Tobias Landsberg presents Should I Bother? Fast Patch Filtering for Statically-Configured Software Variants at the 28th ACM International Systems and Software Product Line Conference (SPLC 2024) in Dommeldange, Luxembourg. In the paper, which is part of our CADOS project, we present a new approach to compute which variants of a software product line are affected by a patch. In our evaluation of 200 versions, we show that our tool correctly classifies up to 68 percent of variants (in space and time) as not affected.
Abstract: Due to shrinking transistor structure sizes and operating voltages, hardware becomes more susceptible to transient hardware faults. In the domain of safety-critical systems, fault injection campaigns on the instruction-set–architecture layer have become a widespread approach to assess the resilience of a system concerning this kind of fault. Full fault-injection campaigns are an approach to systematically assess the reliability of a system and the effectiveness of implemented software-based hardening techniques on fixed hardware.
A straightforward fault-injection campaign may result in practically unrealizable runtimes, especially when aiming for a comprehensive and complete reliability analysis of the system under test. Established acceleration methods are common to either reduce the number of necessary fault injections or speed up individual injections, ultimately decreasing the overall runtime of the whole campaign. However, despite the effectiveness of these established methods, the runtimes may still be infeasible, the campaign results lack precision, or the focus might be limited to specific aspects of the system under test only.
This dissertation introduces three new approaches to handling these challenges. The approaches use extracted program structures of the executed software, tailored to the running program inde- pendent from system behaviors under evaluation. The first approach extracts the data flow and instruction semantics to utilize instructions’ propa- gation and masking effects through a data flow graph. Compared to the ground truth method, my data-flow-sensitive acceleration method significantly reduces the number of necessary injections for a comprehensive reliability analysis by up to 18.4 percent precisely.
The second approach utilizes extracted dynamic jump addresses to represent the control flow, partitioning the program’s execution into temporal segments. These fault-space regions operate as distinct entities, each with its data flow potentially flowing from one to the next. Injecting the traversing data flows and approximating their results to the other non-traversing data flows leads to an injection reduction of up to 77.5 percent system-wide, accompanied by an approximation error of only 2 percent and a strong locality of the results.
The last contribution focuses on accelerating individual injections that do not lead to the ter- mination of systems, thus, reaching a fixed timeout threshold. This work presents an analysis of timeouts in this context and initial approaches to predict such timeouts during runtime. The final part of this contribution is the timeout detector, ACTOR. This detector uses autocorrelation to detect whether patterns exist in the program’s taken jumps, thereby approximating whether the program is in a loop. ACTOR can achieve end-to-end campaign accelerations of up to 27.6 percent through timeout predictions in individual injections. Thereby, the absolute prediction error is always less than 0.5 percent.
The methods developed in this work expand the overall portfolio of potential acceleration methods in the fault-injection community. These generically designed methods, implemented and evaluated in the instruction-set–architecture layer, can also be conceptually applied to other system layers. They offer versatility and are seamlessly combinable with each other and established acceleration methods.
Welcome, Kenny!
Prof. Christian Dietrich receives the Wissenschaftspreis Hannover 2020 (Hanover Science Award, endowed with 4.000 EUR) for his excellent dissertation Interaction-Aware Analysis and Optimization of Real-Time Application and Operating System. Prof. Volker Epping, President of the University and Deputy Chairman of the University Society, awarded the distinctions to the early-career scientists. Words of greeting were also spoken by Falko Mohrs, Lower Saxony Minister for Science and Culture, as well as Dirk von der Crone, member of the Executive Board of the cooperating partner SwissLife Germany.
In his laudatory speech, Prof. Daniel Lohmann praised Christian's rapid academic career, which he had the pleasure of accompanying from the student assistant in the first semester to a full professorship.
Congrats, Christian!
Tobias Landsberg was invited to give a presentation on “Reducing Deployment Costs for Compile-Time Variants by Static Analysis” as part of the third seminar of the INTER² Series at University of Luxembourg.
In his presentation, he speaks about his research on static variability, or more precisely about the leveraging of similarities and differences in software product lines in order to save costs, time, and energy, which is taking place as part of the CADOS project.Illia Ostapyshyn from Ukraine receives the 2023 University Award for International Students and Doctoral Candidates. The price is awarded on a yearly basis to up to three international students that have not only shown excellent academic achievements, but also special commitment inside and outside the university.
Congrats, Illia!
On the day of the faculty (Tag der Fakultät) all graduates of the faculty are officially sent off, including several SRA students. We congratulate (from left to right, skipping Prof. Lohmann): Andreas Kässens (M.Sc.), Helge Misfelt (B.Sc), Illia Ostapyshyn (B.Sc.), Nils Fuhler (B.Sc.), Björn Fiedler (Dr.-Ing.), and Alexander Halbuer (M.Sc.).
We wholeheartedly wish Helge the best for his continued career in the industry, while we are very happy that Illia and Nils continue their studies and joined our team as Student Researchers. Andreas and Alexander have become Doctoral Researchers at SRA and Björn continues his career as our new PostDoc.
Special congratulations go to Andreas Kässens, Nils Fuhler and Alexander Halbuer, who all got extra honors for finishing their studies as one of the top three students in their field!
Abstract: In many industrial sectors, device manufacturers are moving away from expensive special-purpose hardware units and consolidate their systems on commodity hardware. As part of this change, developers are enabled to run their applications on general-purpose operating systems like Linux, which already supports thousands of different devices out of the box and can be used in a wide range of target scenarios. Furthermore, the Linux ecosystem allows them to integrate existing implementations of standard functionality in the form of shared libraries.
However, as the libraries and the Linux kernel are designed as generic building blocks in order to support as many applications as possible, they cannot make assumptions about specific use cases for a single-purpose device. This generality leads to unnecessary overheads in narrowly defined target scenarios, as unneeded components do not only take up space on the target system but have to be maintained over the lifetime of the device as well. While the Linux kernel provides a configuration system to disable unneeded functionality like device drivers, determining the required features from over 16 000 options is an infeasible task. Even worse, most shared libraries cannot be customized even though only around 10 percent of their functions are ever used by applications.
In this thesis, I present my approaches for the automated identification and removal of unnecessary components in all layers of the software stack. As the configuration system is an integral part of the Linux kernel, we embrace its presence and automatically generate custom-fitted configurations for observed target scenarios with the help of an extracted variability model. For the much more diverse realm of shared libraries, with different programming languages, build systems, and a lack of configurability, I demonstrate a different approach. By identifying individual functions as logically distinct units, we construct a symbol-level dependency graph across the applications and all their required libraries. We then remove unneeded code at the binary level and rearrange the remaining parts to take up minimal space in the binary file by formulating their placement as an optimization problem. To lower the number of unnecessary updates to unused components in a deployed system, I lastly present an automated method to determine the impact of software changes on a target scenario and provide guidance for developers on whether they need to update their systems.
Applying these techniques to different target systems, I demonstrate that we can disable up to 87 percent of configuration options in a DEBIAN Linux kernel, shrink the size of an embedded OPENWRT kernel by 59 percent, and speed up the boot process of the embedded system by 21 percent. As part of the shared library tailoring process, we can remove 13 060 functions from all libraries in OPENWRT and reduce their total size by 31 percent. In the MEMCACHED Docker container, we identify 381 entirely unneeded shared libraries and shrink the container image size by 82 percent. An analysis of the development history of two large library projects over the course of more than two years further shows that between 68 and 82 percent of all changes are not required for an OPENWRT appliance, reducing the number of patch days by up to 69 percent.
Tim-Marek Thomas presents Checkpoint Placement for Systematic Fault-Injection Campaigns at the 42nd International Conference on Computer-Aided Design (ICCAD '23) in San Francisco, CA, USA. In the paper we present a new approach to reduce the forwarding phase in fault-injection campaigns by the clever placement of checkpoints. Compared to the classical static placement of checkpoints, this reduces the forwarding time by 88–99 percent. The paper is related to our CLASSY-FI project.
Alexander Halbuer presents our paper Morsels: Explicit Virtual Memory Objects at the 1st Workshop on Disruptive Memory Systems (DIMES@SOSP '23) in Koblenz, Germany. In the paper we present the first description of Morsels, a novel virtual-memory–management abstraction for the efficient sharing and mapping of large memory objects between processes and devices, which is well suited for volatile and nonvolatile memory. Morsels reduce the mapping time for a 6.82-GiB machine-learning model by up to 99.8 percent compared to conventional memory mapping in Linux. This is an important building block for the ParPerOS project.
Welcome, Andreas!
Lars Wrenger presents our paper LLFree: Scalable and Optionally-Persistent Page-Frame Allocation at the 2023 USENIX Annual Technical Conference (ATC '23) in Boston, MA, USA. The page-frame allocator ist the most fundamental memory-management component in any operating system. In the paper we present LLFree, the design and design principles for a new lock- and log-free page-frame allocator that provides for excellent scalability on multi-core platforms as well as crash consistency on nonvolatile memories. Compared to the Linux frame allocator, LLFree reduces the allocation time for concurrent 4 KiB allocations by up to 88 percent and for 2 MiB allocations by up to 98 percent. For memory compaction, LLFree decreases the number of required page movements by 64 percent. LLFree is an important building block for our ParPerOS project.
For the extensive and easy to reproduce benchmark results, we got the Distinguished Artifact Award. Congrats, Lars!
Dominik Töllner presents our paper MELF: Multivariant Executables for a Heterogeneous World at the 2023 USENIX Annual Technical Conference (ATC '23) in Boston, MA, USA. In the paper we present the Multivariant ELF (MELF) approach, which makes it possible to provide multiple per-function compile-time variants within the same binary and flexibly switch between them at run-time, optionally on a per-thread granularity. As MELFs are implemented on binary level (linker, loader), they do not depend on specific language features or compilers and can be easily applied to existing projects. In case studies with SQLite, memcached, MariaDB and a benchmark for heterogeneous architectures with overlapping ISAs, we show how MELFs can be employed to provide per-client performance isolation of expensive compile-time security or debugging features and adapt to extended instruction sets, when they are actually available. The support for MELFs is an important building block for our ATLAS project and also related to the ParPerOS project.
Florian Rommel presents our paper Thread-Level Attack-Surface Reduction at the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES '23) in Orlando, FL, USA. In the paper we present a new debloating technique to reduce the attack surface in running multi-threaded server processes. Unlike existing approaches, which can eliminate code only in shared libraries and for the whole process, thread-level attack-surface reduction (TLASR) eliminates unused code on a per-thread level. Technically, this works by deriving thread-specific text segment views, which in Linux are implemented by mmview concept we introduced in our OSDI '20 paper. In MariaDB, Memcached, OpenSSH and Bash we thereby reduce the number of ROP gadgets by 78–97 percent, rendering an auto-ROP utility ineffective and eliminating all CVE-related functions ever reported for glibc in 97 percent of the case. TLASR is related to the ATLAS project.
Lars Wrenger presents our paper TOSTING: Investigating Total Store Ordering on ARM at the 36th GI/ITG International Conference on Architecture of Computing Systems (ARCS '23) in Athens, Greece. In the paper, we analyse the performance impact of the Intel Total Store Ordering (TSO) memory model in comparison to ARM's weak memory ordering model. For this, we exploit the fact that Apple has implemented TSO on its M1 processors for the Rosetta compatibility layer. TOSTING is related to the ParPerOS project.
For the work, we got a best paper award!. Congrats, Lars!
Abstract: Embedded systems are an omnipresent part of our daily life. They are ubiquitously present in almost every moment to support and secure our activity. At the same time, we expect these systems to be both highly cost-efficient in development and production. Without restrictions, we expect them to work reliably and always respond timely and as expected. This leads to an immense pressure on the development process of new systems, especially with the large number of units and the further increasing occurrence of these systems.
A finished system has a defined task according to its environment and thus a defined software application that it executes. For the tools used to implement and execute it, this is not the case. Those tools are not specifically designed for that exact task, but for a variety of possible applications. They provide a wide range of functionality and flexibility, and, hence, allow a wide usage spectrum. In this thesis, I focus on the real-time operating system which serves as the base software layer to execute the designated application. Such an operating system provides a wide range of abstractions, system object classes, and associated interaction methods, of which an actual application implementation uses only a subset. Using dynamically configured systems, which I consider in this thesis, enforce to instantiate and configure all system objects and their interworking during runtime by code, exclusively. As a result, an operating system needs to be able to accept every system call at every point in time, even if not issued by the actual application. This flexibility causes pessimistic assumptions for possibly never appearing interaction patterns and forces dynamical management of system objects and state.
To solve this problem when not needed by the application, I present methods to systematically and automatically specialize formerly dynamic system calls statically. While considering the require- ments of a given application, these methods improve the non-functional properties of the resulting specialized system without changing the functional properties. Using static analyses, I determine the system objects forming the application structure and their possible interactions. Backed by this knowledge, I apply static specializations on both, the startup and the working phase of the application during compile time. At the startup phase, I apply static system-object instantiation by transforming the effects of the system calls into compile-time constants. To improve the working phase, I statically exchange the generic implementations of system objects and their interaction system calls by a version suited for the actual usage patterns. With these specializations, I am able to reduce both runtime and memory requirements of a specialized system. I can speed up system startup by up to 67%. During working phase, an execution time reduction by up to 43 % for a single system call is achievable.
With this thesis, I show that an automatic application-aware static specialization of formerly dynamic system calls is both feasible and beneficial. I am able to precompute the effects of dynamic system calls during compile time, and, thus, reduce both run-time overhead and memory requirements, while removing unused system-call implementations. By using system call implementations specialized to the actual application, I reduce superfluous administrative overhead, and, hence, reduce runtime overhead even further. This specialization takes place without any disturbance for application parts, truly relying on the dynamic operating system interface, as all specializations are applied in a non-breaking manner. This results in a continuous transition between dynamically and statically configured systems, improving the system performance by only removing superfluous flexibility without ever violating functional properties.
Gerion Entrup presents our paper MultiSSE: Static Syscall Elision and Specialization for Event-Triggered Multi-Core RTOS at the 29th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS '23) in San Antonio, Tx, USA. In the paper we present MultiSSE, and extension of our SSE approach for RTOS-aware whole-program analyses to multi-core systems. Such systems are generally considered intractable for flow-sensitive analyses, as the number of possible system states rises exponentially with the number of cores. However, MultiSSE exploits structural and optional timing information to analyze the core-level control flows as independently as possible from each other, synchronizing their states only when necessary. Thereby, MultiSSE provides means to realize compile-time deadlock detection, lock elision and system-call optimization also on multi-core systems. This is an important building block for the AHA project.
The SRA team got two papers accepted for the 2023 USENIX Annual Technical Conference (ATC '23). Lars Wrenger is going to present our paper LLFree: Scalable and Optionally-Persistent Page-Frame Allocation, which is an extension of his award-winning master's thesis and an important building block for the ParPerOS project. Dominik Töllner is going to present the paper MELF: Multivariant Executables for a Heterogeneous World, which is a great success for the ATLAS and CADOS projects. Congrats to Lars and Dominik, this is a really great achievement for first-year doctoral researchers!
SRA is participating in the Spring Meeting of the German SIG on Operating Systems (Frühjahrstreffen der GI Fachgruppe Betriebssysteme) with three talks in the context of the ParPerOS, CLASSY-FI and ATLAS projects.
Lars Wrenger receives the award for best master thesis in the field of operating systems. The award is granted annually by the SIG on Operating Systems of the German Computer Association (GI Fachgruppe Betriebssysteme) solely on the base of scientific excellence. It includes a price money of 500 €. Congrats, Lars!
In OS memory management, the page-frame allocator is the most fundamental component, as it manages the physical memory. In his thesis Lo(ck|g)-free Page Allocator for Non-Volatile Memory in the Linux Kernel Lars designs, implements and evaluates a new highly scalable page-frame allocator for volatile and nonvolatile memories. This excellent work is now continued within the ParPerOS project.
Welcome, Alexander!
On the day of the faculty (Tag der Fakultät) all graduates of the faculty are officially sent off, including several of our thesis workers. We wholeheartedly wish Lukas Berg(B.Sc.) and Maximilian Werner(M.Sc.) the best for their continued career, while Dominik Töllner, Lars Wrenger and Tim-Marek Thomas joined our team as Doctoral Researchers.
Björn and Lukas managed to graduated with the third best M.Sc. and best B.Sc. graduation in computer engineering respectively, we congratulate them for this achievement.
SRA has two papers on fault injection of transient hardware faults at SAFECOMP'22: Christian Dietrich presents SailFAIL, where we explain how to derive fault-injection platforms form formal CPU models. Tim-Marek Thomas presents ACTOR, an method how to use dynamic timeout detectors to speed up large fault-injection campaigns.
Tobias Landsberg presents our paper TASTING: Reuse Test-case Execution by Global AST Hashing at the 17th International Conference on Sofware Technologies (ICSOFT '22) in Lisbon. In the paper we describe TASTING, an approach for efficiently selecting and reusing regression-test executions across program changes, branches, and variants in continuous integration settings. TASTING can dramatically speed-up test suite executions by recursively composing hashes of all relevant syntactic elements into a semantic fingerprint of the test and its execution environment, so identical test executions can easily be detected and skipped. This is an important building block for variant-aware testing in the CADOS project.
Tobias got the Best Student Paper award for this work!
Gerion Entrup presents our paper RTOS-Independent Interaction Analysis in ARA at the 16th Workshop on Operating System Platforms for Embedded Real-Time Applications (OSPERT '22) in Modena. In the paper we describe our approach towards RTOS-independent interaction analyses in the ARA framework that makes ARA analyses compatible with many RTOS standards, among them AUTOSAR OS, FreeRTOS and POSIX. The ARA OS model is an important building block towards our goal of fully automatic application analysis in the AHA project.
- ParPerOS: Parallel Persistency OS (DFG: LO 1719/8-1 and DI 2840/2-1)
- In ParPerOS, we examine new abstractions for unified but efficient and optionally crash-consistent low-level memory management for data objects in heterogeneous memory systems that consist of volatile, persistent, distributed and other types of main memory.
Welcome, Lars!
Nishal Kulkarni, a third-year bachelor student from of VIT-University Vellore, India is visting us for 2 months as with help from a DAAD WISE scholarship. During his time over here, he will be working on data structure support for Multiverse in the CADOS project.
Welcome, Nishal!
Our former SRA member and current project partner in the ATLAS and ParPerOS projects, Christian Dietrich helds his inaugural lecture on New Directions for Managing Memory:
Abstract: Traditionally, memory is the scarce resource that operating systems virtualize for their users. However, current hardware trends, like ultra-fast NVMe SSDs and non-volatile RAM, force us to rethink operating system-mediated management. We no longer have to manage scarcity, but we have to swim in the new abundance without drowning. In his inaugural lecture, Christian Dietrich will present three ongoing research projects that center around the topic of memory management.
The event starts at 14:00 and can be followed by Zoom.
SRA is participating in the Spring Meeting of the German SIG on Operating Systems (Frühjahrstreffen der GI Fachgruppe Betriebssysteme) with three talks in the context of the ParPerOS and ATLAS projects: Lars Wrenger presents his thesis Lo(ck|g)-free Page Allocator for Non-Volatile Memory in the Linux Kernel in the context of the ParPerOS project, Dominik Töllner presents Multivariant ELF Executables, and our Guest Gabriele Serra his work on Control-Flow Integrity with Pointer Authentication.
Welcome, Dominik!
Gabriele Serra, a PhD Student of Allessandro Biondi from the ReTiS Lab at Scuola Superiore Sant'Anna joins the SRA team as a visiting Doctoral Researcher for the next six month.
Welcome, Gabriele!
- ATLAS: Adaptable Thread-Level Address Spaces (DFG: LO 1719/7-1 and DI 2840/1-1)
- In the ATLAS project, we investigate dynamic specialization and containment by means of thread-level address-space variations.
Abstract: Computer-based automation in industrial appliances led to a growing number of logically dependent, but physically separated embedded control units per appliance. Many of those components are safety-critical systems, and require adherence to safety standards, which is inconsonant with the relentless demand for features in those appliances. Features lead to a growing amount of control units per appliance, and to a increasing complexity of the overall software stack, being unfavourable for safety certifications. Modern CPUs provide means to revise traditional separa- tion of concerns design primitives: the consolidation of systems, which yields new engineering challenges that concern the entire software and system stack.
Multi-core CPUs favour economic consolidation of formerly separated systems with one efficient single hardware unit. Nonetheless, the system architecture must provide means to guarantee the freedom from interference between domains of different criticality. System consolidation demands for architectural and engineering strategies to fulfil requirements (e.g., real-time or certifiability criteria) in safety-critical environments.
In parallel, there is an ongoing trend to substitute ordinary proprietary base platform software components by mature OSS variants for economic and engineering reasons. There are funda- mental differences of processual properties in development processes of OSS and proprietary software. OSS in safety-critical systems requires development process assessment techniques to build an evidence-based fundament for certification efforts that is based upon empirical software engineering methods.
In this thesis, I will approach from both sides: the software and system engineering perspective. In the first part of this thesis, I focus on the assessment of OSS components: I develop software engineering techniques that allow to quantify characteristics of distributed OSS development processes. I show that ex-post analyses of software development processes can be used to serve as a foundation for certification efforts, as it is required for safety-critical systems.
In the second part of this thesis, I present a system architecture based on OSS components that allows for consolidation of mixed-criticality systems on a single platform. Therefore, I exploit virtualisation extensions of modern CPUs to strictly isolate domains of different criticality. The proposed architecture shall eradicate any remaining hypervisor activity in order to preserve real- time capabilities of the hardware by design, while guaranteeing strict isolation across domains.
- CADOS: Configurability-Aware Development of Operating Systems (DFG: LO 1719/3-2)
- In the CADOS project, we investigate scalable methods and tools to deal with the implementation of variability across all implementation layers of modern system software.
Oskar Pusz presents Data-Flow–Sensitive Fault-Space Pruning for the Injection of Transient Hardware Faults at the Conference on Languages, Compilers and Tools for Embedded Systems (LCTES '21).
In the paper, we describe Data-Flow–Sensitive Fault-Space Pruning (DFP), a new precise and fault-space–complete data-flow sensitive fault-space pruning method that extends on def/use-pruning by also considering the instructions’ semantics when deriving fault-equivalence sets. In our experimental evaluation, this already reduces the number of necessary injections by up to 18 percent compared to def/use pruning.
The DFP is the core element in the ISA level of our research project CLASSY-FI.
The source code and evaluation artifacts are available here: Source Code and Evaluation Data for the Paper: Data-Flow–Sensitive Fault-Space Pruning for the Injection of Transient Hardware Faults.
Björn Fiedler presents our paper ARA: Static Initialization of Dynamically-Created System Objects at the 27th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS '21).
In the paper, we present ARA, a framework for static specialization of operating systems for embedded systems. ARA is capable to statically detect operating-system objects dynamically created during run-time and replace them by statically prepared equivalents. ARA is a major building block of our reserch project AHA towards the goal to fully automatically analyze and specialize applications and their system software.
The presentation videos, source code and evaluation artifacts are available at the paper's details page: ARA: Static Initialization of Dynamically-Created System Objects
After many fruitful years with dozen of papers, great lectures and a lot of fun together, Christian Dietrich leaves our group to start his Juniorprofessorship (W1-TT-W3) with a new operating system group at TUHH. We will continue our work together, nevertheless miss him a lot, and wholeheartedly congratulate Prof. Dr.-Ing. Christian Dietrich for this great step in his career!
Christian Dietrich receives an award for the best doctoral thesis in the field of operating systems. The award is granted annually by the SIG on Operating Systems of the German Computer Assiciation (GI Fachgruppe Betriebssysteme) solely on the base of scientific excellence. It includes a price money of 500 €. Congrats, Christian!
In his dissertation Interaction-Aware Analysis and Optimization of Real-Time Application and Operating System, Christian designs and implements a control-flow--sensitive whole-system view and analysis on the interactions within real-time systems.
With this approach, he can overcome many inefficiencies that arise from analyses that have an isolating focus on individual system components.
Furthermore, the interaction-aware methods keep close to the actual implementation, and therefore are able to consider the behavioral patterns of the finally deployed real-time computing system.
Ralf Ramsauer presents The Sound of Silence: Mining Security Vulnerabilities from Secret Integration Channels in Open-Source Projects at CCSW '20 – due to Corona by video. In the paper, which has already been featured The Register and golem.de (German), we describe an approach to automatically detect patches that fix critical security issues before they are rolled out in the wild. We detect these patches (using the technology we described in our ICSE '19 paper) by the mere fact that they are not discussed on the mailing list. We analyzed the seven months before the release of Linux 5.4 and found commits that address 12 vulnerabilities. For these vulnerabilities, our approach resulted in a temporal advantage of 2 to 179 days to design exploits before public disclosure takes place.
Florian Rommel presents our paper From Global to Local Quiescence: Wait-Free Code Patching of Multi-Threaded Processes at OSDI '20 – due to Corona by video.
In the paper, we present WfPatch, a wait-free approach to inject code changes into running multi-threaded programs. Instead of having to stop the world before applying a patch, WfPatch can gradually apply it to each thread individually at a local point of quiescence, while all other threads can make uninterrupted progress.
WfPatch is the first outcome of our novel concept on adaptable thread-level address spaces, which we are investigating in the ATLAS project.
And now for something completely different: Our paper A Bibliometric Approach for Detecting the Gender Gap in Computer Science has appeared on the May 2020 issue of CACM, together with a short video about this work produced by ACM. In the paper we describe a method to identify the ratio of active female CS scientists by bibliometric analyses. In contrast to previous studies in the STEM fields that refer to limited data records (such as enrollment and degree numbers) our method identifes active researchers from all career levels and instutitions and can easily be tailored to specific sub-fields of the STEM field. The percentage of women contributing to 19 representative conferences in systems-level CS within the last six years is, on average, below ten percent.
Im Rahmen der Winteruniversität konnten sich heute einige studieninteressierte Schüler über das Informatikstudium informieren. Die dazu passenden Folien finden Sie hier: [Folien]
Oskar Pusz presents our paper Program-Structure–Guided Approximation of Large Fault Spaces at the 24th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC '19) in Kyoto, Japan. In the paper we describe an approach to reduce the number of required fault injections using program-structure informations while aiming full fault-space coverage. Results show that injections can be reduced by up to 76 percent with an deviation of less than 2.7 percent and we keep the locality of the results regarding silent data corruptions to a low deviation.
Tobias Landsberg receives the award for best master thesis in the field of operating systems. The award is granted annually by the SIG on Operating Systems of the German Computer Assiciation (GI Fachgruppe Betriebssysteme) solely on the base of scientific excellence. It includes a price money of 500 €. Congrats, Tobias!
In his thesis Analyzing and Optimizing TLB-Induced Thread Migration Costs on Linux/ARM Tobias evaluates if it is feasable and benefitial to pre-warm the TLB (Translation Look-Aside Buffer) when a thread is migrated to another core. He analyzes existing ARM cores, presents and evaluates possible hardware extensions in gem5 and and provides a complete Linux integration for the system.
Linux Weekly News (LWN) features our recent work on analyzing kernel e-mail and the PaStA tool presented in our ICSE '19 and OpenSym '16 papers and recent talks by Ralf Ramsauer, Sebastian Duda, and Wolfgang Mauerer at ELCE '19 and LPC '19.
PaStA quantitatively analyses the evolution of patch stacks by mining git repositories, which is an important building block for analyzing patch-level optional features in the CADOS project.
Abstract: Mechanical and electronic automation was a key component of the technological advances in the last two hundred years. With the use of special-purpose machines, manual labor was replaced by mechanical motion, leaving workers with the operation of these machines, before also this task was conquered by embedded control systems. With the advances of general-purpose computing, the development of these control systems shifted more and more from a problem-specific one to a one-size-fits-all mentality as the trade-off between per-instance overheads and development costs was in favor of flexible and reusable implementations. However, with a scaling factor of thousands, if not millions, of deployed devices, overheads and inefficiencies accumulate; calling for a higher degree of specialization.
For the area of real-time operating systems, which form the base layer for many of these computerized control systems, we deploy way more flexibility than what is actually required for the applications that run on top of it. Since only the solution, but not the problem, became less specific to the control problem at hand, we have the chance to cut away inefficiencies, improve on system-analyses results, and optimize the resource consumption. However, such a tailoring will only be favorable if it can be performed without much developer interaction and in an automated fashion. Here, real-time systems are a good starting point, since we already have to have a large degree of static knowledge in order to guarantee their timeliness. Until now, this static nature is not exploited to its full extent and optimization potentials are left unused.
The requirements of a system, with regard to the RTOS, manifest in the interactions between the application and the kernel. Threads request resources from the RTOS, which in return determines and enforces a scheduling order that will ensure the timely completion of all necessary computations. Since the RTOS runs only in the exception, its reaction to requests from the application (or from the environment) is its defining feature.
In this thesis, I will grasp these interactions, and thereby the required RTOS semantic, in a control-flow--sensitive fashion. Extracted automatically, this knowledge about the reciprocal influence allows me to fit the implementation of a system closer to its actual requirements. The result is a system that is not only in its usage a special-purpose system, but also in its implementation and in its provided guarantees.
In the development of my approach, it became clear that the focus on these interactions is not only highly fruitful for the optimization of a system, but also for its end-to-end analysis. Therefore, this thesis does not only provide methods to reduce the kernel-execution overhead and a system's memory consumption, but it also includes methods to calculate tighter response-time bounds and to give guarantees about the correct behavior of the kernel. All these contributions are enabled by my proposed interaction-aware methodology that takes the whole system, RTOS and application, into account.
With this thesis, I show that a control-flow--sensitive whole-system view on the interactions is feasible and highly rewarding. With this approach, we can overcome many inefficiencies that arise from analyses that have an isolating focus on individual system components. Furthermore, the interaction-aware methods keep close to the actual implementation, and therefore are able to consider the behavioral patterns of the finally deployed real-time computing system.
Im Rahmen des Niedersachsen-Technikums hat uns eine Gruppe interessierter Abiturientinnen besucht. Während des 6-monatigem Programms lernen sie im Rahmen eines bezahlten Unternehmenspraktikums und eines Schnupper-Studiums das Arbeitsleben in einem MINT-Beruf kennen. Die jungen Frauen nahmen nach einem Vortrag an einem Kurzworkshop zum Programmieren teil, bei dem sie einen Unterschriftendrucker mithilfe des Kturtle-Programms in einer speziell dafür erstellten Programmiersprache programmieren konnten.
Florian Rommel presents our paper Wait-Free Code Patching of Multi-Threaded Processes at the 10th Workshop on Programming Languages and Operating Systems (PLOS '19) co-located with SOSP in Huntsville, Canada. The paper describes an approach to apply run-time code modification in multi-threaded processes without the need to stop all threads on a global barrier. This is achieved by first preparing a patched clone of the process’s address space and then migrating individual threads at predefined quiescence points while all other threads make uninterrupted progress.
Andreas Ziegler presents our paper Honey, I Shrunk the ELFs: Lightweight Binary Tailoring of Shared Libraries at the International Conference on Embedded Software (EMSOFT '19), in New York. In the paper we describe an approach to automatially reduce the footprint of existing shared libraries by removing unneeded functionality with lightweight binary tailoring. Our approach does not require access to the source code and effectively reduces the amount of code in all shared libraries on a Linux-based system by 63 percent and shrinks their files by 17 percent. The reduction in size is beneficial to cut down costs (e.g., lower storage and memory footprint) and eases code analyses that are necessary for code audits.
Lightweight application-specific tailoring of libraries is an important building block in our attempts towards a fully automatic whole-system tailoring of Linux-based infrastructure software in the CADOS project.
Abstract: In der heutigen Wissenschaft und Wirtschaft haben wir es oft mit Systemen zu tun, welche aus Problemen bestehen, die sehr komplex und nicht einfach zu lösen sind. Aufgrund der zunehmenden Komplexität und der teilweise fehlenden Informationen ist es bereits heutzutage nicht mehr möglich, solche Probleme – welche als Blackbox-Probleme klassifiziert werden – per Hand zu lösen. Um das Maximum oder Minimum zu finden, wird auf Optimierungsmethoden zurückgegriffen, die uns ermöglichen, eine optimale Lösung für das Problem zu suchen und ggf. zu finden. Stochastische Methoden haben die letzten Jahre gezeigt, dass sie sehr gut geeignet sind, solche Probleme zu lösen. Der Vorteil der Verwendung von stochastischen Methoden ist, dass sie nicht den Gradienten des zu optimierenden Problems verwenden, so dass sie sowohl bei großen als auch bei komplexen Optimierungsproblemen erfolgreich angewendet werden können. Diese Vielseitigkeit hat aber ihren Preis. Es gibt hauptsächlich drei wesentliche Aspekte, die die Effizienz der Lösung beeinträchtigen:
- Die realen Probleme werden immer größer und komplizierter oder sie müssen in sehr kurzer Zeit gelöst werden, was erhebliche Ressourcen in Zeit und Hardware erfordert.
- Optimierungsprobleme sind durch mehrere lokale Optima charakterisiert, die ein Verfahren zur Vermeidung einer zu frühen Konvergenz erfordern.
- Algorithmen erfordern einige problembedingte Anpassungen ihrer Verhaltensparameter, um bessere Ergebnisse zu erzielen.
Untersuchungen in dieser Arbeit haben gezeigt, dass die Anpassungen zu besse ren Ergebnissen führen. Durch die adaptive Natur des Frameworks, ist es in vielen Rechnerarchitekturen nutzbar und für viele Probleme anwendbar.
Gerion Entrup presents our paper ARA: Automatic Instance-Level Analysis in Real-Time Systems at the 15th Workshop on Operating System Platforms for Embedded Real-Time Applications (OSPERT '19), in Stuttgart. In the paper we describe ARA, an analysis framework and tool to detect and visualize, how a given application employs RTOS abstractions. As a tool, ARA helps to understand how the tasks of an application given as source code interact which each other. The framework itself is an important building block towards our goal of fully automatic application analysis in the AHA project.
Im Rahmen der SommerUni (ehem. Herbstuniversität) ist ein Angebot speziell für Mädchen der 10. bis 13. Klassen, die sich für ein Studium im Bereich Mathematik, Informatik, Naturwissenschaften oder Technik (MINT) interessieren. Am SRA erhielten die Teilnehmerinnen Einblicke in das Informatikstudium und das grundlegende Konzept von CPU Scheduling. Die dazu passenden Folien finden Sie hier: [Folien]
Der Student Malte Bargholz wurde im Rahmen des Tags der Fakultät für seine herausragenden Leistungen in seiner Bachelorprüfung geehrt. Seine herausragenden Leistungen stellte er, unter anderem, in seiner Bachelorarbeit InterSloth: Globales Hardware-gesteuertes Scheduling in einem Multikern-Echtzeitbetriebssystem auf RISC-V beim SRA unter Beweis und konnte seine Ergebnisse beim Herbsttreffen der Fachgruppe Betriebssysteme vorstellen.
Im Rahmen des Niedersachsen-Technikums hat uns eine Gruppe interessierter Frauen besucht. Während des 6-monatigem Programms lernen sie im Rahmen eines bezahlten Unternehmenspraktikums und eines Schnupper-Studiums das Arbeitsleben in einem MINT-Beruf kennen. [Folien]
Prof. Dr.-Ing. habil. Daniel Lohmann gave his inaugural lecture at the Faculty of Electrical Engineering and Computer Science. In his presentation "Klein und sicher – Automatisch anpassbare Systemsoftware für eingebettete Spezialzweckanwendungen", Prof. Lohmann provided an entertaining introduction into our research activities and the case for highly tailorable system software.
Studenten und Mitarbeiter des SRA nehmen am Herbstreffen der Fachgruppe Betriebssysteme in Coburg teil. Das SRA ist mit zwei Vorträgen vertreten. Malte Bargholz spricht über „InterSloth: Hardwaregestützte, globale und prioritätsgesteuerte Echtzeiteinplanung“ und Christian Dietrich präsentiert seine Arbeit über „Semi-Extended Tasks: Geteilter Stack für selbstblockierende Fäden“.
Björn Fiedler presents our paper Levels of Specialization in Real-Time Operating Systems was at the 14th Workshop on Operating System Platforms for Embedded Real-Time Applications (OSPERT '18), in Barcelona. In the paper we describe a taxonomy for the specialization of system software towards a specific application and provide showcases of the achievable benefits. We got an Best Paper Award for this work.
Mit Unterstützung der Kollegen vom IKT findet das erste Gesamttreffen des neu gegründeten Fachbereich SYS der Gesellschaft für Informatik (GI) am 1. und 2. März 2018 hier in Hannover statt. Mit mehr als zwölf Beiträgen aus dem Bereich der Betriebssysteme, Kommunikationssysteme und Verteilten Systeme erwartet die 70 angmeldeten Teilnehmer ein spannendes Programm.
Die als Meltdown und Spectre bekannt gewordenen Angriffe verunsichern zur Zeit Anwender und Experten. Prof. Daniel Lohmann hat heute im Rahmen einer Informationsveranstaltung des LUIS für Systemadministratoren der Universität die technischen Grundlagen aus Rechnerarchitektur und Betriebssystemen am Beispiel von Meltdown präsentiert. Die Folien des Vortrags finden Sie hier: [Folien]
Organisiert durch den Fachrat Informatik gab es heute eine kleine Informationsveranstaltung für Erstsemester über Forschung und Lehre am SRA und die Bedeutung der systemnahen Informatik. Die dazu passenden Folien finden Sie hier: [Folien]
Im Rahmen einer Informationsveranstaltung an der Evangelischen Akademie Loccum wurde einer Gruppe von Schülern die Inhalte und Herausforderungen des Informatikstudiums näher gebracht. Die dazu passenden Folien finden Sie hier: [Folien]
Im Rahmen des Niedersachsen-Technikums hat uns eine Gruppe interessierter Frauen besucht. Während des 6-monatigem Programms lernen sie im Rahmen eines bezahlten Unternehmenspraktikum und eines Schnupper-Studium das Arbeitsleben in einem MINT-Beruf kennen. [Folien]
- AHA: Automated Hardware Abstraction in Operating-System Engineering (DFG: LO 1719/4-1)
- Goal of AHA is to improve nonfunctional properties of system software by a very deep, but fully automated specialization of the application-hardware bridge represented by the operating system. We investigate, how alternative implementations that are mapped more directly to hardware features, can be generated from a concrete application and their actual interactions with the operating system.
Die Kriterien für die Auszeichnung sind eine herausragende Lehrleistung über die Dauer von wenigstens zwei Studienjahren an einer Universität in Bayern, eine Beteiligung der Studierenden an der Auswahl sowie der Vorschlag der jeweiligen Universität. Über alle Maßnahmen zur Sicherung der Qualität der Lehre, die von den Hochschulen praktiziert werden, spielen das persönliche Engagement und die pädagogisch-didaktischen Kompetenzen des Lehrenden eine große Rolle.
CADOS research students gave two talks at LPC '14: Valentin Rothberg talked about his new tool undertaker-checkpatch, which analyzes patch files. The vampyr tool to configurability-aware compile test (or determine the variability of) source files was presented by Stefan Hengelein.
Linux Weekly News features both CADOS talks and tools in its summary of the LPC highlights!