skip to main content
research-article

Model checking of software for microcontrollers

Published:06 April 2010Publication History
Skip Abstract Section

Abstract

The interest of industries in model checking software for microcontrollers is increasing. However, there are currently no appropriate tools that can be applied by embedded systems developers for the direct verification of software for microcontrollers without the need for manual modeling. This article describes a new approach to model checking software for microcontrollers, which verifies the assembly code of the software. The state space is built using a tailored simulator, which abstracts from time, handles nondeterminism, and creates an overapproximation of the behavior shown by the real microcontroller. Within this simulator, we apply abstraction techniques to tackle the state-explosion problem. In our approach, we combine different formal methods, namely, model checking, static analysis, and abstract interpretation. We also combine explicit and symbolic model checking techniques. This article presents a case study using several programs to demonstrate the efficiency of the applied abstraction techniques and to show the applicability of this approach.

References

  1. Baier, C. and Katoen, J.-P. 2008. Principles of Model Checking. The MIT Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Balakrishnan, G., Reps, T., Kidd, N., Lal, A., Lim, J., Melski, D., Gruian, R., Yong, S.-H., Chen, C. H., and Teitelbaum, T. 2005. Model checking x86 executables with CodeSurfer/x86 and WPDS++. In Proceedings of the Conference on Computer Aided Verification (CAV'05). Lecture Notes in Computer Science, vol. 3576. Springer, 158--163. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Balakrishnan, G., Reps, T., Melski, D., and Teitelbaum, T. 2008. WYSINWYX: What you see is not what you execute. In Proceedings of the Conference on Verified Software: Theories, Tools, Experiments (VSTTE'05). Lecture Notes in Computer Science, vol. 4171. Springer, 202--213. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Brylow, D., Damgaard, N., and Palsberg, J. 2001. Static checking of interrupt-driven software. In Proceedings of the Conference on Software Engineering (ICSE'01). IEEE Computer Society Press, 47--56. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Cifuentes, C. and Fraboulet, A. 1997. Intraprocedural static slicing of binary executables. In Proceedings of the Conference on Software Maintenance (ICSM'97). IEEE Computer Society Press, 188--195. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Clarke, E. M., Grumberg, O., and Peled, D. A. 1999. Model Checking. The MIT Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Emerson, E. A. 1991. Handbook of Theoretical Computer Science. Vol. B. The MIT Press, Chapter Temporal and Modal Logics, 995--1072. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Fehnker, A., Huuck, R., Jayet, P., Lussenburg, M., and Rauch, F. 2007. Model checking software at compile-time. In Theoretical Aspects of Software Engineering (TASE'07). IEEE Computer Society Press, 45--56. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Halambi, A., Grun, P., Ganesh, V., Khare, A., Dutt, N., and Nicolau, A. 1999. EXPRESSION: A language for architecture exploration through compiler/simulator retargetability. In Proceedings of the Design, Automation and Test in Europe (DATE'99). ACM, 485--490. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Hartoog, M. R., Rowson, J. A., Reddy, P. D., Desai, S., Dunlop, D. D., Harcourt, E. A., and Khullar, N. 1997. Generation of software tools from processor descriptions for hardware/software codesign. In Proceedings of the Conference on Design Automation (DAC'97). ACM, 303--306. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Heljanko, K. 1997. Model checking the branching time temporal logic CTL. Res. rep. A45, Helsinki University of Technology, Digital Systems Laboratory, Espoo, Finland.Google ScholarGoogle Scholar
  12. Holzmann, G. J. 1999. The engineering of a model checker: The Gnu i-protocol case study revisited. In Proceedings of the Conference on Theoretical and Practical Aspects of SPIN Model Checking (SPIN'99). Lecture Notes in Computer Science, vol. 1680. Springer, 232--244. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. International Electrotechnical Commission. 1998. Functional safety for electrical/electronic/programmable electronic safety-related systems. IEC61508.Google ScholarGoogle Scholar
  14. Kanellos, M. 2005. Software glitch stalls some Toyota hybrids. http://www.news.com/Software-glitch-stalls-some-Toyota-hybrids/2100-11389_3-5895574.html.Google ScholarGoogle Scholar
  15. Linn, C., Debray, S., Andrews, G., and Schwarz, B. 2004. Stack analysis of x86 executables. http://www.cs.arizona.edu/~debray/Publications/stack-analysis.pdf.Google ScholarGoogle Scholar
  16. Lions, J. L. 1996. Ariane 5 flight 501 failure: Report of the inquiry board. http://www.esa.int.Google ScholarGoogle Scholar
  17. Manna, Z. and Pnueli, A. 1995. Temporal Verification of Reactive Systems. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Mehler, T. 2005. Challenges and applications of assembly-level software model checking. Ph.D. thesis, Universität Dortmund.Google ScholarGoogle Scholar
  19. Mercer, E. and Jones, M. 2005. Model checking machine code with the GNU debugger. In Proceedings of the Conference on Model Checking Software (SPIN'05). Lecture Notes in Computer Science, vol. 3639. Springer, 251--265. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Noll, T. and Schlich, B. 2008. Delayed nondeterminism in model checking embedded systems assembly code. In Proceedings of the Conference on Hardware and Software: Verification and Testing (HVC'07). Lecture Notes in Computer Science, vol. 4899. Springer, 185--201. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Pees, S., Hoffmann, A., Zivojnovic, V., and Meyr, H. 1999. LISA—Machine description language for cycle-accurate models of programmable dsp architectures. In Proceedings of the Conference on Design Automation Conference (DAC'99). ACM, 933--938. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Qin, W., Rajagopalan, S., and Malik, S. 2004. A formal concurrency model based architecture description language for synthesis of software development tools. In Proceedings of the Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES'04). ACM, 47--56. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Ramsey, N. and Davidson, J. W. 1998. Machine descriptions to build tools for embedded systems. In Proceedings of the Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES'98). Lecture Notes in Computer Science, vol. 1474. Springer, 172—188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Regehr, J., Reid, A., and Webb, K. 2005. Eliminating stack overflow by abstract interpretation. Trans. Embed. Comput. Syst. 4, 4, 751--778. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Rohrbach, M. 2006. An approach for model checking embedded systems software. M.S. thesis, RWTH Aachen University, Aachen, Germany.Google ScholarGoogle Scholar
  26. Schlich, B. 2008. Model checking of software for microcontrollers. Ph.D. thesis, RWTH Aachen University, Aachen, Germany.Google ScholarGoogle Scholar
  27. Schlich, B., Gückel, D., and Kowalewski, S. 2008a. Modeling the environment of microcontrollers to tackle the state-explosion problem in model checking. In Proceedings of the Conference on Formal Methods for Automation and Safety in Railway and Automotive Systems (FORMS/FORMAT'08), G. Tarnai and E. Schnieder, Eds. 27--34.Google ScholarGoogle Scholar
  28. Schlich, B. and Kowalewski, S. 2005. Model checking C source code for embedded systems. In Proceedings of the IEEE/NASA Workshop on Leveraging Applications of Formal Methods, Verification, and Validation (ISoLA'05), T. Margaria, B. Steffen, and M. G. Hinchey, Eds. 65--77. NASA/CP-2005-212788.Google ScholarGoogle Scholar
  29. Schlich, B. and Kowalewski, S. 2006. {mc}square: A model checker for microcontroller code. In Proceedings of the Conference on Leveraging Applications of Formal Methods, Verification and Validation (ISoLA'06). IEEE Computer Society Press, 466--473. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Schlich, B. and Kowalewski, S. 2007. An extendable architecture for model checking hardware-specific automotive microcontroller code. In Proceedings of the Conference on Formal Methods for Automation and Safety in Railway and Automotive Systems (FORMS/FORMAT'07), E. Schnieder and G. Tarnai, Eds. 202--212.Google ScholarGoogle Scholar
  31. Schlich, B., Löll, J., and Kowalewski, S. 2008b. Application of static analyses for state space reduction to microcontroller assembly code. In Proceedings of the Conference on Formal Methods for Industrial Critical Systems (FMICS'07). Lecture Notes in Computer Science, vol. 4916. Springer, 21--37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Schlich, B., Rohrbach, M., Weber, M., and Kowalewski, S. 2006. Model checking software for microcontrollers. Tech. rep. AIB-2006-11, RWTH Aachen University, Aachen, Germany.Google ScholarGoogle Scholar
  33. Schlich, B., Salewski, F., and Kowalewski, S. 2007. Applying model checking to an automotive microcontroller application. In Proceedings of the Conference on Industrial Embedded Systems (SIES'07). IEEE Computer Society Press, 209--216.Google ScholarGoogle Scholar
  34. Schneider, K. 2004. Verification of Reactive Systems. Texts in Theoretical Computer Science, EATCS Series. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. TIS Committee. 1995. Tool interface standard executable and linking format specification version 1.2. http://x86.ddj.com/ftp/manuals/tools/elf.pdf.Google ScholarGoogle Scholar
  36. Vergauwen, B. and Lewi, J. 1993. A linear local model checking algorithm for CTL. In Proceedings of the International Conference on Concurrency Theory (CONCUR'93). Lecture Notes in Computer Science, vol. 715. Springer, 447--461. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Visser, W., Havelund, K., Brat, G., Park, S., and Lerda, F. 2003. Model checking programs. Autom. Softw. Engin. J. 10, 2, 203--232. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Weber, M. 2007. An embeddable virtual machine for state space generation. In Proceedings of the Conference on Model Checking Software (SPIN'07). Lecture Notes in Computer Science, vol. 4595. Springer, 168--186. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Yorav, K. and Grumberg, O. 2004. Static analysis for state-space reductions preserving temporal logics. Formal Meth. Syst. Des. 25, 1, 67--96. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Model checking of software for microcontrollers

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!