reverse engineering – recent advances and applications - OpenLibra

More documents

Recommendations

Info

10 Reverse Engineering – Recent Advances and Applications 8 Will-be-set-by-IN-TECH For the above list of publications we did not strive for completeness; they are rather meant to give a better understanding of the research landscape. The publications have been identified based on keyword searches of literature databases as described at the beginning of this section and then augmented with the authors’ specialist knowledge. In Section 5 we discuss selected research in more detail. 4. Timing analysis A key concern for embedded systems is their timing behavior. In this section we describe static and dynamic timing analyses. We start with a summary of software development—i.e., forward engineering from this chapter’s perspective—for real-time systems. For our discussion, forward engineering is relevant because software maintenance and evolution intertwine activities of forward and reverse engineering. From this perspective, forward engineering provides input for reverse engineering, which in turn produces input that helps to drive forward engineering. Timing-related analyses during forward engineering are state-of-the-practice in industry. This is confirmed by a study, which found that “analysis of real-time properties such as response-times, jitter, and precedence relations, are commonly performed in development of the examined applications” (Hänninen et al., 2006). Forward engineering offers many methods, technique, and tools to specify and reason about timing properties. For example, there are dedicated methodologies for embedded systems to design, analyze, verify and synthesize systems (Åkerholm et al., 2007). These methodologies are often based on a component model (e.g., AUTOSAR, BlueArX, COMDES-II, Fractal, Koala, and ProCom) coupled with a modeling/specification language that allows to specify timing properties (Crnkovic et al., 2011). Some specification languages extend UML with a real-time profile (Gherbi & Khendek, 2006). The OMG has issued the UML Profile for Schedulability, Performance and Time (SPL) and the UML Profile for Modeling and Analysis of Real-time and Embedded Systems (MARTE). In principle, reverse engineering approaches can target forward engineering’s models. For example, synthesis of worst-case execution times could be used to populate properties in a component model, and synthesis of models based on timed automata could target a suitable UML Profile. In the following we discuss three approaches that enable the synthesis of timing information from code. We then compare the approaches and their applicability for complex embedded systems. 4.1 Execution time analysis When modeling a real-time system for analysis of timing related properties, the model needs to contain execution time information, that is, the amount of CPU time needed by each task (when executing undisturbed). To verify safe execution for a system the worst-case execution time (WCET) for each task is desired. In practice, timing analysis strives to establish a tight upper bound of the WCET (Lv et al., 2009; Wilhelm et al., 2008). 8 The results of the WCET Tool Challenge (executed in 2006, 2008 and 2011) provide a good starting point for understanding the capabilites of industrial and academic tools (www.mrtc.mdh.se/projects/WCC/). 8 For a non-trivial program and execution environment the true WCET is often unknown.
Software Reverse Engineering in the Domain of Complex Embedded Systems Software Reverse Engineering in the Domain of Complex Embedded Systems 9 Static WCET analysis tools analyze the system’s source or binary code, establishing timing properties with the help of a hardware model. The accuracy of the analysis greatly depends on the accuracy of the underlying hardware model. Since the hardware model cannot precisely model the real hardware, the analysis has to make conservative, worst case assumptions in order to report a save WCET estimate. Generally, the more complex the hardware, the less precise the analysis and the looser the upper bound. Consequently, on complex hardware architectures with cache memory, pipelines, branch prediction tables and out-of-order execution, tight WCET estimation is difficult or infeasible. Loops (or back edges in the control flow graph) are a problem if the number of iterations cannot be established by static analysis. For such case, users can provide annotations or assertions to guide the analyses. Of course, to obtain valid results it is the user’s responsibility to provide valid annotations. Examples of industrial tools are AbsInt’s aiT (www.absint.com/ait/) and Tidorum’s Bound-T (www.bound-t.com); SWEET (www.mrtc.mdh.se/projects/wcet) and OTAWA (www.otawa.fr) are academic tools. There are also hybrid approaches that combine static analysis with run-time measures. The motivation of this approach is to avoid (or minimize) the modeling of the various hardware. Probabilistic WCET (or pWCET), combines program analysis with execution-time measurements of basic-blocks in the control flow graph (Bernat et al., 2002; 2003). The execution time data is used to construct a probabilistic WCET for each basic block, i.e., an execution time with a specified probability of not being exceeded. Static analysis combines the blocks’ pWCETs, producing a total pWCET for the specified code. This approach is commercially available as RapiTime (www.rapitasystems.com/products/RapiTime). AbsInt’s TimeWeaver (www.absint.com/timeweaver/) is another commercial tool that uses a hybrid approach. A common method in industry is to obtain timing information by performing measurements of the real system as it is executed under realistic conditions. The major problem with this approach is the coverage; it is very hard to select test cases which generate high execution times and it is not possible to know if the worst case execution time (WCET) has been observed. Some companies try to compensate this to some extent through a “brute force” approach, where they systematically collect statistics from deployed systems, over long periods of real operation. This is however very dependent on how the system has been used and is still an “optimistic” approach, as the real WCET might be higher than the highest value observed. Static and dynamic approaches have different trade-offs. Static approaches have, in principle, the benefit that results can be obtained without test harnesses and environment simulations. On the other hand, the dependence on a hardware timing model is a major criticism against the static approach, as it is an abstraction of the real hardware behavior and might not describe all effects of the real hardware. In practice, tools support a limited number of processors (and may have further restrictions on the compiler that is used to produce the binary to be analyzed). Bernat et al. (2003) argues that static WCET analysis for real complex software, executing on complex hardware, is “extremely difficult to perform and results in unacceptable levels of pessimism.” Hybrid approaches are not restricted by the hardware’s complexity, but run-time measurements may be also difficult and costly to obtain. WCET is a prerequisite for schedulability or feasibility analysis (Abdelzaher et al., 2004; Audsley et al., 1995). (Schedulability is the ability of a system to meet all of its timing constraints.) 11
Page 1 and 2: REVERSE ENGINEERING - RECENT ADVANC
Page 5 and 6: Contents Preface IX Part 1 Software
Page 9 and 10: Preface Introduction In the recent
Page 11 and 12: Preface XI and con’s related to t
Page 13 and 14: Preface XIII the step-by-step appli
Page 17: Part 1 Software Reverse Engineering
Page 20 and 21: 4 Reverse Engineering - Recent Adva
Page 28 and 29: 12 Reverse Engineering - Recent Adv
Page 74 and 75: 58 2. Model driven architecture: An
Page 76 and 77:
60 Reverse Engineering - Recent Adv
Page 78 and 79:
62 Fig. 1. Model, metamodels and tr
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
100 Reverse Engineering - Recent Ad
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
108 Table 1. Number of smoothers an
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 133 and 134:
1. Introduction 60 Surface Reconstr
Page 135 and 136:
Surface Reconstruction from Unorgan
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
1. Introduction A Systematic Approa
Page 151 and 152:
A Systematic Approach for Geometric
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
A Review on Shape Engineering and D
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Integrating Reverse Engineering and
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231:
Part 3 Reverse Engineering in Medic
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
238 5. Summary and discussions Reve
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
268 Fig. 6. A closed polygon mesh r
Page 286 and 287:
Page 288 and 289:
272 3. Results Reverse Engineering
Page 290 and 291:
Page 292:
show all

reverse engineering – recent advances and applications - OpenLibra

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?