Abstract
We present a static analysis by Abstract Interpretation to check for run-time errors in parallel and multi-threaded C programs. Following our work on Astr\'ee, we focus on embedded critical programs without recursion nor dynamic memory allocation, but extend the analysis to a static set of threads communicating implicitly through a shared memory and explicitly using a finite set of mutual exclusion locks, and scheduled according to a real-time scheduling policy and fixed priorities. Our method is thread-modular. It is based on a slightly modified non-parallel analysis that, when analyzing a thread, applies and enriches an abstract set of thread interferences. An iterator then re-analyzes each thread in turn until interferences stabilize. We prove the soundness of our method with respect to the sequential consistency semantics, but also with respect to a reasonable weakly consistent memory semantics. We also show how to take into account mutual exclusion and thread priorities through a partitioning over an abstraction of the scheduler state. We present preliminary experimental results analyzing an industrial program with our prototype, Th\'es\'ee, and demonstrate the scalability of our approach.
Highlights
Ensuring the safety of critical embedded software is important as a single “bug” can have catastrophic consequences
We present a static analysis by Abstract Interpretation to check for run-time errors in parallel and multi-threaded C programs
Previous work on the Astree analyzer [8] demonstrated that static analysis by Abstract Interpretation could help, when specializing an analyzer to a class of properties and programs — namely in that case, the absence of run-time errors on synchronous control / command embedded avionic C software
Summary
Ensuring the safety of critical embedded software is important as a single “bug” can have catastrophic consequences. Our method is based on Abstract Interpretation [13], a general theory of the approximation of semantics which allows designing static analyzers that are fully automatic and sound by construction — i.e., consider a superset of all program behaviors. Such analyzers cannot miss any bug in the class of errors they analyze. The concatenation · is naturally extended to sets of words: A · B d=ef { a · b | a ∈ A, b ∈ B }
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have