Solving the starting problem: device drivers as self-describing artifacts

Run-time conflicts can affect even the most rigorously tested software systems. A reliance on execution-based testing makes it prohibitively costly to test every possible interaction among potentially thousands of programs with complex configurations. In order to reduce configuration problems, detect developer errors, and reduce developer effort, we have created a new first class operating system abstraction, the application abstraction, which enables both online and offline reasoning about programs and their configuration requirements.We have implemented a subset of the application abstraction for device drivers in the Singularity operating system. Programmers use the application abstraction by placing declarative statements about hardware and communication requirements within their code. Our design enables Singularity to learn the input/output and interprocess communication requirements of drivers without executing driver code. By reasoning about this information within the domain of Singularity's strong software isolation architecture, the installer can execute a subset the system's resource management algorithm at install time to verify that a new driver will not conflict with existing software. This abstract representation also allows the system to run the full algorithm at driver start time to ensure that there are never resource conflicts between executing drivers, and that drivers never use undeclared resources.

[1]  L. Bailey Maximum RPM-Taking the Red Hat Package Manager to the Limit , 1998 .

[2]  Martín Abadi,et al.  An Overview of the Singularity Project , 2005 .

[3]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[4]  Daniel Pierre Bovet,et al.  Understanding the Linux Kernel , 2000 .

[5]  Jochen Liedtke,et al.  The performance of μ-kernel-based systems , 1997, SOSP.

[6]  Junfeng Yang,et al.  Using model checking to find serious file system errors , 2004, TOCS.

[7]  Tobias Scherbaum Gentoo Linux , 2008 .

[8]  Andrew Warfield,et al.  Safe Hardware Access with the Xen Virtual Machine Monitor , 2007 .

[9]  Jun Sun,et al.  HAIL: a language for easy and correct device access , 2005, EMSOFT.

[10]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[11]  Erik Ruf,et al.  Marmot: an optimizing compiler for Java , 2000 .

[12]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[13]  Brian N. Bershad,et al.  Recovering device drivers , 2004, TOCS.

[14]  YangJunfeng,et al.  An empirical study of operating systems errors , 2001 .

[15]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[16]  Laurent Réveillère,et al.  Devil: an IDL for hardware programming , 2000, OSDI.

[17]  Yang Meng Tan,et al.  LCLint: a tool for using specifications to check code , 1994, SIGSOFT '94.

[18]  James R. Larus,et al.  Broad New OS Research: Challenges and Opportunities , 2005, HotOS.

[19]  Murray Hill,et al.  Lint, a C Program Checker , 1978 .

[20]  Úlfar Erlingsson,et al.  Virtual Environments for Unreliable Extensions , 2005 .

[21]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.

[22]  Cynthia E. Irvine,et al.  A study of initialization in Linux and OpenBSD , 2005, OPSR.

[23]  Andy Oram,et al.  Understanding the Linux Kernel, Second Edition , 2002 .

[24]  Allan Heydon,et al.  The Vesta Approach to Software Configuration Management , 2001 .

[25]  Michael Golm,et al.  The JX Operating System , 2002, USENIX Annual Technical Conference, General Track.

[26]  Wilson C. Hsieh,et al.  The KaffeOS Java runtime system , 2005, TOPL.

[27]  James R. Larus,et al.  Singularity Design Motivation , 2004 .

[28]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[29]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[30]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[31]  William J. Bolosky,et al.  Mach: A New Kernel Foundation for UNIX Development , 1986, USENIX Summer.

[32]  Stefan Götz,et al.  Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines , 2004, OSDI.

[33]  Martín Abadi,et al.  Access Control in a World of Software Diversity , 2005, HotOS.

[34]  John DeTreville Making System Configuration More Declarative , 2005, HotOS.