Presentation is loading. Please wait.

Presentation is loading. Please wait.

Testing and Analysis of Device Drivers Supervisor: Abhik Roychoudhury Author: Pham Van Thuan 1.

Published byLeonard Harris Modified over 9 years ago

Similar presentations

Presentation on theme: "Testing and Analysis of Device Drivers Supervisor: Abhik Roychoudhury Author: Pham Van Thuan 1."— Presentation transcript:

1 Testing and Analysis of Device Drivers Supervisor: Abhik Roychoudhury Author: Pham Van Thuan 1

2 Agenda 2  Problem statement  Literature review  Open research problems  RQ-1. Subsystem aware test case generation  RQ-2. Testing device protocol violation bugs  Preliminary work

3 Problem statement  Device driver bugs are the main cause of OS crashes (85% crashes of Windows XP, 53% out of 1000 defects in Linux kernel 2.6.9).  How to find these bugs and/or prevent their negative effects. 3 Software model checking Testing and analysis Isolating and tolerating Modifying current driver architectures Static analysis + code transformation Dynamic symbolic execution based testing

4 Linux device driver architecture 4

5 Classification of common device driver bugs 5  Incorrect use of kernel-internal APIs  Incorrect implementation of the device’s protocol  Concurrency related bug  Memory access violation  Resource leak

6 Program analysis and Software model checking 6 Static analysis Composite static analysis Predicate abstraction + CEGAR Software model checking Bounded model checking Lazy abstraction Configurable Software Verification SLAM, SATABSBLAST CPAChecker CBMC CEGAR CBMC Abstract interpretation

7 7 Symbolic Execution Static symbolic execution (SSE) Dynamic symbolic/concolic execution (DSE) DSE + SSE DSE + Selective symbolic execution DSE + State merging DSE + Interpolation DART, KLEE, MAYHEM Compositional DSE Calysto (ICSE’2008) ISCE’2014 POPL’2007 ASPLOS’2011 PLDI’2012 FSE’2013 L1 L2 L3 L4 L5 L6 L7L8 L4

8 SymDrive: Testing drivers without devices  Static analyzer + code transformation  Test framework  Symbolic device 8

9 Open research problems  Scalability problem  Reachability problem  Test oracle – Assertion generation  Driver/Device interface violation testing 9

10 RQ-1. Subsystem aware test case generation 10 Example of Linux driver subsystems

11 Subsystem aware test case generation 11 Hierarchical view of a USB keyboard device driver

12 RQ-1.1. Assertion generation 12  Use static analyzer to detect potential buggy locations  Use code transformation technique to insert calls to run-time checkers.  Design checkers for the interface between the kernel and device drivers (Checker can be used for testing several device drivers)

13 RQ-1.2. Test program generation 13 Test program C library System call interface + Virtual File System Driver subsystem core Device Driver Libc, system calls invocations Open(…) Read(…) Write(…) … Close(…) Generic interfaces: File_operations, block_device_operations, net_device_ops Subsystem specific functions Driver entry points

14 Skeleton of a driver subsystem call graph 14  Build the skeleton for each driver subsystem.  Generate test program(s) based on the paths in the skeleton of the driver subsystem under test

15 Entry points RQ-1.3. Driver entry points and assertions reachability 15 Test program C library System call VFS Driver core Device Driver Assertion Test program C library System call VFS Driver core Device Driver Driver entry points reachabilityAssertions reachability

16 RQ-2. Testing device protocol violation bugs 16  A device driver may violate the protocol of the corresponding hardware device (packet format, sequence of packet transfer, time …)  A Hardware device may run in unexpected states due to bugs in the device driver. Device driver Bus controller + Bus driver Virtual hardware device

17 RQ-2.1. Virtual symbolic device modeling 17  Symbolic input/output interfaces  Internal working blocks to emulate real hardware device(s) Virtual Symbolic Device S2E Symbolic Device QEMU Virtual hardware device

18 RQ-2.2. Assertion & Annotation generation 18  Assertion  Assert valid register settings  Assert a correct working state  Assert a correct packet format (received from device driver)  Annotation  Add constraints for the format of packets to be sent to a device driver informal technical documents (datasheets) Assertion, annotation ?

19 Preliminary work 19  Control Flow Graph (CFG)  Use profiling information to resolve indirect calls, indirect jumps.  Control Dependency Graph (CDG)  CDG works with CFG and the skeleton of the subsystem call graph to guide path exploration and prune uninteresting paths.

20 Preliminary work 20  Search algorithm replays a path to reach a predefined location (a driver entry point is an example).  Integrate Z3 constraint solver into S2E framework for checking un-sat core, solving string constraints (Z3-str) … (not supported by STP, the default solver of S2E) Assertion Test program C library System call VFS Driver core Device Driver

21 21 Q&A

Download ppt "Testing and Analysis of Device Drivers Supervisor: Abhik Roychoudhury Author: Pham Van Thuan 1."

Similar presentations

Advanced programming tools at Microsoft

Advanced programming tools at Microsoft
Lecture 101 Lecture 10: Kernel Modules and Device Drivers ECE 412: Microcomputer Laboratory.

Lecture 101 Lecture 10: Kernel Modules and Device Drivers ECE 412: Microcomputer Laboratory.
purpose Search : automation methods for device driver development in IP-based embedded systems in order to achieve high reliability, productivity, reusability.

purpose Search : automation methods for device driver development in IP-based embedded systems in order to achieve high reliability, productivity, reusability.
Recovering Device Drivers Michael M Swift, Muthukaruppan Annamalai, Brian N Bershad and Henry Levy.

Recovering Device Drivers Michael M Swift, Muthukaruppan Annamalai, Brian N Bershad and Henry Levy.
Leonardo de Moura Microsoft Research. Z3 is a new solver developed at Microsoft Research. Development/Research driven by internal customers. Free for.

Leonardo de Moura Microsoft Research. Z3 is a new solver developed at Microsoft Research. Development/Research driven by internal customers. Free for.
Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)

Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang 1, Tao Wei 1, Guofei Gu 2, Wei Zou 1 1 Peking.

TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang 1, Tao Wei 1, Guofei Gu 2, Wei Zou 1 1 Peking.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Submitted by: Omer & Ofer Kiselov Supevised by: Dmitri Perelman Networked Software Systems Lab Department of Electrical Engineering, Technion.

Submitted by: Omer & Ofer Kiselov Supevised by: Dmitri Perelman Networked Software Systems Lab Department of Electrical Engineering, Technion.
1 Static Testing: defect prevention SIM3302. 2 objectives Able to list various type of structured group examinations (manual checking) Able to statically.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.

Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc08.html.

Program analysis Mooly Sagiv html://

Similar presentations

Ads by Google