Presentation is loading. Please wait.

Presentation is loading. Please wait.

Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta

Published byScarlett Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta"— Presentation transcript:

1 Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta http://www.utdallas.edu/~gupta/alps/

2 Outline Importance of Software Standards. Static Analysis based tool developed by us to enforce software standard compliance. How the marriage between industry and university research increases software reuse.

3 Why Software Standard? Incompatibilities make integration difficult. Complexity in software reuse. COTS Marketplace. Time to Market.

4 TI XDAIS Standard Contains 35 rules and 15 guidelines. SIX General Programming Rules. No tool currently exists to check for compliance. We want to build a tool to ENFORCE software compliance for these rules.

5 Problem and Solution Problem: Detection of hard coded addresses in programs without accessing source code. Solution: “Static Program Analysis”

6 Hard Coded Addresses Bad Programming Practice. Results in non relocatable code. Results in non reusable code.

7 Static Analysis Defined as any analysis of a program carried out without completely executing the program. Un-decidability: Impossible to build a tool that will precisely detect hard coding.

8 Overview Of Our Approach Input: Object Code of the Software Output: Compliant or Not Compliant status Activity Diagram for our Static Analyzer Disassemble Object Code Split Into Functions Obtain Basic Blocks Obtain Flow Graph Static Analysis Output the Result

9 Basic Aim Of Analysis Find a path to trace pointer origin. Problem: Exponential Complexity Static Analysis approximation makes it linear

10 Phases In Analysis Phase 1: Find the set of dereferenced pointers. Phase 2: Check the safety of dereferenced pointers.

11 Building Unsafe Sets (Phase 1) The first element is added to the unsafe set during pointer dereferencing. E.g. If “*Reg” in the disassembled code, the unsafe set is initialized to {Reg}. ‘N’ Pointers Dereferenced  ‘N’ Unsafe sets Maintained as SOUS (Set Of Unsafe Sets)

12 Populating Unsafe Sets (Phase 2) For e.g., if Reg = reg1 + reg2, the element “Reg” is deleted from the unsafe set, and the elements “reg1”, “reg2”, are inserted into the unsafe set. Contents of the unsafe set will now become {reg1, reg2}.

13 Handling Loops Complex: # iterations of loop may not be known until runtime. Cycle the loop until the unsafe set reaches a “fixed point”. No new information is added to the unsafe set during successive iterations.

14 Merging Information If no merging, then exponential complexity. Mandatory when loops Information loss. If (Cond) Then Block B Else Block C Block D Block A Block E

15 Extensive Compliance Checking Handle all cases occurring in programs. Single pointer, double pointer, triple pointer… Global pointer variables. Static and Dynamic arrays. Function calls. Pipelining and Parallelism. …

16 Analysis Stops when… Compliance of all the pointers are established. Errors and warnings are reported. Log file containing statistics of the analysis is created.

17 Analysis Results Program# Lines# * Ptrs # Hard Coded Chain Length Running Time (ms) t_read803 001280 timer112617 611441 mcbsp11960 001270 figtest29219 1021521 m_hdrv3456 212262 dat94910 8122512 gui_codec113910928 13063 codec118810928 13043 stress1203105 014505 demo135082 4794716

18 Current Status and Future Work Prototype Implementation done But, context insensitive, intra-procedural Extend to context sensitive, inter-procedural. Extend compliance check for other rules.

19 So… Hard Coding is a bad programming practice. Non relocatable/reusable code. A Static Analysis based technique is useful and practical.

20 Questions… Ramakrishnan Venkitaraman Graduate Student, Computer Science ramakrishnan@student.utdallas.edu

Download ppt "Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta"

Similar presentations

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
A Process Splitting Transformation for Kahn Process Networks Sjoerd Meijer.

A Process Splitting Transformation for Kahn Process Networks Sjoerd Meijer.
Architecture-dependent optimizations Functional units, delay slots and dependency analysis.

Architecture-dependent optimizations Functional units, delay slots and dependency analysis.
File Organizations Sept. 2012Yangjun Chen ACS-39021 Outline: Hashing (5.9, 5.10, 3 rd. ed.; 13.8, 4 th, 5 th ed.; 17.8, 6 th ed.) external hashing static.

File Organizations Sept. 2012Yangjun Chen ACS Outline: Hashing (5.9, 5.10, 3 rd. ed.; 13.8, 4 th, 5 th ed.; 17.8, 6 th ed.) external hashing static.
Programming Types of Testing.

Programming Types of Testing.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.

1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.
ABCD: Eliminating Array-Bounds Checks on Demand Rastislav Bodík Rajiv Gupta Vivek Sarkar U of Wisconsin U of Arizona IBM TJ Watson recent experiments.

ABCD: Eliminating Array-Bounds Checks on Demand Rastislav Bodík Rajiv Gupta Vivek Sarkar U of Wisconsin U of Arizona IBM TJ Watson recent experiments.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.

Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Cpeg421-08S/final-review1 Course Review Tom St. John.

Cpeg421-08S/final-review1 Course Review Tom St. John.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc08.html.

Program analysis Mooly Sagiv html://
X := 11; if (x == 11) { DoSomething(); } else { DoSomethingElse(); x := x + 1; } y := x; // value of y? Phase ordering problem Optimizations can interact.

X := 11; if (x == 11) { DoSomething(); } else { DoSomethingElse(); x := x + 1; } y := x; // value of y? Phase ordering problem Optimizations can interact.
Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:

Range Analysis. Intraprocedural Points-to Analysis Want to compute may-points-to information Lattice:
1 Hash-Based Indexes Chapter 11. 2 Introduction : Hash-based Indexes  Best for equality selections.  Cannot support range searches.  Static and dynamic.

1 Hash-Based Indexes Chapter Introduction : Hash-based Indexes  Best for equality selections.  Cannot support range searches.  Static and dynamic.
Intraprocedural Points-to Analysis Flow functions:

Intraprocedural Points-to Analysis Flow functions:
Context-sensitive Analysis, II Ad-hoc syntax-directed translation, Symbol Tables, andTypes.

Context-sensitive Analysis, II Ad-hoc syntax-directed translation, Symbol Tables, andTypes.
Overview of program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc05.html.

Overview of program analysis Mooly Sagiv html://

Similar presentations

Ads by Google