Capability wrangling made easy: debugging on a microkernel with valgrind

Not all operating systems are created equal. Contrasting traditional monolithic kernels, there is a class of systems called microkernels more prevalent in embedded systems like cellphones, chip cards or real-time controllers. These kernels offer an abstraction very different from the classical POSIX interface. The resulting unfamiliarity for programmers complicates development and debugging. Valgrind is a well-known debugging tool that virtualizes execution to perform dynamic binary analysis. However, it assumes to run on a POSIX-like kernel and closely interacts with the system to control execution. In this paper we analyze how to adapt Valgrind to a non-POSIX environment and describe our port to the Fiasco.OC microkernel. Additionally, we analyze bug classes that are indigenous to capability systems and show how Valgrind's flexibility can be leveraged to create custom debugging tools detecting these errors.

[1]  Brendan Gregg,et al.  Solaris Performance and Tools: DTrace and MDB Techniques for Solaris 10 and OpenSolaris , 2006 .

[2]  Hermann Härtig,et al.  VPFS: building a virtual private file system with a small trusted computing base , 2008, Eurosys '08.

[3]  Paul A. Karger,et al.  An Augmented Capability Architecture to Support Lattice Security and Traceability of Access , 1984, 1984 IEEE Symposium on Security and Privacy.

[4]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[5]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[6]  Michel Dagenais,et al.  Measuring and Characterizing System Behavior Using Kernel-Level Event Logging , 2000, USENIX Annual Technical Conference, General Track.

[7]  Samuel T. King,et al.  Debugging Operating Systems with Time-Traveling Virtual Machines (Awarded General Track Best Paper Award!) , 2005, USENIX Annual Technical Conference, General Track.

[8]  Christof Fetzer,et al.  Switchblade: enforcing dynamic personalized system call models , 2008, Eurosys '08.

[9]  Jeff Bonwick,et al.  The Slab Allocator: An Object-Caching Kernel Memory Allocator , 1994, USENIX Summer.

[10]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[11]  Maurice Herlihy,et al.  Transactional Memory: Architectural Support For Lock-free Data Structures , 1993, Proceedings of the 20th Annual International Symposium on Computer Architecture.

[12]  Insung Park Event Tracing for Windows: Best Practices , 2004, Int. CMG Conference.

[13]  Björn Döbel,et al.  Towards Runtime Monitoring in Real-Time Systems , 2006 .

[14]  Yuanyuan Zhou,et al.  Have things changed now?: an empirical study of bug characteristics in modern open source software , 2006, ASID '06.

[15]  Marek Olszewski,et al.  JIT instrumentation: a novel approach to dynamically instrument operating systems , 2007, EuroSys '07.

[16]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[17]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[18]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[19]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[20]  stallman-richard-m-cygnus-solutions Debugging with GDB: The GNU Source-Level Debugger for GDB , 2000 .

[21]  Adam Lackorzynski,et al.  Taming subsystems: capabilities as universal resource access control in L4 , 2009, IIES '09.

[22]  R. Krishnakumar Kernel korner: kprobes-a kernel debugger , 2005 .

[23]  J. Liedtke On -Kernel Construction , 1995 .

[24]  Nicholas Nethercote,et al.  How to shadow every byte of memory used by a program , 2007, VEE '07.

[25]  Will Drewry,et al.  Flayer: Exposing Application Internals , 2007, WOOT.

[26]  Steven Hand,et al.  PDB: pervasive debugging with Xen , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[27]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[28]  Jochen Liedtke,et al.  On micro-kernel construction , 1995, SOSP.

[29]  Hendrik Tews,et al.  Formal Memory Models for the Verification of Low-Level Operating-System Code , 2009, Journal of Automated Reasoning.

[30]  Peter E. Strazdins,et al.  Parallelisation of the Valgrind Dynamic Binary Instrumentation Framework , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[31]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[32]  Mateo Valero,et al.  Multiple-banked register file architectures , 2000, Proceedings of 27th International Symposium on Computer Architecture (IEEE Cat. No.RS00201).