Finding device driver bugs is difficult. Testing device drivers is difficult. Writing device drivers is difficult. This set of problems leads to one inescapable conclusion: as it exists today, device driver development needs improvement. My research focuses on improving the process of driver development, by writing drivers in a modern programming language, with Decaf, and testing drivers even when the corresponding device hardware is unavailable, with SymDrive.
SymDrive: Testing Drivers without Devices.
M. J. Renzelmann, A. Kadav, and M. M. Swift. SymDrive: Testing Drivers Without Devices. In Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation, OSDI'12, pages 279-292, Berkeley, CA, USA, 2012. USENIX Association.
PDF: here.
Webpage: here.
Device-driver development and testing is a complex and error-prone undertaking. For example, a single driver may support dozens of devices, and a developer may not have access to any of them. As a result, many Linux driver patches include the comment "compile tested only." Furthermore, testing error-handling code is difficult, as it requires faulty inputs from the device.
SymDrive is a system for testing Linux and FreeBSD drivers without their devices. The system uses symbolic execution to remove the need for hardware, and provides three new features beyond prior symbolic-testing tools. First, SymDrive greatly reduces the effort of testing a new driver with a static-analysis and source-to-source transformation tool. Second, SymDrive allows checkers to be written as ordinary C and execute in the kernel, where they have full access to kernel and driver state. Finally, SymDrive provides an execution-tracing tool to identify how a patch changes I/O to the device and to compare device driver implementations. In applying SymDrive to 21 Linux drivers and 5 FreeBSD drivers, we found 39 bugs.
Decaf: Moving Device Drivers to a Modern Language
M. J. Renzelmann and M. M. Swift. Decaf: Moving Device Drivers to a Modern Language. In Proceedings of the 2009 conference on USENIX Annual technical conference, USENIX'09, pages 187-200, Berkeley, CA, USA, 2009. USENIX Association.
PDF: here.
Writing code to interact with external devices is inherently difficult, and the added demands of writing device drivers in C for kernel mode compounds the problem. This environment is complex and brittle, leading to increased development costs and, in many cases, unreliable code. Previous solutions to this problem ignore the cost of migrating drivers to a better programming environment and require writing new drivers from scratch or even adopting a new operating system.
We present Decaf Drivers, a system for incrementally converting existing Linux kernel drivers to Java programs in user mode. With support from program-analysis tools, Decaf separates out performance-sensitive code and generates a customized kernel interface that allows the remaining code to be moved to Java. With this interface, a programmer can incrementally convert driver code in C to a Java decaf driver. The Decaf Drivers system achieves performance close to native kernel drivers and requires almost no changes to the Linux kernel. Thus, Decaf Drivers enables driver programming to advance into the era of modern programming languages without requiring a complete rewrite of operating systems or drivers.
With five drivers converted to Java, we show that Decaf Drivers can (1) move the majority of a driver's code out of the kernel, (2) reduce the amount of driver code, (3) detect broken error handling at compile time with exceptions, (4) gracefully evolve as driver and kernel code and data structures change, and (5) perform within one percent of native kernel-only drivers.
Other Conference Publications
A. Kadav, M. Renzelmann, and M. M. Swift. Fine-Grained Fault Tolerance using Device Checkpoints. In ASPLOS '13: Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 473-484, New York, NY, USA, 2013. ACM.
A. Kadav, M. J. Renzelmann, and M. M. Swift. Tolerating Hardware Device Failures in Software. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP '09, pages 59-72, New York, NY, USA, 2009. ACM.
V. Ganapathy, M. J. Renzelmann, A. Balakrishnan, M. M. Swift, and S. Jha. The Design and Implementation of Microdrivers. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIII, pages 168-178, New York, NY, USA, 2008. ACM.
C. Jayant, M. Renzelmann, D. Wen, S. Krisnandi, R. Ladner, and D. Comden. Automated Tactile Graphics Translation: In the Field. In Assets '07: Proceedings of the 9th International ACM SIGACCESS Conference on Computers and Accessibility, pages 75-82, New York, NY, USA, 2007. ACM.
R. E. Ladner, M. Y. Ivory, R. Rao, S. Burgstahler, D. Comden, S. Hahn, M. Renzelmann, S. Krisnandi, M. Ramasamy, B. Slabosky, A. Martin, A. Lacenski, S. Olsen, and D. Groce. Automating Tactile Graphics Translation. In Assets '05: Proceedings of the 7th International ACM SIGACCESS Conference on Computers and Accessibility, pages 150-157, New York, NY, USA, 2005. ACM.