|
 ABSTRACT
Bugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself: programmers must master a complex set of rules about how to use the driver API in order to create drivers that are good clients of the kernel. We have built a static analysis engine that finds API usage errors in C programs. The Static Driver Verifier tool (SDV) uses this engine to find kernel API usage errors in a driver. SDV includes models of the OS and the environment of the device driver, and over sixty API usage rules. SDV is intended to be used by driver developers "out of the box." Thus, it has stringent requirements: (1) complete automation with no input from the user; (2) a low rate of false errors. We discuss the techniques used in SDV to meet these requirements, and empirical results from running SDV on over one hundred Windows device drivers.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
T. Ball, B. Cook, S. Das, and S. K. Rajamani. Refining approximations in software predicate abstraction. In TACAS 04: Tools and Algorithms for the Construction and Analysis of Systems, pages 388--403, 2004.
|
| |
2
|
T. Ball, B. Cook, S. K. Lahiri, and L. Zhang. Zapato: Automatic theorem proving for predicate abstraction refinement. In CAV 04: Computer-Aided Verification, pages 457--461, 2004.
|
 |
3
|
Thomas Ball , Rupak Majumdar , Todd Millstein , Sriram K. Rajamani, Automatic predicate abstraction of C programs, Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation, p.203-213, June 2001, Snowbird, Utah, United States
|
| |
4
|
Thomas Ball , Mayur Naik , Sriram K. Rajamani, From symptom to cause: localizing errors in counterexample traces, Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.97-105, January 15-17, 2003, New Orleans, Louisiana, USA
|
| |
5
|
|
| |
6
|
|
| |
7
|
|
| |
8
|
|
| |
9
|
|
| |
10
|
A. Bradley, Z. Manna, and H. Sipma. Linear ranking with reachability. In CAV 05: Computer-Aided Verification, pages 491--504, 2005.
|
| |
11
|
|
| |
12
|
|
| |
13
|
Sagar Chaki , Edmund Clarke , Alex Groce , Somesh Jha , Helmut Veith, Modular verification of software components in C, Proceedings of the 25th International Conference on Software Engineering, May 03-10, 2003, Portland, Oregon
|
| |
14
|
H. Chen, D. Dean, and D. Wagner. Model checking one million lines of c code. In NDSS 04: Network and Distributed System Security Symposium, 2004.
|
| |
15
|
Andy Chou , Junfeng Yang , Benjamin Chelf , Seth Hallem , Dawson Engler, An empirical study of operating systems errors, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
|
| |
16
|
|
| |
17
|
|
| |
18
|
B. Cook and G. Gonthier. Using Stalmårck's algorithm to prove inequalities. In ICFEM 05: Conference on Formal Engineering Methods, pages 330--344, 2005.
|
| |
19
|
B. Cook, D. Kroening, and N. Sharygina. Cogent: Accurate theorem proving for program verification. In CAV 05: Computer-Aided Verification, pages 296--300, 2005.
|
| |
20
|
B. Cook, D. Kroening, and N. Sharygina. Symbolic model checking for asynchronous boolean programs. In SPIN 01: SPIN Workshop, pages 75--90, 2005.
|
| |
21
|
B. Cook, A. Podelski, and A. Rybalchenko. Abstraction refinement for termination. In SAS 05: Static Analysis Symposium, pages 87--101, 2005.
|
| |
22
|
|
| |
23
|
|
| |
24
|
P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The ASTREÉ analyzer. In ESOP 05: European Symposium on Programming, pages 21--30, 2005.
|
| |
25
|
|
| |
26
|
|
| |
27
|
|
| |
28
|
D. Detlefs, G. Nelson, and J. B. Saxe. Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, HP Labs, 2003.
|
| |
29
|
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In OSDI 00: Operating System Design and Implementation, pages 1--16. Usenix Association, 2000.
|
| |
30
|
G. Balakrishnan et al. Model checking x86 executables with CodeSurfer/x86 and WPDS++. In CAV 05: Computer-Aided Verification, 2005.
|
| |
31
|
Cormac Flanagan , K. Rustan M. Leino , Mark Lillibridge , Greg Nelson , James B. Saxe , Raymie Stata, Extended static checking for Java, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
|
| |
32
|
K. Fraser, S. Hand, R. Neugebauer, I. Pratt, A. Warfield, and M. Williams. Safe hardware access with the Xen virtual machine monitor. In OASIS'04: Workshop on Operating System and Architectural Support for the on demand IT InfraStructure, June 2004.
|
| |
33
|
Seth Hallem , Benjamin Chelf , Yichen Xie , Dawson Engler, A system and language for building system-specific, static analyses, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
|
| |
34
|
Thomas A. Henzinger , Ranjit Jhala , Rupak Majumdar , Kenneth L. McMillan, Abstractions from proofs, Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.232-244, January 14-16, 2004, Venice, Italy
|
| |
35
|
Thomas A. Henzinger , Ranjit Jhala , Rupak Majumdar , Grégoire Sutre, Lazy abstraction, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.58-70, January 16-18, 2002, Portland, Oregon
|
| |
36
|
|
| |
37
|
S. Lahiri, T. Ball, and B. Cook. Predicate abstraction via symbolic decision procedures. In CAV 05: Computer-Aided Verification, pages 24--38, 2005.
|
| |
38
|
L. Lamport. Proving the correctness of multiprocess programs. IEEE Transactions on Software Engineering, SE-3(2): 125--143, 1977.
|
| |
39
|
J. R. Larus, T. Ball, M. Das, Rob DeLine, M. Fähndrich, J. Pincus, S. K. Rajamani, and R. Venkatapathy. Righting software. IEEE Software, 21(3):92--100, May/June 2004.
|
| |
40
|
|
| |
41
|
|
| |
42
|
|
| |
43
|
|
| |
44
|
|
| |
45
|
M. Y. Vardi and P. Wolper. An automata theoretic apporach to automatic program verification. In LICS 86: Logic in Computer Science, pages 332--344. IEEE Computer Society Press, 1996.
|
CITED BY 24
|
|
Henrik Stuart , René Rydhof Hansen , Julia L. Lawall , Jesper Andersen , Yoann Padioleau , Gilles Muller, Towards easing the diagnosis of bugs in OS code, Proceedings of the 4th workshop on Programming languages and operating systems, October 18-18, 2007, Stevenson, Washington
|
|
|
Yoann Padioleau , René Rydhof Hansen , Julia L. Lawall , Gilles Muller, Semantic patches for documenting and automating collateral evolutions in Linux device drivers, Proceedings of the 3rd workshop on Programming languages and operating systems: linguistic support for modern operating systems, p.10-es, October 22-22, 2006, San Jose, California
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Galen Hunt , Mark Aiken , Manuel Fähndrich , Chris Hawblitzel , Orion Hodson , James Larus , Steven Levi , Bjarne Steensgaard , David Tarditi , Ted Wobber, Sealing OS processes to improve dependability and safety, ACM SIGOPS Operating Systems Review, v.41 n.3, June 2007
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Xi Wang , Zhenyu Guo , Xuezheng Liu , Zhilei Xu , Haoxiang Lin , Xiaoge Wang , Zheng Zhang, Hang analysis: fighting responsiveness bugs, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
|
|
|
Thomas Witkowski , Nicolas Blanc , Daniel Kroening , Georg Weissenbacher, Model checking concurrent linux device drivers, Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering, November 05-09, 2007, Atlanta, Georgia, USA
|
|
|
|
|
|
|
|
|
|
|
|
Julia L. Lawall , Gilles Muller , Nicolas Palix, Enforcing the use of API functions in linux code, Proceedings of the 8th workshop on Aspects, components, and patterns for infrastructure software, March 02-02, 2009, Charlottesville, Virginia, USA
|
|
|
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.2