¡@

Device drivers are the most unreliable part of an operating system. In this paper, we propose a framework called nDriver. Based on the design diversity concept, it uses multiple implementations of a device driver to survive from driver faults. Once a fault happens in a driver, nDriver can dynamically replace the faulty driver with another implementation, instead of allowing the faulty driver to crash the system. The unique features of nDriver are as follows. First, it can detect two major kinds of driver faults, the exception and blocking faults. Second, the requests issued to the driver will not be lost due to the driver replacement. Third, the driver replacement is transparent to all the other kernel subsystems. Fourth, nDriver requires no modification to the existing operating system or driver codes. The major contribution of this work is that nDriver implements the concept of design diversity at the device driver layer. Moreover, it achieves the goal of seamless driver replacement and improves operating system availability without modifying the existing operating system or driver codes. We implemented nDriver as a kernel module in Linux. Currently, it can recover the system from faults in network device drivers. However, the mechanisms can be adapted to other module-based device drivers with a slight extension. According to the performance evaluation, the overhead of nDriver is no more than 3.5% and the recovery time is quite small. This indicates that nDriver is an efficient mechanism to increase the availability of an operating system.

Keywords: fault recovery, device driver, design diversity, driver replacement, operating system availability

Retrieve PDF document (200707_18.pdf)

Received May 25, 2005; revised November 2, 2005; accepted January 9, 2006.
Communicated by Michael R. Lyu.