Our research activities are centered around the architecture of computing systems: From hardware over system software up to languages and compilers. We target special-purpose systems that have to cope with tight demands regarding nonfunctional properties, such as noise reduction, timeliness, robustness and hardware resources. We mostly do fundamental research with auxiliary funding provided by the DFG. Our Focus is on constructive methods for the design and development of versatile (real-time) operating systems that provide an extreme degree of (automatic) tailorability towards concrete (nonfunctional) application requirements and hardware properties.
We investigate application-specific system software that provides fine-grained static/dynamic adaptability to specific functional requirements and, thereby, also indirect control over its emergent nonfunctional properties. Towards this end, our research topics include:
- Adaptable System Software
- that excels with respect to many nonfunctional properties, such as noise, timeliness, latency, predictability, or footprint due to its tailorability towards both ends, application and hardware (see our USENIX '09, RTSS '09, RTSS '12, ECRTS '14, and RTAS '15 papers). In the same manner, our RTOS implementations also provide excellent robustness aginst soft errors and other single-event upsets (see RTAS '15, EDCC '15, and SQJ 24.1). We also investigate the domain of HW-RTOS co-design by instantiating the application-specific RTOS functionality directly into the processor pipeline (LCTES '17).
- Static and Dynamic Analysis
- of applications and their utilization of the system software in a whole-system approach for the fully automatic configuration and tailoring, but also the tightening of worst-case response times, attack surface, and footprint. Examples include the finding of configurability-related bugs in Linux (EuroSys '11, USENIX '14), application-specific tailoring and attack-surface reduction of Linux (HotDep '12, NDSS '13, and GPCE '14), the automatic optimization and formal validation of application-tailored RTOS instances (TECS 16.2, FMCAD '17 ), and the tightening of end-to-end WCRTs and stack memory consumption across the RTOS boundary (RTAS '17, RTSS '18).
- Compilation and Generation
- as well as language-based approaches to implement, automatically instantiate, and test versatile system software and deal with the practical challenges of high configurability and adaptability, as described in our EuroSys '06, AOSD '11, GPCE '15, GPCE '16, USENIX '17, and ICSE '19 papers. Besides purely static, we also investigate compiler-assisted static mechanisms for highly efficient dynamic reconfiguration (EuroSys '19) and wait-free run-time patching (OSDI '20).
Philosophy and Approach
System software provides no business value of its own. Its utility and sole purpose is to serve a concrete application's needs, that is, to map the functional and nonfunctional requirements of a particular software precisely and efficiently to the functional and nonfunctional properties of the employed hardware.
Adaptable System Software
Hence, system software development is caught between a rock and a hard place: On the one hand, the operating system must not stand in the way by overly abstracting from the hardware and providing unneeded functionality. On the other hand, it has to serve each application's very specific needs by offering a broad set of abstractions. This is particularly challenging in the case of highly heterogeneous, but special-purpose systems, such as embedded systems: Efficiency calls for specific, hand-crafted system software; reuseability demands generic, versatile solutions. System software has to be adaptable to both ends.
Static and Dynamic Analysis
To overcome this dilemma and systematically provide for adaptability, we understand system software (and partly also the underlying hardware) as a (software) product line described by their configurable features implemented by means of fine-grained static (and partly also dynamic) configuration. Application-tailored instances are derived by selecting from this set of features.
In practice, however, the set of available features and their constraints quickly becomes unmanageably large: Linux, for instance, already provides more than 15,000 configurable features, implemented in over 100,000 files and #ifdef blocks. This imposes big challenges not only for development and testing of system-software product lines, but also the process of deriving a concrete, tailored instance for a specific application itself – how to choose the right ones from thousands of available features?
Automation is the key! We investigate static (and, where necessary, also dynamic) analysis techniques to come up with a detailed model, how a particular application uses and interacts with the operating system, that is, which features and parts of the system software are actually needed.
Compilation and Generation
In the case of existing system software, like Linux, we then use this model to automatically generate a tailored configuration for this particular application. For the much finer-grained tailorability offered by our own system software, we exploit this knowledge directly inside the compiler to automatically generate application-specific instances of the required RTOS functionality (we mostly target OSEK and AUTOSAR, but also ARINC and other standards), which, in the extreme cases, could also be pushed down into the hardware.
Map of our research activities with projects and selected publications.
The "key publication" for a particular project is depicted in bold face.
Papers marked with an * asterisk have received a Best Paper Award.
Most projects have been funded by the DFG
- AHA: Automated Hardware Abstraction in Operating-System Engineering (DFG: LO 1719/4-1)
- Goal of AHA is to improve nonfunctional properties of system software by a very deep, but fully automated specialization of the application-hardware bridge represented by the operating system. We investigate, how alternative implementations that are mapped more directly to hardware features, can be generated from a concrete application and their actual interactions with the operating system.
- ATLAS: Adaptable Thread-Level Address Spaces
- In the ATLAS project, we investigate dynamic specialization and containment by means of thread-level address-space variations.
- CADOS: Configurability-Aware Development of Operating Systems (DFG: LO 1719/3-2)
- In the CADOS project, we investigate scalable methods and tools to deal with the implementation of variability across all implementation layers of modern system software.
- CLASSY-FI: Cross-Layer Application-Specific Synthesis and Analysis of Fault Injection
- Goal of the CLASSY-FI is to derive constructive methods and techniques for scalable, yet precise and complete fault injection (FI) to experimentally assess the robustness of safety-critical embedded control systems against soft errors.
- NVM: Non-volatile Memory
- How to integrate and abstract the widened and broadened memory within the operating system.
- Sloth: Minimal-effort kernels for embedded systems
- The main research goal in the Sloth project is to investigate how to make better use of given hardware abstractions in (embedded) operating systems. Recent work on Sloth is part of the AHA project.
- cHash: Avoid redundant build operations by AST-based hashing
- Building software can include many redundant compiler invocations. With the AST hashing mechanism developed in this project, compiler invocations can be aborted before wasting the developers time.
- dOSEK: A dependability-Oriented Static Embedded Kernel (DFG: LO 1719/1-3)
- dOSEK is developed from scratch with dependability as the first-class design goal. Targeting safety-critical, embedded applications, the system provides an OSEK/AUTOSAR-conform interface. dOSEK is part of the danceOS project.
- RT.js: Practical Real-Time Scheduling for Web Applications
- AspectC++: An aspect-oriented extension to the C++ programming language
- AspectC++ is a set of C++ language extensions and compiler support to facilitate aspect-oriented programming with C/C++.
- CiAO: Aspect-oriented operating-system product lines (DFG SCHR 603/4)
- RTOS kernels that provide configurability of even fundamental, architectural kernel policies, like synchronization or protection by means of aspect-aware software development.
- ISEco: Internal Software Ecosystems (Siemens CT)
- In software ecosystems, organizations open their platform to external businesses in order to leverage a variety of externally developed functionality. We investigated two large-scale software projects (about 500 and 950 developers) within Siemens that have become internal software ecosystems.
- Organic Computing: SRA contributions to OC research
- PLiC: Decomposition and Composition of Software Product Lines (Siemens CT)
- Software Product Line Development has achieved multiple benefits within the last decades, as it facilitates systematic reuse of various assets throughout the software development lifecycle, but so far only in settings with a rather narrow scope. In the PliC project, we investigated a systematic approach for the decomposition and composition of software product lines.
- SiHeB: System-software infrastructure for hegerogenous image systems (DFG GRK 1773)
- To enhance the throughput of image processing applications, hardware coprocessors can help to offload computational tasks. The host CPU is responsible for the main scheduling of threads that start computations to be run on the coprocessor, which often uses a distinct instruction set architecture and manages its own local memory. Thus, such systems with coprocessors inherently form heterogeneous architectures.
- VAMOS: Variability Management in Operating Systems (DFG SCHR 603/7)
- In the VAMOS project, we pioneered the issue of variability-induced issues in Linux and investigated methods and tools to mitigate the problem. Our findings have led to more than 100 accepted patches in the Linux mainline kernel.
- danceOS: dependability aspects in embedded Operating Systems (DFG: SPP 1500)
- Future hardware designs for embedded systems are expected to exhibit an increasing rate of intermittent and permanent errors in exchange for smaller device sizes and lower energy consumption. The DanceOS project aims at providing dependability by the fine-grained and tailorable application of software-based fault-tolerance techniques.
- iRTSS: invasive Runtime Support System (DFG: SFB/TRR 89, Project C1)
- Operating-system support for massively parellel systems running self-aware applications under the paradigm of invasive computing.