Dingo: Taming device drivers
Authors
Leonid Ryzhyk, Peter Chubb, Ihor Kuz and Gernot Heiser
School of Computer Science and Engineering
University of New South Wales
Sydney 2052 Australia
NICTA, Sydney,
Australia
Open Kernel Labs, Sydney, Australia
Abstract
Device drivers are notorious for being a major source of failure in operating systems. In analysing a sample of real defects in Linux drivers, we found that a large proportion (39%) of bugs are due to two key shortcomings in the device-driver architecture enforced by current operating systems: poorly-defined communication protocols between drivers and the OS, which confuse developers and lead to protocol violations, and a multithreaded model of computation that leads to numerous race conditions and deadlocks. We claim that a better device driver architecture can help reduce the occurrence of these faults, and present our Dingo framework as constructive proof. Dingo provides a formal, state-machine based, language for describing driver protocols, which avoids confusion and ambiguity, and helps driver writers implement correct behaviour. It also enforces an event-driven model of computation, which eliminates most concurrency-related faults. Our implementation of the Dingo architecture in Linux offers these improvements, while introducing negligible performance overhead. It allows Dingo and native Linux drivers to coexist, providing a gradual migration path to more reliable device drivers.
BibTeX Entry
@inproceedings{Ryzhyk_CKH_09,
title = {Dingo: Taming Device Drivers},
booktitle = {Proceedings of the 4th EuroSys Conference},
author = {Leonid Ryzhyk and Peter Chubb and Ihor Kuz and Gernot Heiser},
year = {2009},
month = {Apr},
address = {Nuremberg, Germany}
}