|Résumé||The Linux kernel does not export a stable, well-defined kernel interface,
complicating the development of kernel-level services, such as device
drivers and file systems. While there does exist a set of functions that
are exported to external modules, these are continually changing, and
have non-trivial implicit, ill-documented pre and post conditions, which, if not satisfied,
can cause the entire system to crash or hang. We have observed the prevalence of such
safety holes in a study of several recent releases of the Linux kernel.
However, no specific debugging support is provided.
We present Diagnosys, a new approach to automatically constructing a debugging
interface for the Linux kernel. Diagnosys relies on static analysis of kernel source
code to infer usage preconditions of functions exported to kernel-level services. Service
developers can then use the Diagnosys interface generator to produce a debugging interface that
is specialized to their code. This interface is then included within a service implementation such
that when the service is tested it records information about potential problems. Thanks to Diagnosys
crash resilient logging system, the recorded information is then made available on reboot to the service
developer on reboot after a kernel crash or hang.
We use our approach on 10 services from a range of kernel level services including file systems, network adapters,
USB device drivers, multi-media drivers, and show that the debugging interfaces provide useful information in case of faults,
while incurring only a slight performance overhead. |