skip to main content
article
Public Access

Toward compositional verification of interruptible OS kernels and device drivers

Published:02 June 2016Publication History
Skip Abstract Section

Abstract

An operating system (OS) kernel forms the lowest level of any system software stack. The correctness of the OS kernel is the basis for the correctness of the entire system. Recent efforts have demonstrated the feasibility of building formally verified general-purpose kernels, but it is unclear how to extend their work to verify the functional correctness of device drivers, due to the non-local effects of interrupts. In this paper, we present a novel compositional framework for building certified interruptible OS kernels with device drivers. We provide a general device model that can be instantiated with various hardware devices, and a realistic formal model of interrupts, which can be used to reason about interruptible code. We have realized this framework in the Coq proof assistant. To demonstrate the effectiveness of our new approach, we have successfully extended an existing verified non-interruptible kernel with our framework and turned it into an interruptible kernel with verified device drivers. To the best of our knowledge, this is the first verified interruptible operating system with device drivers.

References

  1. E. Alkassar. OS Verication Extended - On the Formal Verication of Device Drivers and the Correctness of Client/Server Software. PhD thesis, Saarland University, Computer Science Department, 2009.Google ScholarGoogle Scholar
  2. E. Alkassar and M. A. Hillebrand. Formal functional verification of device drivers. In Verified Software: Theories, Tools, Experiments Second International Conference (VSTTE), Proceedings, pages 225–239, Toronto, Canada, Oct. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. E. Alkassar, W. Paul, A. Starostin, and A. Tsyban. Pervasive verification of an OS microkernel: Inline assembly, memory consumption, concurrent devices. In Verified Software: Theories, Tools, Experiments (VSTTE 2010), pages 71–85, Edinburgh, UK, Aug. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. S. Amani, P. Chubb, A. Donaldson, A. Legg, L. Ryzhyk, and Y. Zhu. Automatic verification of message-based device drivers. In Systems Software Verification, pages 1–14, Sydney, Australia, Nov 2012.Google ScholarGoogle ScholarCross RefCross Ref
  5. T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustuner. Thorough static analysis of device drivers. In Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, EuroSys ’06, pages 73–85, New York, NY, USA, 2006. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. T. Ball, E. Bounimova, R. Kumar, and V. Levin. SLAM2: Static driver verification with under 4% false alarms. In Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design, FMCAD ’10, pages 35–42, Austin, TX, 2010. FMCAD Inc. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. A. Chou, J. Yang, B. Chelf, S. Hallem, and D. Engler. An empirical study of operating systems errors. In Proceedings of the 18th ACM Symposium on Operating Systems Principles, SOSP ’01, pages 73–88, New York, NY, USA, 2001. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’08), pages 337–340, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. J. Duan. Formal verification of device drivers in embedded systems. PhD thesis, University of Utah, 2013.Google ScholarGoogle Scholar
  10. J. Duan and J. Regehr. Correctness proofs for device drivers in embedded systems. In Proceedings of the 5th International Conference on Systems Software Verification, SSV’10, pages 5–5, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. X. Feng, Z. Shao, Y. Dong, and Y. Guo. Certifying low-level programs with hardware interrupts and preemptive threads. In Proc. 2008 ACM Conference on Programming Language Design and Implementation, pages 170–182, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. X. Feng, Z. Shao, Y. Guo, and Y. Dong. Certifying lowlevel programs with hardware interrupts and preemptive threads. J. Autom. Reasoning, 42(2-4):301–347, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. A. Ganapathi, V. Ganapathi, and D. Patterson. Windows XP kernel crash analysis. In Proceedings of the 20th Conference on Large Installation System Administration, LISA ’06, pages 12–12, Berkeley, CA, USA, 2006. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. Gu, J. Koenig, T. Ramananandro, Z. Shao, X. Wu, S.-C. Weng, H. Zhang, and Y. Guo. Deep specifications and certified abstraction layers. In Proc. 42nd ACM Symposium on Principles of Programming Languages, pages 595–608, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. C. Hawblitzel, J. Howell, J. R. Lorch, A. Narayan, B. Parno, D. Zhang, and B. Zill. Ironclad apps: End-toend security via automated full-system verification. In Proc. 11th USENIX Symposium on Operating Systems Design and Implementation, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Intel. 82093AA I/O advanced programmable interrupt controller (I/O APIC) datasheet. Specification, May 1996.Google ScholarGoogle Scholar
  17. Intel. Multiprocessor specification, version 1.4. Specification, May 1997.Google ScholarGoogle Scholar
  18. A. Khoroshilov, V. Mutilin, A. Petrenko, and V. Zakharov. Establishing Linux driver verification process. In A. Pnueli, I. Virbitskaite, and A. Voronkov, editors, Perspectives of Systems Informatics, volume 5947 of Lecture Notes in Computer Science, pages 165–176. Springer Berlin Heidelberg, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. M. Kim, Y. Choi, Y. Kim, and H. Kim. Formal verification of a flash memory device driver – an experience report. In K. Havelund, R. Majumdar, and J. Palsberg, editors, Model Checking Software, volume 5156 of Lecture Notes in Computer Science, pages 144–159. Springer Berlin Heidelberg, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles (SOSP), pages 207–220, Big Sky, MT, US, Oct 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. G. Klein, J. Andronick, K. Elphinstone, T. Murray, T. Sewell, R. Kolanski, and G. Heiser. Comprehensive formal verification of an OS microkernel. ACM Transactions on Computer Systems, 32(1), Feb. 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. K. R. M. Leino. Dafny: An automatic program verifier for functional correctness. In Proceedings of the Conference on Logic for Programming, Artificial Intelligence and Reasoning (LPAR 2010), pages 348–370, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. X. Leroy. Formal verification of a realistic compiler. Communications of the ACM, 52(7):107–115, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. X. Leroy and S. Blazy. Formal verification of a Clike memory model and its uses for verifying program transformation. Journal of Automated Reasoning, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. D. Monniaux. Verification of device drivers and intelligent controllers: a case study. In C. Kirsch and R. Wilhelm, editors, EMSOFT 2007, 7th ACM International Conference On Embedded Software, Proceedings, pages 30–36. ACM & IEEE, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. P. W. O’Hearn. Resources, concurrency and local reasoning. In Proc. 15th Int’l Conf. on Concurrency Theory (CONCUR’04), pages 49–67, 2004.Google ScholarGoogle Scholar
  27. W. Paul, M. Broy, and T. In der Rieden. The Verisoft XT Project. http://www.verisoft.de, 2007.Google ScholarGoogle Scholar
  28. L. C. Paulson. Isabelle: A Generic Theorem Prover, volume 828 of Lecture Notes in Computer Science. Springer-Verlag, 1994.Google ScholarGoogle Scholar
  29. L. Ryzhyk, P. Chubb, I. Kuz, E. Le Sueur, and G. Heiser. Automatic device driver synthesis with Termite. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles (SOSP), pages 73–86, Big Sky, MT, US, Oct 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. L. Ryzhyk, A. C. Walker, J. Keys, A. Legg, A. Raghunath, M. Stumm, and M. Vij. User-guided device driver synthesis. In USENIX Symposium on Operating Systems Design and Implementation, pages 661–676, Broomfield, CO, USA, Oct 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. O. Schwarz and M. Dam. Formal verification of secure user mode device execution with DMA. In E. Yahav, editor, Hardware and Software: Verification and Testing, volume 8855 of Lecture Notes in Computer Science, pages 236–251. Springer International Publishing, 2014.Google ScholarGoogle Scholar
  32. The Coq development team. The Coq proof assistant. http://coq.inria.fr, 1999 – 2016.Google ScholarGoogle Scholar
  33. T. Witkowski. Formal verification of Linux device drivers. Master’s thesis, Dresden University of Technology, May 2007.Google ScholarGoogle Scholar
  34. J. Yang and C. Hawblitzel. Safe to the last instruction: automated verification of a type-safe operating system. In Proc. 2010 ACM Conference on Programming Language Design and Implementation, pages 99–110, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Toward compositional verification of interruptible OS kernels and device drivers

                        Recommendations

                        Comments

                        Login options

                        Check if you have access through your login credentials or your institution to get full access on this article.

                        Sign in

                        Full Access

                        • Published in

                          cover image ACM SIGPLAN Notices
                          ACM SIGPLAN Notices  Volume 51, Issue 6
                          PLDI '16
                          June 2016
                          726 pages
                          ISSN:0362-1340
                          EISSN:1558-1160
                          DOI:10.1145/2980983
                          • Editor:
                          • Andy Gill
                          Issue’s Table of Contents
                          • cover image ACM Conferences
                            PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation
                            June 2016
                            726 pages
                            ISBN:9781450342612
                            DOI:10.1145/2908080
                            • General Chair:
                            • Chandra Krintz,
                            • Program Chair:
                            • Emery Berger

                          Copyright © 2016 ACM

                          Publisher

                          Association for Computing Machinery

                          New York, NY, United States

                          Publication History

                          • Published: 2 June 2016

                          Check for updates

                          Qualifiers

                          • article

                        PDF Format

                        View or Download as a PDF file.

                        PDF

                        eReader

                        View online with eReader.

                        eReader
                        About Cookies On This Site

                        We use cookies to ensure that we give you the best experience on our website.

                        Learn more

                        Got it!