Skip to main content
SpringerLink
Log in

Static analysis for detecting high-level races in RTOS kernels

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

We propose a static analysis based approach for detecting high-level races in RTOS kernels popularly used in safety-critical embedded software. High-Level races are indicators of atomicity violations and can lead to erroneous software behaviour with serious consequences. Hitherto techniques for detecting high-level races have relied on model-checking approaches, which are inefficient and apriori unsound. In contrast we propose a technique based on static analysis that is both efficient and sound. The technique is based on the notion of disjoint blocks recently introduced in Chopra et al. (In: Proceedings of 28th European symposium on programming (ESOP), Prague, Czech Republic. LNCS, vol 11423, pp 1–27. Springer, 2019). We evaluate our technique on four popular RTOS kernels and show that it is effective in detecting races, many of them harmful, with a high rate of precision.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. This is a variable length argument function we have defined.

References

  1. Ardupilot (2019) https://ardupilot.org/

  2. Abadi M, Flanagan C, Freund SN (2006) Types for safe locking: static race detection for Java. ACM Trans Program Lang Syst TOPLAS 28(2):207–255

    Article  Google Scholar 

  3. Alur R, McMillan KL, Peled DA (2000) Model-checking of correctness conditions for concurrent objects. Inf Comput 160(1–2):167–188

    Article  MathSciNet  Google Scholar 

  4. Artho C, Havelund K, Biere A (2003) High-level data races. J Softw Test Verif Reliab 207–227

  5. Barry R (2017) The FreeRTOS kernel, v10.0.0. https://freertos.org

  6. Chopra N, Pai R, D’Souza D (2019) Data races and static analysis for interrupt-driven programs. In: Proceedings of 28th European symposium on programming (ESOP), Prague, Czech Republic. LNCS, vol 11423, pp 1–27. Springer

  7. Di Sirio G (2019) ChibiOS kernel, v19.1.0. http://www.chibios.org/dokuwiki/doku.php

  8. Dias RJ, Pessanha V, Lourenço J (2012) Precise detection of atomicity violations. In: Hardware and software: verification and testing—8th international Haifa verification conference (HVC), pp 8–23

  9. Elmas T, Qadeer S, Tasiran S (2005) Precise race detection and efficient model checking using locksets. Tech. Rep. MSR-TR-2005-118, Microsoft Research

  10. Engler D, Ashcraft K (2003) Racerx: effective, static detection of race conditions and deadlocks. SIGOPS Oper Syst Rev 37(5):237–252

    Article  Google Scholar 

  11. Flanagan C, Qadeer S (2003) A type and effect system for atomicity. In: Proceedings of ACM SIGPLAN programming language design and implementation (PLDI), pp 338–349

  12. Havelund K, Lowry MR, Penix J (2001) Formal analysis of a space-craft controller using SPIN. IEEE Trans Softw Eng 27(8):749–765

    Article  Google Scholar 

  13. Havelund K, Skakkebæk JU (1999) Applying model checking in java verification. In: Proceedings of theoretical and practical aspects of SPIN model checking, vol 1680, pp 216–231. Springer

  14. Henzinger TA, Jhala R, Majumdar R (2004) Race checking by context inference. In: Proceedings of ACM SIGPLAN programming language design and implementation (PLDI), pp 1–13

  15. Instruments T (2017) TI-RTOS: a real-time operating system for microcontrollers. http://www.ti.com/tool/ti-rtos

  16. Mukherjee S, Kumar A, D’Souza D (2017) Detecting all high-level data races in an RTOS kernel. In: Proceedings of verification, model checking, and abstract interpretation (VMCAI), proceedings, pp 405–423

  17. Necula G (2002) CIL—infrastructure for C program analysis and transformation (v. 1.3.7). http://people.eecs.berkeley.edu/~necula/cil/

  18. Regehr J, Cooprider N (2007) Interrupt verification via thread verification. Electr Notes Theor Comput Sci 174(9):139–150

    Article  Google Scholar 

  19. Savage S, Burrows M, Nelson G, Sobalvarro P, Anderson TE (1997) Eraser: a dynamic data race detector for multi-threaded programs. ACM Trans Comput Syst 15(4):391–411

    Article  Google Scholar 

  20. Schwarz MD, Seidl H, Vojdani V, Apinis K (2014) Precise analysis of value-dependent synchronization in priority scheduled programs. In: Proceedings of verification, model checking, and abstract interpretation (VMCAI), pp 21–38

  21. Schwarz MD, Seidl H, Vojdani V, Lammich P, Müller-Olm M (2011) Static analysis of interrupt-driven programs synchronized via the priority ceiling protocol. In: Proceedings of ACM SIGPLAN-SIGACT principles of programming languages (POPL), pp 93–104

  22. Singh A, Pai R, D’Souza D, D’Souza M (2019) Static analysis for detecting high-level races in RTOS kernels. In: Formal methods—the next 30 years—third world congress (FM), Porto, proceedings, pp 337–353

  23. Sterling N (1993) WARLOCK—a static data race analysis tool. In: Proc. Usenix winter technical conference, pp 97–106

  24. Sung C, Kusano M, Wang C (2017) Modular verification of interrupt-driven software. In: Proceedings of the 32nd IEEE/ACM international conference on automated software engineering (ASE), pp 206–216

  25. von Praun C, Gross TR (2004) Static detection of atomicity violations in object-oriented programs. J Object Technol 3(6):103–122

    Article  Google Scholar 

  26. Voung JW, Jhala R, Lerner S (2007) RELAY: static race detection on millions of lines of code. In: Proceedings of ESEC/SIGSOFT foundation software engineering (FSE), pp 205–214

  27. Wang Y, Wang L, Yu T, Zhao J, Li X (2017) Automatic detection and validation of race conditions in interrupt-driven embedded software. In: Proceedings of the 26th ACM SIGSOFT international symposium on software testing and analysis (ISSTA). ACM, pp 113–124

  28. Zeng R, Sun Z, Liu S, He X (2012) Mcpatom: a predictive analysis tool for atomicity violation using model checking. In: Proceedings of model checking software (SPIN), pp 191–207

Download references

Acknowledgements

The first author is grateful to the University Grants Commission (UGC), New Delhi, India, for providing financial assistance in the form of a Post-Doctoral Fellowship [F.4-2/2006 (BSR)/EN/17-18/0039]. We also acknowledge support from the Robert Bosch Center for Cyber-Physical Systems, at the Indian Institute of Science, Bangalore.

Author information

Authors and Affiliations

  1. Department of Computer Science and Automation, Indian Institute of Science, Bangalore, India

    Rekha Pai, Deepak D’Souza & Prathibha Prakash

  2. International Institute of Information Technology, Bangalore, India

    Abhishek Singh & Meenakshi D’Souza

Authors
  1. Rekha Pai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abhishek Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Deepak D’Souza
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Meenakshi D’Souza
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Prathibha Prakash
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rekha Pai.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Pai, R., Singh, A., D’Souza, D. et al. Static analysis for detecting high-level races in RTOS kernels. Form Methods Syst Des 58, 294–321 (2021). https://doi.org/10.1007/s10703-020-00354-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-020-00354-0

Keywords

Search

Navigation