Title: Linux Drivers Verification
1Linux Drivers Verification
- Alexander K. Petrenko,
- Head of Software Engineering Department of ISPRAS
- petrenko_at_ispras.ru
2Agenda / content
- Linux Verification Center
- Linux drivers verification place of the project
within the researches of reliable and safe
embedded systems - Basic ideas of the approach to drivers
verification - Expected results
3Linux Verification Center at ISPRAS
- linuxtesting.org
- OLVER a model-based test suite for 1500 base
Linux API - Linux Application Checker a tool to test Linux
applications for cross-distribution compatibility
and LSB (Linux Standard Base) compliance - T2C tests for 2660 API of LSB libraries
- Automatically generated tests for 20 000 API
- LSB Navigator a web-portal for analysis of
Linux ecosystem and Linux Standard Base
http//www.linux-foundation.org/navigator
4Prime Importance of Safety and Reliability of
Embedded Operating Systems
- Safety and reliability of computer intensive
systems depends mostly on safety and reliability
of basic software, such as operating systems - Considerable Linux growth in the area of embedded
operating systems
5Correctness of drivers is a key issue for Linux
reliability
- Level 0 code faults affect the whole system
- 85 crashes of Linux kernel are caused by device
drivers 1,2 - 70 kernel code is device drivers
1 A. Chou et al., An Empirical Study of
Operating System Errors, In Proc. of the 18-th
ACM Symp. Operating System Principles, ACM Press,
2001. 2 M. M. Swift, B. N. Bershad, and H. M.
Levy. Improving the reliability of commodity
operating systems. In SOSP03 Symposium on
Operating System Principles, 2003, p. 207222.
6Linux Kernel
- Modification Statistics 1
- 2.83 patches per hour (Lines 3621 added, 1,550
removed, 1,425 changed every day)? - Supported Architectures
- More than 18
- Up to 70 are drivers
1 Kroah-Hartman G, Corbet J, McPherson A (2008)
Linux Kernel Development http//www.linux-foundati
on.org/publications/linuxkerneldevelopment.php
7Sources of issues
- Tangled code of device drivers
- Lack of clear rules of interactions between
device drivers and the kernel core - Interface between device drivers and the kernel
core is constantly evolving
Controller-gtV1.DualModeMemoryMailboxInterface
false
true
8An example of verification rule
9Verification Process
Driver source
- Verification model
- Verification rules
- Kernel core model
Instrumentation tool
BLAST tool
Verdict (System is safe, unsafe or undecidable)?
10An experiment
Callback function registration (not supported by
BLAST)
Extra tools required
ret pci_register_driver(DAC960_pci_driver)
There are no explicit calls of init and cleanup
functions (not supported by BLAST)
module_init(DAC960_init_module) module_exit(DAC96
0_cleanup_module)
11An example of conversion
Instrumentation tool
12Verification results
Verdict Error found! System is unsafe -(
RULE ID0029. ALLOC() may not be called before a
successful call to CREATE()
13Verification rules formalization
A rule in natural language
A rule in machine-readable form
14Current status
- 71 verification rules extracted
- SAFETY rules (54)
- 30 may be processed by BLAST
- LIVENESS rules
- SYNTACTIC rules
- Checked on the following drivers
- /usr/src/linux/net /usr/src/linux/drivers/net
- /usr/src/linux/block /usr/src/linux/drivers/bloc
k - /usr/src/linux/drivers/char
15Expected results
- To formalize verification rules ensuring safety
of device drivers interactions with kernel core - To develop static analysis techniques applicable
for checking the verification rules on Linux
device drivers sources
16References
- ISPRAS papers
- Formal Methods for Open Source Components
Certification by Alexey Khoroshilov and Vadim
Mutilin // OpenCert 2008 - Similar European researches
- Peter T. Breuer, Simon Pickin, "Verification in
the Light and Large Large-Scale Verification for
Fast-Moving Open Source C Projects," 31st IEEE
Software Engineering Workshop (SEW 2007), 2007
17Thank you
- Alexander K. Petrenko, ISPRAS
- petrenko_at_ispras.ru
- http//ispras.ru/petrenko