research-article

Static analysis of device drivers: we can do better!

Authors:
Sidney Amani

NICTA, and University of New South Wales

NICTA, and University of New South Wales
View Profile

,
Leonid Ryzhyk

NICTA, and University of New South Wales

NICTA, and University of New South Wales
View Profile

,
Alastair F. Donaldson

University of Oxford

University of Oxford
View Profile

,
Gernot Heiser

NICTA, and University of New South Wales

NICTA, and University of New South Wales
View Profile

,
Alexander Legg

NICTA, and University of Sydney

NICTA, and University of Sydney
View Profile

,
Yanjin Zhu

NICTA, and University of New South Wales

NICTA, and University of New South Wales
View Profile

APSys '11: Proceedings of the Second Asia-Pacific Workshop on SystemsJuly 2011Article No.: 8Pages 1–5https://doi.org/10.1145/2103799.2103809

Published:11 July 2011Publication History

APSys '11: Proceedings of the Second Asia-Pacific Workshop on Systems

Pages 1–5

ABSTRACT

We argue that the device driver architecture enforced by current operating systems complicates both manual and automatic reasoning about driver behaviour. In particular, it makes it hard and in some cases impossible to statically verify that the driver correctly interacts with the rest of the kernel. This limitation cannot be addressed solely via better verification tools. We maintain that qualitative improvement in the effectiveness of static driver verification must rely on an improved driver architecture, leading to drivers that are easier to write, understand, and verify.

To support our claims, we present a device driver architecture, called active drivers, that satisfies these requirements. We outline our methodology for specifying and verifying active driver protocols using existing model checking tools and describe initial experimental results.

References

T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustuner. Thorough static analysis of device drivers. In 1st EuroSys Conf., pages 73--85, Leuven, Belgium, Apr 2006. Google ScholarDigital Library
F. Barnes and C. Ritson. Checking process-oriented operating system behaviour using CSP and refinement. Operat. Syst. Rev., 43(4):45--49, Oct 2009. Google ScholarDigital Library
E. M. Clarke, D. Kroening, N. Sharygina, and K. Yorav. Predicate abstraction of ANSI-C programs using SAT. Formal Methods in System Design, 25(2--3):105--127, 2004. Google ScholarDigital Library
M. Fähndrich, M. Aiken, C. Hawblitzel, O. Hodson, G. C. Hunt, J. R. Larus, and S. Levi. Language support for fast and reliable message-based communication in Singularity OS. In 1st EuroSys Conf., pages 177--190, Leuven, Belgium, Apr 2006. Google ScholarDigital Library
A. Fehnker, R. Huuck, P. Jayet, M. Lussenburg, and F. Rauch. Goanna --- A Static Model Checker. In 11th FMICS, pages 297--300, Bonn, Germany, Aug 2006. Google ScholarDigital Library
D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8(3):231--274, Jun 1987. Google ScholarDigital Library
T. A. Henzinger, R. Jhala, R. Majumdar, G. C. Necula, G. Sutre, and W. Weimer. Temporal-safety proofs for systems code. In 14th Int. Conf. Comp. Aided Verification, pages 526--538, Copenhagen, Denmark, 2002. Google ScholarDigital Library
N. Palix, G. Thomas, S. Saha, C. Calvès, J. Lawall, and G. Muller. Faults in linux: ten years later. In 16th ASPLOS, pages 305--318, Newport Beach, CA, USA, 2011. Google ScholarDigital Library
L. Ryzhyk, P. Chubb, I. Kuz, and G. Heiser. Dingo: Taming device drivers. In 4th EuroSys Conf., Nuremberg, Germany, Apr 2009. Google ScholarDigital Library
L. Ryzhyk, Y. Zhu, and G. Heiser. The case for active device drivers. In 1st APSys, pages 25--30, New Delhi, India, Aug 2010. Google ScholarDigital Library
T. Witkowski, N. Blanc, D. Kroening, and G. Weissenbacher. Model checking concurrent Linux device drivers. In 22nd ASE, pages 501--504, Atlanta, Georgia, USA, 2007. Google ScholarDigital Library

Index Terms

Static analysis of device drivers: we can do better!
1. Software and its engineering
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

Thorough static analysis of device drivers
EuroSys '06: Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006

Bugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself: programmers must master a complex set of rules about how ...
Read More
Thorough static analysis of device drivers
Proceedings of the 2006 EuroSys conference

Bugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself: programmers must master a complex set of rules about how ...
Read More
Understanding modern device drivers
ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems

Device drivers are the single largest contributor to operating-system kernel code with over 5 million lines of code in the Linux kernel, and cause significant complexity, bugs and development costs. Recent years have seen a flurry of research aimed at ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
APSys '11: Proceedings of the Second Asia-Pacific Workshop on Systems
July 2011
97 pages
ISBN:9781450311793
DOI:10.1145/2103799
General Chairs:
Haibo Chen
Fudan University, China
,
Zheng Zhang
Microsoft Research Asia, China
,
Program Chairs:
Sue Moon
KAIST, Korea
,
Yuanyuan Zhou
University of California, San Diego, USA
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 July 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate149of386submissions,39%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 4
  Total Citations
  View Citations
- 162
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.