialized data ◮ bigger slices but not necessarily bigger state space ◮ modeling the PowerPC e200z4 core ◮ no data cache ◮ instruction cache ◮ 2 or 4-ways associative ◮ pseudorandom (global FIFO) ◮ branch prediction, . . . ◮ modeling the MPC5643L microcontroller ◮ two PowerPC e200z4 cores ◮ XBAR crossbar switch ◮ multiple masters / multiple slaves ◮ per slave policy (FP or RR) ◮ WCET analysis of parallel programs 20 / 21

  24. Conclusion ◮ abstract models of program ◮ for Model Checking-based WCET analysis ◮ based on program slicing ◮ a binary executable slicing tool ◮ instruction set independant ◮ free sofware (GNU GPL) ◮ promising experimental results 21 / 21

  25. References Florian Brandner and Alexander Jordan. Refinement of worst-case execution time bounds by graph pruning. Computer Languages, Systems & Structures , 2014. Jean-Luc Béchennec, Mikaël Briday, Sébastien Faucou, and Yvon Trinquet. Trampoline An Open Source Implementation of the OSEK/VDX RTOS Specification. In IEEE International Conference on Emerging Technologies and Factory Automation , 2006. Franck Cassez and Jean-Luc Béchennec. Timing Analysis of Binary Programs with UPPAAL. In International Conference on Application of Concurrency to System Design , 2013. Franck Cassez and Pablo González de Aledo Marugán. Timed Automata for Modeling Caches and Pipelines. In Workshop on Models for Formal Analysis of Real Systems , 2015. Akos Kiss, Judit Jász, Gábor Lehotai, and Tibor Gyimóthy. Interprocedural Static Slicing of Binary Executables. In International Workshop on Source Code Analysis and Manipulation , 2003. Armel Mangean, Jean-Luc Béchennec, Mikaël Briday, and Sébastien Faucou. BEST: a Binary Executable Slicing Tool. In 16th International Workshop on Worst-Case Execution Time Analysis , 2016. Mark Weiser. Program Slicing. In International Conference on Software Engineering , 1981. 1 / 3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Tool for Automated Inference of Executable Rule- Based Biological Models Chelsea Voss, Jean

A Tool for Automated Inference of Executable Rule- Based Biological Models Chelsea Voss, Jean

A Tool for Automated Inference of Executable Rule- Based Biological Models Chelsea Voss, Jean Yang, Walter Fontana Static Analysis in Systems Biology, 2017 The need for biological models executable models for in silico experimentation

969 views • 72 slides
Format (ELF) Why Executable Formats? - All code in one file - But libraries! - We need a way

Format (ELF) Why Executable Formats? - All code in one file - But libraries! - We need a way

Executable and Linkable Format (ELF) Why Executable Formats? - All code in one file - But libraries! - We need a way to combine files Distribute as binary (object files) - - Linkers - We need a way to control how our programs run

281 views • 13 slides
Program Slicing 2 1 Program Slicing 1. Slicing overview 2. Types of slices, levels of slices

Program Slicing 2 1 Program Slicing 1. Slicing overview 2. Types of slices, levels of slices

Class 6 Review; questions Assign (see Schedule for links) Slicing overview (contd) Problem Set 3: due 9/8/09 1 Program Slicing 2 1 Program Slicing 1. Slicing overview 2. Types of slices, levels of slices 3. Methods

327 views • 28 slides
EXECUTABLE UML AND MBSE What Executable UML does, how it is totally di ff erent from UML, and

EXECUTABLE UML AND MBSE What Executable UML does, how it is totally di ff erent from UML, and

EXECUTABLE UML AND MBSE What Executable UML does, how it is totally di ff erent from UML, and how it fits with other Executable languages Leon Starr leon_starr@modelint.com MODEL INTEGRATION LLC www.modelint.com 1 LiU Seminar xUML MBSE -

527 views • 39 slides
Machine Code Sean Barker 1 From C to Executable Code text C program ( p1.c p2.c ) Compiler

Machine Code Sean Barker 1 From C to Executable Code text C program ( p1.c p2.c ) Compiler

Machine Code Sean Barker 1 From C to Executable Code text C program ( p1.c p2.c ) Compiler text Asm program ( p1.s p2.s ) Assembler binary Object program ( p1.o p2.o ) Libraries Linker binary Executable program ( p ) Sean Barker 2

284 views • 7 slides
Executable File Formats Portable Executable (PE) Executable

Executable File Formats Portable Executable (PE) Executable

Executable File Formats Portable Executable (PE) Executable file format of choice for Windows Executable and Linkable Format (ELF) Executable file

330 views • 16 slides
THE ELF OBJECT FILE FORMAT PROGRAM EXECUTION gcc/cc output an executable in the ELF format

THE ELF OBJECT FILE FORMAT PROGRAM EXECUTION gcc/cc output an executable in the ELF format

THE ELF OBJECT FILE FORMAT PROGRAM EXECUTION gcc/cc output an executable in the ELF format (Linux) Executable and Linkable Format Standard unified binary format for: Relocatable object files (.o), Shared object files (.so)

421 views • 16 slides
Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and

Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and

Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and Slicing Henrik Nilsson School of Computer Science The University of Nottingham, UK Slicing Functional Programs: A Suspicion p.1/6 Slicing

410 views • 13 slides
Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or

Binary Numbers Binary numbers look like this Binary Numbers or Binary Code Binary numbers or binary code are used by computers and digital devices to talk to each other. It is used to give commands to the computer or a way to enter data

165 views • 12 slides
Fairmode Composite Mapping IDL-based executable To be installed on your pc Many

Fairmode Composite Mapping IDL-based executable To be installed on your pc Many

Fairmode Athens 19-21 June 2017 CMAP/CEMAP TOOL on compliance to the standards for Fairmode Composite Mapping IDL-based executable To be installed on your pc Many checks/tests on compliance to the standards Outcome: User input is

455 views • 17 slides
Using program slicing data to predict code faults David Bowes University of Hertfordshire

Using program slicing data to predict code faults David Bowes University of Hertfordshire

Outline Using program slicing data to predict code faults Calculating the Slicing metrics for a module Relating slicing metrics to fault data Conclusion Using program slicing data to predict code faults David Bowes University of

579 views • 15 slides
Bidirectional and executable specifications of machine code decoding and encoding Gang Tan, Penn

Bidirectional and executable specifications of machine code decoding and encoding Gang Tan, Penn

Bidirectional and executable specifications of machine code decoding and encoding Gang Tan, Penn State Univ. Joint work with Greg Morrisett, Cornell At LangSec Workshop , San Francesco, May 24 th , 2018 Machine Code Decoding/Encoding Binary

552 views • 33 slides
Bidirectional and executable specifications of machine code decoding and encoding Gang Tan, Penn

Bidirectional and executable specifications of machine code decoding and encoding Gang Tan, Penn

Bidirectional and executable specifications of machine code decoding and encoding Gang Tan, Penn State Univ. Joint work with Greg Morrisett, Cornell At LangSec Workshop , San Francesco, May 24 th , 2018 Machine Code Decoding/Encoding Binary

449 views • 26 slides
Dynamic Slicing Techniques for Petri Nets M. Llorens, J. Oliver, J. Silva, S. Tamarit, G. Vidal

Dynamic Slicing Techniques for Petri Nets M. Llorens, J. Oliver, J. Silva, S. Tamarit, G. Vidal

Motivation Dynamic Slicing in PN from an initial marking Dynamic Slicing in PN from a firing sequence Conclusions and Future Work Dynamic Slicing Techniques for Petri Nets M. Llorens, J. Oliver, J. Silva, S. Tamarit, G. Vidal Dep. of

378 views • 35 slides
anti-anti-virus (continued) 1 logistics: TRICKY HW assignment out infecting an executable

anti-anti-virus (continued) 1 logistics: TRICKY HW assignment out infecting an executable

anti-anti-virus (continued) 1 logistics: TRICKY HW assignment out infecting an executable 2 last time anti-virus: heuristic: malware messing up executables? key idea: wrong segment of executable? switching segments of the executable?

1.14k views • 102 slides
Executable Formal Models in Rewriting Logic Carolyn Talcott RTA 2015 1 Formal Executable Models

Executable Formal Models in Rewriting Logic Carolyn Talcott RTA 2015 1 Formal Executable Models

Executable Formal Models in Rewriting Logic Carolyn Talcott RTA 2015 1 Formal Executable Models For design, prototyping, analysis. To clarify ideas, squash insidious bugs early on many bugs / flaws can be found by just formalizing

669 views • 50 slides
RIStAL Centre de Recherche en Informatique, Signal et Automatique de Lille 1 Outline

RIStAL Centre de Recherche en Informatique, Signal et Automatique de Lille 1 Outline

Temporal Interfaces for Adaptive Real-Time Components Giuseppe Lipari, University of Lille CRTS Workshop @ RTSS, 5 december 2017 RIStAL Centre de Recherche en Informatique, Signal et Automatique de Lille 1 Outline Introduction 1 2

559 views • 44 slides
VideoLAN VLC 3.0.0 Jean-Baptiste Kempf samedi 30 janvier 2016 Ecole Centrale Paris The Cone

VideoLAN VLC 3.0.0 Jean-Baptiste Kempf samedi 30 janvier 2016 Ecole Centrale Paris The Cone

VideoLAN VLC 3.0.0 Jean-Baptiste Kempf samedi 30 janvier 2016 Ecole Centrale Paris The Cone VLC 1M per day More than 2B over VLC lifetime 1 every 6 Mac Top 15 Windows Most used French software VLC 2.2.0 8 VLC 2.2.0 VLC 2.2.0

635 views • 27 slides
Motivations Instruction cache (icache) misses can FICO drastically decrease code performance a

Motivations Instruction cache (icache) misses can FICO drastically decrease code performance a

Motivations Instruction cache (icache) misses can FICO drastically decrease code performance a Fast Instruction Cache Optimizer The problem is even more important for 1-level direct mapped caches Author: Marco Garatti On Lx ST210 the icache

477 views • 4 slides
INTEGRATED WCET ESTIMATION OF MULTICORE APPLICATIONS Dumitru Potop-Butucaru, Isabelle Puaut

INTEGRATED WCET ESTIMATION OF MULTICORE APPLICATIONS Dumitru Potop-Butucaru, Isabelle Puaut

1 INTEGRATED WCET ESTIMATION OF MULTICORE APPLICATIONS Dumitru Potop-Butucaru, Isabelle Puaut Motivation: Scalable timing analysis 2 Real-time systems: complexity steadily increases Hardware: Multi-core, networks-on-chips Software:

546 views • 28 slides
Towards Automated Generation of Time-Predictable Code 1 Daniel Prokesch, Benedikt Huber, Peter

Towards Automated Generation of Time-Predictable Code 1 Daniel Prokesch, Benedikt Huber, Peter

Towards Automated Generation of Time-Predictable Code 1 Daniel Prokesch, Benedikt Huber, Peter Puschner {daniel,benedikt,peter}@vmars.tuwien.ac.at Institute of Computer Engineering Vienna University of Technology, Austria July 8 th , 2014 WCET

489 views • 19 slides
Motivation Memory is one of the most energy hungry subsystems in embedded systems Up to

Motivation Memory is one of the most energy hungry subsystems in embedded systems Up to

Efficient Utilization of Scratch Pad Memory in Preemptive Multi Task Systems Hiroyuki Tomiyama Ritsumeikan University http://hiroyuki.tomiyama lab.org/ Motivation Memory is one of the most energy hungry subsystems in embedded

387 views • 16 slides
Heterogeneous Latch-based Asynchronous Pipelines Girish Venkataramani Tiberiu Chelcea Seth C.

Heterogeneous Latch-based Asynchronous Pipelines Girish Venkataramani Tiberiu Chelcea Seth C.

Heterogeneous Latch-based Asynchronous Pipelines Girish Venkataramani Tiberiu Chelcea Seth C. Goldstein Presenter: Tobias Bjerregaard April 10 th , 2008 ASYNC 2008 1 Outline Introduction Introduction Latch Selection

574 views • 25 slides
VPIM Voice Profile for Internet Mail http://www.ema.org/vpim http://www.vpim.org VPIM WG chair:

VPIM Voice Profile for Internet Mail http://www.ema.org/vpim http://www.vpim.org VPIM WG chair:

VPIM Voice Profile for Internet Mail http://www.ema.org/vpim http://www.vpim.org VPIM WG chair: Glenn Parsons &lt;gparsons@nortelnetworks.com&gt; Mailing list: vpim@lists.neystadt.org To subscribe: send a message to majordomo@

627 views • 40 slides

More recommend