<-- Back to Main Page
| Date | : | Tuesday, October 31, 2006
|
| Speaker | : | Feng Zhou
|
| Affiliation | : | Berkeley CS
|
| Talk Title | : | SafeDrive - Safe and Recoverable
Extensions Using Language-Based Techniques |
Project Summary
SafeDrive is a project to improve reliability of software
extensions, in particular, Linux device drivers. It brings fine-grained
memory safety, enjoyed mainly by "memory-safe" languages like Java, to
extensions written in C. SafeDrive achieves this using Deputy, a
source-to-source transformation tool, and requires light annotations on
kernel headers and driver source code. In addition to memory-safety,
SafeDrive employs a light-weight recovery system that restores kernel
invariants when a driver fails so that the system can continue to work
in the face of driver failures.
Paper Abstract
We present SafeDrive, a system for detecting and recovering from
type safety violations in software extensions. SafeDrive has low
overhead and requires minimal changes to existing source code. To
achieve this result, SafeDrive uses a novel type system that provides
fine-grained isolation for existing extensions written in C. In
addition, SafeDrive tracks invariants using simple wrappers for the host
system API and restores them when recovering from a violation. This
approach achieves fine-grained memory error detection and recovery with
few code changes and at a significantly lower performance cost than
existing solutions based on hardware-enforced domains, such as Nooks,
L4, and Xen, or software-enforced domains, such as SFI. The principles
used in SafeDrive can be applied to any large system with loadable,
error-prone extension modules.
In this paper we describe our experience using SafeDrive for
protection and recovery of a variety of Linux device drivers. In order
to apply SafeDrive to these device drivers, we had to change less than
4% of the source code. SafeDrive recovered from all 44 crashes due to
injected faults in a network card driver. In experiments with 6
different drivers, we observed increases in kernel CPU utilization of
4–23% with no noticeable degradation in end-to-end performance.
Paper