Ensuring Code Safety Without Runtime Checks for Real-Time Control Systems
Abstract:
This paper considers the problem of providing safe programming
support and enabling secure online software upgrades for control
software in real-time control systems.
In such systems, offline techniques for ensuring code safety are
greatly preferable to online techniques.
We propose a language called Control-C that is essentially a subset
of C, but with key restrictions designed to ensure that memory safety
of code can be verified entirely by static checking,
under certain system assumptions.
The language permits pointer-based data structures, restricted
dynamic memory allocation, and restricted array operations,
without requiring any runtime checks on memory operations and
without garbage collection.
The language restrictions have been chosen based on an understanding
of both compiler technology and the needs of real-time control systems.
The paper describes the language design and a
compiler implementation for Control-C. We use control codes
from three different experimental control systems to evaluate the
suitability of the language for these codes, the effort required
to port them to Control-C, and the effectiveness of the compiler
in detecting a wide range of potential security violations for
one of the systems.
Published:
"Ensuring Code Safety Without Runtime Checks for Real-Time Control Systems",
Sumant Kowshik, Dinakar Dhurjati & Vikram Adve,
CASES
2002, Grenoble, France, Oct 2002.
Download:
BibTeX Entry:
@inproceedings{KDA:LCTES03,
Author = {Sumant Kowshik, Dinakar Dhurjati and Vikram Adve},
Title = "{Ensuring Code Safety Without Runtime Checks for Real-Time Control Systems}",
Booktitle = "{Proc. Int'l Conf. on Compilers Architecture and Synthesis for Embedded Systems, 2002}",
Address = {Grenoble, France},
Month = {Oct},
Year = {2002},
URL = {http://llvm.cs.uiuc.edu/pubs/2003-08-08-CASES02-ControlC.html}
}