Abstract
In safety-critical embedded systems the stack typically is the only dynamically allocated memory area. However, the maximal stack usage must be statically known: at configuration time developers have to reserve enough stack space for each task. Stack overflow errors are often hard to find but can cause the system to crash or behave erroneously. All current safety standards, e.g., ISO-26262, require upper estimations of the storage space; due to its dynamic behavior the stack is an especially critical storage area.
Typically neither testing and measuring nor static source code analysis can provide safe bounds on the worst-case stack usage. A safe upper bound can be computed by whole-program static analysis at the executable code level. When an Abstract Interpretation based static analyzer is used, it can be formally proven that the maximal stack usage will never be underestimated. The challenge for binary-code level analyzers is to minimize the necessary amount of user interactions, e.g., for function pointer calls. To minimize user interaction, the analysis has to be precise, and the annotation mechanism has to be flexible and easy-to-use. The analyzer configuration has to be done once for each software project; afterwards the analysis can be run automatically, supporting continuous verification.
In this article we describe the principles of Abstract Interpretation based stack analysis. We present an annotation language addressing all properties of typical automotive and avionics software and report on practical experience.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
AbsInt. AIS Quick Reference Guide (2013)
AbsInt. XTC Language Specification Version 2.1 (2013), http://www.absint.com/xtc/
Biswas, S., Simpson, M., Barua, R.: Memory overflow protection for embedded systems using run-time checks, reuse and compression. In: Proceedings of the 2004 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems, CASES 2004, pp. 280–291. ACM, New York (2004)
Brylow, D., Damgaard, N., Palsberg, J.: Static checking of interrupt-driven software. In: Proceedings of the 23rd International Conference on Software Engineering, ICSE 2001, pp. 47–56. IEEE Computer Society Press, Washington, DC (2001)
Chatterjee, K., Ma, D., Majumdar, R., Zhao, T., Henzinger, T.A., Palsberg, J.: Stack size analysis for interrupt-driven programs. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 109–126. Springer, Heidelberg (2003)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 238–252. ACM Press, New York (1977)
Dunn, M.: Toyota’s killer firmware: Bad design and its consequences. EDN Network (October 2013), http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences
Engelschall, R.S.: Portable multithreading: The signal stack trick for user-space thread creation. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2000, p. 20. USENIX Association, Berkeley (2000)
Eslamimehr, M., Palsberg, J.: Testing versus static analysis of maximum stack size. In: Proceedings of the 2013 IEEE 37th Annual Computer Software and Applications Conference, COMPSAC 2013, pp. 619–626. IEEE Computer Society Press, Washington, DC (2013)
Ferdinand, C.: Cache Behavior Prediction for Real-Time Systems. PhD thesis, Saarland University (1997)
Ferdinand, C., Heckmann, R., Franzen, B.: Static Memory and Timing Analysis of Embedded Systems Code. In: Groot, P. (ed.) Proceedings of the 3rd European Symposium on Verification and Validation of Software Systems (VVSS 2007), Eindhoven, The Netherlands, March 23. TUE Computer Science Reports, vol. 07-04 (2007)
Ferdinand, C., Heckmann, R., Le Sergent, T., Lopes, D., Martin, B., Fornari, X., Martin, F.: Combining a high-level design tool for safety-critical systems with a tool for WCET analysis on executables. In: 4th European Congress ERTS Embedded Real Time Software, Toulouse, France (January 2008)
Guillemin, P.: Stack overflow detection using the ST9 timer/watchdog. Doc id 2476 rev 2, STMicroelectronics (2011)
Heckmann, R., Ferdinand, C.: Stack Usage Analysis and Software Visualization for Embedded Processors. In: Grote, C. (ed.) Vorträge und Begleittexte zur Embedded Intelligence 2002. Grundlagen, Architekturen, Werkzeuge und Lösungen, Nürnberg, Poing, Februar 19-21. Design & Elektronik (2002)
Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D., Pister, K.: System architecture directions for networked sensors. SIGARCH Comput. Archit. News 28(5), 93–104 (2000)
Kästner, D., Kiffmeier, U., Fleischer, D., Nenova, S., Schlickling, M., Ferdinand, C.: Integrating Model-Based Code Generators with Static Program Analyzers. Embedded World Congress (2013)
Kästner, D., Pister, M., Gebhard, G., Schlickling, M., Ferdinand, C.: Confidence in Timing. In: Safecomp 2013 Workshop: Next Generation of System Assurance Approaches for Safety-Critical Systems, SASSUR (September 2013)
Kim, H., Cha, H.: Multithreading optimization techniques for sensor network operating systems. In: Langendoen, K.G., Voigt, T. (eds.) EWSN 2007. LNCS, vol. 4373, pp. 293–308. Springer, Heidelberg (2007)
Miné, A.: Weakly Relational Numerical Abstract Domains. PhD thesis, École Polytechnique, Palaiseau, France (December 2004), http://www.di.ens.fr/~mine/these/these-color.pdf
OSEK/VDX. OSEK/VDX Operating System. Version 2.2.3 (2005)
Park, S.H., Lee, D.K., Kang, S.J.: Compiler-assisted maximum stack usage measurement technique for efficient multi-threading in memory-limited embedded systems. In: Lee, R. (ed.) Computers,Networks, Systems, and Industrial Engineering 2011. SCI, vol. 365, pp. 113–129. Springer, Heidelberg (2011)
Radio Technical Commission for Aeronautics. RTCA DO-178B. Software Considerations in Airborne Systems and Equipment Certification (1992)
Real Time Engineers Ltd. FreeRTOSTM web page: Stack Usage and Stack Overflow Checking (2010), http://www.freertos.org/Stacks-and-stack-overflow-checking.html
Regehr, J.: Random testing of interrupt-driven software. In: Proceedings of the 5th ACM International Conference on Embedded Software, EMSOFT 2005, pp. 290–298. ACM, New York (2005)
Regehr, J., Reid, A., Webb, K.: Eliminating stack overflow by abstract interpretation. ACM Trans. Embed. Comput. Syst. 4(4), 751–778 (2005)
Theiling, H.: Extracting Safe and Precise Control Flow from Binaries. In: Proceedings of the 7th Conference on Real-Time Computing and Applications Symposium (RTCSA 2000), Cheju Island, South Korea, December 12-14, pp. 23–30. IEEE Computer Society Press (2000)
Thesing, S.: Safe and Precise WCET Determinations by Abstract Interpretation of Pipeline Models. PhD thesis, Saarland University (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kästner, D., Ferdinand, C. (2014). Proving the Absence of Stack Overflows. In: Bondavalli, A., Di Giandomenico, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science, vol 8666. Springer, Cham. https://doi.org/10.1007/978-3-319-10506-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-10506-2_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10505-5
Online ISBN: 978-3-319-10506-2
eBook Packages: Computer ScienceComputer Science (R0)