JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Effective Integer Promotion Bug Detection Technique for Embedded Software
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
  • Journal title : Journal of KIISE
  • Volume 43, Issue 6,  2016, pp.692-699
  • Publisher : Korean Institute of Information Scientists and Engineers
  • DOI : 10.5626/JOK.2016.43.6.692
 Title & Authors
Effective Integer Promotion Bug Detection Technique for Embedded Software
Kim, Yunho; Kim, Taejin; Kim, Moonzoo; Lee, Ho-jung; Jang, Hoon; Park, Mingyu;
 
 Abstract
C compilers for 8-bit MCUs used in washing machines and refrigerators often do not follow the C standard to improve runtime performance. Developers who are unaware of the difference between C compilers following the C standard and the C compilers for 8-bit MCU can cause bugs that do not appear in the standard C environment but appear in the embedded systems using 8-bit MCUs. It is difficult for bug detectors that assume the standard C environment to detect such bugs. In this paper, we introduce integer promotion bugs caused by the different integer promotion rules of the C compilers for 8-bit MCU from the C standard and propose 5 bug patterns where the integer promotion bugs occur. We have developed an integer promotion bug detection tool and applied it to the washing machine control software developed by the LG electronics. The integer promotion bug detection tool successfully detected 27 integer promotion bugs in the washing machine control software.
 Keywords
software testing;embedded software;integer promotion bug;dynamic symbolic execution;
 Language
Korean
 Cited by
 References
1.
C. Elbert and C. Jones, "Embedded software: facts, figures, and future," IEEE Computer, Vol. 42, No. 4, pp. 42-52, Apr. 2009.

2.
I. Fredriksen, "Choosing a MCU for your next design; 8 bit or 32 bit?," Atmel Corp., 2014.

3.
Clang/LLVM. [Online]. Available: http://llvm.org.

4.
D. Brumley, T. Chiueh, R. Johnson, H. Lin, and D. Song, "RICH: Automatically protecting against integerbased vulnerabilities," Proc. of the Symposium on Network and Distributed Systems Security, 2007.

5.
W. Dietz, P. Li, J. Regehr, and V. Adve, "Understanding integer overflow in C/C++," ACM Transactions on Software Engineering and Methodology, Vol. 25, No. 1, pp. 2:1-2:20, 2015.

6.
P. Chen, Y. Wang, Z. Xin, B. Mao, and L. Xie, "BRICK: A binary tool for run-time detecting and locating integer-based vulnerability," Proc. of the International Conference on Availability, Reliability and Security, pp. 208-215, 2009.

7.
D. Molnar, X. Li, and D. Wagner, "Dynamic test generation to find integer bugs in x86 binary Linux programs," Proc. of the USENIX Security Symposium, pp. 67-82, 2009.

8.
N. Nethercote and J. Seward, "Valgrind: A program supervision framework," Proc. of the Workshop on Runtime Verification, 2003.

9.
R. Rodrigues, V. Campos, and F. Pereira, "A fast and low-overhead technique to secure programs against integer overflows," Proc. of the IEEE/ACM International Symposium on Code Generation and Optimization, pp. 1-11, 2013.

10.
Y. Kim, M. Kim, and Y. Jang, "CREST-BV: An improved concolic testing technique supporting bitwise operations for embedded software," Journal of KIISE: Software and Applications, Vol. 40, No. 2, pp. 90-98, 2013. (in Korean)

11.
Y. Kim, Y. Kim, T. Kim, G. Lee, Y. Jang, and M. Kim, "Automated unit testing of large industrial embedded software using concolic testing," Proc. of the IEEE/ACM Automated Software Engineering Experience track, pp. 519-528, Nov. 2013.