HOIST: a system for automatically deriving static analyzers for embedded systems

ASPLOS XI Pub Date : 2004-10-07 DOI:10.1145/1024393.1024410

J. Regehr, A. Reid

{"title":"HOIST: a system for automatically deriving static analyzers for embedded systems","authors":"J. Regehr, A. Reid","doi":"10.1145/1024393.1024410","DOIUrl":null,"url":null,"abstract":"Embedded software must meet conflicting requirements such as be-ing highly reliable, running on resource-constrained platforms, and being developed rapidly. Static program analysis can help meet all of these goals. People developing analyzers for embedded object code face a difficult problem: writing an abstract version of each instruction in the target architecture(s). This is currently done by hand, resulting in abstract operations that are both buggy and im-precise. We have developed Hoist: a novel system that solves these problems by automatically constructing abstract operations using a microprocessor (or simulator) as its own specification. With almost no input from a human, Hoist generates a collection of C func-tions that are ready to be linked into an abstract interpreter. We demonstrate that Hoist generates abstract operations that are cor-rect, having been extensively tested, sufficiently fast, and substan-tially more precise than manually written abstract operations. Hoist is currently limited to eight-bit machines due to costs exponential in the word size of the target architecture. It is essential to be able to analyze software running on these small processors: they are important and ubiquitous, with many embedded and safety-critical systems being based on them.","PeriodicalId":344295,"journal":{"name":"ASPLOS XI","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"53","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ASPLOS XI","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1024393.1024410","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 53

Abstract

Embedded software must meet conflicting requirements such as be-ing highly reliable, running on resource-constrained platforms, and being developed rapidly. Static program analysis can help meet all of these goals. People developing analyzers for embedded object code face a difficult problem: writing an abstract version of each instruction in the target architecture(s). This is currently done by hand, resulting in abstract operations that are both buggy and im-precise. We have developed Hoist: a novel system that solves these problems by automatically constructing abstract operations using a microprocessor (or simulator) as its own specification. With almost no input from a human, Hoist generates a collection of C func-tions that are ready to be linked into an abstract interpreter. We demonstrate that Hoist generates abstract operations that are cor-rect, having been extensively tested, sufficiently fast, and substan-tially more precise than manually written abstract operations. Hoist is currently limited to eight-bit machines due to costs exponential in the word size of the target architecture. It is essential to be able to analyze software running on these small processors: they are important and ubiquitous, with many embedded and safety-critical systems being based on them.

查看原文本刊更多论文

HOIST:用于自动生成嵌入式系统静态分析器的系统

嵌入式软件必须满足高可靠性、在资源受限的平台上运行和快速开发等相互冲突的需求。静态程序分析可以帮助实现所有这些目标。为嵌入式目标代码开发分析程序的人们面临着一个难题:在目标体系结构中编写每个指令的抽象版本。目前这是手工完成的，导致抽象操作既错误又不精确。我们已经开发了葫芦:一个新颖的系统，通过使用微处理器(或模拟器)作为自己的规范自动构建抽象操作来解决这些问题。在几乎不需要人工输入的情况下，Hoist生成了一组C函数，这些函数可以被链接到抽象解释器中。我们证明了葫芦生成的抽象操作是正确的，经过广泛的测试，足够快，并且比手动编写的抽象操作更精确。由于目标架构的字长呈指数级增长，Hoist目前仅限于8位机器。能够分析在这些小型处理器上运行的软件是至关重要的:它们非常重要且无处不在，许多嵌入式和安全关键型系统都基于它们。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ASPLOS XI

自引率

0.00%

发文量