ABSTRACT
We argue that the device driver architecture enforced by current operating systems complicates both manual and automatic reasoning about driver behaviour. In particular, it makes it hard and in some cases impossible to statically verify that the driver correctly interacts with the rest of the kernel. This limitation cannot be addressed solely via better verification tools. We maintain that qualitative improvement in the effectiveness of static driver verification must rely on an improved driver architecture, leading to drivers that are easier to write, understand, and verify.
To support our claims, we present a device driver architecture, called active drivers, that satisfies these requirements. We outline our methodology for specifying and verifying active driver protocols using existing model checking tools and describe initial experimental results.
- T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustuner. Thorough static analysis of device drivers. In 1st EuroSys Conf., pages 73--85, Leuven, Belgium, Apr 2006. Google ScholarDigital Library
- F. Barnes and C. Ritson. Checking process-oriented operating system behaviour using CSP and refinement. Operat. Syst. Rev., 43(4):45--49, Oct 2009. Google ScholarDigital Library
- E. M. Clarke, D. Kroening, N. Sharygina, and K. Yorav. Predicate abstraction of ANSI-C programs using SAT. Formal Methods in System Design, 25(2--3):105--127, 2004. Google ScholarDigital Library
- M. Fähndrich, M. Aiken, C. Hawblitzel, O. Hodson, G. C. Hunt, J. R. Larus, and S. Levi. Language support for fast and reliable message-based communication in Singularity OS. In 1st EuroSys Conf., pages 177--190, Leuven, Belgium, Apr 2006. Google ScholarDigital Library
- A. Fehnker, R. Huuck, P. Jayet, M. Lussenburg, and F. Rauch. Goanna --- A Static Model Checker. In 11th FMICS, pages 297--300, Bonn, Germany, Aug 2006. Google ScholarDigital Library
- D. Harel. Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8(3):231--274, Jun 1987. Google ScholarDigital Library
- T. A. Henzinger, R. Jhala, R. Majumdar, G. C. Necula, G. Sutre, and W. Weimer. Temporal-safety proofs for systems code. In 14th Int. Conf. Comp. Aided Verification, pages 526--538, Copenhagen, Denmark, 2002. Google ScholarDigital Library
- N. Palix, G. Thomas, S. Saha, C. Calvès, J. Lawall, and G. Muller. Faults in linux: ten years later. In 16th ASPLOS, pages 305--318, Newport Beach, CA, USA, 2011. Google ScholarDigital Library
- L. Ryzhyk, P. Chubb, I. Kuz, and G. Heiser. Dingo: Taming device drivers. In 4th EuroSys Conf., Nuremberg, Germany, Apr 2009. Google ScholarDigital Library
- L. Ryzhyk, Y. Zhu, and G. Heiser. The case for active device drivers. In 1st APSys, pages 25--30, New Delhi, India, Aug 2010. Google ScholarDigital Library
- T. Witkowski, N. Blanc, D. Kroening, and G. Weissenbacher. Model checking concurrent Linux device drivers. In 22nd ASE, pages 501--504, Atlanta, Georgia, USA, 2007. Google ScholarDigital Library
Index Terms
- Static analysis of device drivers: we can do better!
Recommendations
Thorough static analysis of device drivers
EuroSys '06: Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006Bugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself: programmers must master a complex set of rules about how ...
Thorough static analysis of device drivers
Proceedings of the 2006 EuroSys conferenceBugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself: programmers must master a complex set of rules about how ...
Understanding modern device drivers
ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating SystemsDevice drivers are the single largest contributor to operating-system kernel code with over 5 million lines of code in the Linux kernel, and cause significant complexity, bugs and development costs. Recent years have seen a flurry of research aimed at ...
Comments