article

Configurable toolset for static verification of operating systems kernel modules

Authors:

I. S. Zakharov,

M. U. Mandrykin,

A. K. Petrenko,

A. V. KhoroshilovAuthors Info & Claims

Programming and Computing Software, Volume 41, Issue 1

Pages 49 - 64

https://doi.org/10.1134/S0361768815010065

Published: 01 January 2015 Publication History

Abstract

An operating system (OS) kernel is a critical software regarding to reliability and efficiency. Quality of modern OS kernels is already high enough. However, this is not the case for kernel modules, like, for example, device drivers that, due to various reasons, have a significantly lower level of quality. One of the most critical and widespread bugs in kernel modules are violations of rules for correct usage of a kernel API. One can find all such violations in modules or can prove their correctness using static verification tools that need contract specifications describing obligations of a kernel and modules relative to each other. This paper considers present methods and toolsets for static verification of kernel modules for different OSs. A new method for static verification of Linux kernel modules is proposed. This method allows one to configure the verification process at all its stages. It is shown how it can be adapted for checking kernel components of other OSs. An architecture of a configurable toolset for static verification of Linux kernel modules that implements the proposed method is described, and results of its practical application are presented. Directions for further development of the proposed method are discussed in conclusion.

References

[1]

Chou, A., Yang, J., Chelf, B., Hallem, S., and Engler, D., An empirical study of operating system errors, Proc. 18th ACM Symposium on Operating Systems Principles (SOSP), 2001, pp. 73---88.

[2]

Swift, M., Bershad, B., and Levy, H., Improving the reliability of commodity operating systems, Proc. 19th ACM Symposium on Operating Systems Principles (SOSP), 2003, pp. 73---88.

Digital Library

[3]

Palix, N., Thomas, G., Saha, S., Calves, C., Lawall, J., and Muller, G., Faults in Linux: Ten years later, Proc. 16th Int. Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2011, pp. 305---318.

[4]

Mutilin, V.S., Novikov, E.M., and Khoroshilov, A.V., Analysis of typical faults in Linux operating system drivers, Trudy ISP RAN (Proc. ISP RAS), 2012, vol. 22, pp. 349---374.

[5]

Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., and Ustuner, A., Thorough static analysis of device drivers, Proc. 1st ACM SIGOPS/EuroSys European Conference on Computer Systems (EuroSys), 2006, pp. 73---85.

Digital Library

[6]

Glass, R.L., Facts and Fallacies of Software Engineering, Addison-Wesley Professional, 2002.

[7]

Engler, D., Chelf, B., Chou, A., and Hallem, S., Checking system rules using system-specific, programmer-written compiler extensions, Proc. 4th Symposium on Operating System Design and Implementation (OSDI), 2000, vol. 4, pp. 1---16.

[8]

Avetisyan, A., Belevantsev, A., Borodin, A., and Nesov, V., Using static analysis for finding security vulnerabilities and critical errors in source code, Trudy ISP RÀN (Proc. ISP RAS), 2011, vol. 21, pp. 23---38.

[9]

Lawall, J.L., Brunel, J., Palix, N., Rydhof, H.R., Stuart, H., and Muller, G., WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code, Proc. 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2009, pp. 43---52.

[10]

Mandrykin, M.U., Mutilin, V.S., and Khoroshilov, A.V., Introduction to CEGAR: Counter-Example Guided Abstraction Refinement, Trudy ISP RAN (Proc. ISP RAS), 2013, vol. 24, pp. 219---292.

[11]

Engler, D. and Musuvathi, M., Static analysis versus model checking for bug finding, Proc. 5th Int. Conf. on Verification, Model Checking, and Abstract Interpretation (VMCAI), 2004, vol. 2937, pp. 191---210.

[12]

Beyer, D., Competition on software verification, Proc. 18th Int. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 2012, vol. 7214, pp. 504---524.

Digital Library

[13]

Beyer, D., Second competition on software verification, Proc. 19th Int. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 2013, vol. 7795, pp. 594---609.

Digital Library

[14]

Mandrykin, M.U., Mutilin, V.S., Novikov, E.M., and Khoroshilov, À.V., Static verification tools for C programs and Linux device drivers: a survey, Trudy ISP RAN (Proc. ISP RAS), 2012, vol. 22, pp. 293---326.

[15]

Corbet, J., Kroah-Hartman, G., and McPherson, A., Linux kernel development: how fast it is going, who is doing it, what they are doing, and who is sponsoring it. http://go.linuxfoundation.org/who-writes-linux-2012.

[16]

Ball, T., Levin, V., and Rajamani, S.K., A decade of software model checking with SLAM, Commun. ACM, 2011, vol. 54, no. 7, pp. 68---76.

Digital Library

[17]

Ball, T., Bounimova, E., Kumar, R., and Levin, V., SLAM2: Static driver verification with under 4% false alarms, Proc. 10th Int. Conf. on Formal Methods in Computer-Aided Design (FMCAD), 2010, pp. 35---42.

[18]

Ball, T. and Rajamani, S.K., SLIC: A specification language for interface checking of C, Technical Report MSR-TR-2001---21, Microsoft Research, 2001.

[19]

Ball, T., Bounimova, E., Levin, V., Kumar, R., and Lichtenberg, J., The static driver verifier research platform, Proc. 22nd Int. Conf. on Computer Aided Verification (CAV), 2010, vol. 6174, pp. 119---122.

Digital Library

[20]

Witkowski, T., Blanc, N., Kroening, D., and Weissenbacher, G., Model checking concurrent Linux device drivers, Proc. 22nd IEEE/ACM Int. Conf. on Automated Software Engineering (ASE), 2007, pp. 501---504.

[21]

Post, H. and Kuchlin, W., Integrated static analysis for Linux device driver verification, Proc. 6th Int. Conf. on Integrated Formal Methods (IFM), 2007, vol. 4591, pp. 518---537.

[22]

Clarke, E., Kroening, D., and Lerda, F., A tool for checking ANSI-C programs, Proc. 10th Int. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 2004, vol. 2988, pp. 168---176.

[23]

Clarke, E., Kroening, D., Sharygina, N., and Yorav, K., SATABS: SAT-based predicate abstraction for ANSI-C, Proc. 11th Int. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), 2005, vol. 3440, pp. 570---574.

[24]

Mutilin, V.S., Linux drivers verification with help of predicate abstractions, Cand. Sci. (Phys.-Math.) Dissertation, Moscow: ISP RÀS, 2012.

[25]

Zakharov, I.S., Mutilin, V.S., Novikov, E.M., and Khoroshilov, A.V., Environment modeling of Linux operating system device drivers, Trudy ISP RAN (Proc. ISP RAS), 2013, vol. 25, pp. 85---112.

[26]

Novikov, E.M., Development of contract specifications method for verification of Linux kernel modules, Cand. Sci. (Phys.-Math.) Dissertation, Moscow: ISP RAS, 2013.

[27]

Necula, G.C., McPeak, S., Rahul, S.P., and Weimer, W., CIL: Intermediate language and tools for analysis and transformation of C programs, Proc. 11th Int. Conf. on Compiler Construction, 2002, vol. 2304, pp. 213---228.

[28]

Mutilin, V.S., Novikov, E.M., Strakh, à.V., Khoroshilov, A.V., and Shved, P.E., Linux driver verification architecture, Trudy ISP RAN (Proc. ISP RAS), 2011, vol. 20, pp. 163---187.

[29]

Khoroshilov, A., Mutilin, V., Novikov, E., and Zakharov, I., Modeling environment for static verification of Linux kernel modules, Proc. 11th International Andrei Ershov Memorial Conference (PSI), 2014.

[30]

Beyer, D., Henzinger, T., Jhala, R., and Majumdar, R., The software model checker BLAST: Applications to software engineering, Int. J. Software Tool Tech. Tran., 2007, vol. 5, pp. 505---525.

[31]

Beyer, D. and Keremoglu, M.E., CPAchecker: A tool for configurable software verification, Proc. 23rd Int. Conf. on Computer Aided Verification (CAV), 2011, vol. 6806, pp. 184---190.

[32]

Albarghouthi, A., Li, Y., Gurfinkel, A., and Chechik, M., UFO: a framework for abstraction and interpolation-based software verification, Proc. 24th Int. Conf. on Computer Aided Verification (CAV), 2012, vol. 7358, pp. 672---678.

Digital Library

[33]

Novikov, E.M., Simplification of static verifier traces analysis, Trudy nauchno-prakticheskoi konferencii Aktual'nye Problemy Programmnoi Inzhenerii (Proc. Res. and Pract. Sci. Conf. Actual Problems of Software Engineering), 2011, pp. 215---221.

[34]

Institute for System Programming of RAS, Linux Verification Center, Problems in Linux Kernel. http://linuxtesting.org/results/ldv.

[35]

Mandrykin, M.U., Mutilin, V.S., Novikov, E.M., Khoroshilov, A.V., and Shved, P.E., Using Linux device drivers for static verification tools benchmarking, Program. Comput. Software, 2012, vol. 38, no. 5, pp. 245---256.

Digital Library

[36]

Beyer, D. and Petrenko, A., Linux driver verification, Proc. 5th Int. Symposium on Leveraging Applications of Formal Methods, Verification, and Validation: Applications and Case Studies, 2012, vol. 7610, pp. 1---6.

Digital Library

Cited By

Baier DBeyer DChien PJakobs MJankola MKettl MLee NLemberger TLingsch-Rosenfeld MWachowitz HWendler P(2024)Software Verification with CPAchecker 3.0: Tutorial and User GuideFormal Methods10.1007/978-3-031-71177-0_30(543-570)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71177-0_30
Yavuz TBai K(2020)Analyzing system software components using API model guided symbolic executionAutomated Software Engineering10.1007/s10515-020-00276-527:3-4(329-367)Online publication date: 1-Dec-2020
https://dl.acm.org/doi/10.1007/s10515-020-00276-5
Novikov EZakharov I(2018)Verification of Operating System Monolithic Kernels Without ExtensionsLeveraging Applications of Formal Methods, Verification and Validation. Industrial Practice10.1007/978-3-030-03427-6_19(230-248)Online publication date: 5-Nov-2018
https://dl.acm.org/doi/10.1007/978-3-030-03427-6_19
Show More Cited By

Configurable toolset for static verification of operating systems kernel modules
1. Software and its engineering
  1. Software creation and management
  2. Software organization and properties
    1. Contextual software domains

Recommendations

Runtime Verification of Linux Kernel Modules Based on Call Interception
ICST '11: Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation

Verification of Linux kernel modules and especially device drivers is a critically important task. However, due to the special nature of the kernel operation, it is very challenging to perform runtime analysis of particular kernel modules of interest ...
Verification of Operating System Monolithic Kernels Without Extensions
Leveraging Applications of Formal Methods, Verification and Validation. Industrial Practice
Abstract
Most widely used, general-purpose operating systems are built on top of monolithic kernels to achieve maximum performance. These monolithic kernels are written in the C/C++ programming language primarily and they may exceed one million lines of ...
Verifying data- and control-oriented properties combining static and runtime verification: theory and tools

Static verification techniques are used to analyse and prove properties about programs before they are executed. Many of these techniques work directly on the source code and are used to verify data-oriented properties over all possible executions. The ...

Comments

Information & Contributors

Information

Published In

cover image Programming and Computing Software

Programming and Computing Software Volume 41, Issue 1

January 2015

64 pages

ISSN:0361-7688

Issue’s Table of Contents

Copyright © Copyright © 2015 Pleiades Publishing, Ltd.

Publisher

Plenum Press

United States

Publication History

Published: 01 January 2015

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Baier DBeyer DChien PJakobs MJankola MKettl MLee NLemberger TLingsch-Rosenfeld MWachowitz HWendler P(2024)Software Verification with CPAchecker 3.0: Tutorial and User GuideFormal Methods10.1007/978-3-031-71177-0_30(543-570)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71177-0_30
Yavuz TBai K(2020)Analyzing system software components using API model guided symbolic executionAutomated Software Engineering10.1007/s10515-020-00276-527:3-4(329-367)Online publication date: 1-Dec-2020
https://dl.acm.org/doi/10.1007/s10515-020-00276-5
Novikov EZakharov I(2018)Verification of Operating System Monolithic Kernels Without ExtensionsLeveraging Applications of Formal Methods, Verification and Validation. Industrial Practice10.1007/978-3-030-03427-6_19(230-248)Online publication date: 5-Nov-2018
https://dl.acm.org/doi/10.1007/978-3-030-03427-6_19
Kothari SAwadhutkar PTamrawi AMathews J(2017)Modeling lessons from verifying large software systems for safety and securityProceedings of the 2017 Winter Simulation Conference10.5555/3242181.3242297(1-12)Online publication date: 3-Dec-2017
https://dl.acm.org/doi/10.5555/3242181.3242297
Machiry ASpensky CCorina JStephens NKruegel CVigna G(2017)DR. CheckerProceedings of the 26th USENIX Conference on Security Symposium10.5555/3241189.3241268(1007-1024)Online publication date: 16-Aug-2017
https://dl.acm.org/doi/10.5555/3241189.3241268
Mordan VMutilin V(2016)Checking several requirements at once by CEGARProgramming and Computing Software10.1134/S036176881604005842:4(225-238)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.1134/S0361768816040058

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents