348 research outputs found
Memory safety and untrusted extensions for TinyOS
Journal ArticleSensor network applications should be reliable. However, TinyOS, the dominant sensor net OS, lacks basic building blocks for reliable software systems: memory protection, isolation, and safe termination. These features are typically found in general-purpose operating systems but are believed to be too expensive for tiny embedded systems with a few kilobytes of RAM. We dispel this notion and show that CCured, a safe dialect of C, can be leveraged to provide memory safety for largely unmodified TinyOS applications. We build upon safety to implement two very different environments for TinyOS applications. The first, Safe TinyOS, provides a minimal kernel for safely executing trusted applications. Safe execution traps and identifies bugs that would otherwise have silently corrupted RAM. The second environment, UTOS, implements a user-kernel boundary that supports isolation and safe termination of untrusted code. Existing TinyOS components can often be ported to UTOS with little effort. To create our environments, we substantially augmented the CCured toolchain to emit code that is safe under interrupt-driven concurrency, to reduce storage requirements by compressing error messages, to refactor direct hardware access into calls to trusted helper functions, and to make safe programs more efficient using whole-program optimization. A surprising result of our work is that a safe, optimized TinyOS program can be faster than the original unsafe, unoptimized application
Using Efficient Path Profiling to Optimize Memory Consumption of On-Chip Debugging for High-Level Synthesis
High-Level Synthesis (HLS) for FPGAs is attracting popularity and is increasingly used to handle complex systems with multiple integrated components. To increase performance and efficiency, HLS flows now adopt several advanced optimization techniques. Aggressive optimizations and system level integration can cause the introduction of bugs that are only observable on-chip. Debugging support for circuits generated with HLS is receiving a considerable attention. Among the data that can be collected on chip for debugging, one of the most important is the state of the Finite State Machines (FSM) controlling the components of the circuit.
However, this usually requires a large amount of memory to trace the behavior during the execution. This work proposes an approach that takes advantage of the HLS information and of the structure of the FSM to compress control flow traces and to integrate optimized components for on-chip debugging. The generated checkers analyze the FSM execution on-fly, automatically notifying when a bug is detected, localizing it and providing data about its cause. The traces are compressed using a software profiling technique, called Efficient Path Profiling (EPP), adapted for the debugging of hardware accelerators generated with HLS. With this technique, the size of the memory used to store control flow traces can be reduced up to 2 orders of magnitude, compared to state-of-the-art
CirC: Compiler infrastructure for proof systems, software verification, and more
Cryptographic tools like proof systems, multi-party computation, and fully
homomorphic encryption are usually applied to computations expressed as
systems of arithmetic constraints. In practice, this means that these
applications rely on compilers from high-level programming languages
(like C) to such constraints. This compilation task is challenging, but
not entirely new: the software verification community has a rich literature
on compiling programs to logical constraints (like SAT or SMT). In this
work, we show that building shared compiler infrastructure for compiling
to constraint representations is possible, because these representations
share a common abstraction: stateless, non-uniform, non-deterministic
computations that we call existentially quantified circuits, or EQCs.
Moreover, we show that this shared infrastructure is useful, because
it allows compilers for proof systems to benefit from decades of work
on constraint compilation techniques for software verification.
To make our approach concrete we create CirC, an infrastructure for building
compilers to EQCs. CirC makes it easy to compile to new EQCs: we build support
for three, R1CS (used for proof systems), SMT (used for verification and
bug-finding), and ILP (used for optimization), in ≈2000 LOC. It\u27s also easy
to extend CirC to support new source languages: we build a feature-complete
compiler for a cryptographic language in one week and ≈900 LOC, whereas the
reference compiler for the same language took years to write, comprises ≈24000
LOC, and produces worse-performing output than our compiler. Finally, CirC
enables novel applications that combine multiple EQCs. For example, we build
the first pipeline that (1) automatically identifies bugs in programs, then
(2) automatically constructs cryptographic proofs of the bugs\u27 existence
Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine
Inline assembly is still a common practice in low-level C programming,
typically for efficiency reasons or for accessing specific hardware resources.
Such embedded assembly codes in the GNU syntax (supported by major compilers
such as GCC, Clang and ICC) have an interface specifying how the assembly codes
interact with the C environment. For simplicity reasons, the compiler treats
GNU inline assembly codes as blackboxes and relies only on their interface to
correctly glue them into the compiled C code. Therefore, the adequacy between
the assembly chunk and its interface (named compliance) is of primary
importance, as such compliance issues can lead to subtle and hard-to-find bugs.
We propose RUSTInA, the first automated technique for formally checking inline
assembly compliance, with the extra ability to propose (proven) patches and
(optimization) refinements in certain cases. RUSTInA is based on an original
formalization of the inline assembly compliance problem together with novel
dedicated algorithms. Our prototype has been evaluated on 202 Debian packages
with inline assembly (2656 chunks), finding 2183 issues in 85 packages -- 986
significant issues in 54 packages (including major projects such as ffmpeg or
ALSA), and proposing patches for 92% of them. Currently, 38 patches have
already been accepted (solving 156 significant issues), with positive feedback
from development teams
HardBound: Architectural Support for Spatial Safety of the C Programming Language
The C programming language is at least as well known for its absence of spatial memory safety guarantees (i.e., lack of bounds checking) as it is for its high performance. C\u27s unchecked pointer arithmetic and array indexing allow simple programming mistakes to lead to erroneous executions, silent data corruption, and security vulnerabilities. Many prior proposals have tackled enforcing spatial safety in C programs by checking pointer and array accesses. However, existing software-only proposals have significant drawbacks that may prevent wide adoption, including: unacceptably high runtime overheads, lack of completeness, incompatible pointer representations, or need for non-trivial changes to existing C source code and compiler infrastructure.
Inspired by the promise of these software-only approaches, this paper proposes a hardware bounded pointer architectural primitive that supports cooperative hardware/software enforcement of spatial memory safety for C programs. This bounded pointer is a new hardware primitive datatype for pointers that leaves the standard C pointer representation intact, but augments it with bounds information maintained separately and invisibly by the hardware. The bounds are initialized by the software, and they are then propagated and enforced transparently by the hardware, which automatically checks a pointer\u27s bounds before it is dereferenced. One mode of use requires instrumenting only malloc, which enables enforcement of per-allocation spatial safety for heap-allocated objects for existing binaries. When combined with simple intra-procedural compiler instrumentation, hardware bounded pointers enable a low-overhead approach for enforcing complete spatial memory safety in unmodified C programs
Enabling Automated Bug Detection for IP-based Designs using High-Level Synthesis
Modern System-on-Chip (SoC) architectures are increasingly composed of Intellectual Property (IP) blocks, usually designed and provided by different vendors. This burdens system designers with complex system-level integration and verification. In this paper, we propose an approach that leverages HLS techniques to automatically find bugs in designs composed of multiple IP blocks. Our method is particularly suitable for industrial adoption because it works without exposing sensitive information (e.g., the design specification or the component generation process). This advocates the definition and the adoption of an interoperable format for cross-vendor hardware bug detection
Enabling Sophisticated Analysis of x86 Binaries with RevGen
Current state-of-the-art static analysis tools for binary software operate on ad-hoc intermediate representations (IR) of the machine code. Therefore, even though IRs facilitate program analysis by abstracting away the source language, it is hard to reuse existing implementations of analysis tools in new endeavors. Recently, a new compiler framework — LLVM— has emerged, together with many analysis tools that use its IR. However, these tools rely on a compiler to generate the IR from source code. We propose RevGen, a tool that automatically converts existing binary programs to the standard LLVM IR, making an increasingly large number of static and dynamic analysis frameworks, as well as run-time instrumentation tools, applicable to legacy software. We show the potential of RevGen by converting several programs and device drivers to LLVM and checking the resulting code with off-the-shelf analysis tools
Bridging the Gap between Software and Hardware Designers Using High-Level Synthesis
Modern Systems-on-Chip (SoC) architectures and CPU+FPGA computing platforms are moving towards heterogeneous systems featuring an increasing number of hardware accelerators. These specialized components can deliver energy-efficient high performance, but their design from high-level specifications is usually very complex. Therefore, it is crucial to understand how to design and optimize such components to implement the desired functionality. This paper discusses the challenges between software programmers and hardware designers, focusing on the state-of-the-art methods based on high-level synthesis (HLS). It also highlights the future research lines for simplifying the creation of complex accelerator-based architectures
- …