Abstract
With the advances in both hardware and software of embedded systems in the past few years, dynamic memory allocation can now be safely used in embedded software. As a result, the need to develop methods to avoid heap overflow errors in safety-critical embedded systems has increased. Resource analysis of imperative programs with non-regular loop patterns and signed integers, to support both memory allocation and deallocation, has long been an open problem. Existing methods can generate symbolic bounds that are parametric w.r.t. the program inputs; such bounds, however, are imprecise in the presence of non-regular loop patterns. In this paper, we present a worst-case memory consumption analysis, based upon the framework of symbolic execution. Our assumption is that loops (and recursions) of to-be-analyzed programs are indeed bounded. We then can exhaustively unroll loops and the memory consumption of each iteration can be precisely computed and summarized for aggregation. Because of path-sensitivity, our algorithm generates more precise bounds. Importantly, we demonstrate that by introducing a new concept of reuse, symbolic execution scales to a set of realistic benchmark programs.
- E. Albert, P. Arenas, S. Genaim, G. Puebla, and D. Zanardini. Cost analysis of java bytecode. In ESOP, pages 157–172. Springer, 2007. Google Scholar
Digital Library
- E. Albert, P. Arenas, S. Genaim, G. Puebla, and D. Zanardini. Cost analysis of object-oriented bytecode programs. Theor. Comput. Sci., 413(1):142–159, 2012. Google Scholar
Digital Library
- D. A. Alonso, S. Mamagkakis, C. Poucet, M. Pe´on-Quir´os, A. Bartzas, F. Catthoor, and D. Soudris. Dynamic memory management optimization for multimedia applications. In Dynamic Memory Management for Embedded Systems, pages 167–192. Springer, 2015.Google Scholar
- J. L. Andersen, M. Todberg, A. E. Dalsgaard, and R. R. Hansen. Worst-case memory consumption analysis for scj. In Proceedings of the 11th International Workshop on Java Technologies for Real-time and Embedded Systems, pages 2–10. ACM, 2013. Google Scholar
Digital Library
- T. Bøgholm, C. Frost, R. R. Hansen, C. S. Jensen, K. S. Luckow, A. P. Ravn, H. Søndergaard, and B. Thomsen. Towards harnessing theories through tool support for hard real-time java programming. Innov. Syst. Softw. Eng., 9(1):17–28, March 2013. Google Scholar
Digital Library
- V. Braberman, F. Fernández, D. Garbervetsky, and S. Yovine. Parametric prediction of heap memory requirements. In ISMM, pages 141– 150. ACM, 2008. Google Scholar
Digital Library
- D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In CGO, pages 265–275. IEEE, 2003. Google Scholar
Digital Library
- Q. Carbonneaux, J. Hoffmann, T. Ramananandro, and Z. Shao. Endto-end verification of stack-space bounds for c programs. In PLDI, pages 270–281. ACM, 2014. Google Scholar
Digital Library
- Q. Carbonneaux, J. Hoffmann, and Z. Shao. Compositional certified resource bounds. In PLDI, pages 467–478. ACM, 2015. Google Scholar
Digital Library
- D.-H. Chu. Interpolation Methods for Symbolic Execution. PhD thesis, NATIONAL UNIVERSITY OF SINGAPORE, 2012.Google Scholar
- D.-H. Chu and J. Jaffar. Symbolic simulation on complicated loops for wcet path analysis. In EMSOFT, pages 319–328. ACM, 2011. Google Scholar
Digital Library
- D.-H. Chu and J. Jaffar. Path-sensitive resource analysis compliant with assertions. In EMSOFT, pages 1–10. IEEE, 2013. Google Scholar
Digital Library
- D.-H. Chu, J. Jaffar, and R. Maghareh. Precise cache timing analysis via symbolic execution. In RTAS, pages 293–304. IEEE, 2016.Google Scholar
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, pages 84–96. ACM, 1978. Google Scholar
Digital Library
- D. B. Emery, S. M. Kathryn, D. B. Robert, and R. W. Paul. Hoard: A scalable memory allocator for multithreaded applications. In ASPLOS, pages 117–128. ACM, 2000. Google Scholar
Digital Library
- A. Flores-Montoya and R. Hähnle. Resource analysis of complex programs with cost equations. In APLAS, pages 275–295. Springer, 2014.Google Scholar
- M. R. Guthaus, J. S. Ringenberg, D. Ernst, T. M. Austin, T. Mudge, and R. B. Brown. Mibench: A free, commercially representative embedded benchmark suite. In Proceedings of the Workload Characterization, pages 3–14. IEEE, 2001. Google Scholar
Digital Library
- R. Haemmerlé, P. L´opez-Garc´ıa, U. Liqat, M. Klemen, J. P. Gallagher, and M. V. Hermenegildo. A transformational approach to parametric accumulated-cost static profiling. In FLOPS, pages 163–180. Springer, 2016.Google Scholar
- J. Hoffmann, K. Aehlig, and M. Hofmann. Multivariate amortized resource analysis. TOPLAS, 34(3):14:1–14:62, November 2012. Google Scholar
Digital Library
- J. Jaffar, A. E. Santosa, and R. Voicu. Efficient memoization for dynamic programming with ad-hoc constraints. In AAAI, pages 297– 303. AAAI Press, 2008. Google Scholar
Digital Library
- D. Kästner and C. Ferdinand. Proving the absence of stack overflows. In SAFECOMP, pages 202–213. Springer, 2014.Google Scholar
- Y. S. Li and S. Malik. Performance analysis of embedded software using implicit path enumeration. SIGPLAN Not., 30(11):88–98, 1995. Google Scholar
Digital Library
- Llvm test suite guide. URL http://llvm.org/releases/2.2/docs/TestingGuide.html, 2015.Google Scholar
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In PLDI, pages 190–200. ACM, 2005. Google Scholar
Digital Library
- Mälardalen WCET research group benchmarks. URL http://www.mrtc.mdh.se/projects/wcet/benchmarks.html, 2006.Google Scholar
- M. Masmano, I. Ripoll, P. Balbastre, and A. Crespo. A constanttime dynamic storage allocator for real-time systems. Real-Time Syst., 40(2):149–179, November 2008. Google Scholar
Digital Library
- M. Masmano, I. Ripoll, and A. Crespo. Dynamic storage allocation for real-time embedded systems. In RTSS, Work In Progress, 2003.Google Scholar
- N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In PLDI, pages 89–100. ACM, 2007. Google Scholar
Digital Library
- O. Perks, S. D. Hammond, S. J. Pennycook, and S. A. Jarvis. Wmtrace – a lightweight memory allocation tracker and analysis framework. In Proceedings of the UK Performance Engineering Workshop, 2011.Google Scholar
- W. Puffitsch, B. Huber, and M. Schoeberl. Worst-case analysis of heap allocations. In Proceedings of the 4th International Conference on Leveraging Applications of Formal Methods, Verification, and Validation, pages 464–478. Springer, 2010. Google Scholar
Digital Library
- M. Schoeberl. Scala for real-time systems? In Proceedings of the 13th International Workshop on Java Technologies for Real-time and Embedded Systems, pages 1–5. ACM, 2015. Google Scholar
Digital Library
- P. W. Trinder, M. I. Cole, K. Hammond, H.-W. Loidl, and G. J. Michaelson. Resource analyses for parallel and distributed coordination. Concurrency and Computation: Practice and Experience, 25(3):309–348, 2013.Google Scholar
Cross Ref
Index Terms
Symbolic execution for memory consumption analysis
Recommendations
A segmented memory model for symbolic execution
ESEC/FSE 2019: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringSymbolic execution is an effective technique for exploring paths in a program and reasoning about all possible values on those paths. However, the technique still struggles with code that uses complex heap data structures, in which a pointer is allowed ...
Symbolic execution for memory consumption analysis
LCTES 2016: Proceedings of the 17th ACM SIGPLAN/SIGBED Conference on Languages, Compilers, Tools, and Theory for Embedded SystemsWith the advances in both hardware and software of embedded systems in the past few years, dynamic memory allocation can now be safely used in embedded software. As a result, the need to develop methods to avoid heap overflow errors in safety-critical ...
Past-sensitive pointer analysis for symbolic execution
ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringWe propose a novel fine-grained integration of pointer analysis with dynamic analysis, including dynamic symbolic execution. This is achieved via past-sensitive pointer analysis, an on-demand pointer analysis instantiated with an abstraction of the ...







Comments