CADOS: Configurability-Aware Development of Operating Systems (DFG: LO 1719/3-1)
Todays operating systems (as well as other system software) offer a great deal of static configurability to tailor them with respect to a specific application or hardware platform. Linux 4.2, for instance, provides (via its Kconfig models and tools) more than fifteen thousand configurable features for this purpose. Technically, the implementation of all these features is spread over multiple levels of the software generation process, including the configuration system, build system, C preprocessor, compiler, linker, and more. This enormous variability has become unmanageable in practice; in the case of Linux it already has led to thousands of variability defects within the lifetime of Linux. With this term, we denote bugs and other quality issues related to the implementation of variable features. Variability defects manifest as configuration consistency and configuration coverage issues.
In the CADOS project, we investigate scalable methods and tools to grasp the variability on every layer within the configuration and implementation space, visualize and analyze it and, if possible, adjust it while maintaining a holistic view on variability.
Our findings have already led to more than 100 accepted patches in the Linux mainline kernel (see our EuroSys '11 and SPLC '12 papers) and an approach for the automatic tailoring of Linux server systems in order to reduce the exploitable code base (see our HotDep '12 paper). The issue of configuration coverage is addressed in our USENIX '14 paper.
CADOS is the follow-up project to VAMOS.
Please look here for the complete list of CADOS and VAMOS publications.
Best Paper Award
cHash: Detection of Redundant Compilations via AST Hashing
Proceedings of the 2017 USENIX Annual Technical Conference USENIX Association2017Best Paper Award.
Static Analysis of Variability in System Software: The 90,000 #ifdefs Issue
Proceedings of the 2014 USENIX Annual Technical Conference USENIX Association2014.
Automatic Feature Selection in Large-Scale System-Software Product Lines
Proceedings of the 13th International Conference on Generative Programming and Component Engineering (GPCE '14)ACM Press2014.
CADOS is the follow-up project to VAMOS. The following publications are forming the foundation for our CADOS research. The dissertation of Dr.-Ing. Reinhard Tartler provides a good overview over the VAMOS project.
Feature Consistency in Compile-Time-Configurable System Software: Facing the Linux 10,000 Feature Problem
Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems 2011 (EuroSys '11)ACM Press2011.
Automatic OS Kernel TCB Reduction by Leveraging Compile-Time Configurability
Proceedings of the 8th International Workshop on Hot Topics in System Dependability (HotDep '12)USENIX Association2012.
A Robust Approach for Variability Extraction from the Linux Build System
Proceedings of the 16th Software Product Line Conference (SPLC '12)ACM Press2012.
- Mastering Variability Challenges in Linux and Related Highly-Configurable System Software
PHD thesisFriedrich-Alexander-Universität Erlangen-Nürnberg2013.
CADOS in the Wild
Valentin Rothberg talked about his new tool undertaker-checkpatch, which analyzes patch files. The vampyr tool to configurability-aware compile test (or determine the variability of) source files was presented by Stefan Hengelein.Abstracts and slides for both talks can be found at the talk-specific sites.
Various tools assist our analysis of the variability in the Linux kernel and other software projects. Our most important tool is called the undertaker, which searches and reports dead and undead conditional CPP blocks. Since its inception within VAMOS, it has matured to a toolbox of utilities for answering various research questions related to variability in general. For further details, please look into the undertaker trac.
This tool is a wrapper for undertaker to do coverage analysis or variability-aware static analysis on source files. For the static analysis compilers such as gcc or clang are employed. Please refer to the USENIX '14 paper for detailed information.
This tool reports changes to defects such as newly introduced or fixed defects. Defects can also be correlated to changes in Kconfig and the build system (Make, Kbuild) and vice versa. Additionally, undertaker-checkpatch ships the functionality to further analyze the causes of defects, displaying contradictory Kconfig items, a block's precondition or the defect causing formula. Since version 1.6, undertaker is able to minimize defect formulas (thanks to the PicoMUS-Tool which is part of PicoSAT). This functionality can be used in undertaker-checkpatch to further analyze and understand the cause of defects.
Flipper: Lightweight Kernel Tailoring
Configuring Linux is hard. With over 14,000 options to choose from, making an informed decision about every single one of them takes a very long time. While distributions for standard day-to-day use simply enable as many features (drivers, supported platforms, ...) as possible, this is not a practical solution for embedded systems, where memory is scarce and must not be wasted. To make it easier for an engineer to derive a small starting point to configure the system, we developed Flipper. Flipper provides a lean method to trace which functionality was exerted in the kernel. Using the Tailor tool from the undertaker package, a small, use-case specific configuration for Linux can be generated from the collected data. Flipper is part of undertaker release (v1.6) and can be downloaded here, for detailed usage instructions please read the README file provided in the tailor/flipper subdirectory.
Wundertaker is a Web GUI visualizing #ifdefs and undertaker's defect reports in Linux code files. The source including installation instructions can be downloaded here. A detailed description of the tool and its implementation can also be found in the Bachelor's thesis of Patrick Plagwitz.
While static variability can be completely resolved at compile time, dynamic variation points come at a cost arising from extra tests and branches in the control flow. Multiverse is an approach to handle dynamic variability efficiently by means of binary patching. It provides an extension to the C programming language that enables the developer to express dynamic variability in performance-critical paths. With specially annotated config variables, multiverse can generate multiple versions of a function and dynamically binary patch the running system to use the version of the current configuration. The goal is to narrow the gap between dynamic and static variability by allowing the developer to easily employ run-time configurability at zero or low cost.
Open Theses Topics
Currently Running Work