Concurrent Device Drivers Martin Ellis Motivation Towards safer Concurrent Device Drivers Making Safer Concurrent Device Drivers. Modeling RMoX Drivers in CSP Previous Work The Problem Our Technique Resource Driver Martin Ellis Extending CSP generation. Modelling Drivers? Summary School of Computing University of Kent Communicating Process Architectures, 2011
Outline Concurrent Device Drivers Martin Ellis 1 Motivation Motivation Making Safer Making Safer Concurrent Device Drivers. Concurrent Device Drivers. Previous Work Previous Work The Problem Our Technique Resource Driver The Problem 2 Extending CSP generation. Modelling Drivers? Summary 3 Our Technique Resource Driver Extending CSP generation.
Outline Concurrent Device Drivers Martin Ellis 1 Motivation Motivation Making Safer Making Safer Concurrent Device Drivers. Concurrent Device Drivers. Previous Work Previous Work The Problem Our Technique Resource Driver The Problem 2 Extending CSP generation. Modelling Drivers? Summary 3 Our Technique Resource Driver Extending CSP generation.
The World So Far. . . Concurrent Device Drivers Martin Ellis Motivation Making Safer Concurrent Device Drivers. Previous Work We want "safe" and "correct" concurrent device drivers. The Problem Our Technique Device Driver / Kernel interface well understood. Resource Driver Extending CSP Device Driver / Hardware interface less so. generation. Modelling Drivers? Summary
Outline Concurrent Device Drivers Martin Ellis 1 Motivation Motivation Making Safer Making Safer Concurrent Device Drivers. Concurrent Device Drivers. Previous Work Previous Work The Problem Our Technique Resource Driver The Problem 2 Extending CSP generation. Modelling Drivers? Summary 3 Our Technique Resource Driver Extending CSP generation.
Existing Techniques Concurrent Device Drivers Most previous work done on kernel/driver interfaces. Martin Ellis Slam. Motivation Making Safer Static analysis of Windows drivers. Concurrent Device Drivers. Tried to help provent kernel crashes (BSoD). Previous Work DDV ERIFY The Problem Our Technique Static analysis of Linux drivers. Resource Driver Handles concurrent Linux drivers. Extending CSP generation. Modelling Drivers? Fred Barne’s work on modeling drivers is CSP . Summary Prove deadlock freedom of RMoX drivers. Only considered the Driver/Kernel interface. Driver synthesis. Chinook. Mattias I’Nils’ and Axel Jantsch’s work with ProGram.
Device Driver Complexities. Concurrent Device Drivers Martin Ellis Motivation Making Safer Concurrent Device Drivers. Previous Work Memory mapped IO vs port mapped IO. The Problem Overloaded addresses. Our Technique Resource Driver Bitfields. Extending CSP generation. Modelling Drivers? Concurrent access. Summary
Concurrent Device Drivers Martin Ellis bitfield port Motivation 0 4 8 12 15 Making Safer Concurrent Device Drivers. rdy parity Previous Work data reserved The Problem Our Technique Resource Driver Select and Access ports Extending CSP generation. Modelling Drivers? 0 4 8 12 15 Summary � Register Select 0x200 � 0x216 Access
Concurrent Device Drivers Martin Ellis bitfield port Motivation 0 4 8 12 15 Making Safer Concurrent Device Drivers. rdy parity Previous Work data reserved The Problem Our Technique Resource Driver Select and Access ports Extending CSP generation. Modelling Drivers? 0 4 8 12 15 Summary � Register Select 0x200 � 0x216 Access
Concurrent Access Concurrent Device Drivers Martin Ellis Motivation Making Safer Concurrent Device Drivers. Previous Work Placed memory/channels The Problem Our Technique Circumvents parallel usage checking Resource Driver Extending CSP All the usual issues with data aliasing. generation. Modelling Drivers? Summary
Outline Concurrent Device Drivers Martin Ellis 1 Motivation Motivation Making Safer Making Safer Concurrent Device Drivers. Concurrent Device Drivers. Previous Work Previous Work The Problem Our Technique Resource Driver The Problem 2 Extending CSP generation. Modelling Drivers? Summary 3 Our Technique Resource Driver Extending CSP generation.
Concurrent Device Drivers Martin Ellis Kernel / Driver interface made of well understood Motivation Making Safer occam channels. Concurrent Device Drivers. Previous Work Hardware / Driver interface made of "magic". The Problem Abstract things into nice occam channels. Our Technique Resource Driver Extending CSP generation. Modelling Drivers? Summary Device Kernel Hardware Driver
Concurrent Device Drivers Martin Ellis Kernel / Driver interface made of well understood Motivation Making Safer occam channels. Concurrent Device Drivers. Previous Work Hardware / Driver interface made of "magic". The Problem Abstract things into nice occam channels. Our Technique Resource Driver Extending CSP generation. Modelling Drivers? Summary Device Resource Kernel Hardware Driver Driver
Resource Driver Concurrent Device Drivers Martin Ellis Motivation Making Safer Concurrent Device Drivers. So what does the resource driver give us? Previous Work The Problem Primitives for reading registers "correctly" Our Technique Sanity checks (no use before decleration etc) Resource Driver Extending CSP generation. These runtime checks are slow though. � Modelling Drivers? Summary
Resource Driver Concurrent Device Drivers Martin Ellis Motivation Making Safer Concurrent Device Drivers. So what does the resource driver give us? Previous Work The Problem Primitives for reading registers "correctly" Our Technique Sanity checks (no use before decleration etc) Resource Driver Extending CSP generation. These runtime checks are slow though. � Modelling Drivers? Summary
Outline Concurrent Device Drivers Martin Ellis 1 Motivation Motivation Making Safer Making Safer Concurrent Device Drivers. Concurrent Device Drivers. Previous Work Previous Work The Problem Our Technique Resource Driver The Problem 2 Extending CSP generation. Modelling Drivers? Summary 3 Our Technique Resource Driver Extending CSP generation.
Extending KRoC Concurrent Device Drivers Martin Ellis Motivation Making Safer Concurrent Device Drivers. KRoC’s CSP model generation has been extended. Previous Work The Problem Now includes details of variant channels. Our Technique Number of parameters. Resource Driver Extending CSP generation. Values known known at compile time. Modelling Drivers? Summary
Protocol → CSP Concurrent Device Drivers occam Martin Ellis PROTOCOL P.RES Motivation CASE Making Safer Concurrent Device Drivers. a; INT Previous Work b; INT; BYTE The Problem : Our Technique Resource Driver Extending CSP generation. CSP Modelling Drivers? Summary U = ( − 999 ) NUMBER = { U } ∪ { 0 .. 99 } channelres : a . NUMBER | b . NUMBER . NUMBER
Protocol → CSP Concurrent Device Drivers occam Martin Ellis PROTOCOL P.RES Motivation CASE Making Safer Concurrent Device Drivers. a; INT Previous Work b; INT; BYTE The Problem : Our Technique Resource Driver Extending CSP generation. CSP Modelling Drivers? Summary U = ( − 999 ) NUMBER = { U } ∪ { 0 .. 99 } channelres : a . NUMBER | b . NUMBER . NUMBER
Communication → CSP Concurrent occam Device Drivers Martin Ellis Motivation PROC x (chan P.RES res!) Making Safer Concurrent Device Drivers. SEQ Previous Work res ! a; x The Problem res ! b; y; z Our Technique Resource Driver : Extending CSP generation. Modelling Drivers? Summary CSP X ( res ) = res . a !( U ) → res . b !( U ) . ( U ) → SKIP
Communication → CSP Concurrent occam Device Drivers Martin Ellis Motivation PROC x (chan P.RES res!) Making Safer Concurrent Device Drivers. SEQ Previous Work res ! a; x The Problem res ! b; y; z Our Technique Resource Driver : Extending CSP generation. Modelling Drivers? Summary CSP X ( res ) = res . a !( U ) → res . b !( U ) . ( U ) → SKIP
Constant Propagation Concurrent occam Device Drivers Martin Ellis Motivation PROC x (chan P.RES res!) Making Safer Concurrent Device Drivers. SEQ Previous Work res ! a; 42 The Problem res ! b; y; z Our Technique Resource Driver : Extending CSP generation. Modelling Drivers? Summary CSP X ( res ) = res . a !( 42 ) → res . b !( U ) . ( U ) → SKIP
Externalising internal choice. Concurrent Device Drivers Martin Ellis Motivation Making Safer Generated CSP Concurrent Device Drivers. Previous Work PPORT HANDLER g = The Problem ( srv . InPResResInDeclare ? vv . pa → Our Technique PPORT HANDLER ⊓ STOP ) � Resource Driver Extending CSP generation. ( srv . InPResPortInDeclare ? vv . pa . pc → Modelling Drivers? PPORT HANDLER ⊓ STOP ) � Summary ( srv . other 1 � srv . other 2 � . . . ) ; PPORT HANDLER
Recommend
More recommend