skip to main content
10.1145/1134650.1134657acmconferencesArticle/Chapter ViewAbstractPublication PagescpsweekConference Proceedingsconference-collections
Article

Deriving abstract transfer functions for analyzing embedded software

Published:14 June 2006Publication History

ABSTRACT

This paper addresses the problem of creating abstract transfer functions supporting dataflow analyses. Writing these functions by hand is problematic: transfer functions are difficult to understand, difficult to make precise, and difficult to debug. Bugs in transfer functions are particularly serious since they defeat the soundness of any program analysis running on top of them. Furthermore, implementing transfer functions by hand is wasteful because the resulting code is often difficult to reuse in new analyzers and to analyze new languages. We have developed algorithms and tools for deriving transfer functions for the bitwise and unsigned interval abstract domains. The interval domain is standard; in the bitwise domain, values are vectors of three-valued bits. For both domains, important challenges are to derive transfer functions that are sound in the presence of integer overflow, and to derive precise transfer functions for operations whose semantics are a mismatch for the domain (i.e., bit-vector operations in the interval domain and arithmetic operations in the bitwise domain). We can derive transfer functions, and execute them, in time linear in the bitwidth of the operands. These functions are maximally precise in most cases. Our generated transfer functions are parameterized by a bitwidth and are independent of the language being analyzed, and also of the language in which the analyzer is written. Currently, we generate interval and bitwise transfer functions in C and OCaml for analyzing C source code, ARM object code, and AVR object code. We evaluate our derived functions by using them in an interprocedural dataflow analyzer.

References

  1. Atmel Corp. Atmel AVR 8-bit RISC family. http://www.atmel.com/products/avr.]]Google ScholarGoogle Scholar
  2. Patrick Cousot and Radhia Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proc. of the 4th Symp. on Principles of Programming Languages (POPL), pages 238--252, Los Angeles, CA, January 1977.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Bruno De Bus, Bjorn De Sutter, Ludo Van Put, Dominique Chanet, and Koen De Bosschere. Link-time optimization of ARM binaries. In Proc. of the 2004 Conf. on Languages, Compilers, and Tools for Embedded Systems (LCTES), pages 211--220, Washington, DC, June 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Jakob Engblom, Andreas Ermedahl, Mikael Nolin, Jan Gustafsson, and Hans Hansson. Worst-case execution-time analysis for embedded real-time systems. Journal of Software Tool and Transfer Technology (STTT), 4(4):437--455, August 2003.]]Google ScholarGoogle Scholar
  5. Randall J. Fisher and Henry G. Dietz. Compiling for SIMD within a register. In Proc. of the 11th Intl. Workshop on Languages and Compilers for Parallel Computing, pages 290--304, Chapel Hill, NC, 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Anthony Fox. Formal specification and verification of ARM6. In Proc. of the 16th Intl. Conf. on Theorem Proving in Higher Order Logics (TPHOLs), pages 25--40, Rome, Italy, September 2003.]]Google ScholarGoogle ScholarCross RefCross Ref
  7. John K. Gough and Herbert Klaeren. Eliminating range checks using static single assignment form. In Proc. of the 19th Australian Computer Science Conf., Melbourne, Australia, January 1996.]]Google ScholarGoogle Scholar
  8. ARM Ltd. ARM7 32-bit RISC Family. http://www.arm.com/products/CPUs/families/ARM7Family.html.]]Google ScholarGoogle Scholar
  9. Thomas Lundqvist and Per Stenström. An integrated path and timing analysis method based on cycle-level symbolic execution. Journal of Real-Time Systems, 17(2/3):183--207, November 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. George C. Necula, Scott McPeak, S. P. Rahul, and Westley Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proc. of the Intl. Conf. on Compiler Construction (CC), pages 213--228, Grenoble, France, April 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Norman Ramsey and Jack W. Davidson. Machine descriptions to build tools for embedded systems. In Proc. of the 1998 Workshop on Languages, Compilers, and Tools for Embedded Systems (LCTES), pages 176--192, Montreal, Canada, June 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Rahul Razdan and Michael D. Smith. A high-performance microarchitecture with hardware-programmable functional units. In Proc. of the 27th Intl. Symp. on Microarchitecture (MICRO), pages 172--180, San Jose, CA, November 1994.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. John Regehr and Alastair Reid. Hoist: A system for automatically deriving static analyzers for embedded systems. In Proc. of the 11th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS), October 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. John Regehr, Alastair Reid, and Kirk Webb. Eliminating stack overflow by abstract interpretation. In Proc. of the 3rd Intl. Conf. on Embedded Software (EMSOFT), pages 306--322, Philadelphia, PA, October 2003.]]Google ScholarGoogle ScholarCross RefCross Ref
  15. Thomas Reps, Alexey Loginov, and Mooly Sagiv. Semantic minimization of 3-valued propositional formulae. In Proc. of the 17th IEEE Symp. on Logic in Computer Science (LICS 2002), Copenhagen, Denmark, July 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Erika Rice, Sorin Lerner, and Craig Chambers. Automatically inferring sound dataflow functions from dataflow fact schemas. In Proc. of the 4th Intl. Workshop on Compiler Optimization Meets Compiler Verification, Edinburgh, UK, April 2005.]]Google ScholarGoogle Scholar
  17. Mark Stephenson, Jonathan Babb, and Saman Amarasinghe. Bitwidth analysis with application to silicon compilation. In Proc. of the Conf. on Programming Language Design and Implementation (PLDI), pages 108--120, Vancouver, Canada, June 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Ben L. Titzer, Daniel Lee, and Jens Palsberg. Avrora: Scalable sensor network simulation with precise timing. In Proc. of the 4th Intl. Conf. on Information Processing in Sensor Networks (IPSN), Los Angeles, CA, April 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Greta Yorsh, Thomas Reps, and Mooly Sagiv. Symbolically computing most-precise abstract operations for shape analysis. In Proc. of the 10th Intl. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Barcelona, Spain, March 2004.]]Google ScholarGoogle ScholarCross RefCross Ref

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Sign in
  • Published in

    cover image ACM Conferences
    LCTES '06: Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
    June 2006
    220 pages
    ISBN:159593362X
    DOI:10.1145/1134650
    • cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 41, Issue 7
      Proceedings of the 2006 LCTES Conference
      July 2006
      208 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/1159974
      Issue’s Table of Contents

    Copyright © 2006 ACM

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    • Published: 14 June 2006

    Permissions

    Request permissions about this article.

    Request Permissions

    Check for updates

    Qualifiers

    • Article

    Acceptance Rates

    Overall Acceptance Rate116of438submissions,26%

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader
About Cookies On This Site

We use cookies to ensure that we give you the best experience on our website.

Learn more

Got it!