Issta11

Testing EmbeddedSoftwareJohn RegehrUniversity of Utah

“Over 15 billion ARM based chips shipped to date”[ARM web site, 2011]“The microcontroller market is forecast to reach over $16 billion worldwide in 2011”[Microcontroller Market Tracker, 2011]2

Diverse!I have 6 pins and 32 bytes of RAM5

Diverse!I am quad core @ 1.5 GHz and have a GPU 8

Usually there are multiple processorsOn-chip networksIn-device networksDistributed systemsResource constraints are…Severe – to minimize unit costHard – failure if system runs out of…TimeRAM – stack or heapEnergy9

Continuously interact with the world through I/O devicesMay be little abstraction of HWProbably using both interrupt handlers and threadsOften there are fault tolerance and security requirements10

Sensor network -> 103–105 LOCModern airplane -> 106–107 LOC Hybrid vehicle -> 107–108 LOCHow do we get these right?Mostly testing11

Software on many individual processors is smallPermits aggressive analysis and testingConstrained domain simplifies testingEmbedded systems are (by definition) special-purpose devices12

The “Real System Problem”Many interesting embedded codes are proprietaryNecessary tools may be expensive or nonexistentCompilers, debuggers, simulatorsMay not be able to run it in the labOften lacks specifications and oracles13

Consequently, academic embedded work may be…Forced to use small, contrived examplesOut of tune with industry14

Consequently, academic embedded work may be…Forced to use small, contrived examplesOut of tune with industry15Solution: Ubiquitous open embedded platforms

ArduinoArduino Uno:8-bit AVR processor @ 16 MHz2 KB RAM~$30Emphasis is on interfacing16

ArduinoNice IDE + libraries + C/C++Minimal abstraction of the embedded processor18 new books in 201117

Simulators and model checkers for AVR code exist

Very few Arduino tool papers exist

This is a big opportunityArduinoNice IDE + libraries + C/C++Minimal abstraction of the embedded processor18 new books in 201118

TinyOSOS and middleware support for sensor networksSensingCollection and disseminationLocalizationApplications are in nesC, a C dialect19

TinyOS“Motes” based on a variety of MCUsCost $50 – $200Good simulators existThere are a few books20

Many open problems“Motes” based on a variety of MCUsCost $50 – $200Good simulators existThere are a few books21

AndroidOS + middleware for smart phones / tabletsARM based hardware running LinuxMuch less constrained than motes and Arduino22

AndroidApplication code in JavaGreat toolsTons of books23

This is not a scary platformApplication code in JavaGreat toolsTons of books24

ROS – Robot Operating SystemLinux-based infrastructure for programming robotsPrimary abstraction is graph of communicating processesLocal and distributed25

ROS – Robot Operating System Very few ROS tool papers existLinux-based infrastructure for programming robotsPrimary abstraction is graph of communicating processesLocal and distributed26

Plenty of other open embedded platforms existFreeRTOSContikiPacemaker ChallengeEtc.Embarrassment of richesStill, huge room for improvementWhere’s the open automobile?27

So, let’s test some embedded softwareBut what are we testing for?28

Properties / OraclesTemporal safetyDeadlinesOr just responsivenessMemory safetyContracts / assertionsReference implementation29

Worst-Case Execution TimeWhat is the upper bound on execution time for a piece of code?We care because the world has deadlinesStatic analysis of WCET is extremely difficult if there is…A cachePreemptionAn aggressive processor30

True WCETNumber of executionsExecution timeConservative WCETLongest observed ET #2Longest observed ET #131

32+=printf()pthread_attr_setstacksize (&attr, &mystacksize);HANDLE WINAPI CreateThread( LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId );

Stack Overflow in TinyOS334 KB

Stack Overflow in TinyOS34main()4 KB

Stack Overflow in TinyOS35main()irq 04 KB

Stack Overflow in TinyOS36main()irq 04 KBirq 1

Stack Overflow in TinyOS37main()irq 04 KBirq 1

Stack Overflow in TinyOS38Not the same thing as buffer overflow!Type safe language doesn’t solve this problemmain()irq 04 KBirq 1

Eliminating Stack OverflowTesting is hardNeed to drive code to its WC stack depthInterrupt coincidences are rareApproach: Static analysis of compiled codeCan’t estimate stack depth of source39

Estimate WC stack depth of each sequential flow, handlingIndirect branchesRecursionLoads into the stack pointerCompute “interrupt preemption graph”Find longest cycle in this graph40

41in r24, 0x3f ; r24 <- CPU status registercli ; disable interruptsadc r24, r24 ; carry bit <- prev interrupt statuseor r24, r24 ; r24 <- 0adc r24, r24 ; r24 <- carry bitmov r18, r24 ; r18 <- r24... critical section ...and r18, r18 ; test r18 for zerobreq .+2 ; if zero, skip next instructionsei ; enable interruptsret ; return from function

Stack analysis tool deployed in the TinyOS distributionResults are typically much larger than worst observed stack depthsBut, we validated its results by randomly firing interrupts42

TinyOS applications are built using componentsInterface requirements documented but not checkedInterface misuse often silent44

We augmented nesC with contractsDynamic checking reasonable efficientFound some long-standing bugs45

nesC is not type safeMemory safety bugs in TinyOS are difficultWe ported an existing safe C dialectFound some otherwise-impossible bugsMain problem was getting overhead under controlWhole-program optimization46

Issta11

More Related Content

What's hot (11)

Viewers also liked (9)

Similar to Issta11 (20)

Recently uploaded (20)

Issta11