Michael F. Spear
Orion Hodson
Galen C. Hunt
ABSTRACT
Run-time conflicts can affect even the most rigorously tested software systems. A reliance on execution-based testing makes it prohibitively costly to test every possible interaction among potentially thousands of programs with complex configurations. In order to reduce configuration problems, detect developer errors, and reduce developer effort, we have created a new first class operating system abstraction, the application abstraction, which enables both online and offline reasoning about programs and their configuration requirements.We have implemented a subset of the application abstraction for device drivers in the Singularity operating system. Programmers use the application abstraction by placing declarative statements about hardware and communication requirements within their code. Our design enables Singularity to learn the input/output and interprocess communication requirements of drivers without executing driver code. By reasoning about this information within the domain of Singularity's strong software isolation architecture, the installer can execute a subset the system's resource management algorithm at install time to verify that a new driver will not conflict with existing software. This abstract representation also allows the system to run the full algorithm at driver start time to ensure that there are never resource conflicts between executing drivers, and that drivers never use undeclared resources.
- M. Abadi, A. Birrell, and T. Wobber. Access Control in a World of Software Diversity. In Tenth Workshop on Hot Topics in Operating Systems (HotOS X), Sante Fe, NM, USA, 2005. Google Scholar
Digital Library
- M. Accetta, R. Baron, W. Bolosky, D. Golub, R. Rashid, A. Tevanian, and M. Young. MACH: A New Kernel Foundation for UNIX Development. In Proceedings of the USENIX Summer Conference, pages 93--112, Atlanta, GA, USA, 1986.Google Scholar
- G. Back and W. C. Hsieh. The KaffeOS Java Runtime System. ACM Transactions on Programming Languages and Systems (TOPLAS), 27(4):583--630, 2005. Google ScholarDigital Library
- E. C. Bailey. Maximum RPM: Taking the Red Hat Package Manager to the Limit. Red Hat Software, Inc., first edition, 1997. Google ScholarDigital Library
- T. Ball and S. K. Rajamani. The SLAM Project: Debugging System Software via Static Analysis. In The 29th Annual ACM SIGPLAN - SIGACT Symposium on Principles of Programming Languages, pages 1--3, Portland, OR, USA, 2002. Google ScholarDigital Library
- P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP '03), pages 164--177, Bolton Landing, NY, USA, 2003. Google ScholarDigital Library
- B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. E. Fiuczynski, D. Becker, C. Chambers, and S. Eggers. Extensibility Safety and Performance in the SPIN Operating System. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles (SOSP '95), pages 267--283, Copper Mountain Resort, CO, USA, 1995. Google ScholarDigital Library
- D. P. Bovet and M. Cesati. Understanding the Linux Kernel. O'Reilley & Associates, Inc., second edition, 2002. Google ScholarDigital Library
- A. Chou, J. Yang, B. Chelf, S. Hallem, and D. R. Engler. An Empirical Study of Operating System Errors. In Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles (SOSP '01), pages 73--88, Chateau Lake Louise, Banff, Canada, 2001. Google ScholarDigital Library
- Compaq Computer Corporation, Phoenix Technologies Ltd., and Intel Corporation. Plug and Play BIOS Specification, Version 1.0a. May 5, 1994.Google Scholar
- M. Das, S. Lerner, and M. Seigle. ESP: Path-Sensitive Program Verification in Polynomial Time. In ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI), pages 57--68, Berlin, Germany, 2002. Google ScholarDigital Library
- J. Dassen, C. Stickelman, S. G. Kleinmann, S. Rudolph, S. Vila, J. Rodin, and J. Fernandez-Sanguino. The Debian GNU/Linux FAQ Chapter 6-Basics of the Debian Package Management System. http://www.debian.org/doc/FAQ/ch-pkg_basics.en.html, September 2005.Google Scholar
- J. DeTreville. Making System Configuration More Declarative. In Tenth Workshop on Hot Topics in Operating Systems (HotOS X), Sante Fe, NM, USA, 2005. Google ScholarDigital Library
- C. Dodge, C. Irvine, and T. Nguyen. A Study of Initialization in Linux and OpenBSD. SIGOPS Operating Systems Review, 39(2):79--93, 2005. Google ScholarDigital Library
- D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000), pages 1--16, San Diego, CA, USA, 2000. Google ScholarDigital Library
- D. R. Engler, M. F. Kaashoek, and J. O'Toole. Exokernel: An Operating System Architecture for Application-Level Resource Management. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles (SOSP '95), pages 251--266, Copper Mountain Resort, CO, USA, 1995. Google ScholarDigital Library
- U. Erlingsson, T. Roeder, and T. Wobber. Virtual Environments for Unreliable Extensions. Technical Report MSR-TR-2005-82, Microsoft Research, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, 2005.Google Scholar
- D. Evans, J. V. Guttag, J. J. Horning, and Y. M. Tan. LCLint: A Tool for Using Specifications to Check Code. In Proceedings of the Second ACM SIGSOFT Symposium on Foundations of Software Engineering (SOGSPFT '94), pages 87--96, New Orleans, LA, USA, 1994. Google ScholarDigital Library
- R. Fitzgerald, T. B. Knoblock, E. Ruf, B. Steensgaard, and D. Tarditi. Marmot: An Otimizing Compiler for Java. Software-Practice and Experience, 30(3): 199--232, 2000. Google ScholarDigital Library
- K. Fraser, S. Hand, R. Neugebauer, I. Pratt, A. Warfield, and M. Williamson. Safe Hardware Access with the Xen Virtual Machine Monitor. In First Workshop on Operating System and Architectural Support for the On-Demand IT Infrastructure (OASIS) at ASPLOS'04, Boston, MA, USA, October 2004.Google Scholar
- Gentoo Foundation, Inc. About Gentoo Linux. http://www.gentoo.org/main/en/about.xml, 2005.Google Scholar
- M. Golm, M. Felser, C. Wawersich, and J. Kleinöder. The JX Operating System. In Proceedings of the General Track: 2002 USENIX Annual Technical Conference, pages 45--58, Monterey, CA, 2002, 2002. Google ScholarDigital Library
- H. Härtig, M. Hohmuth, J. Liedtke, S. Schönberg, and J. Wolter. The Performance of μ-Kernel-Based Systems. In Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles (SOSP'97), pages 66--77, Saint-Malo, France, 1997. Google ScholarDigital Library
- Hewlett-Packard Corporation, Intel Corporation, Microsoft Corporation, Phoenix Technologies Ltd., and Toshiba Corporation. Advanced Configuration and Power Interface Specification, Revision 3.0. September 2, 2004.Google Scholar
- A. Heydon, R. Levin, T. Mann, and Y. Yu. The Vesta Approach to Software Configuration Management. Technical Report 168, Compaq Systems Research Center, March 2001.Google Scholar
- G. Hunt, J. Larus, M. Abadi, M. Aiken, P. Barham, M. Fändrich, C. Hawblitzel, O. Hodson, S. Levi, N. Murphy, B. Steensgaard, D. Tarditi, T. Wobber, and B. Zill. An Overview of the Singularity Project. Technical Report MSR-TR-2005-135, Microsoft Research, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, 2005.Google Scholar
- G. C. Hunt and J. R. Larus. Singularity Design Motivation. Technical Report MSR-TR-2004-105, Microsoft Research, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, December 2004.Google Scholar
- G. C. Hunt, J. R. Larus, D. Tarditi, and T. Wobber. Broad New OS Research: Challenges and Opportunities. In Tenth Workshop on Hot Topics in Operating Systems (HotOS X), Sante Fe, NM, USA, 2005. Google ScholarDigital Library
- ISO/IEC 23271:2003. Common Language Infrastructure (CLI): Partition II: CIL Instruction Set. http://www.ecma-international.org/publications/standards/Ecma-335.htm, 2003.Google Scholar
- S. C. Johnson. Lint, a C Program Checker. Technical Report 65, AT&T Bell Laboratories, 1978.Google Scholar
- J. LeVasseur, V. Uhlig, J. Stoess, and S. Götz. Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines. In Proceedings of the Sixth Symposium on Operating Systems Design and Implementation (OSDI 2004), pages 17--30, San Francisco, CA, USA, 2004. Google ScholarDigital Library
- F. Mérillon, L. Réveillere, C. Consel, R. Marlet, and G. Muller. Devil: An IDL for Hardware Programming. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000), pages 17--30, San Diego, CA, USA, 2000. Google ScholarDigital Library
- PCI Special Interest Group. PCI Local Bus Specification, Revision 2.3. March 29, 2004.Google Scholar
- E. S. Raymond. The CML2 Language. http://www.catb.org/~esr/cml2/cml2-paper.html, 2000.Google Scholar
- M. F. Robert DeLine. Enforcing high-level protocols in low-level software. In ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation (PLDI), pages 59--69, Snowbird, UT, USA, 2001. Google ScholarDigital Library
- J. Sun, W. Yuan, M. Kallahalla, and N. Islam. HAIL: A Language for Easy and Correct Device Access. In The 5th ACM International Conference on Embedded Software (EMSOFT'05), pages 1--9, Jersey City, NJ, USA, 2005. Google ScholarDigital Library
- Sun Microsystems Inc. Javadoc Tool Home Page. http://java.sun.com/j2se/javadoc/, 2005.Google Scholar
- M. M. Swift, M. Annamalai, B. N. Bershad, and H. M. Levy. Recovering Device Drivers. In Proceedings of the Sixth Symposium on Operating Systems Design and Implementation (OSDI 2004), pages 1--16, San Francisco, CA, USA, 2004 Google ScholarDigital Library
- M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the Reliability of Commodity Operating Systems. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP '03), pages 207--222, Bolton Landing, NY, USA, 2003. Google ScholarDigital Library
- A. S. Tanenbaum. Modern Operating Systems. Prentice Hall, second edition, 2001. Google ScholarDigital Library
- The FreeBSD Documentation Project. FreeBSD Architecture Handbook. http://www.freebsd.org/doc/en_US.ISO8859--1/books/arch-handbook/, 2000--2005.Google Scholar
- The FreeBSD Project. FreeBSD Ports. http://www.freebsd.org/ports/, October 2005.Google Scholar
- D. van Heesch. Doxygen. http://www.doxygen.org/, 1997--2005.Google Scholar
- J. Yang, P. Twohey, D. R. Engler, and M. Musuvathi. Using Model Checking to Find Serious File System Errors. In Proceedings of the Sixth Symposium on Operating Systems Design and Implementation (OSDI 2004), pages 273--288, San Francisco, CA, USA, 2004. Google ScholarDigital Library
- Solving the starting problem: device drivers as self-describing artifacts
Recommendations
Solving the starting problem: device drivers as self-describing artifacts
Proceedings of the 2006 EuroSys conferenceRun-time conflicts can affect even the most rigorously tested software systems. A reliance on execution-based testing makes it prohibitively costly to test every possible interaction among potentially thousands of programs with complex configurations. ...
TxLinux: using and managing hardware transactional memory in an operating system
SOSP '07TxLinux is a variant of Linux that is the first operating system to use hardware transactional memory (HTM) as a synchronization primitive, and the first to manage HTM in the scheduler. This paper describes and measures TxLinux and discusses two ...
A principled approach to operating system construction in Haskell
ICFP '05: Proceedings of the tenth ACM SIGPLAN international conference on Functional programmingWe describe a monadic interface to low-level hardware features that is a suitable basis for building operating systems in Haskell. The interface includes primitives for controlling memory management hardware, user-mode process execution, and low-level ...
Comments