A Framework For Safe Reuse of Software Binaries

Ramakrishnan Venkitaraman

Advisor: Dr. Gopal Gupta

 

We consider the problem of automatically checking if coding standards have been followed in the development of embedded applications. The problem arises from practical considerations because DSP chip manufacturers (in our case Texas Instruments) want various third party software developers to adhere to a certain coding standard to facilitate system integration during application development. Checking for compliance with coding standards, in general, is un-decidable. Moreover, only machine code of the system components is available since for proprietary reasons vendors of various components do not want to share their source code. In this project, we describe an approach based on static analysis of embedded assembly code to check for compliance with such coding standards. This static analysis rests on an abstract interpretation framework. We illustrate our approach by showing how we statically analyze the presence of hard coded pointer variables in embedded assembly code. Hard coded pointer variables are those that are assigned a fixed memory address by the programmer instead of being assigned a value via proper operations in the source language (e.g., malloc/calloc/realloc and & operator in C). Our analyzer takes object code as input, disassembles it, builds the flow-graph, and statically analyzes the flow-graph for the presence of dereferenced pointers that are hard coded. The analyzer is currently being extended to check for compliance with other rules adopted by TI as part of its coding standards.

 

 

Figure: Activity Diagram for the Analyzer

 

The “Texas Instruments TMS320 DSP Algorithm Standard” defines a set of requirements for DSP algorithms that, if followed, will allow system integrators to quickly assemble production quality systems from one or more algorithms. The standard aims to provide a framework that will enable the development of a rich set of Commercial Off-The-Shelf (COTS) components marketplace for the DSP algorithm technology that will significantly reduce the time to market for new DSP based products.

 

Static Analysis provides significant benefits and is increasingly recognized as a fundamental tool for analyzing programs. We develop a “Static Analyzer” for checking an algorithm (given only its binary code) for its compatibility with the “General Programming Rules" defined by the standard.  The analyzer is used to detect hard coded addresses in programs. The analyzer takes object code as input, disassembles it, builds the flow-graph, and statically analyzes the flow-graph for the presence of de-referenced pointers that are hard coded. The analyzer can be used to validate DSP software for conformance with the TI TMS320 DSP Algorithm Standard's “General Programming Rules”.

 

To perform analysis, and check for standard compliance, we don’t have access to the source code. So we disassemble the object code to get the corresponding Assembly Language Code. The analysis is done at the assembly language level and involves the formation of “unsafe sets” by statically analyzing the disassembled code. The code and the “unsafe sets” are checked for violations of the standard. In the case of recursive function calls and looping structures that are detected in the code, the analyzer automatically builds and populates the unsafe sets until a “fixed point” is reached.

 

The development and testing of the tool is currently in progress. Current work includes fine tuning the handling of loops and extending our system for the cover all the programming rules.

 

Reference:

1.      Ramakrishnan Venkitaraman and Gopal Gupta, Static Program Analysis of Embedded Executable Assembly Code. Compilers, Architecture, and Synthesis for Embedded Systems (ACM CASES) September 2004

2.      Ramakrishnan Venkitaraman and Gopal Gupta, Framework for Safe Reuse of Software Binaries. 1st International Conference on Distributed Computing & Internet Technology (ICDCIT) December 2004

3.      Ramakrishnan Venkitaraman and Gopal Gupta, “Static Program Analysis to Detect Hard Coded Addresses and its Application to TI's DSP Processor”, UTD Computer Science department technical report (UTD CS-23-03).