static analysis by abstract interpretation of functional
play

Static Analysis by Abstract Interpretation of Functional Properties - PowerPoint PPT Presentation

Mar 01, 2024 •639 likes •1.08k views

Static Analysis by Abstract Interpretation of Functional Properties of Device Drivers in TinyOS Abdelraouf Ouadjaout, Antoine Min, Noureddine Lasla, Nadjib Badache ENS & UPMC, Paris CERIST & USTHB, Algiers Workshop on Static

  1. Static Analysis by Abstract Interpretation of Functional Properties of Device Drivers in TinyOS Abdelraouf Ouadjaout, Antoine Miné, Noureddine Lasla, Nadjib Badache ENS & UPMC, Paris CERIST & USTHB, Algiers Workshop on Static Analysis of Concurrent Software September 11th, 2016 Edinburgh, Scotland 1 / 20

  2. Part I Context 2 / 20

  3. Context Application Domain: Wireless Sensor Networks We target programs for wireless sensor networks (WSN). A distributed system of wirelessly connected embedded nodes for monitoring a physical phenomena. Ad hoc communications and collaborative routing. Many applications: irrigation, weather/pollution monitoring, fire detection, etc . 3 / 20

  4. Context Problem Formulation: Device Driver Verification We aim at verifying the correctness of device drivers in TinyOS programs. Motivation Drivers difficult to develop/debug, error-prone and critical. Summary of Our Approach We focus on functional properties specifying programming rules to access hardware correctly. We employ Abstract Interpretation to automatically verify that all possible executions obey such specifications. For more details: Static Analysis by Abstract Interpretation of Functional Properties of Device Drivers in TinyOS In Journal of Systems and Software , 2016. 4 / 20

  5. Part II Expressing Specifications 5 / 20

  6. Specifications Example: ATmega128 Timer/Counter0 ATmega128

  7. Specifications Example: ATmega128 Timer/Counter0 ATmega128 Datasheet, pp. 107

  8. Specifications Example: ATmega128 Timer/Counter0 ATmega128 Rule If Timer/Counter0 is used to wake the device up [...], precautions must be taken [...] 1 Write a value to TCCR0 , TCNT0 , or OCR0 . 2 Wait until the corresponding Update Busy flag in ASSR returns to zero. 3 Enter Power-save or Extended Standby mode. Datasheet, pp. 107

  9. Specifications Example: ATmega128 Timer/Counter0 ATmega128 Rule If Timer/Counter0 is used to wake the device up [...], precautions must be taken [...] 1 Write a value to TCCR0 , TCNT0 , or OCR0 . 2 Wait until the corresponding Update Busy flag in ASSR returns to zero. 3 Enter Power-save or Extended Standby mode. Formalism To formalize this rule, we use an automaton tai- lored to describe patterns of hardware interactions Datasheet, pp. 107 6 / 20

  10. Specifications Abstract Device Properties An abstract device property is a special register automaton describing patterns of hardware interactions: A = (S , s 0 , s BUG , R ,ξ, T ) where: S set of states s 0 initial state bug state s BUG R set of hardware registers = { X ◇ ∣ X ∈ R , ◇ ∈ { r , w }} ∪ { int i ∣ i ∈ I } ∪ { α, sleep } ξ T ⊆ S × ξ × S × Stmt C × Stmt C 7 / 20

  11. Specifications ADP Example ATmega128 Rule If Timer/Counter0 is used to wake the device up [...], precautions must be taken [...] 1 Write a value to TCCR0 , TCNT0 , or OCR0 . 2 Wait until the corresponding Update Busy flag in ASSR returns to zero. 3 Enter Power-save or Extended Standby mode. Datasheet, pp. 107

  12. Specifications ADP Example ATmega128 Rule If Timer/Counter0 is used to wake the device up [...], precautions must be taken [...] 1 Write a value to TCCR0 , TCNT0 , or OCR0 . 2 Wait until the corresponding Update Busy flag in ASSR returns to zero. 3 Enter Power-save or Extended Standby mode. STABLE Datasheet, pp. 107

  13. Specifications ADP Example ATmega128 Rule If Timer/Counter0 is used to wake the device up [...], precautions must be taken [...] 1 Write a value to TCCR0 , TCNT0 , or OCR0 . 2 Wait until the corresponding Update Busy flag in ASSR returns to zero. 3 Enter Power-save or Extended Standby mode. STABLE e:sleep SLEEP UNSTBL Datasheet, pp. 107 e:int 15 ∣ 16

  14. Specifications ADP Example ATmega128 Rule If Timer/Counter0 is used to wake the device up [...], precautions must be taken [...] 1 Write a value to TCCR0 , TCNT0 , or OCR0 . 2 Wait until the corresponding Update Busy flag in ASSR returns to zero. 3 Enter Power-save or Extended Standby mode. STABLE BUSY e :TCCR0 w e:sleep a: ASSR|=(1<<TCR0UB) SLEEP UNSTBL Datasheet, pp. 107 e:int 15 ∣ 16

  15. Specifications ADP Example ATmega128 Rule If Timer/Counter0 is used to wake the device up [...], precautions must be taken [...] 1 Write a value to TCCR0 , TCNT0 , or OCR0 . 2 Wait until the corresponding Update Busy flag in ASSR returns to zero. 3 Enter Power-save or Extended Standby mode. e: α a: ASSR&=~(1<<TCR0UB) STABLE BUSY e :TCCR0 w e:sleep a: ASSR|=(1<<TCR0UB) SLEEP UNSTBL Datasheet, pp. 107 e:int 15 ∣ 16

  16. Specifications ADP Example ATmega128 Rule If Timer/Counter0 is used to wake the device up [...], precautions must be taken [...] 1 Write a value to TCCR0 , TCNT0 , or OCR0 . 2 Wait until the corresponding Update Busy flag in ASSR returns to zero. 3 Enter Power-save or Extended Standby mode. e: α a: ASSR&=~(1<<TCR0UB) STABLE BUSY e:sleep e :TCCR0 w e:sleep BUG a: ASSR|=(1<<TCR0UB) e:sleep SLEEP UNSTBL Datasheet, pp. 107 e:int 15 ∣ 16 8 / 20

  17. Part III Abstractions 9 / 20

  18. Concrete Semantics TinyOS Kernel TinyOS is an open source OS developped by Berkely. Mixture of preemptive and cooperative execution models. 1 Hardware interrupts can preempt execution at any time (if not masked). 2 Tasks are functions that are posted for being executed when system is idle. 10 / 20

  19. Concrete Semantics TinyOS Kernel TinyOS is an open source OS developped by Berkely. Mixture of preemptive and cooperative execution models. 1 Hardware interrupts can preempt execution at any time (if not masked). 2 Tasks are functions that are posted for being executed when system is idle. Concrete Environment HW state Interrupts E = M Memory × S × Tasks queue × Q I 10 / 20

  20. Hardware State Partitioning Definition Hardware state is the primary information in the analysis. We should keep precise information about it. Memory content should be in relation with the hardware state because program infer the state by accessing hardware registers and/or some program variables. 11 / 20

  21. Hardware State Partitioning Definition Hardware state is the primary information in the analysis. We should keep precise information about it. Memory content should be in relation with the hardware state because program infer the state by accessing hardware registers and/or some program variables. Hardware State Partitioning D ♯ S 1 First, we partition the environments w.r.t. automaton states S . 2 Then, we use a numerical abstract domain ⟨ D ♯ M , ⊑ M ⟩ to abstract the values of registers and variables. ← − − ⟨ S → D ♯ ⟨℘( E ) , ⊆⟩ − M , ˙ ⊑ M ⟩ − → 11 / 20

  22. Hardware State Partitioning Example 1 void main () { 10 ISR( TIMER0_OVF_vect ) { 2 11 // Config timer ... 3 ... 12 // Stabilize the timer 4 13 // Wait for interrupt TCCR0 = TCCR0; 5 while (1) { 14 while 6 15 asm volatile("sleep"::); (ASSR & 1 << TCR0UB ); 7 ... 16 // Continue work 8 17 } ... 9 } 18 } e: α a: ASSR&=~(1<<TCR0UB) STABLE BUSY e:sleep e :TCCR0 w e:sleep BUG a: ASSR|=(1<<TCR0UB) e:sleep SLEEP UNSTBL e:int 15 ∣ 16 12 / 20

  23. Hardware State Partitioning Example 1 void main () { 10 ISR( TIMER0_OVF_vect ) { 2 11 // Config timer ... 3 ... 12 // Stabilize the timer 4 13 // Wait for interrupt TCCR0 = TCCR0; 5 while (1) { 14 while 6 15 asm volatile("sleep"::); (ASSR & 1 << TCR0UB ); 7 ... 16 // Continue work 8 17 } ... 9 } 18 } X 6 X 11 X 14 X 17 e: α a: ASSR&=~(1<<TCR0UB) STABLE BUSY e:sleep e :TCCR0 w e:sleep BUG a: ASSR|=(1<<TCR0UB) e:sleep SLEEP UNSTBL e:int 15 ∣ 16 12 / 20

  24. Hardware State Partitioning Example 1 void main () { 10 ISR( TIMER0_OVF_vect ) { 2 11 // Config timer ... 3 ... 12 // Stabilize the timer 4 13 // Wait for interrupt TCCR0 = TCCR0; 5 while (1) { 14 while 6 15 asm volatile("sleep"::); (ASSR & 1 << TCR0UB ); 7 ... 16 // Continue work 8 17 } ... 9 } 18 } X 6 X 11 X 14 X 17 e: α a: ASSR&=~(1<<TCR0UB) STABLE BUSY STABLE UNSTBL BUSY STABLE e:sleep ASSR = 0 ASSR = 0 ASSR = 1 ASSR = 0 e :TCCR0 w e:sleep BUG a: ASSR|=(1<<TCR0UB) STABLE ASSR = 0 e:sleep SLEEP UNSTBL e:int 15 ∣ 16 12 / 20

  25. Tasks Queue Partitioning Motivation Example: SPI serial transfer with a task polling (instead of an active polling). 13 / 20

  26. Tasks Queue Partitioning Motivation Example: SPI serial transfer with a task polling (instead of an active polling). task void check () { task void end () { task void tx() { if !( SPSR &(1<< SPIF )) SPCR if (i < m_len) { post check (); &=~(1<< SPE ); SPDR = m_data[i]; else { ... post check (); m_answer[i] = SPDR; } return; i++; } post tx (); post end (); } } } 13 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

75 views • 7 slides
Abstract Interpretation with Applications to Semantics and Static Analysis 1. The

Abstract Interpretation with Applications to Semantics and Static Analysis 1. The

Abstract Interpretation with Applications to Semantics and Static Analysis 1. The Problem: The Design of Safe and Secure Computer- Patrick Cousot cole normale suprieure Based Systems 45 rue dUlm, 75230 Paris cedex 05, France

288 views • 27 slides
Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer, Jan Reineke Advanced Lecture, Winter 2014/15 Abstract Interpretation Semantics-based approach to program analysis Framework to develop

487 views • 33 slides
Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software

Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation TDDC90: Software Security Ahmed Rezine IDA, Linkpings Universitet Hsttermin 2019 Outline Overview Syntactic Analysis Abstract Interpretation Outline Overview

323 views • 28 slides
Static analysis by abstract interpretation of run-time errors in synchronous and multithreaded

Static analysis by abstract interpretation of run-time errors in synchronous and multithreaded

Static analysis by abstract interpretation of run-time errors in synchronous and multithreaded embedded critical C programs Antoine Min e CNRS &amp; Ecole normale sup erieure Paris, France MOVEP CIRM, Marseille 4 December 2012

1.26k views • 90 slides
Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation based Analysis [FPCA 95], Predicate Abstraction [Mannas festschrift

Abstract interpretation The Verification Grand Challenge - Abstract interpretation is a mathematical theory of - - and Abstract Interpretation sound approximation of properties of formal sys- tems (including program specifications, semantics,

422 views • 10 slides
Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure,

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure, quipe Abstraction Mehdi Bouaziz Friday, May 11 2012 Static Analysis of Security Properties by Abstract Interpretation Mehdi Bouaziz, cole normale

839 views • 29 slides
Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer,

Static Program Analysis Foundations of Abstract Interpretation Sebastian Hack, Christian Hammer, Jan Reineke Advanced Lecture, Winter 2014/15 Overview: Numerical Abstractions fi from above Refinemen y f : : : ; h 19; 77i ; : : : ; h 20;

586 views • 40 slides
Abstract a unified lattice model for static analysis of programs by construction or approximation

Abstract a unified lattice model for static analysis of programs by construction or approximation

Abstract a unified lattice model for static analysis of programs by construction or approximation of fixpoints Interpretation Patrick Cousot and Radhia Cousot, 1977 Motivation (for static analysis) Say youve written code that you really

619 views • 25 slides
What is static analysis by abstract interpretation? Example of static analysis (input)

What is static analysis by abstract interpretation? Example of static analysis (input)

What is static analysis by abstract interpretation? Example of static analysis (input) {n0&gt;=0} n := n0; {n0=n,n0&gt;=0} i := n; {n0=i,n0=n,n0&gt;=0} while (i &lt;&gt; 0 ) do {n0=n,i&gt;=1,n0&gt;=i} j := 0; {n0=n,j=0,i&gt;=1,n0&gt;=i}

1.82k views • 163 slides
3 COMP 1 5 9 3 Algorithmic Verification Abstract Interpretation and Static Analysis Dr.

3 COMP 1 5 9 3 Algorithmic Verification Abstract Interpretation and Static Analysis Dr.

&lt;latexit

1.67k views • 150 slides
Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th

Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th

Bintrimmer: Towards Static Binary Debloating Through Abstract Interpretation DIMVA, June 19 th 2019 Nilo Redini Computer Science @ UC Santa Barbara nredini@cs.ucsb.edu Motivation - Software complexity pushes developers toward component

958 views • 50 slides
Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation Jacques-Henri Jourdan, Vincent Laporte Sandrine Blazy, Xavier Leroy , David Pichardie Inria / U. Rennes 1 / ENS Rennes Workshop on Realistic Program

885 views • 63 slides
A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta

A Reconstruction of a Types-and-Effects Analysis by Abstract Interpretation Letterio Galletta Dipartimento di Informatica - Universit di Pisa 19/09/2012 - ITCTCS 2012 Outline 1 Type and Effect Systems 2 Abstract Interpretation 3

762 views • 24 slides
Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aikens Michael D.

Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aikens Michael D.

Static Program Analysis Xiangyu Zhang The slides are compiled from Alex Aikens Michael D. Ernsts Sorin Lerners A Scary Outline Type-based analysis Data-flow analysis Abstract interpretation Theorem proving

1.11k views • 97 slides
Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy Inria Paris-Rocquencourt TYPES meeting, 2014-05-14 X. Leroy (Inria) Verified static analyzer 2014-05-14 1 / 57 In memoriam Radhia Cousot, 2014

647 views • 63 slides
Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv

Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv

Testing and Verifying Atomicity of Composed Concurrent Operations Ohad Shacham Tel Aviv University Nathan Bronson Stanford University Alex Aiken Stanford University Mooly Sagiv Tel Aviv University Martin Vechev ETH Eran Yahav Technion

458 views • 35 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (May 2, 2002) I E S R C E O

UMBC A B M A L T F O U M B C I M Y O R T 1 (May 2, 2002) I E S R C E O

Systems Design&amp;Programming Linux Device Drivers III CMPE 310 Char Drivers Well develop a device driver, scull , which treats an area of memory as a device. There are several types of scull devices: scull[0-3] This type has four

481 views • 19 slides
Writing and Adapting Device Drivers for FreeBSD John Baldwin November 5, 2011 What is a Device

Writing and Adapting Device Drivers for FreeBSD John Baldwin November 5, 2011 What is a Device

Writing and Adapting Device Drivers for FreeBSD John Baldwin November 5, 2011 What is a Device Driver? Hardware Functionality A device driver is the software that bridges Device Driver the two. 2 Focus of This Presentation

1.08k views • 93 slides
Toward Detection of Unsafe Driving with Wearables Luyang Liu Cagdas Karatas, Hongyu Li, Marco

Toward Detection of Unsafe Driving with Wearables Luyang Liu Cagdas Karatas, Hongyu Li, Marco

Toward Detection of Unsafe Driving with Wearables Luyang Liu Cagdas Karatas, Hongyu Li, Marco Gruteser, Richard Martin WINLAB, Rutgers University Sheng Tan, Jie Yang Florida State University Yingying Chen Stevens Institute of Technology

654 views • 20 slides
I2C driver MPCore CPU mptimer mp wdt for a temperature sensor Temperature sensor GIC I2C

I2C driver MPCore CPU mptimer mp wdt for a temperature sensor Temperature sensor GIC I2C

Calcolatori Elettronici e Sistemi Operativi HW Virtual board rv_board I2C driver MPCore CPU mptimer mp wdt for a temperature sensor Temperature sensor GIC I2C Memory usense Unix socket HOST Device Driver I2C temperature sensor

305 views • 7 slides
enches : Reflections on People, Product, and Software Evolution Andy J. Ko , Ph.D. Associate

enches : Reflections on People, Product, and Software Evolution Andy J. Ko , Ph.D. Associate

Thr Three ee Year Years in n the he St Star artup up Tr Trenches enches : Reflections on People, Product, and Software Evolution Andy J. Ko , Ph.D. Associate Professor, The Information School Co-Founder &amp; Chief Scientist, AnswerDash

226 views • 21 slides
Campus Renewal Congregational Meeting January 31, 2016 Agenda Introduction Contribution

Campus Renewal Congregational Meeting January 31, 2016 Agenda Introduction Contribution

Rock Spring CONGREGATIONAL UNITED CHURCH OF CHRIST Campus Renewal Congregational Meeting January 31, 2016 Agenda Introduction Contribution from the Endowment Proposed modifications to address budget issues Council Motion

564 views • 25 slides
Johnson Street Bridge Replacement Project Quarterly Update Governance and Priorities Committee

Johnson Street Bridge Replacement Project Quarterly Update Governance and Priorities Committee

Johnson Street Bridge Replacement Project Quarterly Update Governance and Priorities Committee March 21 2013 Progress Update Project remains within the approved budget Several risks have been reduced or eliminated with the award of

160 views • 13 slides

More recommend