Download presentation
Presentation is loading. Please wait.
Published byHugo Patrick Modified over 9 years ago
1
05.09.2015 How to Cook an Automated System for Linux Driver Verification Oleg Strikov Vadim Mutilin
2
Oleg A. Strikov Vadim S. Mutilin 2 / 12 05.09.2015 Guinea-pig DAC960PD-Ultra a high performance three-channel Ultra SCSI disk array controller that uses Intel's i960 32- bit microprocessor supports disk arrays for RAID levels 0, 1, 5, 0+1, and 5+0 permits data transfer rates across the PCI bus at 132MB/sec supports Fast-20 data transfer rates of 40MB/sec. per channel up to 45 drives can be attached to the RAID controller supports the Global Array Manager full device driver support for UNIX, Windows, OS/2, NetWare and other operating systems DAC960
3
Oleg A. Strikov Vadim S. Mutilin 3 / 12 05.09.2015 Confusing Linux Driver Code Controller->V1.DualModeMemoryMailboxInterface = false; true VERIFICATION NEEDED
4
Oleg A. Strikov Vadim S. Mutilin 4 / 12 05.09.2015 Manuscript
5
Oleg A. Strikov Vadim S. Mutilin 5 / 12 05.09.2015 Mixing Up BLAST DRIVER SOURCE VERIFICATION MODELS INSTRUMENTATION TOOL
6
Oleg A. Strikov Vadim S. Mutilin 6 / 12 05.09.2015 BLAST??? Berkeley Lazy Abstraction Software Verification Tool BLAST is a software model checker for C programs. It uses counterexample-driven automatic abstraction refinement to construct an abstract model which is model checked for safety properties.
7
Oleg A. Strikov Vadim S. Mutilin 7 / 12 05.09.2015 Real World Example /drivers/block/DAC960.c No explicit calls to linking-level init procedures (not BLAST acceptable) Callback interface procedures registration (not BLAST acceptable also) module_init(DAC960_init_module); module_exit(DAC960_cleanup_module); ret = pci_register_driver(&DAC960_pci_driver) Extra preprocessing tools should be coded
8
Oleg A. Strikov Vadim S. Mutilin 8 / 12 05.09.2015 Conceptual Hack Toolkit Bash scripting magic STATUS: DOUBLE DUTCH STATUS: BLAST ACCEPTABLE
9
Oleg A. Strikov Vadim S. Mutilin 9 / 12 05.09.2015 BLAST SHAMANIC RITUAL RULE ID0029. CANNOT CALL ALLOC() BEFORE CREATE() Error found! System is unsafe :-(
10
Oleg A. Strikov Vadim S. Mutilin 10 / 12 05.09.2015 HOW IT WORKS NATURAL LANGUAGE RULE FORMAL LANGUAGE RULE ID 0029: Memory regions cannot be allocated from non-existent predecessor pool TARGET: Prevent potential system crash, connected with incorrect pool subsystem function set usage: dma_pool_alloc() cannot be called before successful creation of pool with dma_pool_create().
11
Oleg A. Strikov Vadim S. Mutilin 11 / 12 05.09.2015 RESULTS (in progress…) 55 COLLECTED 24 beyond the scope of BLAST 15 has been formalized CURRENT TARGETS SUBSYSTEMS /usr/src/linux/net & /usr/src/linux/drivers/net /usr/src/linux/block & /usr/src/linux/drivers/block /usr/src/linux/drivers/char
12
Oleg A. Strikov Vadim S. Mutilin 12 / 12 05.09.2015 CONTACTS OLEG A. STRIKOV oleg.strikov@ispras.ru VADIM S. MUTILIN mutilin@ispras.ru
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.