Article

Ensuring code safety without runtime checks for real-time control systems

Authors:

Sumant Kowshik,

Dinakar Dhurjati,

Vikram AdveAuthors Info & Claims

CASES '02: Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systems

Pages 288 - 297

https://doi.org/10.1145/581630.581678

Published: 08 October 2002 Publication History

Abstract

This paper considers the problem of providing safe programming support and enabling secure online software upgrades for control software in real-time control systems. In such systems, offline techniques for ensuring code safety are greatly preferable to online techniques. We propose a language called Control-C that is essentially a subset of C, but with key restrictions designed to ensure that memory safety of code can be verified entirely by static checking, under certain system assumptions. The language permits pointer-based data structures, restricted dynamic memory allocation, and restricted array operations, without requiring any runtime checks on memory operations and without garbage collection. The language restrictions have been chosen based on an understanding of both compiler technology and the needs of real-time control systems. The paper describes the language design and a compiler implementation for Control-C. We use control codes from three different experimental control systems to evaluate the suitability of the language for these codes, the effort required to port them to Control-C, and the effectiveness of the compiler in detecting a wide range of potential security violations for one of the systems.

References

[1]

TinyOS, a component-based OS for the Networked Sensor Regime. See web site at: http://webs.cs.berkeley.edu/tos/.

[2]

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In Proc. 1994 Conf. on Prog. Lang. Design and Implementation, Orlando, FL, June 1994.

Digital Library

[3]

R. Bodik, R. Gupta, and V. Sarkar. ABCD: eliminating array bounds checks on demand. In SIGPLAN Conference on Programming Language Design and Implementation, pages 321--333, 2000.

Digital Library

[4]

G. Bollella and J. Gosling. The real-time specification for Java. Computer, 33(6):47--54, 2000.

Digital Library

[5]

R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems, pages 13(4):451--490, October 1991.

Digital Library

[6]

R. DeLine and M. Fahndrich. Enforcing high-level protocols in low-level software. In Proc. SIGPLAN '01 Conf. on Programming Language Design and Implementation, Snowbird, UT, June 2001.

Digital Library

[7]

D. Gay and A. Aiken. Memory management with explicit regions. In SIGPLAN Conference on Programming Language Design and Implementation, pages 313--323, Montreal, Canada, June 1998.

Digital Library

[8]

J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification. Sun Microsystems, 2nd edition, 2000.

Digital Library

[9]

D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, and J. Cheney. Region-based memory management in cyclone. In Proc. SIGPLAN '02 Conf. on Programming Language Design and Implementation, Berlin, Germany, June 2002.

Digital Library

[10]

T. A. Henzinger and C. M. Kirsch. The embedded machine: Predictable, portable real-time code. In Proc. 2002 Conf. Prog. Lang. Design and Implementation, Berlin, Germany, June 2002.

Digital Library

[11]

International Organisation for Standardisation. Ada95 Reference Manual, 1995. International Standard ISO/IEC 8652:1995.

[12]

T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proc. USENIX Annual Technical Conference, Monterey, CA, June 2002.

Digital Library

[13]

W. Kelly, V. Maslov, W. Pugh, E. Rosser, T. Shpeisman, and D. Wonnacott. The Omega Library Interface Guide. Technical report, Computer Science Dept., U. Maryland, College Park, Apr. 1996.

Digital Library

[14]

C. Lattner and V. Adve. Automatic Pool Allocation for Disjoint Data Structures. In Proc. ACM SIGPLAN Workshop on Memory System Performance, Berlin, Germany, Jun 2002.

Digital Library

[15]

C. Lattner and V. Adve. The LLVM Instruction Set and Compilation Strategy. Tech. Report UIUCDCS-R-2002-2292, Computer Science Dept., Univ. of Illinois at Urbana-Champaign, Aug 2002.

[16]

S. Lim, K. Lee, and L. Sha. Ensuring integrity and serivce availability in a web based control laboratory. To appear in Journal of Parallel and Distributed Computing Practices.

[17]

G. C. Necula. Proof-carrying code. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL '97), pages 106--119, Paris, Jan. 1997.

Digital Library

[18]

G. C. Necula and P. Lee. The design and implementation of a certifying compiler. In Proceedings of the 1998 ACM SIGPLAN Conference on Prgramming Language Design and Implementation (PLDI), pages 333--344, 1998.

Digital Library

[19]

G. C. Necula, S. McPeak, and W. Weimer. Ccured: Type-safe retrofitting of legacy code. In Proc. 29th ACM Symp. Principles of Programming Languages (POPL02), London, Jan. 2002.

Digital Library

[20]

W. Pugh. A practical algorithm for exact array dependence analysis. Commun. ACM, 35(8):102--114, Aug. 1992.

Digital Library

[21]

L. Sha. Dependable system upgrades. In Proceedings of IEEE Real Time System Symposium, 1998.

Digital Library

[22]

L. Sha. Using simplicity to control complexity. IEEE Software, July/August 2001.

Digital Library

[23]

M. Tofte and J.-P. Talpin. Region-based memory management. Information and Computation, pages 132(2):109--176, Feb. 1997.

Digital Library

[24]

D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, pages 3--17, San Diego, CA, February 2000.

Cited By

Zhou JCriswell JHicks M(2023)Fat Pointers for Temporal Memory Safety of CProceedings of the ACM on Programming Languages10.1145/35860387:OOPSLA1(316-347)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586038
Pirelli SGrundy JPollock LPenta M(2023)Safe Low-Level Code without Overhead is PracticalProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00183(2173-2184)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00183
Duan JYang YZhou JCriswell J(2020)Refactoring the FreeBSD Kernel with Checked C2020 IEEE Secure Development (SecDev)10.1109/SecDev45635.2020.00018(15-22)Online publication date: Sep-2020
https://doi.org/10.1109/SecDev45635.2020.00018
Show More Cited By

Index Terms

Ensuring code safety without runtime checks for real-time control systems

Recommendations

Memory safety without runtime checks or garbage collection
LCTES '03: Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems

Traditional approaches to enforcing memory safety of programs rely heavily on runtime checks of memory accesses and on garbage collection, both of which are unattractive for embedded applications. The long-term goal of our work is to enable 100% static ...
Memory safety without runtime checks or garbage collection
Special Issue: Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool support for embedded systems (San Diego, CA).

Traditional approaches to enforcing memory safety of programs rely heavily on runtime checks of memory accesses and on garbage collection, both of which are unattractive for embedded applications. The long-term goal of our work is to enable 100% static ...
Separate compilation of hierarchical real-time programs into linear-bounded Embedded Machine code

Hierarchical Timing Language (HTL) is a coordination language for distributed, hard real-time applications. HTL is a hierarchical extension of Giotto and, like its predecessor, based on the logical execution time (LET) paradigm of real-time programming. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CASES '02: Proceedings of the 2002 international conference on Compilers, architecture, and synthesis for embedded systems

October 2002

324 pages

ISBN:1581135750

DOI:10.1145/581630

General Chairs:
Shuvra S. Bhattacharyya
University of Maryland
,
Trevor Mudge
University of Michigan
,
Program Chairs:
Wayne Wolf
Princeton University
,
Ahmed Jerraya
TIMA, Grenoble, France

Copyright © 2002 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 October 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 52 of 230 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

57
Total Citations
View Citations
740
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhou JCriswell JHicks M(2023)Fat Pointers for Temporal Memory Safety of CProceedings of the ACM on Programming Languages10.1145/35860387:OOPSLA1(316-347)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586038
Pirelli SGrundy JPollock LPenta M(2023)Safe Low-Level Code without Overhead is PracticalProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00183(2173-2184)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00183
Duan JYang YZhou JCriswell J(2020)Refactoring the FreeBSD Kernel with Checked C2020 IEEE Secure Development (SecDev)10.1109/SecDev45635.2020.00018(15-22)Online publication date: Sep-2020
https://doi.org/10.1109/SecDev45635.2020.00018
Sim MPerera D(2019)A Fast and Secure Pipelined Barrel Processor for Safety-Critical Applications for Real-Time Operating Systems2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)10.1109/UEMCON47517.2019.8992989(0894-0904)Online publication date: Oct-2019
https://doi.org/10.1109/UEMCON47517.2019.8992989
Nguyen KWang KBu YFang LXu G(2018)Understanding and Combating Memory Bloat in Managed Data-Intensive SystemsACM Transactions on Software Engineering and Methodology10.1145/316262626:4(1-41)Online publication date: 3-Jan-2018
https://dl.acm.org/doi/10.1145/3162626
Bruno ROliveira LFerreira P(2017)NG2C: pretenuring garbage collection with dynamic generations for HotSpot big data applicationsACM SIGPLAN Notices10.1145/3156685.309227252:9(2-13)Online publication date: 18-Jun-2017
https://dl.acm.org/doi/10.1145/3156685.3092272
Bruno RFerreira PJayaram KGandhi AKemme BPietzuch P(2017)POLM2Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference10.1145/3135974.3135986(147-160)Online publication date: 11-Dec-2017
https://dl.acm.org/doi/10.1145/3135974.3135986
Bruno ROliveira LFerreira PKirsch CTitzer B(2017)NG2C: pretenuring garbage collection with dynamic generations for HotSpot big data applicationsProceedings of the 2017 ACM SIGPLAN International Symposium on Memory Management10.1145/3092255.3092272(2-13)Online publication date: 18-Jun-2017
https://dl.acm.org/doi/10.1145/3092255.3092272
Filieri AMaggio MAngelopoulos KD’ippolito NGerostathopoulos IHempel AHoffmann HJamshidi PKalyvianaki EKlein CKrikava FMisailovic SPapadopoulos ARay SSharifloo AShevtsov SUjma MVogel T(2017)Control Strategies for Self-Adaptive Software SystemsACM Transactions on Autonomous and Adaptive Systems10.1145/302418811:4(1-31)Online publication date: 3-Feb-2017
https://dl.acm.org/doi/10.1145/3024188
Nguyen KFang LXu GDemsky BLu SAlamian SMutlu OKeeton KRoscoe T(2016)YakProceedings of the 12th USENIX conference on Operating Systems Design and Implementation10.5555/3026877.3026905(349-365)Online publication date: 2-Nov-2016
https://dl.acm.org/doi/10.5555/3026877.3026905
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents