Bugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself: programmers must master a complex set of rules about how to use the driver API in order to create drivers that are good clients of the kernel. We have built a static analysis engine that finds API usage errors in C programs. The Static Driver Verifier tool (SDV) uses this engine to find kernel API usage errors in a driver. SDV includes models of the OS and the environment of the device driver, and over sixty API usage rules. SDV is intended to be used by driver developers "out of the box." Thus, it has stringent requirements: (1) complete automation with no input from the user; (2) a low rate of false errors. We discuss the techniques used in SDV to meet these requirements, and empirical results from running SDV on over one hundred Windows device drivers.
Bugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself: programmers must master a complex set of rules about how to use the driver API in order to create drivers that are good clients of the kernel. We have built a static analysis engine that finds API usage errors in C programs. The Static Driver Verifier tool (SDV) uses this engine to find kernel API usage errors in a driver. SDV includes models of the OS and the environment of the device driver, and over sixty API usage rules. SDV is intended to be used by driver developers "out of the box." Thus, it has stringent requirements: (1) complete automation with no input from the user; (2) a low rate of false errors. We discuss the techniques used in SDV to meet these requirements, and empirical results from running SDV on over one hundred Windows device drivers.
The Sdv Research Platform (Sdvrp) is a new academic release of Static Driver Verifier (Sdv) and the Slam software model checker that contains: (1) a parameterized version of Sdv that allows one to write custom API rules for APIs independent of device drivers; (2) thousands of Boolean programs generated by Sdv in the course of verifying Windows device drivers, including the functional and performance results (of the Bebop model checker) and test scripts to allow comparison against other Boolean program model checkers; (3) a new version of the Slam analysis engine, called Slam2, that is much more robust and performant.
In this paper we describe our experience of using Microsoft Azure cloud
computing platform for static analysis. We start by extending Static Driver
Verifier to operate in the Microsoft Azure cloud with significant improvements
in performance and scalability. We present our results of using SDV on single
drivers and driver suites using various configurations of the cloud relative to
a local machine. Finally, we describe the Static Module Verifier platform, a
highly extensible and configurable platform for static analysis of generic
modules, where we have integrated support for verification using a cloud
services provider (Microsoft Azure in this case).Comment: In Proceedings iFMCloud 2016, arXiv:1610.0770
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.