1 / 47

Dataflow Analysis for Interrupt-driven Microcontroller Software

Dataflow Analysis for Interrupt-driven Microcontroller Software. Nathan Cooprider. Microcontrollers. Microcontroller units (MCUs) 10 billion units per year $12.5 billion market in 2006 Highly constrained Power, size, features, price Atmel ATMega 128L MCU

noel
Download Presentation

Dataflow Analysis for Interrupt-driven Microcontroller Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Dataflow Analysis for Interrupt-driven Microcontroller Software Nathan Cooprider

  2. Microcontrollers • Microcontroller units (MCUs) • 10 billion units per year • $12.5 billion market in 2006 • Highly constrained • Power, size, features, price • Atmel ATMega 128L MCU • 128K for ROM, 4K RAM, 16 MHz top speed • Texas Instruments MSP430 F1611 • 48K for ROM, 10K RAM, 8 MHz top speed • Developers need help with constraints

  3. Goal • Dataflow analysis for MCU software • Use abstract interpretation • Adapt for greater precision • Leverage properties of MCU software • Provide methods to deal with constraints • Enable optimizations • conditional constant propagation • RAM compression Build “up” a precise analysis Then use it!

  4. MCU Software • Interrupt-driven • Atomicity achieved by disabling interrupts • Large library code base • Dead code from reuse • System specific idioms • Static memory allocation • No heap • Direct mapped I/O

  5. Thesis • Analysis precision can be increased by • Allowing for exploration in domain choice • Using a novel concurrency model • Capturing implicit control-flow dependencies • Leverage system specific knowledge • Hardware and software • Increased precision is exploitable

  6. Targets • Wireless sensor networks (WSNs) • Use MCUs for software control • TinyOS • Tasks • Applications • mica2 - Atmel ATMega 128L MCU • telosb - Texas Instruments MSP430F1611

  7. Abstract Interpretation • Concrete states represent actual behavior • Abstract states are sets of concrete states • Abstract domain is poset of abstract states • Forms a lattice • Unknown, set of all concrete states, is the bottom • Undefined, the empty set, is the top • Dataflow analysis • Transfer functions capture semantics • Merging captures the abstraction Moving on to the original ideas I am proposing Future Work Completed for this next year

  8. Abstract domains • Many different domains • Constant • Value-set – user defined set sizes • Interval – upper and lower bound on range • Bitwise – vectors of three-valued bits • Differing precision and complexity • Match different code and transformations • Conditional X propagation

  9. Published at LCTES 2006 cXprop components Abstract domain cXprop's domain interface cXprop CIL's feature interface CIL Core

  10. Rhetorical question • What can traditional abstract interpretation do? • When applied to C code • Cannot • Analyze concurrent code • Exploit system specific information • Can • Analyze sequential code local variables

  11. Globals and concurrency • A MCU interrupt model • Leveraged by nesC • Synchronous • Globals accessed sequentially • Asynchronous • Globals accessed concurrently • Protection possible for concurrent globals • Automatic race detection • Three types of program data global, sequential variables local variables

  12. Novel concurrency model

  13. Novel concurrency model

  14. Novel concurrency model

  15. Published at LCTES 2006 Novel concurrency model global, concurrent, non-racing variables global, sequential variables local variables

  16. Published at PLDI 2007 Volatiles • Not under implementation’s control • Behavior opaque at C level • Prevents compiler optimizations • Used for races and hardware accesses • Framework actually knows behavior • Not really volatile • e.g. variable not actually racing • Increases precision volatile variables global, concurrent, non-racing variables global, sequential variables local variables

  17. Published at LCTES 2006 Registers • Hardware registers • Memory mapped I/O • Hardware not actually random (volatile) • Can model using MCU specific information • OK to model individual bits • Instead of whole register • Interrupt bit of status register memory-mapped control registers volatile variables Future Work global, shared, non-racing variables global, unshared variables local variables

  18. Many edges

  19. Control-flow dependencies Call Task Interrupt Some cause Scheduler Function call Dispatcher Interrupt fire

  20. Triggers • Causes called triggers • Implicit control-flow hidden from analysis • Understanding causes • Tasks • Scheduled before dispatched • Interrupts • Sometimes applications asks for them • Determined by modeling devices or annotations Future Work

  21. Example Control-flow Data ready interrupt handler Timer interrupt handler Sense Data Trigger Fire Fire Timer trigger: On Data ready trigger: Off Fire

  22. Sequencing • Triggers imply a sequence of execution • Task triggers an interrupt that triggers a task • Sequences form a graph • Remove unnecessary CFG edges Future Work

  23. Thesis • Analysis precision can be increased by • Allowing for exploration in domain choice • Using a novel concurrency model • Capturing implicit control-flow dependencies • Leverage system specific knowledge • Hardware and software • Increased precision is exploitable

  24. Published at PLDI 2007 RAM Compression • Automated sub-word packing for statically allocated scalars, pointers, structs, arrays • No heap on most MCUs • Trades ROM and CPU cycles for RAM • Compression level can be tuned

  25. Example Compression void (*function_queue[8])(void);

  26. Example Compression void (*function_queue[8])(void); x n = size of a function pointer = 16 bits

  27. Example Compression Vx = value set for x Vx x &function_A &function_B &function_C NULL

  28. Example Compression n = 16 bits Vx x |Vx| = 4 log2|Vx| < n  2 < 16

  29. Example Compression Cx = another set Vx Cx x fx≝Vx to Cx≝ compression 0 1 fx-1≝Cx to Vx≝ decompression 2 3

  30. Example Compression ROM Cx Vx = { , , , } x 0 fx≝ compression table scan 1 2 fx-1≝ decompression table lookup 3

  31. Example Compression ROM Cx Vx = { , , , } x 0 1 128 bits reduced to 16 bits 2 112 bits of RAM saved 3

  32. Turning the RAM Knob 0%

  33. Turning the RAM Knob 10%

  34. Turning the RAM Knob 20%

  35. Turning the RAM Knob 30%

  36. Turning the RAM Knob 40%

  37. Turning the RAM Knob 50%

  38. Turning the RAM Knob 60%

  39. Turning the RAM Knob 70%

  40. Turning the RAM Knob 80%

  41. Turning the RAM Knob 90%

  42. Turning the RAM Knob 100%

  43. Turning the RAM Knob Published at PLDI 2007 95%

  44. Timetable Propose. Write. Work on sequencing and triggering. Model more volatile data Propose. Write. Work on sequencing and triggering. Model more volatile data Fall 2007 Write. Edit. Finish sequencing and triggering Spring 2008 Write. Edit. Defend. Submit Summer 2008

  45. Summary • Dataflow for interrupt-driven MCU software • Novel additions to analysis techniques • Research prototype • Current results: • 20% average code size reduction • 10% average data size reduction • Another 12% possible through RAM compression http://www.cs.utah.edu/~coop/research/cxprop http://www.cs.utah.edu/~coop/research/ccomp

  46. Published at LCTES 2006 Quantifying precision • Goal: Apples-to-apples comparison across domains • Information known metric # of information bits ≝ log2j – log2k j = total # of representable values k = # of possible values • Total information known for a program=total # of information bits / total # of bits possible

More Related