Automatic Verification of Message-Based Device Drivers

Amani, Sidney; Chubb, Peter; Donaldson, Alastair F.; Legg, Alexander; Ryzhyk, Leonid; Zhu, Yanjin

doi:10.4204/eptcs.102.3

“…Note that the models of IOAPIC and LAPIC can be merged into a heterogeneous interrupt controller with the simplified transition rules that are presented in Sec. 4.…”

Section: Interrupt Controllermentioning

confidence: 99%

“…There are many lines of work in verifying device drivers based on model checking. Amani et al [4] proposed an approach to automatically verify the protocols between drivers and the operating system. Thomas Witkowski [33] and Alexey Khoroshilov [18] have verified specific protocols of some Linux drivers using the model checker SATABS and DDVERIFY.…”

Section: Related Workmentioning

confidence: 99%

Toward compositional verification of interruptible OS kernels and device drivers

Chen

¹

,

Wu

²

,

Shao

³

et al. 2016

SIGPLAN Not.

4

0

View full text Add to dashboard Cite

An operating system (OS) kernel forms the lowest level of any system software stack. The correctness of the OS kernel is the basis for the correctness of the entire system. Recent efforts have demonstrated the feasibility of building formally verified general-purpose kernels, but it is unclear how to extend their work to verify the functional correctness of device drivers, due to the non-local effects of interrupts. In this paper, we present a novel compositional framework for building certified interruptible OS kernels with device drivers. We provide a general device model that can be instantiated with various hardware devices, and a realistic formal model of interrupts, which can be used to reason about interruptible code. We have realized this framework in the Coq proof assistant. To demonstrate the effectiveness of our new approach, we have successfully extended an existing verified non-interruptible kernel with our framework and turned it into an interruptible kernel with verified device drivers. To the best of our knowledge, this is the first verified interruptible operating system with device drivers.

show abstract

Toward Compositional Verification of Interruptible OS Kernels and Device Drivers

Chen

¹

,

Wu

²

,

Shao

³

et al. 2017

View full text Add to dashboard Cite

Toward compositional verification of interruptible OS kernels and device drivers

Chen

¹

,

Wu

²

,

Shao

³

et al. 2016

Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

An operating system (OS) kernel forms the lowest level of any system software stack. The correctness of the OS kernel is the basis for the correctness of the entire system. Recent efforts have demonstrated the feasibility of building formally verified general-purpose kernels, but it is unclear how to extend their work to verify the functional correctness of device drivers, due to the non-local effects of interrupts. In this paper, we present a novel compositional framework for building certified interruptible OS kernels with device drivers. We provide a general device model that can be instantiated with various hardware devices, and a realistic formal model of interrupts, which can be used to reason about interruptible code. We have realized this framework in the Coq proof assistant. To demonstrate the effectiveness of our new approach, we have successfully extended an existing verified non-interruptible kernel with our framework and turned it into an interruptible kernel with verified device drivers. To the best of our knowledge, this is the first verified interruptible operating system with device drivers.

show abstract

Automatic Verification of Message-Based Device Drivers

Cited by 3 publications

References 18 publications

Toward compositional verification of interruptible OS kernels and device drivers

Toward compositional verification of interruptible OS kernels and device drivers

Toward Compositional Verification of Interruptible OS Kernels and Device Drivers

Toward compositional verification of interruptible OS kernels and device drivers

Contact Info

Product

Resources

About