reverse engineering – recent advances and applications - OpenLibra

More documents

Recommendations

Info

14 Reverse Engineering – Recent Advances and Applications 12 Will-be-set-by-IN-TECH Both the UppAal and KRONOS model checkers are based on timed automata and CTL. UppAal (www.uppaal.org and www.uppaal.com) (David & Yi, 2000) is an integrated tool environment for the modeling, simulation and verification of real-time systems. UppAal is described as “appropriate for systems that can be modeled as a collection of non-deterministic processes with finite control structure and real-valued clocks, communicating through channels or shared variables.” In practice, typical application areas include real-time controllers and communication protocols where timing aspects are critical. UppAal extends timed automata with support for, e.g., automaton templates, bounded integer variables, arrays, and different variants of restricted synchronization channels and locations. The query language uses a simplified version of CTL, which allows for reachability properties, safety properties and liveness properties. Timeliness properties are expressed as conditions on clocks and state in the state formula part of the CTL formulae. The Kronos tool 11 (www-verimag.imag.fr/DIST-TOOLS/TEMPO/kronos/) (Bozga et al., 1998) has been developed with “the aim to verify complex real-time systems.” It uses an extension of CTL, Timed Computation Tree Logic (TCTL) (Alur et al., 1993), allowing to express quantitative time for the purpose of specifying timeliness properties, i.e., liveness properties with a deadline. For model checking of complex embedded systems, the state-space explosion problem is a limiting factor. This problem is caused by the effect that the number of possible states in the system easily becomes very large as it grows exponentially with the number of parallel processes. Model checking tools often need to search the state space exhaustively in order to verify or falsify the property to check. If the state space becomes too large, it is not possible to perform this search due to memory or run time constraints. For complex embedded systems developed in a traditional code-oriented manner, no analyzable models are available and model checking therefore typically requires a significant modeling effort. 12 In the context of reverse engineering, the key challenge is the construction of an analysis model with sufficient detail to express the (timing) properties that are of interest to the reverse engineering effort. Such models can be only derived semi-automatically and may contain modeling errors. A practical hurdle is that different model checkers have different modeling languages with different expressiveness. Modex/FeaVer/AX (Holzmann & Smith, 1999; 2001) is an example of a model extractor for the SPIN model checker. Modex takes C code and creates Promela models by processing all basic actions and conditions of the program with respect to a set of rules. A case study of Modex involving NASA legacy flight software is described by Glück & Holzmann (2002). Modex’s approach effectively moves the effort from manual modeling to specifying patterns that match the C statements that should be included in the model (Promela allows for including C statements) and what to ignore. There are standard rules that can be used, but the user may add their own rules to improve the quality of the resulting model. However, as explained before, Promela is not a suitable target for real-time systems since it does not have a notion of quantitative time. Ulrich & Petrenko (2007) describe a method that synthesizes models from traces of a UMTS radio network. The traces are based on test case executions 11 Kronos is not longer under active development. 12 The model checking community tends to assume a model-driven development approach, where the model to analyze also is the system’s specification, which is used to automatically generate the system’s code (Liggesmeyer & Trapp, 2009).
Software Reverse Engineering in the Domain of Complex Embedded Systems Software Reverse Engineering in the Domain of Complex Embedded Systems 13 and record the messages exchanged between network nodes. The desired properties are specified as UML2 diagrams. For model checking with SPIN, the traces are converted to Promela models and the UML2 diagrams are converted to Promela never-claims. Jensen (1998; 2001) proposed a solution for automatic generation of behavioral models from recordings of a real-time systems (i.e. model synthesis from traces). The resulting model is expressed as UppAal timed automata. The aim of the tool is verification of properties such as response time of an implemented system against implementation requirements. For the verification it is assumed that the requirements are available as UppAal timed automata which are then parallel composed with the synthesized model to allow model checking. While model checking itself is now a mature technology, reverse engineering and checking of timing models for complex embedded system is still rather immature. Unless tools emerge that are industrial-strength and allow configurable model extraction, the modeling effort is too elaborate, error-prone and risky. After producing the model one may find that it cannot be analyzed with realistic memory and run time constraints. Lastly, the model must be kept in sync with the system’s evolution. 4.3 Simulation-based timing analysis Another method for analysis of response times of software systems, and for analysis of other timing-related properties, is the use of discrete event simulation, 13 or simulation for short. Simulation is the process of imitating key characteristics of a system or process. It can be performed on different levels of abstraction. At one end of the scale, simulators such as Wind River Simics (www.windriver.com/products/simics/) are found, which simulates software and hardware of a computer system in detail. Such simulators are used for low-level debugging or for hardware/software co-design when software is developed for hardware that does not physically exist yet. This type of simulation is considerably slower than normal execution, typically orders of magnitudes slower, but yields an exact analysis which takes every detail of the behavior and timing into account. At the other end of the scale we find scheduling simulators, who abstract from the actual behavior of the system and only analyzes the scheduling of the system’s tasks, specified by key scheduling attributes and execution times. One example in this category is the approach by Samii et al. (2008). Such simulators are typically applicable for strictly periodic real-time systems only. Simulation for complex embedded systems can be found in the middle of this scale. In order to accurately simulate a complex embedded system, a suitable simulator must take relevant aspects of the task behavior into account such as aperiodic tasks, triggered by messages from other tasks or interrupts. Simulation models may contain non-deterministic or probabilistic selections, which enables to model task execution times as probability distributions. Using simulation, rich modeling languages can be used to construct very realistic models. Often ordinary programming languages, such as C, are used in combination with a special simulation library. Indeed, the original system code can be treated as (initial) system model. However, the goal for a simulation models is to abstract from the original system. For example, atomic code blocks can be abstracted by replacing them with a “hold CPU” operation. 13 Law & Kelton (1993) define discrete event simulation as “modeling of a system as it evolves over time by a representation in which the state variables change instantaneously at separate points in time.” This definition naturally includes simulation of computer-based systems. 15
Page 1 and 2: REVERSE ENGINEERING - RECENT ADVANC
Page 5 and 6: Contents Preface IX Part 1 Software
Page 9 and 10: Preface Introduction In the recent
Page 11 and 12: Preface XI and con’s related to t
Page 13 and 14: Preface XIII the step-by-step appli
Page 17: Part 1 Software Reverse Engineering
Page 20 and 21: 4 Reverse Engineering - Recent Adva
Page 26 and 27: 10 Reverse Engineering - Recent Adv
Page 74 and 75: 58 2. Model driven architecture: An
Page 78 and 79: 62 Fig. 1. Model, metamodels and tr
Page 80 and 81:
64 Reverse Engineering - Recent Adv
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
100 Reverse Engineering - Recent Ad
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
108 Table 1. Number of smoothers an
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 133 and 134:
1. Introduction 60 Surface Reconstr
Page 135 and 136:
Surface Reconstruction from Unorgan
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
1. Introduction A Systematic Approa
Page 151 and 152:
A Systematic Approach for Geometric
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
A Review on Shape Engineering and D
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Integrating Reverse Engineering and
Page 205 and 206:
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231:
Part 3 Reverse Engineering in Medic
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
238 5. Summary and discussions Reve
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
268 Fig. 6. A closed polygon mesh r
Page 286 and 287:
Page 288 and 289:
272 3. Results Reverse Engineering
Page 290 and 291:
Page 292:
show all

reverse engineering – recent advances and applications - OpenLibra

Create successful ePaper yourself

Delete template?

Save as template?