Static Analysis of Executable Assembly Code to Ensure QA and Reuse Ramakrishnan Venkitaraman Graduate Student, Research Track Computer Science, UT-Dallas.

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

1 (Review of Prerequisite Material). Processes are an abstraction of the operation of computers. So, to understand operating systems, one must have a.
Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Chapter 4 Quality Assurance in Context
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Programming Types of Testing.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Eliminating Stack Overflow by Abstract Interpretation John Regehr Alastair Reid Kirk Webb University of Utah.
Next Section: Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis (Wilson & Lam) –Unification.
Program analysis Mooly Sagiv html://
Program analysis Mooly Sagiv html://
Overview of program analysis Mooly Sagiv html://
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Program Analysis Mooly Sagiv Tel Aviv University Sunday Scrieber 8 Monday Schrieber.
Overview of program analysis Mooly Sagiv html://
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
CHAPTER 10 Recursion. 2 Recursive Thinking Recursion is a programming technique in which a method can call itself to solve a problem A recursive definition.
Pointer analysis. Pointer Analysis Outline: –What is pointer analysis –Intraprocedural pointer analysis –Interprocedural pointer analysis Andersen and.
Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.
Language Evaluation Criteria
Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Control Flow Resolution in Dynamic Language Author: Štěpán Šindelář Supervisor: Filip Zavoral, Ph.D.
A Computer Science Tapestry 1 Recursion (Tapestry 10.1, 10.3) l Recursion is an indispensable technique in a programming language ä Allows many complex.
ELG6163 Presentation Geoff Green March 20, 2006 TI Standard for Writing Algorithms.
Department of Computer Science A Static Program Analyzer to increase software reuse Ramakrishnan Venkitaraman and Gopal Gupta.
Recursion Textbook chapter Recursive Function Call a recursive call is a function call in which the called function is the same as the one making.
Testing. 2 Overview Testing and debugging are important activities in software development. Techniques and tools are introduced. Material borrowed here.
ECE 353 Lab 1: Cache Simulation. Purpose Introduce C programming by means of a simple example Reinforce your knowledge of set associative caches.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.
Pointers OVERVIEW.
C++ History C++ was designed at AT&T Bell Labs by Bjarne Stroustrup in the early 80's Based on the ‘C’ programming language C++ language standardised in.
Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Static Program Analyses of DSP Software Systems Ramakrishnan Venkitaraman and Gopal Gupta.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Memory: Relocation.
Mark Marron IMDEA-Software (Madrid, Spain) 1.
Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta
Page 1 5/2/2007  Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk  Arnaud Venet Kestrel Technology.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Design - programming Cmpe 450 Fall Dynamic Analysis Software quality Design carefully from the start Simple and clean Fewer errors Finding errors.
CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.
R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.
Principles of Programming CSEB134 : BS/ CHAPTER Fundamentals of the C Programming Language.
T EST T OOLS U NIT VI This unit contains the overview of the test tools. Also prerequisites for applying these tools, tools selection and implementation.
PROGRAMMING FUNDAMENTALS INTRODUCTION TO PROGRAMMING. Computer Programming Concepts. Flowchart. Structured Programming Design. Implementation Documentation.
Framework for Safe Reuse Of Software Binaries Ramakrishnan Venkitaraman Advisor: Gopal Gupta The University of Texas at Dallas 11/15/2004.
Analyzing and Transforming Binary Code (for Fun & Profit) Gopal Gupta R. Venkitaraman, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
Introduction to Computer Programming Concepts M. Uyguroğlu R. Uyguroğlu.
LINKED LISTS.
Optimistic Hybrid Analysis
Lecture 1b- Introduction
YAHMD - Yet Another Heap Memory Debugger
Definition CASE tools are software systems that are intended to provide automated support for routine activities in the software process such as editing.
Types for Programs and Proofs
Complexity Time: 2 Hours.
Testing and Debugging.
High Coverage Detection of Input-Related Security Faults
CSCI1600: Embedded and Real Time Software
Programming Fundamentals (750113) Ch1. Problem Solving
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
Chapter 1 Introduction(1.1)
Analysis models and design models
Pointer analysis.
Programming Fundamentals (750113) Ch1. Problem Solving
Programming Fundamentals (750113) Ch1. Problem Solving
Data Structures & Algorithms
CSCI1600: Embedded and Real Time Software
Presentation transcript:

Static Analysis of Executable Assembly Code to Ensure QA and Reuse Ramakrishnan Venkitaraman Graduate Student, Research Track Computer Science, UT-Dallas Advisor: Dr. Gupta

Software Reuse & System Integration But, the Integrated System does not work Cost of Project Companies

Outline Need for reusable software binaries Our framework for reuse of software binaries Automated tool to enforce standard compliance.

Need for reusable software binaries Most third-party software is proprietary. COTS market place No recompiling, only linking Reduced development time Fewer bugs Time to Market

Motivation Problems faced by Embedded chip manufactures. System integration is very difficult.

Scope of the Framework Gives the sufficient conditions for software binary code reusability. Usability vs. Reusability Usability is a precondition for reusability E.g. Array index out of bound reference.

Framework for reusable software Binaries Code should not be hard coded Binaries should not be assumed to be located at a fixed virtual memory location Code should be reentrant No self-modifying code Should not make symbol resolution invalid

Problem and Solution Problem: Detection of hard coded addresses in programs without accessing source code. Solution: “Static Program Analysis”

Interest in Static Analysis “We actually went out and bought for 30 million dollars, a company that was in the business of building static analysis tools and now we want to focus on applying these tools to large-scale software systems” Remarks by Bill Gates, 17th Annual ACM Conference on Object- Oriented Programming, Systems, Languages and Application, November 2002.

Static Analysis Defined as any analysis of a program carried out without completely executing the program. Un-decidability: Impossible to build a tool that will precisely detect hard coding.

Hard Coded Addresses Bad Programming Practice. Results in non relocatable code. Results in non reusable code.

Some examples showing hard-coding void main() { int * p = 0x8800; // Some code *p = …; } Example1: Directly Hardcoded void main() { int *p = 0x80; int *q = p; //Some code *q = …; } Example2: Indirectly Hardcoded void main() { int *p, val; p = ….; val = …; if(val) p = 0x900; else p = malloc(…); *p; } Example3: Conditional Hardcoding NOTE: We don’t care if a pointer is hard coded and is never dereferenced.

Overview Of Our Approach Input: Object Code of the Software Output: Compliant or Not Compliant status Activity Diagram for our Static Analyzer Disassemble Object Code Split Into Functions Obtain Basic Blocks Obtain Flow Graph Static Analysis Output the Result

Basic Aim Of Analysis Find a path to trace pointer origin. Problem: Exponential Complexity Static Analysis approximation makes it linear

Analyzing Source Code – Easy { { q } } { { p } } P IS HARD CODED So, the program is not compliant with the standard

Analyzing Assembly Code is Hard Problem No type information is available Instruction level pipeline and parallelism Solution Backward analysis Use Abstract Interpretation

Analyzing Assembly – Hard A0 main: A0 07BD09C2 SUB.D2 SP,0x8,SP A4 020FA02A MVK.S2 0x1f40,B A8 023C22F6 STW.D2T2 B4,*+SP[0x1] AC NOP B0 023C42F6 STW.D2T2 B4,*+SP[0x2] B NOP B8 0280A042 MVK.D2 5,B BC F6 STW.D2T2 B5,*+B4[0x0] C NOP C4 008C8362 BNOP.S2 B3, C8 07BD0942 ADD.D2 SP,0x8,SP CC NOP D NOP {{ }} { { B4 } } B4 = 0x1f40 So, B4 is HARD CODED Code is NOT Compliant

Abstract Interpretation Based Analysis Domains from which variables draw their values are approximated by abstract domains. The original domains are called concrete domains.

Lattice Abstraction Lattice based abstraction is used to determine pointer hard-coded ness.

Contexts Contexts to Abstract Contexts Abstract Context to Context

Phases In Analysis Phase 1: Find the set of dereferenced pointers. Phase 2: Check the safety of dereferenced pointers.

Building Unsafe Sets (Phase 1) The first element is added to the unsafe set during pointer dereferencing. E.g. If “*Reg” in the disassembled code, the unsafe set is initialized to {Reg}. ‘N’ Pointers Dereferenced  ‘N’ Unsafe sets Maintained as SOUS (Set Of Unsafe Sets)

Populating Unsafe Sets (Phase 2) For e.g., if Reg = reg1 + reg2, the element “Reg” is deleted from the unsafe set, and the elements “reg1”, “reg2”, are inserted into the unsafe set. Contents of the unsafe set will now become {reg1, reg2}.

Pointer Arithmetic All pointer operations are abstracted during analysis.

Handling Loops Complex: # iterations of loop may not be known until runtime. Cycle the loop until the unsafe set reaches a “fixed point”. No new information is added to the unsafe set during successive iterations.

Merging Information If no merging, then exponential complexity. Mandatory when loops Information loss. If (Cond) Then Block B Else Block C Block D Block A Block E

Proof – Analysis is Sound Consistency of α and γ functions is established by showing the existence of Galois Connection. That is, x = α(γ(x)) y belongs to γ(α(y))

Extensive Compliance Checking Handle all cases occurring in programs. Single pointer, double pointer, triple pointer… Global pointer variables. Static and Dynamic arrays.

Extensive Compliance Checking Loops – all forms (e.g. for, while…) Function calls. Pipelining and Parallelism. Merging information from multiple paths.

Analysis Stops when… Compliance of all the pointers are established. Errors and warnings are reported. Log file containing statistics of the analysis is created.

Sample Code

Fig. Flow Graph

Analysis Results Program# Lines# * Ptrs # Hard Coded Chain Length Running Time (ms) t_read timer mcbsp figtest m_hdrv dat gui_codec codec stress demo

Related Work UNO Project – Bell Labs Analyze at source level TI XDAIS Standard Contains 35 rules and 15 guidelines. SIX General Programming Rules. No tool currently exists to check for compliance.

Current Status and Future Work Prototype Implementation done But, context insensitive, intra-procedural Extend to context sensitive, inter-procedural. Extend compliance check for other rules.

So… Reuse of software binaries is essential. Hard Coding and non-reentrancy are bad programming practices. Non relocatable/reusable code. A Static Analysis based technique is useful and practical.

Software Reuse & System Integration WOW!!!! It works… Select ONLY Compliant Software

Questions…

Click to continue Extra slides

TI XDAIS Standard Six General Programming Rules 1)All programs should follow the runtime conventions of TI’s C programming language. 2)Algorithms must be re-entrant. 3)No hard coded data memory locations. 4)No hard coded program memory locations. 5)Algorithms must characterize their ROM-ability. 6)No peripheral device accesses. No tool exists to check for compliance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.