Complete Runtime Tracing for Device Drivers Based on LLVM

Device drivers often suffer from much more bugs than the kernel, so testing device drivers becomes more and more important and necessary. In software testing, runtime tracing is an important technique to monitor real executing procedures of the program. Meanwhile, runtime information can also assist the programmer to make more accurate analysis of the program, like verifying the correctness of code execution and detecting bugs. However, due to kernel-mode execution and high complexity of kernel code, completely tracing drivers is hard, which causes real execution paths can not be clearly identified. In order to provide more powerful support for software testing of device drivers, we propose a method named Driver Trace, to do complete runtime tracing at the function level. Driver Trace utilizes instrumentation technique for runtime tracing, which is implemented based on LLVM compiler infrastructure. When the target driver works, Driver Trace records complete runtime information of function calls, like function names, return values and parameter pointers, and the information is recorded in a log file for future analysis. We have successfully implemented Driver Trace on 10 real device drivers in Linux 3.16.4 and made the evaluation as well. The experimental results show that Driver Trace provides an effective method of runtime tracing for device drivers with the modest overhead. Moreover, using an automated analysis of the runtime information recorded by Driver Trace, we also find 6 violations about resource usages in these 10 device drivers.

[1]  Josef Weidendorfer,et al.  A Tool Suite for Simulation Based Analysis of Memory Access Behavior , 2004, International Conference on Computational Science.

[2]  Neeraj Suri,et al.  Execution Path Profiling for OS Device Drivers: Viability and Methodology , 2008, ISAS.

[3]  George C. Necula,et al.  SafeDrive: safe and recoverable extensions using language-based techniques , 2006, OSDI '06.

[4]  Farn Wang,et al.  Test automation for kernel code and disk arrays with virtual devices , 2007, International Conference on Automated Software Engineering.

[5]  Nathan Froyd,et al.  Low-overhead call path profiling of unmodified, optimized code , 2005, ICS '05.

[6]  Alan J. Hu,et al.  A Scalable Memory Model for Low-Level Code , 2008, VMCAI.

[7]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[8]  Martín Abadi,et al.  XFI: software guards for system address spaces , 2006, OSDI '06.

[9]  Asim Kadav,et al.  Tolerating hardware device failures in software , 2009, SOSP '09.

[10]  Asim Kadav,et al.  Fine-grained fault tolerance using device checkpoints , 2013, ASPLOS '13.

[11]  Josef Weidendorfer,et al.  Sequential Performance Analysis with Callgrind and KCachegrind , 2008, Parallel Tools Workshop.

[12]  Rob Williams,et al.  Linux device drivers , 2006 .

[13]  Eviatar Khen,et al.  Using virtualization for online kernel profiling, code coverage and instrumentation , 2011, 2011 International Symposium on Performance Evaluation of Computer & Telecommunication Systems.

[14]  Vladimir V. Rubanov,et al.  Runtime Verification of Linux Kernel Modules Based on Call Interception , 2011, 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation.

[15]  Brian N. Bershad,et al.  Recovering device drivers , 2004, TOCS.

[16]  Allen D. Malony,et al.  The Tau Parallel Performance System , 2006, Int. J. High Perform. Comput. Appl..

[17]  George Candea,et al.  Testing Closed-Source Binary Device Drivers with DDT , 2010, USENIX Annual Technical Conference.

[18]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[19]  Yuping Wang,et al.  PF-Miner: A New Paired Functions Mining Method for Android Kernel in Error Paths , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.

[20]  Li Lei,et al.  Symbolic Execution of Virtual Devices , 2013, 2013 13th International Conference on Quality Software.

[21]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[22]  Asim Kadav,et al.  SymDrive: Testing Drivers without Devices , 2012, OSDI.

[23]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[24]  Alberto González-Sanchez Cost Optimizations in Runtime Testing and Diagnosis of Systems of Systems , 2011, 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation.

[25]  Xi Wang,et al.  Improving Integer Security for Systems with KINT , 2012, OSDI.

[26]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[27]  Bryan Cantrill,et al.  Dynamic Instrumentation of Production Systems , 2004, USENIX Annual Technical Conference, General Track.

[28]  John M. Mellor-Crummey,et al.  Call Paths for Pin Tools , 2014, CGO '14.

[29]  Benjamin Livshits,et al.  Tracking pointers with path and context sensitivity for bug detection in C programs , 2003, ESEC/FSE-11.

[30]  Nathan R. Tallent,et al.  Scalable fine-grained call path tracing , 2011, ICS '11.