Formal Functional Verification of Device Drivers

We report on the formal functional verification of a simple device driver for an ATAPI hard disk in Isabelle/HOL. The proof is based on a functional model of the hard disk, which has been integrated into the instruction set architecture of a verified RISC processor as one of several memory-mapped devices. The result is an interleaved computational model, in which the devices and the processor take turns in execution. Even in this concurrent context, the verification can be kept largely sequential and modular with respect to the other devices. This is made possible by sound reordering of computation traces, given that devices do not interfere with each other and the driver monopolizes the hard disk. To the best of our knowledge, this paper presents the first formal functional verification of a device driver against a realistic device and system model.

[1]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[2]  Mark A. Hillebrand,et al.  On the Architecture of System Verification Environments , 2007, Haifa Verification Conference.

[3]  Satnam Singh,et al.  System Level Design and Verification Using a Synchronous Language , 2003, ICCAD 2003.

[4]  Jim Woodcock,et al.  Formalising Flash Memory: First Steps , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[5]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[6]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[7]  Leslie Lamport,et al.  Reduction in TLA , 1998, CONCUR.

[8]  Scott D. Stoller,et al.  Optimistic Synchronization-Based State-Space Reduction , 2003, TACAS.

[9]  Tobias Nipkow,et al.  Isabelle/HOL , 2002, Lecture Notes in Computer Science.

[10]  Jim Woodcock,et al.  POSIX file store in Z/Eves: an experiment in the verified software repository , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[11]  Mark A. Hillebrand,et al.  Dealing with I/O devices in the context of pervasive system verification , 2005, 2005 International Conference on Computer Design.

[12]  Zhong Shao,et al.  Verification of safety properties for concurrent assembly code , 2004, ICFP '04.

[13]  Mark A. Hillebrand,et al.  Formal Verification of Gate-Level Computer Systems , 2009, CSR.

[14]  Elena Petrova,et al.  Pervasive Compiler Verification - From Verified Programs to Verified Systems , 2008, Electron. Notes Theor. Comput. Sci..

[15]  Mark A. Hillebrand,et al.  Formal Device and Programming Model for a Serial Interface , 2007, VERIFY.

[16]  Alex Groce,et al.  New Challenges in Model Checking , 2008, 25 Years of Model Checking.

[17]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[18]  Mark P. Jones,et al.  A principled approach to operating system construction in Haskell , 2005, ICFP '05.

[19]  Stefan M. Petters,et al.  Towards trustworthy computing systems: taking microkernels to the next level , 2007, OPSR.

[20]  Artem Starostin,et al.  Formal Pervasive Verification of a Paging Mechanism , 2008, TACAS.

[21]  Ernie Cohen,et al.  Separation and Reduction , 2000, MPC.

[22]  F. Ferrari,et al.  System-on-a-chip verification~methodology and techniques , 2002, IEEE Circuits and Devices Magazine.