Learn More
Running device drivers as unprivileged user-level code, encapsulated into their own process, has often been proposed as a technique for increasing system robustness. However, in the past, systems based on user-level drivers have generally exhibited poor I/O performance. Consequently, user-level device drivers have never caught on to any significant degree.(More)
Device drivers are notorious for being a major source of failure in operating systems. In analysing a sample of real defects in Linux drivers, we found that a large proportion (39%) of bugs are due to two key shortcomings in the device-driver architecture enforced by current operating systems: poorly-defined communication protocols between drivers and the(More)
Faulty device drivers cause significant damage through down time and data loss. The problem can be mitigated by an improved driver development process that guarantees correctness by construction. We achieve this by synthesising drivers automatically from formal specifications of device interfaces, thus reducing the impact of human error on driver(More)
We present an approach to writing and formally verifying high-assurance file-system code in a restricted language called COGENT, supported by a certifying compiler that produces C code, high-level specification of COGENT, and translation correctness proofs. The language is strongly typed and guarantees absence of a number of common file system(More)
Now that Linux has fast system calls, good (and getting better) threading, and cheap context switches, it’s possible to write device drivers that live in user space for whole new classes of devices. Of course, some device drivers (Xfree, in particular) have always run in user space, with a little bit of kernel support. With a little bit more kernel support(More)
Itanium is a fairly new and rather unusual architecture. Its defining feature is explicitly-parallel instruction-set computing (EPIC), which moves the onus for exploiting instruction-level parallelism (ILP) from the hardware to the code generator. Itanium theoretically supports high degrees of ILP, but in practice these are hard to achieve, as present(More)
Linux 2.5.x has good support now for user-mode device drivers — XFree being the biggest and most obvious — but also there is support for user-mode input devices and for devices that hang off the parallel port. The motivations for user-mode device drivers are many: • Ease of development (all the normal user-space tools can be used to write and debug, not(More)
Despite its current popularity, para-virtualization has an enormous cost. Its deviation from the platform architecture abandons many of the benefits of traditional virtualization: stable and well-defined platform interfaces, hypervisor neutrality, operating system neutrality, and upgrade neutrality - in sum, modularity. Additionally, para-virtualization has(More)
Despite its current popularity, para-virtualization has an enormous cost. Its diversion from the platform architecture abandons many of the benefits that come with pure virtualization (the faithful emulation of the platform API): stable and well-defined platform interfaces, single binaries for kernel and device drivers (and thus lower testing, maintenance,(More)
We develop a practical solution to the problem of automatic verification of the interface between device drivers and the operating system. Our solution relies on a combination of improved driver architecture and verification tools. Unlike previous proposals for verification-friendly drivers, our methodology supports drivers written in C and can be(More)