Sequoll: A framework for model checking binaries

Real-Time Technology and Applications - Proceedings

Volumn , Issue , 2013, Pages 97-106

  Blackham, Bernard ^a   Heiser, Gernot ^a  

^a CSIRO   (Australia)

Author keywords

Operating system kernels; Real time systems; Software verification and validation

Indexed keywords

ERROR PRONES; INFEASIBLE PATHS; INTERRUPT LATENCY; MULTI-CRITICALITY; OPERATING SYSTEM KERNEL; SOFTWARE VERIFICATION AND VALIDATION; WCET ANALYSIS;

CRITICALITY (NUCLEAR FISSION); INTERACTIVE COMPUTER SYSTEMS; MODEL CHECKING;

REAL TIME SYSTEMS;

EID: 84881105004     PISSN: 10801812     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/RTAS.2013.6531083     Document Type: Conference Paper

References (33)

1. Avionics Application Software Standard Interface, Nov 2012, ARINC Standard 653.
2. A. Hergenhan and G. Heiser, "Operating systems technology for converged ECUs," in 6th Emb. Security in Cars Conf. (escar). Hamburg, Germany: ISITS, Nov 2008.
3. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood, "seL4: Formal verification of an OS kernel," in 22nd SOSP. Big Sky, MT, USA: ACM, Oct 2009, pp. 207-220.
4. B. Blackham, Y. Shi, S. Chattopadhyay, A. Roychoudhury, and G. Heiser, "Timing analysis of a protected operating system kernel," in 32nd RTSS, Vienna, Austria, Nov 2011, pp. 339-348.
5. B. Blackham, Y. Shi, and G. Heiser, "Improving interrupt response time in a verifiable protected microkernel," in 7th EuroSys Conf., Bern, Switzerland, Apr 2012, pp. 323-336.
6. A. Fox and M. Myreen, "A trustworthy monadic formalization of the ARMv7 instruction set architecture," in 1st ITP, ser. LNCS, M. Kaufmann and L. C. Paulson, Eds., vol. 6172. Edinburgh, UK: Springer- Verlag, Jul 2010, pp. 243-258.
7. J. Gustafsson, A. Betts, A. Ermedahl, and B. Lisper, "The Mälardalen WCET benchmarks - past, present and future," in 10th WS Worst-Case Execution-Time Analysis. Brussels, Belgium: OCG, Jul 2010, pp. 137- 147.
8. A. Metzner, "Why model checking can improve WCET analysis," in Computer Aided Verification, ser. LNCS, R. Alur and D. Peled, Eds. Springer-Verlag, 2004, vol. 3114, pp. 298-301.
9. C. Cullmann and F. Martin, "Data-flow based detection of loop bounds," in 7th WS Worst-Case Execution-Time Analysis, 2007.
10. P. Lokuciejewski, D. Cordes, H. Falk, and P. Marwedel, "A fast and precise static loop analysis based on abstract interpretation, program slicing and polytope models," in 7th IEEE Symp. Code Generation & Optimization. Washington, DC, USA: IEEE Computer Society, 2009, pp. 136-146.
11. R. Blanc, T. A. Henzinger, T. Hottelier, and L. Kovács, "ABC: algebraic bound computation for loops," in 16th Int. Conf. Logic for Progr., Artificial Intelligence & Reasoning. Berlin, Heidelberg: Springer- Verlag, 2010, pp. 103-118.
12. J. Gustafsson, A. Ermedahl, C. Sandberg, and B. Lisper, "Automatic derivation of loop bounds and infeasible paths for WCET analysis using abstract execution," in 27th RTSS. Washington, DC, USA: IEEE Computer Society, 2006, pp. 57-66.
13. J. Knoop, L. Kovàcs, and J. Zwirchmayr, "r-TuBound: Loop bounds for WCET analysis (tool paper)," in Logic for Programming, Artificial Intelligence, and Reasoning, ser. LNCS, N. Bjrner and A. Voronkov, Eds. Springer Berlin / Heidelberg, 2012, vol. 7180, pp. 435-444.
14. B. Rieder, P. Puschner, and I. Wenzel, "Using model checking to derive loop bounds of general loops within ANSI-C applications for measurement based WCET analysis," in Intelligent Solutions in Embedded Systems, 2008 International Workshop on, Jul 2008, pp. 1-7.
15. I. Narasamdya and A. Voronkov, "Finding basic block and variable correspondence," in Proceedings of the 12th international conference on Static Analysis, ser. SAS'05. Berlin, Heidelberg: Springer-Verlag, 2005, pp. 251-267.
16. F. Cassez, "Timed games for computing WCET for pipelined processors with caches," in 11th Int. Conf. Applic. Concurrency to Syst. Design. IEEE Comp. Soc., Jun 2011, pp. 195-204.
17. V. Suhendra, T. Mitra, A. Roychoudhury, and T. Chen, "Efficient detection and exploitation of infeasible paths for software timing analysis," in 43rd DAC. New York, NY, USA: ACM, 2006, pp. 358-363.
18. M. N. Ngo and H. B. K. Tan, "Detecting large number of infeasible paths through recognizing their patterns," in 6th ESEC. New York, NY, USA: ACM, 2007, pp. 215-224.
19. D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar, "The software model checker BLAST: Applications to software engineering," Int. J. Softw. Tools for Technology Transfer, vol. 9, no. 5, pp. 505-525, 2007.
20. A. V. Thakur, J. Lim, A. Lal, A. Burton, E. Driscoll, M. Elder, T. Andersen, and T. W. Reps, "Directed proof generation for machine code," in 22nd CAV, 2010, pp. 288-305.
21. J. Jaffar, V. Murali, J. A. Navas, and A. E. Santosa, "TRACER: A symbolic execution tool for verification," in 24th CAV. Berlin, Heidelberg: Springer-Verlag, 2012.
22. V. Chipounov, V. Kuznetsov, and G. Candea, "The S2E platform: Design, implementation, and applications," ACM Trans. Comp. Syst., vol. 30, no. 1, pp. 2:1-2:49, Feb 2012.
23. M. Daum, S. Maus, N. Schirmer, and M. N. Seghir, "Integration of a software model checker into Isabelle," in 12th Int. Conf. Logic for Progr., Artificial Intelligence & Reasoning. Berlin, Heidelberg: Springer- Verlag, 2005, pp. 381-395.
24. J. Kinder and H. Veith, "Jakstab: A static analysis platform for binaries," in 20th CAV. Berlin, Heidelberg: Springer-Verlag, 2008, pp. 423-427.
25. S. Bardin, P. Herrmann, J. Leroux, O. Ly, R. Tabary, and A. Vincent, "The BINCOA framework for binary code analysis," in 23rd CAV. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 165-170.
26. L. Zhao, G. Li, B. De Sutter, and J. Regehr, "ARMor: fully verified software fault isolation," in 11th EMSOFT. New York, NY, USA: ACM, 2011, pp. 289-298.
27. J. Kinder, F. Zuleger, and H. Veith, "An abstract interpretation-based framework for control flow reconstruction from binaries," in 10th Int. Conf. Verification, Model Checking & Abstract Interpretation. Berlin, Heidelberg: Springer-Verlag, 2009, pp. 214-228.
28. S. Bardin, P. Herrmann, and F. Védrine, "Refinement-based CFG reconstruction from unstructured programs," in 12th Int. Conf. Verification, Model Checking & Abstract Interpretation. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 54-69.
29. R. E. Tarjan, "Testing flow graph reducibility," J. Comp. & Syst. Sci., vol. 9, no. 3, pp. 355-365, 1974.
30. P. Havlak, "Nesting of reducible and irreducible loops," ACM Trans. Progr. Lang. & Syst., vol. 19, no. 4, pp. 557-567, Jul 1997.
31. R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck, "Efficiently computing static single assignment form and the control dependence graph," ACM Trans. Progr. Lang. & Syst., vol. 13, pp. 451- 490, October 1991.
32. M. Weiser, "Program slicing," IEEE Trans. Softw. Engin., vol. SE-10, no. 4, pp. 352-357, Jul 1984.
33. A. Fox, "Directions in ISA specification," in 3rd ITP, ser. LNCS. Princeton, New Jersey: Springer-Verlag, Aug 2012.