skip to main content
research-article

Effective Verification for Low-Level Software with Competing Interrupts

Published:07 December 2017Publication History
Skip Abstract Section

Abstract

Interrupt-driven software is difficult to test and debug, especially when interrupts can be nested and subject to priorities. Interrupts can arrive at arbitrary times, leading to an exponential blow-up in the number of cases to consider. We present a new formal approach to verifying interrupt-driven software based on symbolic execution. The approach leverages recent advances in the encoding of the execution traces of interacting, concurrent threads. We assess the performance of our method on benchmarks drawn from embedded systems code and device drivers, and experimentally compare it to conventional approaches that use source-to-source transformations. Our results show that our method significantly outperforms these techniques. To the best of our knowledge, our work is the first to demonstrate effective verification of low-level embedded software with nested interrupts.

References

  1. Aws Albarghouthi, Arie Gurfinkel, and Marsha Chechik. 2012a. Craig interpretation. In Proceedings of the 19th International Symposium on Static Analysis (LNCS), Vol. 7460. Springer, 300--316. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Aws Albarghouthi, Arie Gurfinkel, and Marsha Chechik. 2012b. From under-approximations to over-approximations and back. In Proceedings of the 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (LNCS), Vol. 7214. Springer, 157--172. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Aws Albarghouthi, Arie Gurfinkel, and Marsha Chechik. 2012c. Whale: An interpolation-based algorithm for inter-procedural verification. In Proceedings of the 13th International Conference on Verification, Model Checking, and Abstract Interpretation (LNCS), Vol. 7148. Springer, 39--55. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Aws Albarghouthi, Yi Li, Arie Gurfinkel, and Marsha Chechik. 2012d. UFO: A framework for abstraction- and interpolation-based software verification. In Proceedings of the 24th International Conference on Computer Aided Verification (LNCS), Vol. 7358. Springer, 672--678. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Jade Alglave, Daniel Kroening, and Michael Tautschnig. 2013. Partial orders for efficient bounded model checking of concurrent software. In Proceedings of the 25th International Conference on Computer Aided Verification (LNCS), Vol. 8044. Springer, 141--157.Google ScholarGoogle ScholarCross RefCross Ref
  6. Jade Alglave, Luc Maranget, Susmit Sarkar, and Peter Sewell. 2012. Fences in weak memory models (extended version). Formal Methods Syst. Design 40, 2 (2012), 170--205. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Doina Bucur and Marta Z. Kwiatkowska. 2011. On software verification for sensor nodes. Softw. Syst. 84, 10 (2011), 1693--1707. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Andy Chou, Junfeng Yang, Benjamin Chelf, Seth Hallem, and Dawson R. Engler. 2001. An empirical study of operating system errors. In Proceedings of the 18th ACM Symposium on Operating System Principles. ACM, 73--88. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Edmund M. Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2000. Counterexample-guided abstraction refinement. In Proceedings of the 12th International Conference on Computer Aided Verification (LNCS), Vol. 1855. Springer, 154--169. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Edmund M. Clarke, Orna Grumberg, and Doron Peled. 2001. Model Checking. MIT Press.Google ScholarGoogle Scholar
  11. Edmund M. Clarke, Daniel Kroening, and Flavio Lerda. 2004. A tool for checking ANSI-C programs. In Proceedings of the 10th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (LNCS), Vol. 2988. Springer, 168--176.Google ScholarGoogle ScholarCross RefCross Ref
  12. Edmund M. Clarke, Daniel Kroening, Natasha Sharygina, and Karen Yorav. 2005. SATABS: SAT-based predicate abstraction for ANSI-C. In Proceedings of the 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (LNCS), Vol. 3440. Springer, 570--574. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Edmund M. Clarke, Daniel Kroening, and Karen Yorav. 2003. Behavioral consistency of C and verilog programs using bounded model checking. In Proceedings of the 40th Design Automation Conference. ACM, 368--371. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Matthias Dangl, Stefan Löwe, and Philipp Wendler. 2015. CPAchecker with support for recursive programs and floating-point arithmetic (competition contribution). In Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems (LNCS), Vol. 9035. Springer, 423--425. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Patrice Godefroid. 1994. Partial-Order Methods for the Verification of Concurrent Systems—An Approach to the State-Explosion Problem. Ph.D. Dissertation. University of Liege, Computer Science Department.Google ScholarGoogle Scholar
  16. Patrice Godefroid and Pierre Wolper. 1991. Using partial orders for the efficient verification of deadlock freedom and safety properties. In Proceedings of the 3rd International Workshop on Computer Aided Verification (LNCS), Vol. 575. Springer, 332--342. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Ashutosh Gupta, Corneliu Popeea, and Andrey Rybalchenko. 2011. Predicate abstraction and refinement for verifying multi-threaded programs. In Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 331--344. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Gerard J. Holzmann. 1997. The model checker SPIN. IEEE Trans. Software Eng. 23, 5 (1997), 279--295. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Omar Inverso, Truc L. Nguyen, Bernd Fischer, Salvatore La Torre, and Gennaro Parlato. 2015. Lazy-CSeq: A context-bounded model checking tool for multi-threaded C-programs. In Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering. IEEE, 807--812.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Shmuel Katz and Doron Peled. 1988. An efficient verification method for parallel and distributed programs. In Proceedings of the Workshop on Linear Time, Branching Time, and Partial Order in Logics and Models for Concurrency (LNCS), Vol. 354. Springer, 489--507. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Nicholas Kidd, Suresh Jagannathan, and Jan Vitek. 2010. One stack to run them all -- Reducing concurrent analysis to sequential analysis under priority scheduling. In Proceedings of the 17th International SPIN Workshop on Model Checking Software (LNCS), Vol. 6349. Springer, 245--261. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Leslie Lamport. 1997. How to make a correct multiprocess program execute correctly on a multiprocessor. IEEE Trans. Comput. 46, 7 (1997), 779--782. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Chunxiao Li, Anand Raghunathan, and Niraj K. Jha. 2013. Improving the trustworthiness of medical device software with formal verification methods. Embed. Syst. Lett. 5, 3 (2013), 50--53.Google ScholarGoogle ScholarCross RefCross Ref
  24. Han Liu, Yu Jiang, Huafeng Zhang, Ming Gu, and Jiaguang Sun. 2016. Taming interrupts for verifying industrial multifunction vehicle bus controllers. In Proceedings of the 21st International Symposium on Formal Methods (LNCS), Vol. 9995. Springer, 764--771.Google ScholarGoogle ScholarCross RefCross Ref
  25. Kenneth L. McMillan. 2006. Lazy abstraction with interpolants. In Proceedings of the 18th International Conference on Computer Aided Verification (LNCS), Vol. 4144. Springer, 123--136. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Jeremy Morse, Mikhail Ramalho, Lucas C. Cordeiro, Denis Nicole, and Bernd Fischer. 2014. ESBMC 1.22 (competition contribution). In Proceedings of the 20th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (LNCS), Vol. 8413. Springer, 405--407.Google ScholarGoogle Scholar
  27. Abdelraouf Ouadjaout, Antoine Miné, Noureddine Lasla, and Nadjib Badache. 2016. Static analysis by abstract interpretation of functional properties of device drivers in TinyOS. Softw. Syst. 120 (2016), 114--132. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Nicolas Palix, Gaël Thomas, Suman Saha, Christophe Calvès, Julia L. Lawall, and Gilles Muller. 2011. Faults in linux: Ten years later. In Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 305--318. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Doron Peled. 1994. Combining partial order reductions with on-the-fly model-checking. In Proceedings of the 6th International Conference on Computer Aided Verification (LNCS), Vol. 818. Springer, 377--390. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Corneliu Popeea and Andrey Rybalchenko. 2013. Threader: A verifier for multi-threaded programs (competition contribution). In Proceedings of the 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (LNCS), Vol. 7795. Springer, 633--636. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. John Regehr and Nathan Cooprider. 2007. Interrupt verification via thread verification. Electron. Notes Theor. Comput. Sci. 174, 9 (2007), 139--150. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Bastian Schlich, Thomas Noll, Jörg Brauer, and Lucas Brutschy. 2009. Reduction of interrupt handler executions for model checking embedded software. In Proceedings of the 5th International Haifa Verification Conference on Hardware and Software: Verification and Testing (LNCS), Vol. 6405. Springer, 5--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Martin D. Schwarz, Helmut Seidl, Vesal Vojdani, and Kalmer Apinis. 2014. Precise analysis of value-dependent synchronization in priority scheduled programs. In Proceedings of the 15th International Conference on Verification, Model Checking, and Abstract Interpretation (LNCS), Vol. 8318. Springer, 21--38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Pavel Shved, Mikhail U. Mandrykin, and Vadim S. Mutilin. 2012. Predicate analysis with BLAST 2.7 (competition contribution). In Proceedings of the 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (LNCS), Vol. 7214. Springer, 525--527. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Nishant Sinha and Chao Wang. 2010. Staged concurrent program analysis. In Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 47--56. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Nishant Sinha and Chao Wang. 2011. On interference abstractions. In Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 423--434. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Thilo Vörtler, Benny Höckner, Petra Hofstedt, and Thomas Klotz. 2015. Formal verification of software for the contiki operating system considering interrupts. In Proceedings of the 18th International Symposium on Design and Diagnostics of Electronic Circuits and Systems (DDECS’15). IEEE, 295--298. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Björn Wachter, Daniel Kroening, and Joël Ouaknine. 2013. Verifying multi-threaded software with impact. In Proceedings of the International Conference on Formal Methods in Computer-Aided Design. IEEE, 210--217.Google ScholarGoogle ScholarCross RefCross Ref
  39. Thomas Witkowski, Nicolas Blanc, Daniel Kroening, and Georg Weissenbacher. 2007. Model checking concurrent linux device drivers. In Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering. ACM, 501--504. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Xueguang Wu, Yanjun Wen, Liqian Chen, Wei Dong, and Ji Wang. 2013. Data race detection for interrupt-driven programs via bounded model checking. In Proceedings of the 7th International Conference on Software Security and Reliability. IEEE, 204--210. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Effective Verification for Low-Level Software with Competing Interrupts

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!