Skip to main content

Proving the Absence of Stack Overflows

  • Conference paper
Computer Safety, Reliability, and Security (SAFECOMP 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8666))

Included in the following conference series:

Abstract

In safety-critical embedded systems the stack typically is the only dynamically allocated memory area. However, the maximal stack usage must be statically known: at configuration time developers have to reserve enough stack space for each task. Stack overflow errors are often hard to find but can cause the system to crash or behave erroneously. All current safety standards, e.g., ISO-26262, require upper estimations of the storage space; due to its dynamic behavior the stack is an especially critical storage area.

Typically neither testing and measuring nor static source code analysis can provide safe bounds on the worst-case stack usage. A safe upper bound can be computed by whole-program static analysis at the executable code level. When an Abstract Interpretation based static analyzer is used, it can be formally proven that the maximal stack usage will never be underestimated. The challenge for binary-code level analyzers is to minimize the necessary amount of user interactions, e.g., for function pointer calls. To minimize user interaction, the analysis has to be precise, and the annotation mechanism has to be flexible and easy-to-use. The analyzer configuration has to be done once for each software project; afterwards the analysis can be run automatically, supporting continuous verification.

In this article we describe the principles of Abstract Interpretation based stack analysis. We present an annotation language addressing all properties of typical automotive and avionics software and report on practical experience.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. AbsInt. AIS Quick Reference Guide (2013)

    Google Scholar 

  2. AbsInt. XTC Language Specification Version 2.1 (2013), http://www.absint.com/xtc/

  3. Biswas, S., Simpson, M., Barua, R.: Memory overflow protection for embedded systems using run-time checks, reuse and compression. In: Proceedings of the 2004 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems, CASES 2004, pp. 280–291. ACM, New York (2004)

    Chapter  Google Scholar 

  4. Brylow, D., Damgaard, N., Palsberg, J.: Static checking of interrupt-driven software. In: Proceedings of the 23rd International Conference on Software Engineering, ICSE 2001, pp. 47–56. IEEE Computer Society Press, Washington, DC (2001)

    Chapter  Google Scholar 

  5. Chatterjee, K., Ma, D., Majumdar, R., Zhao, T., Henzinger, T.A., Palsberg, J.: Stack size analysis for interrupt-driven programs. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 109–126. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 238–252. ACM Press, New York (1977)

    Google Scholar 

  7. Dunn, M.: Toyota’s killer firmware: Bad design and its consequences. EDN Network (October 2013), http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences

  8. Engelschall, R.S.: Portable multithreading: The signal stack trick for user-space thread creation. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2000, p. 20. USENIX Association, Berkeley (2000)

    Google Scholar 

  9. Eslamimehr, M., Palsberg, J.: Testing versus static analysis of maximum stack size. In: Proceedings of the 2013 IEEE 37th Annual Computer Software and Applications Conference, COMPSAC 2013, pp. 619–626. IEEE Computer Society Press, Washington, DC (2013)

    Chapter  Google Scholar 

  10. Ferdinand, C.: Cache Behavior Prediction for Real-Time Systems. PhD thesis, Saarland University (1997)

    Google Scholar 

  11. Ferdinand, C., Heckmann, R., Franzen, B.: Static Memory and Timing Analysis of Embedded Systems Code. In: Groot, P. (ed.) Proceedings of the 3rd European Symposium on Verification and Validation of Software Systems (VVSS 2007), Eindhoven, The Netherlands, March 23. TUE Computer Science Reports, vol. 07-04 (2007)

    Google Scholar 

  12. Ferdinand, C., Heckmann, R., Le Sergent, T., Lopes, D., Martin, B., Fornari, X., Martin, F.: Combining a high-level design tool for safety-critical systems with a tool for WCET analysis on executables. In: 4th European Congress ERTS Embedded Real Time Software, Toulouse, France (January 2008)

    Google Scholar 

  13. Guillemin, P.: Stack overflow detection using the ST9 timer/watchdog. Doc id 2476 rev 2, STMicroelectronics (2011)

    Google Scholar 

  14. Heckmann, R., Ferdinand, C.: Stack Usage Analysis and Software Visualization for Embedded Processors. In: Grote, C. (ed.) Vorträge und Begleittexte zur Embedded Intelligence 2002. Grundlagen, Architekturen, Werkzeuge und Lösungen, Nürnberg, Poing, Februar 19-21. Design & Elektronik (2002)

    Google Scholar 

  15. Hill, J., Szewczyk, R., Woo, A., Hollar, S., Culler, D., Pister, K.: System architecture directions for networked sensors. SIGARCH Comput. Archit. News 28(5), 93–104 (2000)

    Article  Google Scholar 

  16. Kästner, D., Kiffmeier, U., Fleischer, D., Nenova, S., Schlickling, M., Ferdinand, C.: Integrating Model-Based Code Generators with Static Program Analyzers. Embedded World Congress (2013)

    Google Scholar 

  17. Kästner, D., Pister, M., Gebhard, G., Schlickling, M., Ferdinand, C.: Confidence in Timing. In: Safecomp 2013 Workshop: Next Generation of System Assurance Approaches for Safety-Critical Systems, SASSUR (September 2013)

    Google Scholar 

  18. Kim, H., Cha, H.: Multithreading optimization techniques for sensor network operating systems. In: Langendoen, K.G., Voigt, T. (eds.) EWSN 2007. LNCS, vol. 4373, pp. 293–308. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  19. Miné, A.: Weakly Relational Numerical Abstract Domains. PhD thesis, École Polytechnique, Palaiseau, France (December 2004), http://www.di.ens.fr/~mine/these/these-color.pdf

  20. OSEK/VDX. OSEK/VDX Operating System. Version 2.2.3 (2005)

    Google Scholar 

  21. Park, S.H., Lee, D.K., Kang, S.J.: Compiler-assisted maximum stack usage measurement technique for efficient multi-threading in memory-limited embedded systems. In: Lee, R. (ed.) Computers,Networks, Systems, and Industrial Engineering 2011. SCI, vol. 365, pp. 113–129. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  22. Radio Technical Commission for Aeronautics. RTCA DO-178B. Software Considerations in Airborne Systems and Equipment Certification (1992)

    Google Scholar 

  23. Real Time Engineers Ltd. FreeRTOSTM web page: Stack Usage and Stack Overflow Checking (2010), http://www.freertos.org/Stacks-and-stack-overflow-checking.html

  24. Regehr, J.: Random testing of interrupt-driven software. In: Proceedings of the 5th ACM International Conference on Embedded Software, EMSOFT 2005, pp. 290–298. ACM, New York (2005)

    Google Scholar 

  25. Regehr, J., Reid, A., Webb, K.: Eliminating stack overflow by abstract interpretation. ACM Trans. Embed. Comput. Syst. 4(4), 751–778 (2005)

    Article  Google Scholar 

  26. Theiling, H.: Extracting Safe and Precise Control Flow from Binaries. In: Proceedings of the 7th Conference on Real-Time Computing and Applications Symposium (RTCSA 2000), Cheju Island, South Korea, December 12-14, pp. 23–30. IEEE Computer Society Press (2000)

    Google Scholar 

  27. Thesing, S.: Safe and Precise WCET Determinations by Abstract Interpretation of Pipeline Models. PhD thesis, Saarland University (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Kästner, D., Ferdinand, C. (2014). Proving the Absence of Stack Overflows. In: Bondavalli, A., Di Giandomenico, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science, vol 8666. Springer, Cham. https://doi.org/10.1007/978-3-319-10506-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10506-2_14

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10505-5

  • Online ISBN: 978-3-319-10506-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics