Abstract
Faulty device drivers are a major source of operating system failures. We argue that the underlying cause of many driver faults is the separation of two highly-related tasks: device verification and driver development. These two tasks have a lot in common, and result in software that is conceptually and functionally similar, yet kept totally separate. The result is a particularly bad case of duplication of effort: the verification code is correct, but is discarded after the device has been manufactured; the driver code is inferior, but used in actual device operation. We claim that the two tasks, and the software they produce, can and should be unified, and this will result in drastic improvement of device-driver quality and reduction in the development cost and time to market.
In this paper we propose a device driver design and verification workflow that achieves such unification. We apply this workflow to develop and test drivers for four different I/O devices and demonstrate that it improves the driver test coverage and allows detecting driver defects that are extremely hard to find using conventional testing techniques.
- T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustuner. Thorough static analysis of device drivers. In Proceedings of the 1st EuroSys Conference, pages 73--85, Leuven, Belgium, Apr. 2006. Google Scholar
Digital Library
- J. Bergeron, E. Cerny, A. Hunter, and A. Nightingale. Verification Methodology Manual for SystemVerilog. Springer-Verlag, Inc., 2005. Google Scholar
Digital Library
- Bluespec, Inc. Emulation: enabling it on every desktop, 2008.Google Scholar
- N. Bombieri, F. Fummi, G. Pravadelli, and S. Vinco. Correct-by-construction generation of device drivers based on RTL testbenches. In Proceedings of the 45th ACM/IEEE Conference on Design, Automation and Test in Europe, pages 1500--1505, Apr. 2009. Google Scholar
Digital Library
- A. Chou, J.-F. Yang, B. Chelf, S. Hallem, and D. Engler. An empirical study of operating systems errors. In Proceedings of the 18th ACM Symposium on Operating Systems Principles, pages 73--88, Lake Louise, Alta, Canada, Oct. 2001. Google Scholar
Digital Library
- A. Chou, B. Fulton, and S. Hallem. Linux kernel security report, 2005.Google Scholar
- D. R. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation, pages 1--16, San Diego, CA, Oct. 2000. Google Scholar
Digital Library
- U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: software guards for system address spaces. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pages 75--88, Seattle, Washington, Nov. 2006. Google Scholar
Digital Library
- A. Ganapathi, V. Ganapathi, and D. Patterson. Windows XP kernel crash analysis. In Proceedings of the 20th USENIX Large Installation System Administration Conference, pages 101--111, Washington, DC, USA, 2006. Google Scholar
Digital Library
- J. N. Herder, H. Bos, B. Gras, P. Homburg, and A. S. Tanenbaum. MINIX 3: A highly reliable, self-repairing operating system. ACM Operating Systems Review, 40 (3): 80--89, July 2006. Google Scholar
Digital Library
- V. Kuznetsov, V. Chipounov, and G. Candea. Testing closed-source binary device drivers with DDT. In Proceedings of the 2010 USENIX Annual Technical Conference, Boston, MA, June 2010. Google Scholar
Digital Library
- S. K. Lahiri, S. Qadeer, and Z. Rakamarić. Static and precise detection of concurrency errors in systems code using SMT solvers. In Proceedings of the 21st International Conference on Computer Aided Verification, pages 509--524, June 2009. Google Scholar
Digital Library
- , Gray, Macpherson, Potts, Shen, Elphinstone, and Heiser}Leslie_CFGGMPSEH_05B. Leslie, P. Chubb, N. Fitzroy-Dale, S. Götz, C. Gray, L. Macpherson, D. Potts, Y. R. Shen, K. Elphinstone, and G. Heiser. User-level device drivers: Achieved performance. Journal of Computer Science and Technology, 20 (5): 654--664, Sept. 2005.Google Scholar
Cross Ref
- J. Liedtke, U. Bartling, U. Beyer, D. Heinrichs, R. Ruland, and G. Szalay. Two years of experience with a μ-kernel based OS. ACM Operating Systems Review, 25 (2): 51--62, Apr. 1991. Google Scholar
Digital Library
- F. Mérillon, L. Réveillère, C. Consel, R. Marlet, and G. Muller. Devil: An IDL for hardware programming. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation, pages 17--30, San Diego, CA, USA, Oct. 2000. Google Scholar
Digital Library
- Microsoft Corporation. Network Driver Interface Specification Test. http://www.microsoft.com/whdc/DevTools/tools/NDIStest.mspx.Google Scholar
- OVM. OVM class reference. Version 2.1.1, Mar. 2010.Google Scholar
- Project OpenCores. 10/100 Mbps Ethernet MAC core. http://www.opencores.org/project,ethmac.Google Scholar
- Project OpenCores. USBHostSlave IP core. http://www.opencores.org/project,usbhostslave.Google Scholar
- Project UDI. UDI core specification. Version 1.01, Feb. 2001.Google Scholar
- L. Ryzhyk, P. Chubb, I. Kuz, and G. Heiser. Dingo: Taming device drivers. In Proceedings of the 4th EuroSys Conference, Nuremberg, Germany, Apr. 2009. Google Scholar
Digital Library
- L. Ryzhyk, P. Chubb, I. Kuz, E. L. Sueur, and G. Heiser. Automatic device driver synthesis with Termite. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, Big Sky, MT, USA, Oct. 2009. Google Scholar
Digital Library
- L. Ryzhyk, Y. Zhu, and G. Heiser. The case for active device drivers. In Proceedings of the 1st Asia-Pacific Workshop on Systems, New Delhi, India, Aug. 2010. Google Scholar
Digital Library
- M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the reliability of commodity operating systems. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing (Lake George), New York, USA, Oct. 2003. Google Scholar
Digital Library
- usbtest. USB testing on Linux. http://www.linux-usb.org/usbtest/.Google Scholar
- R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. In Proceedings of the 14th ACM Symposium on Operating Systems Principles, pages 203--216, Asheville, NC, USA, Dec. 1993. Google Scholar
Digital Library
- M. Willems and F. Schirrmeister. Virtual prototypes for software-dominated communication system designs. IEEE Communications Magazine, 48: 37--43, June 2010. Google Scholar
Digital Library
- D. Williams, P. Reynolds, K. Walsh, E. G. Sirer, and F. B. Schneider. Device driver safety through a reference validation mechanism. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, pages 241--254, San Diego, CA, USA, Dec. 2008. Google Scholar
Digital Library
- F. Zhou, J. Condit, Z. Anderson, I. Bagrak, R. Ennals, M. Harren, G. Necula, and E. Brewer. SafeDrive: Safe and recoverable extensions using language-based techniques. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pages 45--60, Seattle, WA, USA, Nov. 2006. Google Scholar
Digital Library
Index Terms
Improved device driver reliability through hardware verification reuse
Recommendations
Improved device driver reliability through hardware verification reuse
ASPLOS XVI: Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systemsFaulty device drivers are a major source of operating system failures. We argue that the underlying cause of many driver faults is the separation of two highly-related tasks: device verification and driver development. These two tasks have a lot in ...
Improved device driver reliability through hardware verification reuse
ASPLOS '11Faulty device drivers are a major source of operating system failures. We argue that the underlying cause of many driver faults is the separation of two highly-related tasks: device verification and driver development. These two tasks have a lot in ...
Improved device driver reliability through verification reuse
HotDep'10: Proceedings of the Sixth international conference on Hot topics in system dependabilityFaulty device drivers are a major source of operating system failures. We argue that the underlying cause of many driver faults is the separation of two highly-related tasks: device verification and driver development. These two tasks have a lot in ...







Comments