Improved device driver reliability through hardware verification reuse
Abstract
Faulty device drivers are a major source of operating system failures. We argue that the underlying cause of many driver faults is the separation of two highly-related tasks: device verification and driver development. These two tasks have a lot in common, and result in software that is conceptually and functionally similar, yet kept totally separate. The result is a particularly bad case of duplication of effort: the verification code is correct, but is discarded after the device has been manufactured; the driver code is inferior, but used in actual device operation. We claim that the two tasks, and the software they produce, can and should be unified, and this will result in drastic improvement of device-driver quality and reduction in the development cost and time to market.
In this paper we propose a device driver design and verification workflow that achieves such unification. We apply this workflow to develop and test drivers for four different I/O devices and demonstrate that it improves the driver test coverage and allows detecting driver defects that are extremely hard to find using conventional testing techniques.
References
[1]
T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustuner. Thorough static analysis of device drivers. In Proceedings of the 1st EuroSys Conference, pages 73--85, Leuven, Belgium, Apr. 2006.
[2]
J. Bergeron, E. Cerny, A. Hunter, and A. Nightingale. Verification Methodology Manual for SystemVerilog. Springer-Verlag, Inc., 2005.
[3]
Bluespec, Inc. Emulation: enabling it on every desktop, 2008.
[4]
N. Bombieri, F. Fummi, G. Pravadelli, and S. Vinco. Correct-by-construction generation of device drivers based on RTL testbenches. In Proceedings of the 45th ACM/IEEE Conference on Design, Automation and Test in Europe, pages 1500--1505, Apr. 2009.
[5]
A. Chou, J.-F. Yang, B. Chelf, S. Hallem, and D. Engler. An empirical study of operating systems errors. In Proceedings of the 18th ACM Symposium on Operating Systems Principles, pages 73--88, Lake Louise, Alta, Canada, Oct. 2001.
[6]
A. Chou, B. Fulton, and S. Hallem. Linux kernel security report, 2005.
[7]
D. R. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation, pages 1--16, San Diego, CA, Oct. 2000.
[8]
U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: software guards for system address spaces. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pages 75--88, Seattle, Washington, Nov. 2006.
[9]
A. Ganapathi, V. Ganapathi, and D. Patterson. Windows XP kernel crash analysis. In Proceedings of the 20th USENIX Large Installation System Administration Conference, pages 101--111, Washington, DC, USA, 2006.
[10]
J. N. Herder, H. Bos, B. Gras, P. Homburg, and A. S. Tanenbaum. MINIX 3: A highly reliable, self-repairing operating system. ACM Operating Systems Review, 40 (3): 80--89, July 2006.
[11]
V. Kuznetsov, V. Chipounov, and G. Candea. Testing closed-source binary device drivers with DDT. In Proceedings of the 2010 USENIX Annual Technical Conference, Boston, MA, June 2010.
[12]
S. K. Lahiri, S. Qadeer, and Z. Rakamarić. Static and precise detection of concurrency errors in systems code using SMT solvers. In Proceedings of the 21st International Conference on Computer Aided Verification, pages 509--524, June 2009.
[13]
, Gray, Macpherson, Potts, Shen, Elphinstone, and Heiser}Leslie_CFGGMPSEH_05B. Leslie, P. Chubb, N. Fitzroy-Dale, S. Götz, C. Gray, L. Macpherson, D. Potts, Y. R. Shen, K. Elphinstone, and G. Heiser. User-level device drivers: Achieved performance. Journal of Computer Science and Technology, 20 (5): 654--664, Sept. 2005.
[14]
J. Liedtke, U. Bartling, U. Beyer, D. Heinrichs, R. Ruland, and G. Szalay. Two years of experience with a μ-kernel based OS. ACM Operating Systems Review, 25 (2): 51--62, Apr. 1991.
[15]
F. Mérillon, L. Réveillère, C. Consel, R. Marlet, and G. Muller. Devil: An IDL for hardware programming. In Proceedings of the 4th USENIX Symposium on Operating Systems Design and Implementation, pages 17--30, San Diego, CA, USA, Oct. 2000.
[16]
Microsoft Corporation. Network Driver Interface Specification Test. http://www.microsoft.com/whdc/DevTools/tools/NDIStest.mspx.
[17]
OVM. OVM class reference. Version 2.1.1, Mar. 2010.
[18]
Project OpenCores. 10/100 Mbps Ethernet MAC core. http://www.opencores.org/project,ethmac.
[19]
Project OpenCores. USBHostSlave IP core. http://www.opencores.org/project,usbhostslave.
[20]
Project UDI. UDI core specification. Version 1.01, Feb. 2001.
[21]
L. Ryzhyk, P. Chubb, I. Kuz, and G. Heiser. Dingo: Taming device drivers. In Proceedings of the 4th EuroSys Conference, Nuremberg, Germany, Apr. 2009.
[22]
L. Ryzhyk, P. Chubb, I. Kuz, E. L. Sueur, and G. Heiser. Automatic device driver synthesis with Termite. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, Big Sky, MT, USA, Oct. 2009.
[23]
L. Ryzhyk, Y. Zhu, and G. Heiser. The case for active device drivers. In Proceedings of the 1st Asia-Pacific Workshop on Systems, New Delhi, India, Aug. 2010.
[24]
M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the reliability of commodity operating systems. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, Bolton Landing (Lake George), New York, USA, Oct. 2003.
[25]
usbtest. USB testing on Linux. http://www.linux-usb.org/usbtest/.
[26]
R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. In Proceedings of the 14th ACM Symposium on Operating Systems Principles, pages 203--216, Asheville, NC, USA, Dec. 1993.
[27]
M. Willems and F. Schirrmeister. Virtual prototypes for software-dominated communication system designs. IEEE Communications Magazine, 48: 37--43, June 2010.
[28]
D. Williams, P. Reynolds, K. Walsh, E. G. Sirer, and F. B. Schneider. Device driver safety through a reference validation mechanism. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, pages 241--254, San Diego, CA, USA, Dec. 2008.
[29]
F. Zhou, J. Condit, Z. Anderson, I. Bagrak, R. Ennals, M. Harren, G. Necula, and E. Brewer. SafeDrive: Safe and recoverable extensions using language-based techniques. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pages 45--60, Seattle, WA, USA, Nov. 2006.
Index Terms
- Improved device driver reliability through hardware verification reuse
Recommendations
Improved device driver reliability through hardware verification reuse
ASPLOS XVI: Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systemsFaulty device drivers are a major source of operating system failures. We argue that the underlying cause of many driver faults is the separation of two highly-related tasks: device verification and driver development. These two tasks have a lot in ...
Improved device driver reliability through hardware verification reuse
ASPLOS '11Faulty device drivers are a major source of operating system failures. We argue that the underlying cause of many driver faults is the separation of two highly-related tasks: device verification and driver development. These two tasks have a lot in ...
Improved device driver reliability through verification reuse
HotDep'10: Proceedings of the Sixth international conference on Hot topics in system dependabilityFaulty device drivers are a major source of operating system failures. We argue that the underlying cause of many driver faults is the separation of two highly-related tasks: device verification and driver development. These two tasks have a lot in ...
Comments
Information & Contributors
Information
Published In
March 2011432 pages
Copyright © 2011 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 March 2011
Published in SIGPLAN Volume 46, Issue 3
Check for updates
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations8Total Citations
- 556Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)1
Reflects downloads up to 11 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in