|
 ABSTRACT
Embedded software must meet conflicting requirements such as be-ing highly reliable, running on resource-constrained platforms, and being developed rapidly. Static program analysis can help meet all of these goals. People developing analyzers for embedded object code face a difficult problem: writing an abstract version of each instruction in the target architecture(s). This is currently done by hand, resulting in abstract operations that are both buggy and im-precise. We have developed Hoist: a novel system that solves these problems by automatically constructing abstract operations using a microprocessor (or simulator) as its own specification. With almost no input from a human, Hoist generates a collection of C func-tions that are ready to be linked into an abstract interpreter. We demonstrate that Hoist generates abstract operations that are cor-rect, having been extensively tested, sufficiently fast, and substan-tially more precise than manually written abstract operations. Hoist is currently limited to eight-bit machines due to costs exponential in the word size of the target architecture. It is essential to be able to analyze software running on these small processors: they are important and ubiquitous, with many embedded and safety-critical systems being based on them.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Atemu: A sensor network emulator/simulator/debugger. Center for Satellite and Hybrid Communication Networks, University of Maryland, 2004. http://www.cshcn.umd.edu/research/atemu/.
|
| |
2
|
Atmel, Inc. ATmega128 datasheet, 2002. http: //www.atmel.com/atmel/acrobat/doc2467.pdf.
|
| |
3
|
Gogul Balakrishnan and Thomas Reps. Analyzing memory accesses in x86 executables. In Proc. of the Intl. Conf. on Compiler Construction (CC), Barcelona, Spain, April 2004.
|
| |
4
|
|
| |
5
|
Dennis Brylow , Niels Damgaard , Jens Palsberg, Static checking of interrupt-driven software, Proceedings of the 23rd International Conference on Software Engineering, p.47-56, May 12-19, 2001, Toronto, Ontario, Canada
|
| |
6
|
Mihai Christodorescu and Somesh Jha. Static analysis of executables to detect malicious patterns. In Proc. of the 12th USENIX Security Symp., Washington, DC, August 2003.
|
| |
7
|
Cristina Cifuentes. Interprocedural data flow decompilation. Journal of Programming Languages, 4(2):77--99, 1996.
|
 |
8
|
|
| |
9
|
|
| |
10
|
|
| |
11
|
|
| |
12
|
Saumya Debray , Robert Muth , Matthew Weippert, Alias analysis of executable code, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.12-24, January 19-21, 1998, San Diego, California, United States
[doi> 10.1145/268946.268948]
|
| |
13
|
|
| |
14
|
|
| |
15
|
Jakob Engblom, Andreas Ermedahl, Mikael Nolin, Jan Gustafsson, and Hans Hansson. Worst-case execution-time analysis for embedded real-time systems. Journal of Software Tool and Transfer Technology (STTT), 4(4):437--455, August 2003.
|
| |
16
|
Nicolas Fritz, Daniel Kästner, and Florian Martin. Automatically generating value analyzers for assembly code. In Proc. of the 2003 Workshop on Compilers and Tools for Constrained Embedded Systems (CTCES), San Jose, CA, October 2003.
|
| |
17
|
John K. Gough and Herbert Klaeren. Eliminating range checks using static single assignment form. In Proc. of the 19th Australian Computer Science Conf., Melbourne, Australia, January 1996.
|
| |
18
|
|
| |
19
|
|
| |
20
|
Jason Hill , Robert Szewczyk , Alec Woo , Seth Hollar , David Culler , Kristofer Pister, System architecture directions for networked sensors, Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, p.93-104, November 2000, Cambridge, Massachusetts, United States
|
| |
21
|
|
| |
22
|
|
| |
23
|
Stephen Lawton. Eternally yours at 8 bits. Electronic Business, October 2002.
|
| |
24
|
|
| |
25
|
Jørn Lind-Nielsen. BuDDy--A binary decision diagram package. http://www.itu.dk/research/buddy/.
|
| |
26
|
|
| |
27
|
|
| |
28
|
|
| |
29
|
|
| |
30
|
|
| |
31
|
|
| |
32
|
John Regehr, Alastair Reid, and Kirk Webb. Eliminating stack overflow by abstract interpretation. In Proc. of the 3rd Intl. Conf. on Embedded Software (EMSOFT), pages 306--322, Philadelphia, PA, October 2003.
|
| |
33
|
Thomas Reps, Mooly Sagiv, and Greta Yorsh. Symbolic implementation of the best transformer. In Proc. of the 5th Intl. Conf. on Verification, Model Checking, and Abstract Interpretation (VMCAI), Venice, Italy, January 2004.
|
| |
34
|
|
| |
35
|
Simulavr: An AVR simulator. http://savannah.nongnu.org/projects/simulavr.
|
| |
36
|
Mark Stephenson , Jonathan Babb , Saman Amarasinghe, Bidwidth analysis with application to silicon compilation, Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation, p.108-120, June 18-21, 2000, Vancouver, British Columbia, Canada
|
| |
37
|
|
| |
38
|
Robert Wahbe , Steven Lucco , Thomas E. Anderson , Susan L. Graham, Efficient software-based fault isolation, Proceedings of the fourteenth ACM symposium on Operating systems principles, p.203-216, December 05-08, 1993, Asheville, North Carolina, United States
|
| |
39
|
Zhichen Xu , Barton P. Miller , Thomas Reps, Safety checking of machine code, Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation, p.70-82, June 18-21, 2000, Vancouver, British Columbia, Canada
|
| |
40
|
|
| |
41
|
Greta Yorsh, Thomas Reps, and Mooly Sagiv. Symbolically computing most-precise abstract operations for shape analysis. In Proc. of the 10th Intl. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Barcelona, Spain, March 2004.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.3