ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Thorough static analysis of device drivers
Full text PdfPdf (424 KB)
Source European Conference on Computer Systems archive
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006 table of contents
Leuven, Belgium
SESSION: Device drivers table of contents
Pages: 73 - 85  
Year of Publication: 2006
ISBN:1-59593-322-0
Also published in ...
Authors
Thomas Ball  Microsoft Corporation
Ella Bounimova  Microsoft Corporation
Byron Cook  Microsoft Corporation
Vladimir Levin  Microsoft Corporation
Jakob Lichtenberg  Microsoft Corporation
Con McGarvey  Microsoft Corporation
Bohus Ondrusek  Microsoft Corporation
Sriram K. Rajamani  Microsoft Corporation
Abdullah Ustuner  Microsoft Corporation
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 46,   Downloads (12 Months): 259,   Citation Count: 24
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1217935.1217943
What is a DOI?

ABSTRACT

Bugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself: programmers must master a complex set of rules about how to use the driver API in order to create drivers that are good clients of the kernel. We have built a static analysis engine that finds API usage errors in C programs. The Static Driver Verifier tool (SDV) uses this engine to find kernel API usage errors in a driver. SDV includes models of the OS and the environment of the device driver, and over sixty API usage rules. SDV is intended to be used by driver developers "out of the box." Thus, it has stringent requirements: (1) complete automation with no input from the user; (2) a low rate of false errors. We discuss the techniques used in SDV to meet these requirements, and empirical results from running SDV on over one hundred Windows device drivers.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
T. Ball, B. Cook, S. Das, and S. K. Rajamani. Refining approximations in software predicate abstraction. In TACAS 04: Tools and Algorithms for the Construction and Analysis of Systems, pages 388--403, 2004.
 
2
T. Ball, B. Cook, S. K. Lahiri, and L. Zhang. Zapato: Automatic theorem proving for predicate abstraction refinement. In CAV 04: Computer-Aided Verification, pages 457--461, 2004.
3
Thomas Ball , Rupak Majumdar , Todd Millstein , Sriram K. Rajamani, Automatic predicate abstraction of C programs, Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation, p.203-213, June 2001, Snowbird, Utah, United States
4
Thomas Ball , Mayur Naik , Sriram K. Rajamani, From symptom to cause: localizing errors in counterexample traces, Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.97-105, January 15-17, 2003, New Orleans, Louisiana, USA
 
5
Thomas Ball , Andreas Podelski , Sriram K. Rajamani, Boolean and Cartesian Abstraction for Model Checking C Programs, Proceedings of the 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, p.268-283, April 02-06, 2001
 
6
Thomas Ball , Andreas Podelski , Sriram K. Rajamani, Relative Completeness of Abstraction Refinement for Software Model Checking, Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, p.158-172, April 08-12, 2002
 
7
Thomas Ball , Sriram K. Rajamani, Bebop: A Symbolic Model Checker for Boolean Programs, Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification, p.113-130, August 30-September 01, 2000
 
8
Thomas Ball , Sriram K. Rajamani, Automatically validating temporal safety properties of interfaces, Proceedings of the 8th international SPIN workshop on Model checking of software, p.103-122, May 2001, Toronto, Ontario, Canada
9
Thomas Ball , Sriram K. Rajamani, Bebop: a path-sensitive interprocedural dataflow engine, Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.97-103, June 2001, Snowbird, Utah, United States  [doi>10.1145/379605.379690]
 
10
A. Bradley, Z. Manna, and H. Sipma. Linear ranking with reachability. In CAV 05: Computer-Aided Verification, pages 491--504, 2005.
 
11
Randal E. Bryant, Graph-based algorithms for Boolean function manipulation, IEEE Transactions on Computers, v.35 n.8, p.677-691, Aug. 1986  [doi>10.1109/TC.1986.1676819]
 
12
William R. Bush , Jonathan D. Pincus , David J. Sielaff, A static analyzer for finding dynamic programming errors, Software—Practice & Experience, v.30 n.7, p.775-802, June 2000  [doi>10.1002/(SICI)1097-024X(200006)30:7<775::AID-SPE309>3.0.CO;2-H]
 
13
Sagar Chaki , Edmund Clarke , Alex Groce , Somesh Jha , Helmut Veith, Modular verification of software components in C, Proceedings of the 25th International Conference on Software Engineering, May 03-10, 2003, Portland, Oregon
 
14
H. Chen, D. Dean, and D. Wagner. Model checking one million lines of c code. In NDSS 04: Network and Distributed System Security Symposium, 2004.
15
Andy Chou , Junfeng Yang , Benjamin Chelf , Seth Hallem , Dawson Engler, An empirical study of operating systems errors, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
 
16
Edmund M. Clarke , Orna Grumberg , Somesh Jha , Yuan Lu , Helmut Veith, Counterexample-Guided Abstraction Refinement, Proceedings of the 12th International Conference on Computer Aided Verification, p.154-169, July 15-19, 2000
 
17
Edmund Clarke , Daniel Kroening , Natasha Sharygina , Karen Yorav, Predicate Abstraction of ANSI-C Programs Using SAT, Formal Methods in System Design, v.25 n.2-3, p.105-127, September-November 2004  [doi>10.1023/B:FORM.0000040025.89719.f3]
 
18
B. Cook and G. Gonthier. Using Stalmårck's algorithm to prove inequalities. In ICFEM 05: Conference on Formal Engineering Methods, pages 330--344, 2005.
 
19
B. Cook, D. Kroening, and N. Sharygina. Cogent: Accurate theorem proving for program verification. In CAV 05: Computer-Aided Verification, pages 296--300, 2005.
 
20
B. Cook, D. Kroening, and N. Sharygina. Symbolic model checking for asynchronous boolean programs. In SPIN 01: SPIN Workshop, pages 75--90, 2005.
 
21
B. Cook, A. Podelski, and A. Rybalchenko. Abstraction refinement for termination. In SAS 05: Static Analysis Symposium, pages 87--101, 2005.
22
Byron Cook , Andreas Podelski , Andrey Rybalchenko, Termination proofs for systems code, Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation, June 11-14, 2006, Ottawa, Ontario, Canada
23
Patrick Cousot , Radhia Cousot, Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints, Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.238-252, January 17-19, 1977, Los Angeles, California  [doi>10.1145/512950.512973]
 
24
P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The ASTREÉ analyzer. In ESOP 05: European Symposium on Programming, pages 21--30, 2005.
25
Manuvir Das, Unification-based pointer analysis with directional assignments, Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation, p.35-46, June 18-21, 2000, Vancouver, British Columbia, Canada
26
Manuvir Das , Sorin Lerner , Mark Seigle, ESP: path-sensitive program verification in polynomial time, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
27
Robert DeLine , Manuel Fähndrich, Enforcing high-level protocols in low-level software, Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation, p.59-69, June 2001, Snowbird, Utah, United States
 
28
D. Detlefs, G. Nelson, and J. B. Saxe. Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, HP Labs, 2003.
 
29
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In OSDI 00: Operating System Design and Implementation, pages 1--16. Usenix Association, 2000.
 
30
G. Balakrishnan et al. Model checking x86 executables with CodeSurfer/x86 and WPDS++. In CAV 05: Computer-Aided Verification, 2005.
31
Cormac Flanagan , K. Rustan M. Leino , Mark Lillibridge , Greg Nelson , James B. Saxe , Raymie Stata, Extended static checking for Java, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
 
32
K. Fraser, S. Hand, R. Neugebauer, I. Pratt, A. Warfield, and M. Williams. Safe hardware access with the Xen virtual machine monitor. In OASIS'04: Workshop on Operating System and Architectural Support for the on demand IT InfraStructure, June 2004.
33
Seth Hallem , Benjamin Chelf , Yichen Xie , Dawson Engler, A system and language for building system-specific, static analyses, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
34
Thomas A. Henzinger , Ranjit Jhala , Rupak Majumdar , Kenneth L. McMillan, Abstractions from proofs, Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.232-244, January 14-16, 2004, Venice, Italy
35
Thomas A. Henzinger , Ranjit Jhala , Rupak Majumdar , Grégoire Sutre, Lazy abstraction, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.58-70, January 16-18, 2002, Portland, Oregon
 
36
Robert P. Kurshan, Computer-aided verification of coordinating processes: the automata-theoretic approach, Princeton University Press, Princeton, NJ, 1994
 
37
S. Lahiri, T. Ball, and B. Cook. Predicate abstraction via symbolic decision procedures. In CAV 05: Computer-Aided Verification, pages 24--38, 2005.
 
38
L. Lamport. Proving the correctness of multiprocess programs. IEEE Transactions on Software Engineering, SE-3(2): 125--143, 1977.
 
39
J. R. Larus, T. Ball, M. Das, Rob DeLine, M. Fähndrich, J. Pincus, S. K. Rajamani, and R. Venkatapathy. Righting software. IEEE Software, 21(3):92--100, May/June 2004.
 
40
K. Rustan M. Leino , Greg Nelson, An Extended Static Checker for Modular-3, Proceedings of the 7th International Conference on Compiler Construction, p.302-305, March 28-April 04, 1998
41
George C. Necula , Scott McPeak , Westley Weimer, CCured: type-safe retrofitting of legacy code, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.128-139, January 16-18, 2002, Portland, Oregon
42
Shaz Qadeer , Dinghao Wu, KISS: keep it simple and sequential, Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, June 09-11, 2004, Washington DC, USA
43
Fred B. Schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.30-50, Feb. 2000  [doi>10.1145/353323.353382]
44
Michael M. Swift , Brian N. Bershad , Henry M. Levy, Improving the reliability of commodity operating systems, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
45
M. Y. Vardi and P. Wolper. An automata theoretic apporach to automatic program verification. In LICS 86: Logic in Computer Science, pages 332--344. IEEE Computer Society Press, 1996.

CITED BY  24
Henrik Stuart , René Rydhof Hansen , Julia L. Lawall , Jesper Andersen , Yoann Padioleau , Gilles Muller, Towards easing the diagnosis of bugs in OS code, Proceedings of the 4th workshop on Programming languages and operating systems, October 18-18, 2007, Stevenson, Washington
Yoann Padioleau , René Rydhof Hansen , Julia L. Lawall , Gilles Muller, Semantic patches for documenting and automating collateral evolutions in Linux device drivers, Proceedings of the 3rd workshop on Programming languages and operating systems: linguistic support for modern operating systems, p.10-es, October 22-22, 2006, San Jose, California
Byron Cook , Alexey Gotsman , Andreas Podelski , Andrey Rybalchenko , Moshe Y. Vardi, Proving that programs eventually do something good, ACM SIGPLAN Notices, v.42 n.1, January 2007
Dawson Engler , Daniel Dunbar, Under-constrained execution: making automatic code destruction easy and scalable, Proceedings of the 2007 international symposium on Software testing and analysis, p.1-4, July 09-12, 2007, London, United Kingdom
Yin Wang , Terence Kelly , Stéphane Lafortune, Discrete control for safe execution of IT automation workflows, ACM SIGOPS Operating Systems Review, v.41 n.3, June 2007
Byron Cook , Andreas Podelski , Andrey Rybalchenko, Proving thread termination, ACM SIGPLAN Notices, v.42 n.6, June 2007
Yoann Padioleau , Julia L. Lawall , Gilles Muller, Understanding collateral evolution in Linux device drivers, ACM SIGOPS Operating Systems Review, v.40 n.4, October 2006
David Monniaux, Verification of device drivers and intelligent controllers: a case study, Proceedings of the 7th ACM & IEEE international conference on Embedded software, September 30-October 03, 2007, Salzburg, Austria
John Regehr , Nathan Cooprider, Interrupt Verification via Thread Verification, Electronic Notes in Theoretical Computer Science (ENTCS), v.174 n.9, p.139-150, June, 2007
Galen Hunt , Mark Aiken , Manuel Fähndrich , Chris Hawblitzel , Orion Hodson , James Larus , Steven Levi , Bjarne Steensgaard , David Tarditi , Ted Wobber, Sealing OS processes to improve dependability and safety, ACM SIGOPS Operating Systems Review, v.41 n.3, June 2007
Benjamin Livshits , Úlfar Erlingsson, Using web application construction frameworks to protect against code injection attacks, Proceedings of the 2007 workshop on Programming languages and analysis for security, June 14-14, 2007, San Diego, California, USA
Leonid Ryzhyk , Timothy Bourke , Ihor Kuz, Reliable device drivers require well-defined protocols, Proceedings of the 3rd conference on Third Workshop on Hot Topics in System Dependability, p.3-3, June 26, 2007, Edinburgh, UK
James D. Herbsleb, Global Software Engineering: The Future of Socio-technical Coordination, 2007 Future of Software Engineering, p.188-198, May 23-25, 2007
Thomas E. Hart , Marsha Chechik , David Lie, Security benchmarking using partial verification, Proceedings of the 3rd conference on Hot topics in security, p.1-6, July 29, 2008, San Jose, CA
Leonid Ryzhyk , Ihor Kuz , Gernot Heiser, Formalising device driver interfaces, Proceedings of the 4th workshop on Programming languages and operating systems, October 18-18, 2007, Stevenson, Washington
Xi Wang , Zhenyu Guo , Xuezheng Liu , Zhilei Xu , Haoxiang Lin , Xiaoge Wang , Zheng Zhang, Hang analysis: fighting responsiveness bugs, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
Thomas Witkowski , Nicolas Blanc , Daniel Kroening , Georg Weissenbacher, Model checking concurrent linux device drivers, Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering, November 05-09, 2007, Atlanta, Georgia, USA
Yoann Padioleau , Julia Lawall , René Rydhof Hansen , Gilles Muller, Documenting and automating collateral evolutions in linux device drivers, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
Kevin Bierhoff , Chris Hawblitzel, Checking the hardware-software interface in spec#, Proceedings of the 4th workshop on Programming languages and operating systems, October 18-18, 2007, Stevenson, Washington
Shlomi Dolev , Reuven Yagel, Self-stabilizing device drivers, ACM Transactions on Autonomous and Adaptive Systems (TAAS), v.3 n.4, p.1-29, November 2008
Julia L. Lawall , Gilles Muller , Nicolas Palix, Enforcing the use of API functions in linux code, Proceedings of the 8th workshop on Aspects, components, and patterns for infrastructure software, March 02-02, 2009, Charlottesville, Virginia, USA
Leonid Ryzhyk , Peter Chubb , Ihor Kuz , Gernot Heiser, Dingo: taming device drivers, Proceedings of the fourth ACM european conference on Computer systems, April 01-03, 2009, Nuremberg, Germany
Mohamed S. Mansour , Karsten Schwan , Sameh Abdelaziz, Isolation points: Creating performance-robust enterprise systems, ACM Transactions on Autonomous and Adaptive Systems (TAAS), v.4 n.2, p.1-28, May 2009
V. V. Kuliamin, Integration of verification methods for program systems, Programming and Computing Software, v.35 n.4, p.212-222, July 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.4 Software/Program Verification

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.5 Reliability


General Terms:
Reliability, Verification


Keywords:
formal verification, software model checking

Collaborative Colleagues:
Thomas Ball: colleagues
Ella Bounimova: colleagues
Byron Cook: colleagues
Vladimir Levin: colleagues
Jakob Lichtenberg: colleagues
Con McGarvey: colleagues
Bohus Ondrusek: colleagues
Sriram K. Rajamani: colleagues
Abdullah Ustuner: colleagues
This Article has also been published in:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player