Presentation is loading. Please wait.

Presentation is loading. Please wait.

Framework for Safe Reuse Of Software Binaries Ramakrishnan Venkitaraman Advisor: Gopal Gupta The University of Texas at Dallas 11/15/2004.

Published byMagdalene Hampton Modified over 8 years ago

Similar presentations

Presentation on theme: "Framework for Safe Reuse Of Software Binaries Ramakrishnan Venkitaraman Advisor: Gopal Gupta The University of Texas at Dallas 11/15/2004."— Presentation transcript:

1 Framework for Safe Reuse Of Software Binaries Ramakrishnan Venkitaraman Advisor: Gopal Gupta The University of Texas at Dallas 11/15/2004

2 Software Reuse & System Integration But, the Integrated System does not work Cost of Project Companies

3 Outline Need for Reusable Software Binaries Our Framework for Reuse of Software Binaries XDAIS Standard for Software Standardization Automated tool to enforce standard compliance

4 Need for reusable software binaries Incompatibilities make integration difficult Complexity in software reuse COTS Marketplace Time to Market

5 Scope of the Framework Gives the sufficient conditions for software binary code reusability Usability vs. Reusability Usability is a precondition for reusability E.g. Array index out of bound reference

6 Conditions to ensure reusablility C1: The binary code should not change during execution in a way that link-time symbol resolution will become invalid C2: The binary code should not be written in a way that it needs to be located starting from some fixed location in the virtual memory

7 Broadening the Conditions C1 and C2 are hard to characterize and even harder to detect So, broaden the conditions C1 and C2 to get conditions C3 and C4

8 Framework to ensure reusability C3: The binary code is re-entrant No self-modifying code Should not make symbol resolution invalid C4: The binary code does not contain any hard-wired memory addresses Binaries should not be assumed to be located at a fixed virtual memory location

9 TI XDAIS Standard Contains 35 rules and 15 guidelines SIX General Programming Rules No tool currently exists to check for compliance We want to build a tool to ENFORCE software compliance for these rules

10 XDAIS – General Programming Rules 1)All programs should follow the runtime conventions of TI’s C programming language 2)Algorithms must be re-entrant 3)No hard coded data memory locations 4)No hard coded program memory locations 5)Algorithms must characterize their ROM-ability 6)No peripheral device accesses

11 Advantages Of Compliant Code Allows system integrators to easily migrate between TI DSP chips Subsystems from multiple software vendors can be integrated into a single system Programs are framework-agnostic: the same program can be efficiently used in virtually any application

12 XDAIS vs. Our Framework Rule 1 is not really a programming rule, since it requires compliance with TI's definition of the C Language Rules 2 through 5 are manifestations of conditions C3 and C4 above. Rules 2 and 5 correspond to condition C3 Rules 3, 4, and 6 correspond to condition C4

13 Problem and Solution Problem: Detection of hard coded addresses in programs without accessing source code. Solution: “Static Program Analysis of Assembly Code”

14 Some examples showing hardcoding void main() { int * p = 0x8800; // Some code *p = …; } Example1: Directly Hardcoded void main() { int *p = 0x80; int *q = p; //Some code *q = …; } Example2: Indirectly Hardcoded void main() { int *p, val; p = ….; val = …; if(val) p = 0x900; else p = malloc(…); *p; } Example3: Conditional Hardcoding NOTE: We don’t care if a pointer is hard coded and is never dereferenced.

15 Interest in Static Analysis “We actually went out and bought for 30 million dollars, a company that was in the business of building static analysis tools and now we want to focus on applying these tools to large-scale software systems ” Remarks by Bill Gates, 17th Annual ACM Conference on Object-Oriented Programming, Systems, Languages and Application, November 2002.

16 Static Analysis Defined as any analysis of a program carried out without completely executing the program Un-decidability: Impossible to build a tool that will precisely detect hard coding

17 Hard Coded Addresses Bad Programming Practice. Results in non relocatable code. Results in non reusable code.

18 Overview Of Our Approach Input: Object Code of the Software Output: Compliant or Not Compliant status Activity Diagram for our Static Analyzer Disassemble Object Code Split Into Functions Obtain Basic Blocks Obtain Flow Graph Static Analysis Output the Result

19 Basic Aim Of Analysis Find a path to trace pointer origin. Problem: Exponential Complexity Static Analysis approximation makes it linear

20 Analyzing Source Code – Easy { { q } } { { p } } P IS HARD CODED So, the program is not compliant with the standard

21 Analyzing Assembly Code is Hard Problem No type information is available Instruction level pipeline and parallelism Solution Backward analysis Use Abstract Interpretation

22 Analyzing Assembly – Hard 000007A0 main: 000007A0 07BD09C2 SUB.D2 SP,0x8,SP 000007A4 020FA02A MVK.S2 0x1f40,B4 000007A8 023C22F6 STW.D2T2 B4,*+SP[0x1] 000007AC 00002000 NOP 2 000007B0 023C42F6 STW.D2T2 B4,*+SP[0x2] 000007B4 00002000 NOP 2 000007B8 0280A042 MVK.D2 5,B5 000007BC 029002F6 STW.D2T2 B5,*+B4[0x0] 000007C0 00002000 NOP 2 000007C4 008C8362 BNOP.S2 B3,4 000007C8 07BD0942 ADD.D2 SP,0x8,SP 000007CC 00000000 NOP 000007D0 00000000 NOP {{ }} { { B4 } } B4 = 0x1f40 So, B4 is HARD CODED Code is NOT Compliant

23 Abstract Interpretation Based Analysis Domains from which variables draw their values are approximated by abstract domains The original domains are called concrete domains

24 Lattice Abstraction Lattice based abstraction is used to determine pointer hard-coded ness.

25 Contexts Contexts to Abstract Contexts Abstract Context to Context

26 Phases In Analysis Phase 1: Find the set of dereferenced pointers Phase 2: Check the safety of dereferenced pointers

27 Building Unsafe Sets (Phase 1) The first element is added to the unsafe set during pointer dereferencing. E.g. If “*Reg” in the disassembled code, the unsafe set is initialized to {Reg}. ‘N’ Pointers Dereferenced  ‘N’ Unsafe sets Maintained as SOUS (Set Of Unsafe Sets)

28 Populating Unsafe Sets (Phase 2) For e.g., if Reg = reg1 + reg2, the element “Reg” is deleted from the unsafe set, and the elements “reg1”, “reg2”, are inserted into the unsafe set. Contents of the unsafe set will now become {reg1, reg2}.

29 Pointer Arithmetic All pointer operations are abstracted during analysis

30 Handling Loops Complex: # iterations of loop may not be known until runtime. Cycle the loop until the unsafe set reaches a “fixed point”. No new information is added to the unsafe set during successive iterations.

31 Merging Information If no merging, then exponential complexity. Mandatory when loops Information loss. If (Cond) Then Block B Else Block C Block D Block A Block E

32 Extensive Compliance Checking Handle all cases occurring in programs Single pointer, double pointer, triple pointer… Global pointer variables Static and Dynamic arrays

33 Extensive Compliance Checking Loops – all forms (e.g. for, while…) Function calls Pipelining and Parallelism Merging information from multiple paths

34 Proof – Analysis is Sound Consistency of α and γ functions is established by showing the existence of Galois Connection. That is, x = α(γ(x)) y belongs to γ(α(y))

35 Analysis Results Program# Lines# * Ptrs # Hard Coded Chain Length Running Time (ms) t_read803 001280 timer112617 611441 mcbsp11960 001270 figtest29219 1021521 m_hdrv3456 212262 dat94910 8122512 gui_codec113910928 13063 codec118810928 13043 stress1203105 014505 demo135082 4794716

36 Sample Code

37 Fig. Flow Graph

38 Related Work UNO Project – Bell Labs Analyze at source level TI XDAIS Standard Contains 35 rules and 15 guidelines. SIX General Programming Rules. No tool currently exists to check for compliance.

39 Current Status and Future Work Prototype Implementation done But, context insensitive, intra-procedural Extend to context sensitive, inter-procedural. Extend compliance check for other rules.

40 So… Hard Coding is a bad programming practice Non relocatable/reusable code Automatically checking code for compatibility at assembly level is possible A Static Analysis based technique is useful and practical

41 Software Reuse & System Integration WOW!!!! It works… Select ONLY Compliant Software

42 More Information 1.R.Venkitaraman and G.Gupta, Static Program Analysis of Embedded Executable Assembly Code. Compilers, Architecture, and Synthesis for Embedded Systems (ACM CASES), September 2004 2.R.Venkitaraman and G.Gupta, Framework for Safe Reuse of Software Binaries. ICDCIT, December 2004 3.Masters Thesis Report – R.Venkitaraman, A Framework for Automatic Reusability Analysis Of Software Binaries, The University of Texas at Dallas

43 Questions…

Download ppt "Framework for Safe Reuse Of Software Binaries Ramakrishnan Venkitaraman Advisor: Gopal Gupta The University of Texas at Dallas 11/15/2004."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
MATH 224 – Discrete Mathematics

MATH 224 – Discrete Mathematics
A Process Splitting Transformation for Kahn Process Networks Sjoerd Meijer.

A Process Splitting Transformation for Kahn Process Networks Sjoerd Meijer.
Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Architecture-dependent optimizations Functional units, delay slots and dependency analysis.

Architecture-dependent optimizations Functional units, delay slots and dependency analysis.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Constraint Systems used in Worst-Case Execution Time Analysis Andreas Ermedahl Dept. of Information Technology Uppsala University.

Constraint Systems used in Worst-Case Execution Time Analysis Andreas Ermedahl Dept. of Information Technology Uppsala University.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Programming Types of Testing.

Programming Types of Testing.
1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.

1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.
Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.

Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Cpeg421-08S/final-review1 Course Review Tom St. John.

Cpeg421-08S/final-review1 Course Review Tom St. John.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc08.html.

Program analysis Mooly Sagiv html://
Overview of program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc05.html.

Overview of program analysis Mooly Sagiv html://
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Program Analysis Mooly Sagiv Tel Aviv University 640-6706 Sunday 18-21 Scrieber 8 Monday 10-12 Schrieber.

Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Overview of program analysis Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html.

Overview of program analysis Mooly Sagiv html://

Similar presentations

Ads by Google