Ensuring Code Safety Without Runtime Checks for Real-Time Control Systems
Sumant Kowshik, Dinakar Dhurjati and Vikram Adve


This paper considers the problem of providing safe programming support and enabling secure online software upgrades for control software in real-time control systems. In such systems, offline techniques for ensuring code safety are greatly preferable to online techniques. We propose a language called Control-C that is essentially a subset of C, but with key restrictions designed to ensure that memory safety of code can be verified entirely by static checking, under certain system assumptions. The language permits pointer-based data structures, restricted dynamic memory allocation, and restricted array operations, without requiring any runtime checks on memory operations and without garbage collection. The language restrictions have been chosen based on an understanding of both compiler technology and the needs of real-time control systems. The paper describes the language design and a compiler implementation for Control-C. We use control codes from three different experimental control systems to evaluate the suitability of the language for these codes, the effort required to port them to Control-C, and the effectiveness of the compiler in detecting a wide range of potential security violations for one of the systems.


"Ensuring Code Safety Without Runtime Checks for Real-Time Control Systems", Sumant Kowshik, Dinakar Dhurjati & Vikram Adve,
CASES 2002, Grenoble, France, Oct 2002.


BibTeX Entry:

    Author    = {Sumant Kowshik, Dinakar Dhurjati and Vikram Adve},
    Title     = "{Ensuring Code Safety Without Runtime Checks for Real-Time Control Systems}",
    Booktitle = "{Proc. Int'l Conf. on Compilers Architecture and Synthesis for Embedded Systems, 2002}",
    Address   = {Grenoble, France},
    Month     = {Oct},
    Year      = {2002},
    URL       = {http://llvm.cs.uiuc.edu/pubs/2003-08-08-CASES02-ControlC.html}