Modular Verification of Interrupt-Driven Software

TL;DR

This paper introduces a modular static verification framework for interrupt-driven software that analyzes handlers in isolation and iteratively refines results, avoiding global model construction and improving accuracy.

Contribution

It presents a novel abstract interpretation approach for modular verification of interrupts, capturing nested invocations without constructing a monolithic model.

Findings

Successfully analyzed 35 applications with 22,541 lines of code

Achieved faster analysis times compared to existing methods

Produced more precise results in verifying interrupt behavior

Abstract

Interrupts have been widely used in safety-critical computer systems to handle outside stimuli and interact with the hardware, but reasoning about interrupt-driven software remains a difficult task. Although a number of static verification techniques have been proposed for interrupt-driven software, they often rely on constructing a monolithic verification model. Furthermore, they do not precisely capture the complete execution semantics of interrupts such as nested invocations of interrupt handlers. To overcome these limitations, we propose an abstract interpretation framework for static verification of interrupt-driven software that first analyzes each interrupt handler in isolation as if it were a sequential program, and then propagates the result to other interrupt handlers. This iterative process continues until results from all interrupt handlers reach a fixed point. Since our method never constructs the global model, it avoids the up-front blowup in model construction that hampers existing, non-modular, verification techniques. We have evaluated our method on 35 interrupt-driven applications with a total of 22,541 lines of code. Our results show the method is able to quickly and more accurately analyze the behavior of interrupts.