Statecharts: A visual formalism for complex systems
Science of Computer Programming
Temporal-Safety Proofs for Systems Code
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Predicate Abstraction of ANSI-C Programs Using SAT
Formal Methods in System Design
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Language support for fast and reliable message-based communication in singularity OS
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Model checking concurrent linux device drivers
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Proceedings of the 4th ACM European conference on Computer systems
Checking process-oriented operating system behaviour using CSP and refinement
ACM SIGOPS Operating Systems Review
Goanna: a static model checker
FMICS'06/PDMC'06 Proceedings of the 11th international workshop, FMICS 2006 and 5th international workshop, PDMC conference on Formal methods: Applications and technology
The case for active device drivers
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
Faults in linux: ten years later
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
SymDrive: testing drivers without devices
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Hypnos: understanding and treating sleep conflicts in smartphones
Proceedings of the 8th ACM European Conference on Computer Systems
Hi-index | 0.00 |
We argue that the device driver architecture enforced by current operating systems complicates both manual and automatic reasoning about driver behaviour. In particular, it makes it hard and in some cases impossible to statically verify that the driver correctly interacts with the rest of the kernel. This limitation cannot be addressed solely via better verification tools. We maintain that qualitative improvement in the effectiveness of static driver verification must rely on an improved driver architecture, leading to drivers that are easier to write, understand, and verify. To support our claims, we present a device driver architecture, called active drivers, that satisfies these requirements. We outline our methodology for specifying and verifying active driver protocols using existing model checking tools and describe initial experimental results.