Abstract interpretation of microcontroller code: Intervals meet congruences

Bitwise instructions, loops and indirect data access present challenges to the verification of microcontroller programs. In particular, since registers are often memory mapped, it is necessary to show that an indirect store operation does not accidentally mutate a register. To prove this and related properties, this article advocates using the domain of bitwise linear congruences in conjunction with intervals to derive accurate range information. The paper argues that these two domains complement one another when reasoning about microcontroller code. The paper also explains how SAT solving, which applied with dichotomic search, can be used to recover branching conditions from binary code which, in turn, further improves interval analysis.

► A framework for proving memory safety and sound invariants in microcontroller binary code.
► The integration of a Boolean relational semantics into different analyses in different abstract domains.
► A novel domain operator to combine intervals and linear congruences.