Skip to main content
Springer Nature Link
Log in

Range Analysis of Microcontroller Code Using Bit-Level Congruences

  • Conference paper
Formal Methods for Industrial Critical Systems (FMICS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6371))

  • 565 Accesses

Abstract

Bitwise instructions, loops and indirect data access pose difficult challenges to the verification of microcontroller programs. In particular, it is necessary to show that an indirect write does not mutate registers, which are indirectly addressable. To prove this property, among others, this paper presents a relational binary-code semantics and details how this can be used to compute program invariants in terms of bit-level congruences. Moreover, it demonstrates how congruences can be combined with intervals to derive accurate ranges, as well as information about strided indirect memory accesses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Atmel Corporation. 8-bit AVR Instruction Set (July 2008)

    Google Scholar 

  2. Bagnara, R., Dobson, K., Hill, P., Mundell, M., Zaffanella, E.: Grids: A domain for analyzing the distribution of numerical values. In: Puebla, G. (ed.) LOPSTR 2006. LNCS, vol. 4407, pp. 219–235. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Balakrishnan, G., Reps, T.W.: WYSINWYX: What You See Is Not What You eXecute. ACM Trans. Program. Lang. Syst. (to appear, 2010)

    Google Scholar 

  4. Brauer, J., King, A.: Automatic abstraction for intervals using boolean formulae. In: SAS 2010. LNCS. Springer, Heidelberg (2010)

    Google Scholar 

  5. Brauer, J., Noll, T., Schlich, B.: Interval analysis of microcontroller code using abstract interpretation of hardware and software. In: SCOPES. ACM, New York (to appear, 2010)

    Google Scholar 

  6. Codish, M., Lagoon, V., Stuckey, P.J.: Logic programming with Satisfiability. Theory and Practice of Logic Programming 8(1), 121–128 (2008)

    Article  MATH  Google Scholar 

  7. Codish, M., Mulkers, A., Bruynooghe, M., García de la Banda, M.J., Hermenegildo, M.V.: Improving abstract interpretations by combining domains. ACM Trans. Program. Lang. Syst. 17(1), 28–44 (1995)

    Article  Google Scholar 

  8. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252. ACM, New York (1977)

    Google Scholar 

  9. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: POPL, pp. 269–282 (1979)

    Google Scholar 

  10. Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Mine, A., Monniaux, D., Rival, X.: The Astrée analyser. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Cousot, P., Halbwachs, N.: Automatic Discovery of Linear Restraints Among Variables of a Program. In: POPL, pp. 84–97. ACM Press, New York (1978)

    Google Scholar 

  12. Eide, E., Regehr, J.: Volatiles are miscompiled, and what to do about it. In: EMSOFT, pp. 255–264. ACM, New York (2008)

    Chapter  Google Scholar 

  13. Granger, P.: Static analysis of linear congruence equalities among variables of a program. In: Abramsky, S. (ed.) CAAP 1991 and TAPSOFT 1991. LNCS, vol. 493, pp. 169–192. Springer, Heidelberg (1991)

    Google Scholar 

  14. Gulwani, S., McCloskey, B., Tiwari, A.: Lifting abstract interpreters to quantified logical domains. In: POPL, pp. 235–246. ACM, New York (2008)

    Google Scholar 

  15. King, A., Søndergaard, H.: Inferring congruence equations using SAT. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 281–293. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. King, A., Søndergaard, H.: Automatic abstraction for congruences. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 281–293. Springer, Heidelberg (2010)

    Google Scholar 

  17. Miné, A.: The Octagon Abstract Domain. Higher-Order and Symbolic Computation 19(1), 31–100 (2006)

    Article  MATH  Google Scholar 

  18. Müller-Olm, M., Seidl, H.: Analysis of Modular Arithmetic. ACM Trans. Program. Lang. Syst. 29(5) (August 2007)

    Google Scholar 

  19. Noll, T., Schlich, B.: Delayed nondeterminism in model checking embedded systems assembly code. In: Yorav, K. (ed.) HVC 2007. LNCS, vol. 4899, pp. 185–201. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Regehr, J., Reid, A.: HOIST: A system for automatically deriving static analyzers for embedded systems. Operating Systems Review 38(5), 133–143 (2004)

    Article  Google Scholar 

  21. Reps, T., Sagiv, M., Yorsh, G.: Symbolic Implementation of the Best Transformer. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 252–266. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Simon, A., King, A.: Taming the wrapping of integer arithmetic. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 121–136. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Embedded Software Laboratory, RWTH Aachen University, Germany

    Jörg Brauer & Stefan Kowalewski

  2. Portcullis Computer Security, Pinner, HA5 2EX, UK

    Andy King

Authors
  1. Jörg Brauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andy King
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefan Kowalewski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Embedded Software Laboratory, RWTH Aachen, Ahornstr. 55, 52074, Aachen, Germany

    Stefan Kowalewski

  2. Fondazione Bruno Kessler — IRST, Via Sommarive 18, 38123, Povo (Trento), Italy

    Marco Roveri

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Brauer, J., King, A., Kowalewski, S. (2010). Range Analysis of Microcontroller Code Using Bit-Level Congruences. In: Kowalewski, S., Roveri, M. (eds) Formal Methods for Industrial Critical Systems. FMICS 2010. Lecture Notes in Computer Science, vol 6371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15898-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15898-8_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15897-1

  • Online ISBN: 978-3-642-15898-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics