Article

Correctness proofs for device drivers in embedded systems

Authors:

John RegehrAuthors Info & Claims

SSV'10: Proceedings of the 5th international conference on Systems software verification

Page 5

Published: 06 October 2010 Publication History

Abstract

Computer systems do not exist in isolation: they must interact with the world through I/O devices. Our work, which focuses on constrained embedded systems, provides a framework for verifying device driver software at the machine code level. We created an abstract device model that can be plugged into an existing formal semantics for an instruction set architecture. We have instantiated the abstract model with a model for the serial port for a real embedded processor, and we have verified the full functional correctness of the transmit and receive functions from an open-source driver for this device.

References

[1]

ALKASSAR, E., HILLEBRAND, M., KNAPP, S., RUSEV, R., AND TVERDYSHEV, S. Formal device and programming model for a serial interface. In Proc. of the 4th Intl. Verification Workshop (VERIFY) (Bremen, Germany, July 2007), pp. 4-20.

[2]

ALKASSAR, E., AND HILLEBRAND, M. A. Formal functional verification of device drivers. In Proc. of the 2nd Intl. Conf. on Verified Software: Theories, Tools, Experiments (VSTTE) (Toronto, Canada, Oct. 2008), pp. 225-239.

[3]

BALL, T., BOUNIMOVA, E., COOK, B., LEVIN, V., LICHTENBERG, J., MCGARVEY, C., ONDRUSEK, B., RAJAMANI, S. K., AND USTUNER, A. Thorough static analysis of device drivers. In Proc. of the 2006 EuroSys Conf. (Leuven, Belgium, Apr. 2006), pp. 73-85.

[4]

BALL, T., AND RAJAMANI, S. K. Automatically validating temporal safety properties of interfaces. In Proc. of the 8th Intl. SPIN Workshop on Model Checking Software (SPIN) (Toronto, Canada, May 2001), pp. 103-122.

[5]

CHAKI, S., CLARKE, E., GROCE, A., JHA, S., AND VEITH, H. Modular verification of software components in C. In Proc. of the 22nd Intl. Conf. on Software Engineering (ICSE) (Portland, OR, May 2003), pp. 385-395.

[6]

CHOU, A., YANG, J., CHELF, B., HALLEM, S., AND ENGLER, D. R. An empirical study of operating system errors. In Proc. of the 18th ACM Symp. on Operating Systems Principles (SOSP) (Banff, Canada, Oct. 2001), pp. 73-88.

[7]

CONWAY, C. L., AND EDWARDS, S. A. NDL: A domain-specific language for device drivers. In Proc. of the 2004 Conf. on Languages, Compilers, and Tools for Embedded Systems (LCTES) (Washington, DC, June 2004).

[8]

FEHNKER, A., HUUCK, R., RAUCH, F., AND SEEFRIED, S. Some assembly required - program analysis of embedded system code. In Proc. of the 8th Intl. Working Conf. on Source Code Analysis and Manipulation (SCAM) (Beijing, China, Sept. 2008), pp. 15-24.

[9]

FEHNKER, A., HUUCK, R., SCHLICH, B., AND TAPP, M. Automatic bug detection in microcontroller software by static program analysis. In Proc. of the 35th Conf. on Current Trends in Theory and Practice of Computer Science (SOFSEM) (Spindleruv Mlyn, Czech Republic, Jan. 2009), pp. 267-278.

[10]

FENG, X., AND SHAO, Z. Modular verification of concurrent assembly code with dynamic thread creation and termination. In Proc. of the 10th ACM SIGPLAN Intl. Conf. on Functional Programming (ICFP) (Tallinn, Estonia, Sept. 2005), pp. 254-267.

[11]

FENG, X., SHAO, Z., GUO, Y., AND DONG, Y. Certifying low-levelp rograms with hardware interrupts and preemptive threads. J. Automatic Reasoning 42, 2-4 (Apr. 2009), 301-347.

[12]

FLANAGAN, C., AND QADEER, S. Thread-Modular model checking. In Proc. of the 10th Intl. SPIN Workshop on Model Checking Software (SPIN) (Portland, OR, May 2003), pp. 213- 224.

[13]

FLOYD, R. W. Assigning meanings to programs. In Proc. of Symp. in Applied Mathematics (New York City, NY, Apr. 1966), vol. 19, pp. 19-32. Mathematical Aspects of Computer Science.

[14]

FOX, A. Formal specification and verification of ARM6. In Proc. of the 16th Intl. Conf. on Theorem Proving in Higher Order Logics (TPHOLs) (Rome, Italy, Sept. 2003), pp. 25-40.

[15]

GORDON, M. J. C. Introduction to the HOL system. In Proc. of the 1991 Intl. Workshop on the HOL Theorem Proving System and its Applications (TPHOLs) (Davis, CA, Aug. 1991), pp. 2-3.

[16]

HOARE, C. A. R. An axiomatic basis for computer programming. Communications ACM 12, 10 (Oct. 1969), 576-583.

[17]

KEIL. NXP LPC2129. http://www.keil.com/dd/ chip/3648.htm.

[18]

KLEIN, G., ELPHINSTONE, K., HEISER, G., ANDRONICK, J., COCK, D., DERRIN, P., ELKADUWE, D., ENGELHARDT, K., KOLANSKI, R., NORRISH, M., SEWELL, T., TUCH, H., AND WINWOOD, S. seL4: formal verification of an OS kernel. In Proc. of the 22nd ACM Symp. on Operating Systems Principles (SOSP) (Big Sky, MT, Oct. 2009), pp. 207-220.

[19]

LAMPORT, L. The temporal logic of actions. ACM Transactions on Programming Languages and Systems 16, 3 (May 1994), 872- 923.

[20]

LEROY, X. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In Proc. of the 33rd Symp. on Principles of Programming Languages (POPL) (Charleston, SC, Jan. 2006), pp. 42-54.

[21]

MÉRILLON, F., AND MULLER, G. Dealing with hardware in embedded software: A general framework based on the Devil language. In Proc. of the 2001 Workshop on Languages, Compilers, and Tools for Embedded Systems (LCTES) / The Workshop on Optimization of Middleware and Distributed Systems (LCTES/OM) (Snowbird, UT, June 2001), pp. 121-127.

[22]

MONNIAUX, D. Verification of device drivers and intelligent controllers: a case study. In Proc. of the 7th Intl. Conf. on Embedded Software (EMSOFT) (Salzburg, Austria, Sept.-Oct. 2007), pp. 30-36.

[23]

MYREEN, M. O., FOX, A. C. J., AND GORDON, M. J. C. Hoare logic for ARM machine code. In Proc. of the 2007 Symp. on Fundamentals of Software Engineering (FSEN) (Tehran, Iran, Apr. 2007), pp. 272-286.

[24]

MYREEN, M. O., AND GORDON, M. J. C. Hoare logic for realistically modelled machine code. In Proc. of the 13th Intl. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS) (Braga, Portugal, Mar.-Apr. 2007), pp. 568- 582.

[25]

MYREEN, M. O., AND GORDON, M. J. C. Verified LISP implementations on ARM, x86 and PowerPC. In Proc. of the 22nd Intl. Conf. on Theorem Proving in Higher Order Logics (TPHOLs) (Munich, Germany, Aug. 2009), pp. 359-374.

[26]

O'HEARN, P. W. Resources, concurrency, and local reasoning. Theoretical Computer Science 375, 1-3 (May 2007), 271-307.

[27]

POST, H., AND KÜCHLIN, W. Integrated static analysis for Linux device driver verification. In Proc. of the 6th Intl. Conf. on Integrated Formal Methods (IFM) (Oxford, UK, July 2007), pp. 518-537.

[28]

RYZHYK, L., CHUBB, P., KUZ, I., SUEUR, E. L., AND HEISER, G. Automatic device driver synthesis with Termite. In Proc. of the 22nd ACM Symp. on Operating Systems Principles (SOSP) (Big Sky, MT, Oct. 2009), pp. 73-86.

[29]

SCHLICH, B. Model checking of software for microcontrollers. ACM Transactions on Embedded Computing Systems (TECS) 9, 4 (Mar. 2010).

[30]

SCHLICH, B., AND KOWALEWSKI, S. Model checking C source code for embedded systems. Intl. J. Software Tools for Technology Transfer 11, 3 (Mar. 2009), 187-202.

[31]

SUN, J., YUAN, W., KALLAHALLA, M., AND ISLAM, N. HAIL: a language for easy and correct device access. In Proc. of the 2005 Intl. Conf. on Embedded Software (EMSOFT) (Jersey City, NJ, Sept. 2005), pp. 1-9.

[32]

TAN, G., AND APPEL, A. W. A compositional logic for control flow. In Proc. of the 7th Intl. Conf. on Verification, Model Checking, and Abstract Interpretation (VMCAI) (Charleston, SC, Jan. 2006), pp. 80-94.

[33]

WANG, S., AND MALIK, S. Synthesizing operating system based device drivers in embedded systems. In Proc. of the 1st IEEE/ACM/IFIP Intl. Conf. on Hardware/Software Codesign and System Synthesis (CODES+ISSS) (Newport Beach, CA, Oct. 2003), pp. 37-44.

Cited By

Chen HWu XShao ZLockerman JGu R(2018)Toward Compositional Verification of Interruptible OS Kernels and Device DriversJournal of Automated Reasoning10.1007/s10817-017-9446-061:1-4(141-189)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1007/s10817-017-9446-0
David YPartush NYahav E(2017)Similarity of binaries through re-optimizationACM SIGPLAN Notices10.1145/3140587.306238752:6(79-94)Online publication date: 14-Jun-2017
https://dl.acm.org/doi/10.1145/3140587.3062387
David YPartush NYahav ECohen AVechev M(2017)Similarity of binaries through re-optimizationProceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3062341.3062387(79-94)Online publication date: 14-Jun-2017
https://dl.acm.org/doi/10.1145/3062341.3062387
Show More Cited By

Correctness proofs for device drivers in embedded systems
1. Software and its engineering
  1. Software creation and management
2. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning

Recommendations

Toward compositional verification of interruptible OS kernels and device drivers
PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation

An operating system (OS) kernel forms the lowest level of any system software stack. The correctness of the OS kernel is the basis for the correctness of the entire system. Recent efforts have demonstrated the feasibility of building formally verified ...
Formal Functional Verification of Device Drivers
VSTTE '08: Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments

We report on the formal functional verification of a simple device driver for an ATAPI hard disk in Isabelle/HOL. The proof is based on a functional model of the hard disk, which has been integrated into the instruction set architecture of a verified ...
Model checking concurrent linux device drivers
ASE '07: Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering

The S<scp>lam</scp> toolkit demonstrates that predicate abstraction enables automated verification of real world Windows device drivers. Our predicate abstraction-based tool DDV<scp>erify</scp>enables the automated verification of Linux device drivers ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SSV'10: Proceedings of the 5th international conference on Systems software verification

October 2010

10 pages

Program Chairs:
Ralf Huuck
NICTA and University of New South Wales, Australia
,
Gerwin Klein
NICTA and University of New South Wales, Australia
,
Bastian Schlich
ABB Corporate Research, Germany

Sponsors

Microsoft Research: Microsoft Research
NICTA: National Information and Communications Technology Australia

Publisher

USENIX Association

United States

Publication History

Published: 06 October 2010

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chen HWu XShao ZLockerman JGu R(2018)Toward Compositional Verification of Interruptible OS Kernels and Device DriversJournal of Automated Reasoning10.1007/s10817-017-9446-061:1-4(141-189)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1007/s10817-017-9446-0
David YPartush NYahav E(2017)Similarity of binaries through re-optimizationACM SIGPLAN Notices10.1145/3140587.306238752:6(79-94)Online publication date: 14-Jun-2017
https://dl.acm.org/doi/10.1145/3140587.3062387
David YPartush NYahav ECohen AVechev M(2017)Similarity of binaries through re-optimizationProceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3062341.3062387(79-94)Online publication date: 14-Jun-2017
https://dl.acm.org/doi/10.1145/3062341.3062387
Chen HWu XShao ZLockerman JGu R(2016)Toward compositional verification of interruptible OS kernels and device driversACM SIGPLAN Notices10.1145/2980983.290810151:6(431-447)Online publication date: 2-Jun-2016
https://dl.acm.org/doi/10.1145/2980983.2908101
Chen HWu XShao ZLockerman JGu RKrintz CBerger E(2016)Toward compositional verification of interruptible OS kernels and device driversProceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/2908080.2908101(431-447)Online publication date: 2-Jun-2016
https://dl.acm.org/doi/10.1145/2908080.2908101
Balliu MDam MGuanciale RAhn GYung MLi N(2014)Automating Information Flow Analysis of Low Level CodeProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660322(1080-1091)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660322

View Options

View options

Media

Figures

Other

Tables

View Table of Contents