Automatic Bug Detection in Microcontroller Software by Static Program Analysis

Fehnker, Ansgar; Huuck, Ralf; Schlich, Bastian; Tapp, Michael

doi:10.1007/978-3-540-95891-8_26

Cited by 11 publications

(17 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The general drawback of the model-checking approach is that the verification it provides cannot be exhaustive, it cannot model any possible number of executions during the states of a timing chart, contrary to deductive verification. On the other hand, abstract interpretation has also been used for a long time for verifying software, in particular microcontroller software [12,15] and PLC software [5] (in combination with model-checking). Contrary to model-checking, abstract interpretation gives a full guarantee when it detects no error in a program, but it is dedicated to compute the possible values of variables during the execution of a program, and is not suited for verifying temporal properties.…”

Section: Results On Incorrect Codementioning

confidence: 99%

Automated Verification of Temporal Properties of Ladder Programs

Lourenço

Cousineau

Faissole

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Programmable Logic Controllers (PLCs) are industrial digital computers used as automation controllers in manufacturing processes. The Ladder language is a programming language used to develop PLC software. Our aim is to prove that a given Ladder program conforms to an expected temporal behaviour given as a timing chart, describing scenarios of execution. We translate the Ladder code and the timing chart into a program for the Why3 environment, within which the verification proceeds by generating verification conditions, to be checked valid using automated theorem provers. The ultimate goal is two-fold: first, by obtaining a complete proof, we can verify the conformance of the Ladder code with respect to the timing chart with a high degree of confidence. Second, when the proof is not fully completed, we obtain a counterexample, illustrating a possible execution scenario of the Ladder code which does not conform to the timing chart.

show abstract

Section: Results On Incorrect Codementioning

confidence: 99%

Automated Verification of Temporal Properties of Ladder Programs

Lourenço

Cousineau

Faissole

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The required property "v is used before being defined" is then encoded as the CTL formula E[(¬d v ) U u v ]. Similar encoding scheme is presented in Fehnker et al [2007Fehnker et al [ , 2009 for static analysis of C/C++ programs. The method to convert an FSMD into an equivalent Kripke structure [Clarke et al 2002] (a step needed for applying model checking) is given as Algorithm 1.…”

Section: Encoding and Model Checking Of The Data-flow Propertiesmentioning

confidence: 90%

Formal verification of code motion techniques using data-flow-driven equivalence checking

Karfa¹,

Mandal

Sarkar

2012

ACM Trans. Des. Autom. Electron. Syst.

View full text Add to dashboard Cite

A formal verification method for checking correctness of code motion techniques is presented in this article. Finite State Machine with Datapath (FSMD) models have been used to represent the input and the output behaviors of each synthesis step. The method introduces cutpoints in one FSMD, visualizes its computations as concatenation of paths from cutpoints to cutpoints, and then identifies equivalent finite path segments in the other FSMD; the process is then repeated with the FSMDs interchanged. Unlike many other reported techniques, the method is capable of verifying both uniform and nonuniform code motion techniques. It has been underlined in this work that for nonuniform code motions, identifying equivalent path segments involves model checking of some data-flow properties. Our method automatically identifies the situations where such properties are needed to be checked during equivalence checking, generates the appropriate properties, and invokes the model checking tool NuSMV to verify them. The correctness and the complexity of the method have been dealt with. Experimental results demonstrate the effectiveness of the method.

show abstract

“…There has also been some research that uses program analysis techniques for interrupt-driven software [8], [11], [23], [29]. For example, Schlich et al [29] use model checking of assembly code software for microcontrollers; this approach does not check temporal properties of the software.…”

Section: Related Workmentioning

confidence: 99%

SimLatte: A Framework to Support Testing for Worst-Case Interrupt Latencies in Embedded Software

Srisa-an

Cohen

et al. 2014

2014 IEEE Seventh International Conference on Software Testing, Verification and Validation

View full text Add to dashboard Cite

Embedded systems tend to be interrupt-driven, yet the presence of interrupts can affect system dependability because there can be delays in servicing interrupts. Such delays can occur when multiple interrupt service routines and interrupts of different priorities compete for resources on a given CPU. For this reason, researchers have sought approaches by which to estimate worst-case interrupt latencies (WCILs) for systems. Most existing approaches, however, are based on static analysis. In this paper, we present SIMLATTE, a testing-based approach for finding WCILs. SIMLATTE uses a genetic algorithm for test case generation that converges on a set of inputs and interrupt arrival points that are likely to expose WCILs. It also uses an opportunistic interrupt invocation approach to invoke interrupts at a variety of feasible locations. Our evaluation of SIMLATTE on several non-trivial embedded systems reveals that it is considerably more effective and efficient than random testing. We also determine that the combination of the genetic algorithm and opportunistic interrupt invocation allows SIMLATTE to perform better than it can when using either one in isolation.

show abstract

Automatic Bug Detection in Microcontroller Software by Static Program Analysis

Cited by 11 publications

References 7 publications

Automated Verification of Temporal Properties of Ladder Programs

Automated Verification of Temporal Properties of Ladder Programs

Formal verification of code motion techniques using data-flow-driven equivalence checking

SimLatte: A Framework to Support Testing for Worst-Case Interrupt Latencies in Embedded Software

Contact Info

Product

Resources

About