Article

Ensuring code safety without runtime checks for real-time control systems

Authors:
Sumant Kowshik

University of Illinois at Urbana-Champaign

University of Illinois at Urbana-Champaign
View Profile

,
Dinakar Dhurjati

University of Illinois at Urbana-Champaign

University of Illinois at Urbana-Champaign
View Profile

,
Vikram Adve

University of Illinois at Urbana-Champaign

University of Illinois at Urbana-Champaign
View Profile

CASES '02: Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systemsOctober 2002Pages 288–297https://doi.org/10.1145/581630.581678

Published:08 October 2002Publication History

CASES '02: Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systems

Pages 288–297

ABSTRACT

This paper considers the problem of providing safe programming support and enabling secure online software upgrades for control software in real-time control systems. In such systems, offline techniques for ensuring code safety are greatly preferable to online techniques. We propose a language called Control-C that is essentially a subset of C, but with key restrictions designed to ensure that memory safety of code can be verified entirely by static checking, under certain system assumptions. The language permits pointer-based data structures, restricted dynamic memory allocation, and restricted array operations, without requiring any runtime checks on memory operations and without garbage collection. The language restrictions have been chosen based on an understanding of both compiler technology and the needs of real-time control systems. The paper describes the language design and a compiler implementation for Control-C. We use control codes from three different experimental control systems to evaluate the suitability of the language for these codes, the effort required to port them to Control-C, and the effectiveness of the compiler in detecting a wide range of potential security violations for one of the systems.

References

TinyOS, a component-based OS for the Networked Sensor Regime. See web site at: http://webs.cs.berkeley.edu/tos/.Google Scholar
T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In Proc. 1994 Conf. on Prog. Lang. Design and Implementation, Orlando, FL, June 1994. Google ScholarDigital Library
R. Bodik, R. Gupta, and V. Sarkar. ABCD: eliminating array bounds checks on demand. In SIGPLAN Conference on Programming Language Design and Implementation, pages 321--333, 2000. Google ScholarDigital Library
G. Bollella and J. Gosling. The real-time specification for Java. Computer, 33(6):47--54, 2000. Google ScholarDigital Library
R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems, pages 13(4):451--490, October 1991. Google ScholarDigital Library
R. DeLine and M. Fahndrich. Enforcing high-level protocols in low-level software. In Proc. SIGPLAN '01 Conf. on Programming Language Design and Implementation, Snowbird, UT, June 2001. Google ScholarDigital Library
D. Gay and A. Aiken. Memory management with explicit regions. In SIGPLAN Conference on Programming Language Design and Implementation, pages 313--323, Montreal, Canada, June 1998. Google ScholarDigital Library
J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification. Sun Microsystems, 2nd edition, 2000. Google ScholarDigital Library
D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, , and J. Cheney. Region-based memory management in cyclone. In Proc. SIGPLAN '02 Conf. on Programming Language Design and Implementation, Berlin, Germany, June 2002. Google ScholarDigital Library
T. A. Henzinger and C. M. Kirsch. The embedded machine: Predictable, portable real-time code. In Proc. 2002 Conf. Prog. Lang. Design and Implementation, Berlin, Germany, June 2002. Google ScholarDigital Library
International Organisation for Standardisation. Ada95 Reference Manual, 1995. International Standard ISO/IEC 8652:1995.Google Scholar
T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, , and Y. Wang. Cyclone: A safe dialect of C. In Proc. USENIX Annual Technical Conference, Monterey, CA, June 2002. Google ScholarDigital Library
W. Kelly, V. Maslov, W. Pugh, E. Rosser, T. Shpeisman, and D. Wonnacott. The Omega Library Interface Guide. Technical report, Computer Science Dept., U. Maryland, College Park, Apr. 1996. Google ScholarDigital Library
C. Lattner and V. Adve. Automatic Pool Allocation for Disjoint Data Structures. In Proc. ACM SIGPLAN Workshop on Memory System Performance, Berlin, Germany, Jun 2002. Google ScholarDigital Library
C. Lattner and V. Adve. The LLVM Instruction Set and Compilation Strategy. Tech. Report UIUCDCS-R-2002-2292, Computer Science Dept., Univ. of Illinois at Urbana-Champaign, Aug 2002.Google Scholar
S. Lim, K. Lee, and L. Sha. Ensuring integrity and serivce availability in a web based control laboratory. To appear in Journal of Parallel and Distributed Computing Practices.Google Scholar
G. C. Necula. Proof-carrying code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL '97), pages 106--119, Paris, Jan. 1997. Google ScholarDigital Library
G. C. Necula and P. Lee. The design and implementation of a certifying compiler. In Proceedings of the 1998 ACM SIGPLAN Conference on Prgramming Language Design and Implementation (PLDI), pages 333--344, 1998. Google ScholarDigital Library
G. C. Necula, S. McPeak, and W. Weimer. Ccured: Type-safe retrofitting of legacy code. In Proc. 29th ACM Symp. Principles of Programming Languages (POPL02), London, Jan. 2002. Google ScholarDigital Library
W. Pugh. A practical algorithm for exact array dependence analysis. Commun. ACM, 35(8):102--114, Aug. 1992. Google ScholarDigital Library
L. Sha. Dependable system upgrades. In Proceedings of IEEE Real Time System Symposium, 1998. Google ScholarDigital Library
L. Sha. Using simplicity to control complexity. IEEE Software, July/August 2001. Google ScholarDigital Library
M. Tofte and J.-P. Talpin. Region-based memory management. Information and Computation, pages 132(2):109--176, Feb. 1997. Google ScholarDigital Library
D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3--17, San Diego, CA, February 2000.Google Scholar

Index Terms

Ensuring code safety without runtime checks for real-time control systems

Recommendations

Memory safety without runtime checks or garbage collection
LCTES '03: Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems

Traditional approaches to enforcing memory safety of programs rely heavily on runtime checks of memory accesses and on garbage collection, both of which are unattractive for embedded applications. The long-term goal of our work is to enable 100% static ...
Read More
Memory safety without runtime checks or garbage collection
Special Issue: Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool support for embedded systems (San Diego, CA).

Traditional approaches to enforcing memory safety of programs rely heavily on runtime checks of memory accesses and on garbage collection, both of which are unattractive for embedded applications. The long-term goal of our work is to enable 100% static ...
Read More
Separate compilation of hierarchical real-time programs into linear-bounded Embedded Machine code

Hierarchical Timing Language (HTL) is a coordination language for distributed, hard real-time applications. HTL is a hierarchical extension of Giotto and, like its predecessor, based on the logical execution time (LET) paradigm of real-time programming. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CASES '02: Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systems
October 2002
324 pages
ISBN:1581135750
DOI:10.1145/581630
General Chairs:
Shuvra S. Bhattacharyya
University of Maryland
,
Trevor Mudge
University of Michigan
,
Program Chairs:
Wayne Wolf
Princeton University
,
Ahmed Jerraya
TIMA, Grenoble, France
Copyright © 2002 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 October 2002
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
compiler
control
programming language
real-time
security
static analysis
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate52of230submissions,23%
Upcoming Conference
ESWEEK '24

Sponsor:

sigbed

sigbed

sigbed

Twentieth Embedded Systems Week

September 29 - October 4, 2024

Raleigh , NC , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 57
  Total Citations
  View Citations
- 737
  Total Downloads
- Downloads (Last 12 months)19
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.