TY - GEN
T1 - Ensuring code safety without runtime checks for real-time control systems
AU - Kowshik, Sumant
AU - Dhurjati, Dinakar
AU - Adve, Vikram
PY - 2002
Y1 - 2002
N2 - This paper considers the problem of providing safe programming support and enabling secure online software upgrades for control software in real-time control systems. In such systems, offline techniques for ensuring code safety are greatly preferable to online techniques. We propose a language called Control-C that is essentially a subset of C, but with key restrictions designed to ensure that memory safety of code can be verified entirely by static checking, under certain system assumptions. The language permits pointer-based data structures, restricted dynamic memory allocation, and restricted array operations, without requiring any runtime checks on memory operations and without garbage collection. The language restrictions have been chosen based on an understanding of both compiler technology and the needs of real-time control systems. The paper describes the language design and a compiler implementation for Control-C. We use control codes from three different experimental control systems to evaluate the suitability of the language for these codes, the effort required to port them to Control-C, and the effectiveness of the compiler in detecting a wide range of potential security violations for one of the systems.
AB - This paper considers the problem of providing safe programming support and enabling secure online software upgrades for control software in real-time control systems. In such systems, offline techniques for ensuring code safety are greatly preferable to online techniques. We propose a language called Control-C that is essentially a subset of C, but with key restrictions designed to ensure that memory safety of code can be verified entirely by static checking, under certain system assumptions. The language permits pointer-based data structures, restricted dynamic memory allocation, and restricted array operations, without requiring any runtime checks on memory operations and without garbage collection. The language restrictions have been chosen based on an understanding of both compiler technology and the needs of real-time control systems. The paper describes the language design and a compiler implementation for Control-C. We use control codes from three different experimental control systems to evaluate the suitability of the language for these codes, the effort required to port them to Control-C, and the effectiveness of the compiler in detecting a wide range of potential security violations for one of the systems.
KW - Compiler
KW - Control
KW - Programming language
KW - Real-time
KW - Security
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=29144517425&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=29144517425&partnerID=8YFLogxK
U2 - 10.1145/581630.581678
DO - 10.1145/581630.581678
M3 - Conference contribution
AN - SCOPUS:29144517425
SN - 1581135750
SN - 9781581135756
T3 - Proceedings of the 2002 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems, CASES '02
SP - 288
EP - 297
BT - Proceedings of the 2002 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems, CASES '02
T2 - 2002 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems, CASES '02
Y2 - 8 October 2002 through 11 October 2002
ER -