Andy Chou, Benjamin Chelf, Dawson Engler, and Mark Heinrich. Using metalevel compilation to check FLASH protocol code. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 59-70, November 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....upon these techniques would raise too many false alarms and would thus be unusable. On the other hand, flow and context sensitive algorithms have been proposed[17, 24, 26] but are too slow to be used on real life programs. Practical auditing tools often use unsound pointer alias analyses instead[2, 4, 11, 23]. Not only are the analyses flow and context sensitive, they are even path sensitive. While they track memory locations held by local variables and parameters with precision, they often assume unsoundly that all other indirect memory references are unaliased. Because these tools report errors ....

....representation [3] Wilson and Lam also use a sparse representation in pointer alias analysis[26] 5.2 Error Detection Tools A number of multi purpose error detection tools have been proposed in recent years. Some systems, such as Vault[10] are sound; Intrinsa s PREfix[2] and the xgcc checker[4, 11] are not. The representation proposed here is designed to facilitate the development of practical, unsound checkers. Since the emergence of costly bu#er overflow vulnerabilities in the last few years, several lexical tools have been created to help with source level security auditing. PScan is a ....

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. In Proceedings of Architectural Support for Programming Languages and Operating Systems, pages 59--70, 2000.

....state. The advantage of this approach is that code written in this way is guaranteed to conform to the nite state models. This, however, requires programmers to rewrite their code; retro tting large systems of existing code into this framework is not plausible. Systems such as PRE x[3] Metal[5, 8] and SLAM[2] operate directly on existing software; they check if the code conforms to pre de ned correctness constraints, many of which can be expressed as FSMs. These systems have been demonstrated to be successful in nding many errors in operating systems. One of the bottlenecks of such ....

....the DIDUCE system, which instruments data locations and tracks changes in the invariants as time goes by. This system has proven successful at nding the sources of errors in dicult corner cases[13] Using nite state machine models to model program behavior is quite common. The Metal system[5, 8] and the SLAM toolkit[2] have been very successful in applying FSM models statically to operating system code. Programming languages such as Vault[7] NIL, and Hermes[23] encode these machines directly into the source code. Systems such as PRE x also contain models that can be represented as ....

[Article contains additional citation context not shown here]

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. In Proceedings of the Ninth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 59-70, 2000.

....17, 22, 11] have focused on debugging programs written in general purpose languages like C, C and Java. Others have proposed domain specific languages [8, 3, 4] that have been designed with model checking in mind, and therefore, allow model checking to be more effective. Meta level Compilation [9, 16] provides a framework for extending a compiler with application specific code that can be used to statically check certain properties of that application. It was used to look for bugs in several systems including the cache coherence protocols for the FLASH multiprocessor and the Linux kernel. This ....

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using Metalevel Compilation to Check FLASH Protocol Code. In Architectural Support for Programming Languages and Operating Systems, 2000.

....programs written in general purpose languages like C, C and Java [26, 43, 83, 94, 50, 48, 57, 35] Others have proposed domainspecific languages that have been designed with model checking in mind [28, 12, 14] and therefore, allow model checking to be more effective. Meta level Compilation [32, 46] provides a framework for extending a compiler with application specific code that can be used to statically check certain properties of that application. It was used to look for bugs in several systems including the cache coherence protocols for the FLASH multiprocessor and the Linux kernel. This ....

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using Meta-level Compilation to Check FLASH Protocol Code. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, Cambridge, Massachusetts, November 2000.

....state. The advantage of this approach is that code written in this way is guaranteed to conform to the nite state models. This, however, requires programmers to rewrite their code; retro tting large systems of existing code into this framework is not plausible. Systems such as PRE x[3] Metal [5, 8] and SLAM [2] operate directly on existing software; they check if the code conforms to pre de ned correctness constraints, many of which can be expressed as FSMs. These systems have been demonstrated to be successful in nding many errors in operating systems. One of the bottlenecks of such ....

....include the DIDUCE system [13] which instruments data locations and tracks changes in the invariants as time goes by. This system has proven surprisingly successful at nding bugs in dicult corner cases. Using nite state machine models to model program behavior is quite common. The Metal system [5, 8] and the SLAM toolkit [2] have been very successful in applying FSM models statically to operating system code. Programming languages such as Vault [7] NIL, and Hermes [23] encode these machines directly into the source code. Systems such as PRE x [3] also contain models that can be represented ....

[Article contains additional citation context not shown here]

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. In Proceedings of the Ninth International Conference on Architectural Support for Programming Languages and Operating Systems, 2000.

....17, 23, 11] have focused on debugging programs written in general purpose languages like C, C and Java. Others have proposed domain specific languages [9, 3, 4] that have been designed with model checking in mind, and therefore, allow model checking to be more e#ective. Meta level Compilation [10, 16] provides a framework for extending a compiler with application specific code that can be used to statically check certain properties of that application. It was used to look for bugs in several systems including the cache coherence protocols for the FLASH multiprocessor and the Linux kernel. This ....

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using Meta-level Compilation to Check FLASH Protocol Code. In Architectural Support for Programming Languages and Operating Systems, 2000.

....queues. Although, the layered framework works well for writing network protocols, they are too restrictive for writing firmware code where the di#erent modules have much more complex interactions. Also, they do not provide any support for dynamic memory management. Software Testing. Some systems [12, 9] have been successful in finding bugs in existing software written in traditional languages like C. Verisoft [12] does this by modifying the scheduler of the concurrent system to do a state space exploration. Meta level Compilation [9] attempts to verify system specific invariants at compile time. ....

....dynamic memory management. Software Testing. Some systems [12, 9] have been successful in finding bugs in existing software written in traditional languages like C. Verisoft [12] does this by modifying the scheduler of the concurrent system to do a state space exploration. Meta level Compilation [9] attempts to verify system specific invariants at compile time. However, these systems do not simplify the task of writing concurrent programs. 8. CONCLUSIONS We have presented the design and implementation of ESP a language for programmable devices. ESP has a number of language features that ....

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using meta-level compilation to check flash protocol code. In Architectural Support for Programming Languages and Operating Systems, 2000.

No context found.

Chou, A., Chelf, B., Engler, D., Heinrich, M.: Using meta-level compilation to check FLASH protocol code. In: Ninth International Conference on Architecture Support for Programming Languages and Operating Systems. (2000)

No context found.

A. Chou, B. Chelf, D.R. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. In Ninth International Conference on Architecture Support for Programming Languages and Operating Systems, November 2000.

....the trade o s we had previously observed. The rst project, described in Section 2 and 3, checked FLASH cache coherence protocol implementation code [24] We rst used static analysis to nd violations of FLASHspeci c rules (e.g. that messages are sent in such a way as to prevent deadlock) [7] and then, in a follow on work, applied model checking [26] One interesting feature of the This research was supported in part by DARPA contract MDA904 98 C A933, by GSRC MARCO Grant No:SA3276JB, and by a grant from the Stanford Networking Research Center. Dawson Engler is partially supported ....

....thorough introduction. 2. CASE STUDY: FLASH This section gives a short summary of using both static analysis and model checking to nd bugs in FLASH cache coherence protocol implementation code. The next section focuses on the lessons learned from these e orts. Readers familiar with Chou et al. [7] can skip Section 2.1 and 2.2. Readers familiar with Lie et al. 26] can skip Section 2.1 and 2.3. 2.1 FLASH overview The Stanford FLASH multiprocessor [24] is a scalable cache coherent DSM machine that implements its communication protocols in software that runs on an embedded processor in its ....

[Article contains additional citation context not shown here]

A. Chou, B. Chelf, D.R. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. In Ninth International Conference on Architecture Support for Programming Languages and Operating Systems, November 2000.

....This paper provides a more developed view of MC, a significantly easier to use and more powerful framework for building extensions, and an experimental demonstration of its effectiveness. Concurrently with this paper, we presented a detailed case study of applying MC to the FLASH system [4]. The 8 compiler extensions presented in that paper discovered 34 errors in FLASH code that could potentially crash the machine, such as message handlers that lost or double freed hardware message buffers and buffer race conditions. This paper s main difference is its demonstration that MC is a ....

....crash the machine, such as message handlers that lost or double freed hardware message buffers and buffer race conditions. This paper s main difference is its demonstration that MC is a general technique by applying it to a variety of systems. Because of this broader scope, it lacks the detail in [4], but finds roughly a factor of ten more errors. Below, we compare our work to efforts in highlevel compilation, verification, and extensible compilers. Higher level compilation. Many projects have hard wired application level information in compilers. These projects include: compiler directed ....

A. Chou, B. Chelf, D.R. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. To appear in ASPLOS

....maintain a directory of cache line states and service requests by sending messages on the I O, processor, and network interfaces. Conventional simulation based verification of FLASH has found many protocol bugs. Nevertheless, no protocol has booted perfectly on the hardware on the first try [7]. Using simulation to verify the protocols has been inadequate because of the limited and fixed detail level of the simulator and the high cost of simulating a large number of paths. Though our approach could have been applied to a wide range of systems, FLASH protocol code has a number of ....

....a real machine, as well as formal verification. The main protocol we check, dyn ptr, has been under constant use for over five years and has formed the basis for almost all experimental results on the hardware [13] The critical enabling technology for our approach is an extensible compiler, xg [7, 10]. xg allows users to easily write domain specific analysis rules using a language called Metal. Extraction rules select sections of protocol code to be modeled, while printing rules translate the extracted protocol code into a Mur model description. xg uses program slicing to extract the ....

[Article contains additional citation context not shown here]

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using metalevel compilation to check FLASH protocol code. In Proc. of the Ninth Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, Nov. 2000.

....messages on the I O, processor, and network interfaces to maintain a directory of cache line states and service cache line requests. Conventional simulation based verification of FLASH has found many protocol bugs. Nevertheless, no protocol has booted perfectly on the hardware on the first try [7]. Using simulation to verify the protocols has been inadequate because of the limited and fixed detail level of the simulator and the high cost of simulating a large number of paths. Though our approach could have been applied to a wide range of systems, FLASH protocol code has a number of ....

....on a real machine, and via formal verification. The main protocol we check, dyn ptr, has been under constant use for over five years and has formed the basis for almost all experimental results on the hardware [13] The critical enabling technology for our approach is an extensible compiler, xg [7, 10]. xg allows users to easily write domain specific analysis extensions using a language called metal. There are two types of extensions: extensions that perform extraction, and extensions that perform translation. Extraction extensions select sections of protocol code to be modeled, while ....

[Article contains additional citation context not shown here]

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using metalevel compilation to check FLASH protocol code. In Proc. of the Ninth Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, Nov. 2000.

....evaluation. This paper provides a more developed view of MC, a signi cantly easier to use and more powerful framework for building extensions, and an experimental demonstration of its e ectiveness. Concurrently with this paper, we presented a detailed case study of applying MC to the FLASH system [4]. The 8 compiler extensions presented in that paper discovered 34 errors in FLASH code that could potentially crash the machine, such as message handlers that lost or double freed hardware message bu ers and bu er race conditions. This paper s main di erence is its demonstration that MC is a ....

....crash the machine, such as message handlers that lost or double freed hardware message bu ers and bu er race conditions. This paper s main di erence is its demonstration that MC is a general technique by applying it to a variety of systems. Because of this broader scope, it lacks the detail in [4], but nds roughly a factor of ten more errors. Below, we compare our work to e orts in highlevel compilation, veri cation, and extensible compilers. Higher level compilation. Many projects have hard wired application level information in compilers. These projects include: compiler directed ....

A. Chou, B. Chelf, D.R. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. To appear in ASPLOS 2000, November 2000.

No context found.

Andy Chou, Benjamin Chelf, Dawson Engler, and Mark Heinrich. Using metalevel compilation to check FLASH protocol code. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 59-70, November 2000.

No context found.

A. Chou, B. Chelf, D. Engler, and M. Heinrich. Using meta-level compilation to check FLASH protocol code. In Proceedings of Architectural Support for Programming Languages and Operating Systems, pages 59--70, 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC