Our Partners
Research on Device Drivers
Overview
A fast and reliable operating system requires fast and reliable device drivers. Most current operating systems sacrifice reliability for speed by executing drivers in kernel mode. Given that drivers account for the bulk of kernel code (70% in Linux), and that driver developers are typically not kernel experts, it does not come as a surprise that the majority of OS failures nowadays are caused by bugs in device drivers.
In a microkernel-based system, such as those based on seL4, device drivers run in user mode, as normal processes, encapsulated in their own address space. This encapsulation can be enforced through hardware mechanisms, such as the memory-management unit (MMU) and an IOMMU for devices performing direct memory access (DMA). Our aim is to have seL4-based I/O that performs comparable to Linux, yet achieving high robustness by encapsulating drivers to achieve fault isolation and ideally formally verify drivers.
seL4 Device Driver Framework (sDDF)
After much activity on (user-level as well as Linux) device drivers, we had for the past 10 years mostly focussed on other issues. With the maturing and increasing deployment of seL4, drivers have come to the forefront again, and we are working on a driver framework for seL4 and issues arising from that.
The seL4 device driver framework provides a set of interfaces, designs and tools for developing high-performance, encapsulated device drivers for seL4.
At the core of the sDDF is a transport layer that enables low-overhead, shared-memory communication between the driver and its client (an OS service such as a network protocol stack of a file-system server). The transport layer uses ring buffers for data sharing, concurrency control and flow control.
The sDDF is as yet incomplete. It currently provides some guidance for designing systems using drivers (device discovery, separation of control and data planes), and has some libraries for high-throughput, low latency data-plane communication.
Related projects
Device virtualisation
The sDDF is also the base for sharing devices between virtual machines and native clients. Here each device has a single driver, encapsulated either in a native component or a virtual machine, and is multiplexed securely between clients.
Driver verification
Formal verification of device drivers is our long-term goal, which is enabled by the strong isolation provided for usermode drivers on seL4, which allows verifying drivers in isolation. We had some limited success at verifying simple drivers in the Cogent project. Our latest attempt at verifying drivers is the Pancake project, which is developing a new low-level programming language reusing the verification framework of CakeML.
Our past work on drivers
Our research on high-performance user-level device drivers predates seL4. In addition we explored a number of approaches in the past, including:
- Dingo
- The Dingo project investigated how existing operating systems, such as Linux, can be made more driver-friendly without radically changing their architecture.
- Hardware/Software Co-Verification
- In this project we developed a methodology that integrates driver development in the hardware design and (informal) verification workflow. This approach allows leveraging the enormous effort that hardware vendors put into hardware quality assurance in order to improve the device-driver reliability.
- Termite
- In the Termite project we explored synthesising drivers from their (device and OS) interface specs. The project combined game-theory approaches with user guidance to produce performant driver code.
Support
Work on the sDDF was initially financially supported by the seL4 Foundation and the Technology Innovation Institute.
Documentation
- sDDF Design — current version 0.4
Availability
The seL4 device driver framework is open source and available on the TS GitHub under a BSD License.
Latest News
- 2024-03-27: TS releases version 0.4 of the sDDF on the TS GitHub.
- 2023-10-19: Lucy Parker presents an update on the sDDF at the seL4 Summit.
- 2022-10-10: Lucy Parker presents the sDDF at the seL4 Summit.
- 2022-10-07: Release of Revision 0.2 of the sDDF is released for comment. The source code is available on GitHub.
Contact
- Gernot Heiser, gernot<at>unsw.edu.au
People
Current |
Past
|
Publications
|
 |
Gernot Heiser, Peter Chubb, Alex Brown, Courtney Darville and Lucy Parker sDDF design: design, implementation and evaluation of the seL4 device driver framework 2024 |
|
|
|
Lucy Parker High-performance networking on seL4 BSc(Hons) Thesis, School of Computer Science and Engineering, Sydney, Australia, November, 2023 |
|
|
|
Johannes Åman Pohjola, Hira Taqdees Syeda, Miki Tanaka, Krishnan Winter, Gordon Sau, Ben Nott, Tiana Tsang Ung, Craig McLaughlin, Remy Seassau, Magnus Myreen, Michael Norrish and Gernot Heiser Pancake: verified systems programming made sweeter Workshop on Programming Languages and Operating Systems (PLOS), Koblenz, DE, October, 2023 |
|
|
 
|
Lucy Parker The seL4 device driver framework Talk at the 5th seL4 Summit, September, 2023 |
|
|
|
Gernot Heiser, Lucy Parker, Ivan Velickovic, Peter Chubb and Ben Leslie Can we put the "S" into IoT? IEEE World Forum on Internet of Things, Yokohama, JP, November, 2022 |
|
|
|
Lucy Parker The seL4 device driver framework Talk at the 4th seL4 Summit, October, 2022 |