Random Testing of Interrupt-Driven Software John Regehr University of Utah.

Slides:

Advertisements

Similar presentations

How to use TinyOS Jason Hill Rob Szewczyk Alec Woo David Culler An event based execution environment for Networked Sensors.

Advertisements

Data Structures Static and Dynamic.

© 2004 Wayne Wolf Topics Task-level partitioning. Hardware/software partitioning.  Bus-based systems.

Writing Programs that Work Nupur Kothari University of Southern California Roy Shea University of California, Los Angeles.

Computer System Organization Computer-system operation – One or more CPUs, device controllers connect through common bus providing access to shared memory.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

SBSE Course 3. EA applications to SE Analysis Design Implementation Testing Reference: Evolutionary Computing in Search-Based Software Engineering Leo.

2/11/2010 BEARS 2010 On PTIDES Programming Model John Eidson Jeff C. Jensen Edward A. Lee Slobodan Matic Jia Zou PtidyOS.

Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.

Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.

Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

1 HOIST: A System for Automatically Deriving Static Analyzers for Embedded Systems John Regehr Alastair Reid School of Computing, University of Utah.

1 Efficient Memory Safety for TinyOS Nathan Cooprider Will Archer Eric Eide David Gay † John Regehr University of Utah School of Computing † Intel Research.

1 TinyOS 2.1: Deploying Memory Safety Nathan Cooprider Yang Chen Will Archer Eric Eide David Gay † John Regehr University of Utah School of Computing †

Static Analysis of Embedded C John Regehr University of Utah Joint work with Nathan Cooprider.

Ritu Varma Roshanak Roshandel Manu Prasanna

1 Efficient Memory Safety for TinyOS 2.1 Yang Chen Nathan Cooprider Will Archer Eric Eide David Gay † John Regehr University of Utah School of Computing.

TinyOS Software Engineering Sensor Networks for the Masses.

High-Level Optimizations for Low-Level Software John Regehr University of Utah.

Figure 1.1 Interaction between applications and the operating system.

A Static Analysis Framework For Embedded Systems Nathan Cooprider John Regehr's Embedded Systems Group.

Rensselaer Polytechnic Institute CSC 432 – Operating Systems David Goldschmidt, Ph.D.

Evolving Real-Time Systems using Hierarchical Scheduling and Concurrency Analysis John Regehr Alastair Reid Kirk Webb Michael Parker Jay Lepreau School.

Project Proposal Implementing library support for the Virgil programming language Ryan Hall Advisor: Jens Palsberg January 23, 2007.

Software Development and Software Loading in Embedded Systems.

Data Structures and Programming.  John Edgar2.

1 CSC 2405: Computer Systems II Spring 2012 Dr. Tom Way.

Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.

1 CS503: Operating Systems Part 1: OS Interface Dongyan Xu Department of Computer Science Purdue University.

© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.

Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.

By: R Jayampathi Sampath

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.

A Survey of Dynamic Techniques for Detecting Device Driver Errors Olatunji Ruwase LBA Reading Group 18 th May 2010.

Chapter 1 What is Programming? Lecture Slides to Accompany An Introduction to Computer Science Using Java (2nd Edition) by S.N. Kamin, D. Mickunas, E.

Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems CSCI-6140 – Computer Operating Systems David Goldschmidt, Ph.D.

R Enabling Trusted Software Integrity Darko Kirovski Microsoft Research Milenko Drinić Miodrag Potkonjak Computer Science Department University of California,

1 Problem Solving with C++ The Object of Programming Walter Savitch Chapter 1 Introduction to Computers and C++ Programming Slides by David B. Teague,

Dhanshree Nimje Smita Khartad

DEBUGGING. BUG A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected.

Simon Han – Ram Kumar Rengaswamy – Roy Shea – Mani Srivastava – Eddie Kohler –

Operating Systems David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 432.

Mobile Agent Migration Problem Yingyue Xu. Energy efficiency requirement of sensor networks Mobile agent computing paradigm Data fusion, distributed processing.

By Teacher Asma Aleisa Year 1433 H.   Goals of memory management  To provide a convenient abstraction for programming.  To allocate scarce memory.

Debugging Computer Networks Sep. 26, 2007 Seunghwan Hong.

We will focus on operating system concepts What does it do? How is it implemented? Apply to Windows, Linux, Unix, Solaris, Mac OS X. Will discuss differences.

6-1 Infineon 167 Interrupts The C167CS provides 56 separate interrupt sources that may be assigned to 16 priority levels. The C167CS uses a vectored interrupt.

Concurrency Properties. Correctness In sequential programs, rerunning a program with the same input will always give the same result, so it makes sense.

CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.

Interrupt driven I/O Computer Organization and Assembly Language: Module 12.

Understanding Performance Testing Basics by Adnan Khan.

1 Software Reliability in Wireless Sensor Networks (WSN) -Xiong Junjie

Onlinedeeneislam.blogspot.com1 Design and Analysis of Algorithms Slide # 1 Download From

Mid-Year Review. Coding Problems In general, solve the coding problems by doing it piece by piece. Makes it easier to think about Break parts of code.

Where Testing Fails …. Problem Areas Stack Overflow Race Conditions Deadlock Timing Reentrancy.

Introduction to Computer Programming Concepts M. Uyguroğlu R. Uyguroğlu.

Software Engineering Algorithms, Compilers, & Lifecycle.

Nathan Cooprider and John Regehr University of Utah School of Computing Pluggable Abstract Domains for Analyzing Embedded Software.

Benefits of a Virtual SIL

Development Environment

Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.

Lazy Preemption to Enable Path-Based Analysis of Interrupt-Driven Code

Microprocessor Systems Design I

Introduction of microprocessor

CSCI1600: Embedded and Real Time Software

Efficient Memory Safety for TinyOS 2.1

Interrupt handling Explain how interrupts are used to obtain processor time and how processing of interrupted jobs may later be resumed, (typical.

CSCI1600: Embedded and Real Time Software

Presentation transcript:

Random Testing of Interrupt-Driven Software John Regehr University of Utah

Random interrupt testing Source-source transformation Static stack analysis Genetic algorithms Semantics of interrupts Delta debugging Integrated stress testing and debugging

 Goal: Stress testing and debugging for interrupt-driven embedded software  Why?  Interrupts hard to get right  Regular testing typically exercises small part of state space  Stress testing tends to improve software quality  Interrupt-driven software used in safety-critical applications

 Specific case: Sensor network nodes running TinyOS  Strongly interrupt-driven  Application code runs in interrupt mode  Highly resource constrained  Distributed and opaque – magnifies effects of bugs

 Obvious stress testing technique:  Random interrupt testing – fire interrupts at random times  Potential show stoppers:  Random interrupts can violate application semantics  Interrupts can reenter and overflow the stack

time request ADC int. random ADC int. aberrant interrupt crash!

time random network interrupts crash! stack overflow  Many embedded systems permit reentrant interrupts

 Problem: Interrupts arriving at inconvenient times break applications  Solution: Restrict interrupt arrivals  First classify each interrupt vector  Requested – arrives in response to an action taken by the system  Spontaneous – may arrive at any time

 Restricted Interrupt Discipline (RID):  Requested interrupts – only permit when a request is outstanding  Spontaneous interrupts – only permit when the interrupt isn’t already running

Implementing RID 1. Annotate interrupt requests 2. Ensure that device initialization code leaves each interrupt disabled 3. Run system through a source- to-source translator  Enable interrupt upon request  Disable requested interrupts upon interrupt  Suppress reentrant interrupts

RID in TinyOS  Implemented RID for five interrupt vectors  Only bottom-level device driver files modified  A few LOC modified per vector  Normal developers don’t touch these files  Use custom CIL extension for src-src translation of C code output by nesC compiler

Without RID With RID

RID Benefits  Enables random testing by suppressing aberrant and reentrant interrupts  Hardens embedded system with respect to unexpected interrupts after deployment  SW bugs can cause these  So can loose wires, EMI, or other HW problems

Back to Random Testing Generate interrupt schedule Cycle accurate simulation with interrupt scheduling support Problem? Debug! No Yes

Interrupt Schedules  List of pairs  (vector #, firing time)  Schedule generator parameterized by density for each interrupt vector

Simulator Support  We hacked Avrora – sensor net simulator from UCLA  Our interrupt scheduling patches now included in the distribution

Detecting Failure 1. Ask the application – See if it responds to network packets 2. Ask the simulator – Avrora reports illegal memory access and illegal instructions

TinyOS Oscilloscope Bug time ADC request and int. dataTask  Interrupt stores data into array  dataTask resets buffer pointer  No interlock between interrupt and task

TinyOS Oscilloscope Bug time random ADC requests and interrupts crash!  Buffer overrun kills the system unless dataTask runs on time

 Original interrupt schedule that triggers bug is > 300,000 interrupts  Hard to tell what went wrong!  Used “delta debugging” algorithm to minimize schedule  Can trigger bug with just 75 interrupts  Bug much easier to find now  Fixing the bug: Easy – add array bounds check

 Problem: Stack overflow kills sensor network programs  Solution: Compute WC stack depth through static analysis of binaries  Lingering questios:  Is the bound actually conservative?  If so, how pessimistic is the bound?  Answer: Testing data, BSS stack crash!

Stack Depth w/o Random

Stack Depth w/Random

Finding Deep Stacks  Pure random testing doesn’t cut it  Program behavior surprisingly sensitive to interrupt schedule density and structure  Even running overnight did not find schedules that make deep stacks  Solution: Genetic algorithm evolves better interrupt schedules  About 100 generations to find deepest stack  3 hours CPU time

Revising a Stack Depth Bound

Conclusions  Random interrupt testing: Good  Restricted Interrupt Discipline makes it work  Src-src transformation makes RID easy to implement  GA does directed search for interesting schedules  Delta finds interesting subsets of large interrupt schedules