Efficient memory safety for TinyOS

Cooprider, Nathan; Archer, Will; Eide, Eric; Regehr, John

doi:10.1145/1322263.1322283

Cited by 86 publications

(76 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Advantageously, this generation is completely automatic, with CBMC analysing an array's declaration to !nd the index bounds; SafeTinyOS (Cooprider et al, 2007), for example, has programmers explicitly type-annotate arrays with access bounds instead.…”

Section: Assertions Nondeterminism and Assumptionsmentioning

confidence: 99%

“…To this end, in the process of program transformation, tos2cprover reports to the programmer the list of encountered memory dereferences, and translates the constant address implicated to its section in the memory map, e.g., for the line: In some cases (particularly for dereferences of address 0x0), an inspection of this report is advisable to sort any null pointers from legitimate peripheral access. A similar approach is taken by SafeTinyOS (Cooprider et al, 2007), which has programmers explicitly mark legal dereferences of constants with a trusted type, and thus make null-pointer dereferences visible.…”

Section: Constant-address Dereferencementioning

confidence: 99%

“…While a necessary solution to ensure safe execution in all execution contexts, runtime error detection for deployments is potentially followed by the expensive redeployment of software, and could instead be preceded by compile-time means of error detection to save on redeployment efforts. Safe TinyOS (Cooprider et al, 2007) detects memory and type violations in deployed TinyOS code, and transfers control to a fault handler, which either reboots or powers down after sending a concise failure report to its base station. The failure report identi!es the error type and its source code location (but does not give an execution trace clarifying the context which caused the error); the failure report is used to debug the code post-deployment.…”

Section: Runtime Safetymentioning

confidence: 99%

See 2 more Smart Citations

On software verification for sensor nodes

Bucur

Kwiatkowska

2011

Journal of Systems and Software

View full text Add to dashboard Cite

We consider software written for networked, wireless sensor nodes, and specialize software verification techniques for standard C programs in order to locate programming errors in sensor applications before the software's deployment on motes. Ensuring the reliability of sensor applications is challenging: lowlevel, interrupt-driven code runs without memory protection in dynamic environments. The difficulties lie with (i) being able to automatically extract standard C models out of the particular "avours of embedded C used in sensor programming solutions, and (ii) decreasing the resulting program's state space to a degree that allows practical verification times.We contribute a platform-dependent, OS-independent software verification tool for OS-wide programs written in MSP430 embedded C with asynchronous hardware interrupts. Our tool automatically translates the program into standard C by modelling the MCU's memory map and direct memory access. To emulate the existence of hardware interrupts, calls to hardware interrupt handlers are added, and their occurrence is minimized with a double strategy: a partial-order reduction technique, and a supplementary reachability check to reduce overapproximation. This decreases the program's state space, while preserving program semantics. Safety speci!cations are written as C assertions embedded in the code. The resulting sequential program is then passed to CBMC, a bounded software veri!er for sequential ANSI C. Besides standard errors (e.g., out-of-bounds arrays, null-pointer dereferences), this tool chain is able to verify application-speci!c assertions, including low-level assertions upon the state of the registers and peripherals.Veri!cation for wireless sensor network applications is an emerging !eld of research; thus, as a !nal note, we survey current research on the topic.

show abstract

Section: Assertions Nondeterminism and Assumptionsmentioning

confidence: 99%

Section: Constant-address Dereferencementioning

confidence: 99%

Section: Runtime Safetymentioning

confidence: 99%

See 1 more Smart Citation

On software verification for sensor nodes

Bucur

Kwiatkowska

2011

Journal of Systems and Software

View full text Add to dashboard Cite

show abstract

“…TinyOS's own nesC compiler has a built-in simplistic data-race detector. Safe TinyOS [5] is an established TinyOS extension which enforces memory safety at runtime. It checks e.g.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Bug-Free Sensors: The Automatic Verification of Context-Aware TinyOS Applications

Bucur

Kwiatkowska

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The second has been to develop run-time monitoring (e.g., Sympathy [27]) and debugging tools (e.g., Nucleus [30], Clairvoyant [32]) that can simplify the process of discovering program errors. The third has been to develop compiletime program analysis tools [28,9,8] for catching program errors before execution.…”

Section: Introductionmentioning

confidence: 99%