Xin Meng,SHEN Hai-bin,YAN Xiao-lang

DOI: https://doi.org/10.3785/j.issn.1008-973X.2011.02.019

2011-01-01

Abstract:Traditional modeling method based on module descriptions is neither accurate nor flexible and also expansive in design iteration. A transaction dataflow based performance modeling (TBPM) methodology for SoC was proposed with data flow specification, resource allocation, performance parameter annotation, and arbitration algorithm specification. The TBPM methodology was implemented by a C++ generic library named TDFLib containing SystemC timing controlling mechanism, and a domain specific language named PML to describe SoC performance model. The PML source code could be used to generate C++ code that includes TDFLib API call, and then the C++ code was compiled and linked with reusable simulation framework to construct an executable model. Cycle-accurate simulation was performed with this model under control of SystemC kernel, and all runtime status was dumped into MySQL database for post analysis. A experiment demonstrated that the TBPM methodology can improve efficiency of architectural design and analysis.

Jinyan Xu,Yiyuan Liu,Sirui He,Haoran Lin,Yajin Zhou,Cong Wang

DOI: https://doi.org/10.5281/zenodo.8024468

2023-01-01

Abstract:Modern processors are too complex to be bug free. Recently, a few hardware fuzzing techniques have shown promising results in verifying processor designs. However, due to the complexity of processors, they suffer from complex input grammar, deceptive mutation guidance, and model implementation differences. Therefore, how to effectively and efficiently verify processors is still an open problem. This paper proposes MorFuzz, a novel processor fuzzer that can efficiently discover software triggerable hardware bugs. The core idea behind MorFuzz is to use runtime information to generate instruction streams with valid formats and meaningful semantics. MorFuzz designs a new input structure to provide multi-level runtime mutation primitives and proposes the instruction morphing technique to mutate instruction dynamically. Besides, we also extend the co-simulation framework to various microarchitectures and develop the state synchronization technique to eliminate implementation differences. We evaluate MorFuzz on three popular open-source RISC-V processors: CVA6, Rocket, BOOM, and discover 17 new bugs (with 13 CVEs assigned). Our evaluation shows MorFuzz achieves 4.4x and 1.6x more state coverage than the state-of-the-art fuzzer, DifuzzRTL, and the famous constrained instruction generator, riscv-dv.

Yangfan Zhou,Xinyu Chen,Michael R. Lyu,Jiangchuan Liu

DOI: https://doi.org/10.1109/ICDCS.2010.75

2010-01-01

Abstract:Wireless Sensor Network (WSN) applications are typically event-driven. While the source codes of these applications may look simple, they are executed with a complicated concurrency model, which frequently introduces software bugs, in particular, transient bugs. Such buggy logics may only be triggered by some occasionally interleaved events that bear implicit dependency, but can lead to fatal system failures. Unfortunately, these deeply-hidden bugs or even their symptoms can hardly be identified by state-of-the-art debugging tools, and manual identification from massive running traces can be prohibitively expensive. In this paper, we present Sentomist (Sensor application anatomist), a novel tool for identifying potential transient bugs in WSN applications. The Sentomist design is based on a key observation that transient bugs make the behaviors of a WSN system deviate from the normal, and thus outliers (i.e., abnormal behaviors) are good indicators of potential bugs. Sentomist introduces the notion of event-handling interval to systematically anatomize the long-term execution history of an event-driven WSN system into groups of intervals. It then applies a customized outlier detection algorithm to quickly identify and rank abnormal intervals. This dramatically reduces the human efforts of inspection (otherwise, we have to manually check tremendous data samples, typically with brute force inspection) and thus greatly speeds up debugging. We have implemented Sentomist based on the concurrency model of TinyOS. We apply Sentomist to test a series of representative real-life WSN applications that contain transient bugs. These bugs, though caused by complicated interactions that can hardly be predicted during the programming stage, are successfully confined by Sentomist.

Ming Xia,Yabo Dong,Wenyuan Xu,Xiangyang Li,Dongming Lu

DOI: https://doi.org/10.1145/2509856

2014-01-01

Abstract:Real-world, long-running wireless sensor networks (WSNs) require intense user intervention in the development, hardware testing, deployment, and maintenance stages. A majority of network design is network centric and focuses primarily on network performance, for example, efficient sensing and reliable data delivery. Although several tools have been developed to assist debugging and fault diagnosis, it is yet to systematically examine the underlying heavy burden that users face throughout the lifetime of WSNs. In this article, we propose a general Multimode user-CentriC (MC 2 ) framework that can, with simple user inputs, adjust itself to assist user operation and thus reduce the users' burden at various stages. In particular, we have identified utilities that are essential at each stage and grouped them into modes . In each mode, only the corresponding utilities will be loaded, and modes can be easily switched using the customized MC 2 sensor platform. As such, we reduce the runtime interference between various utilities and simplify their development as well as their debugging. We validated our MC 2 software and the sensor platform in a long-lived microclimate monitoring system deployed at a wildland heritage site, Mogao Grottoes. In our current system, 241 sensor nodes have been deployed in 57 caves, and the network has been running for over five years. Our experimental validation shows that the MC 2 framework shortens the time for network deployment and maintenance, and makes network maintenance doable by field experts (in our case, historians).

Gonglong Chen,Wei Dong,Fujian Qiu,Gaoyang Guan,Yi Gao,Siyu Zeng

DOI: https://doi.org/10.1109/jiot.2023.3285244

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Recent years, the rapid development of Internet of Things (IoT) technologies and applications have been witnessed. Three important features are characterized in modern IoT applications: 1) device heterogeneity; 2) long-range communication; and 3) cloud/edge-device integration. Difficulties are raised by the above features toward IoT application developers, e.g., predicting and evaluating the performance of the entire IoT application system. To deal with the above difficulties, we design and implement an IoT simulator, TinySim, which satisfies the requirements of high fidelity, high scalability, and seamless transplantation. TinySim takes advantage of the hardware-independent features of TinyLink programming language. Hence, a similar code can be used for both simulation and execution on real hardware platforms. Many virtual IoT devices can be simulated by TinySim at the PC end. These IoT devices can send or receive messages from the cloud or smartphones, making it possible for the developers to evaluate the entire system without the actual IoT hardware. We connect TinySim with Unity 3-D to provide high interactivity. To reduce the event synchronization overhead between TinySim and Unity 3-D, a dependence graph-based approach is proposed. We design an approximation-based approach to reduce the number of simulation events, greatly speeding up the simulation process. We carefully evaluate TinySim using benchmarks and two concrete case studies. TinySim can simulate representative IoT applications, such as smart flowerspot and shared bikes. We conduct extensive experiments to evaluate the performance of TinySim. Results show that TinySim can achieve high accuracy with an error ratio lower than 9.52% in terms of energy and latency. Further, TinySim can simulate 4000 devices within 11.2 physical-minutes for ten simulation-minutes, which is about $3\times $ faster than the state-of-art approach.

Xing Chen,Aipeng Li,Xue’e Zeng,Wenzhong Guo,Gang Huang

DOI: https://doi.org/10.1007/s11704-015-4362-0

2015-01-01

Abstract:The internet of things (IoT) attracts great interest in many application domains concerned with monitoring and control of physical phenomena. However, application development is still one of the main hurdles to a wide adoption of IoT technology. Application development is done at a low level, very close to the operating system and requires programmers to focus on low-level system issues. The underlying APIs can be very complicated and the amount of data collected can be huge. This can be very hard to deal with as a developer. In this paper, we present a runtime model based approach to IoT application development. First, the manageability of sensor devices is abstracted as runtime models that are automatically connected with the corresponding systems. Second, a customized model is constructed according to a personalized application scenario and the synchronization between the customized model and sensor device runtime models is ensured through model transformation. Thus, all the application logic can be carried out by executing programs on the customized model. An experiment on a real-world application scenario demonstrates the feasibility, effectiveness, and benefits of the new approach to IoT application development.

K. H. (Kane) Kim,Juan A. Colmenares,Liangchen Zheng,Sheng Liu,Qian Zhou,Moon-Cheol Kim

DOI: https://doi.org/10.1007/978-3-540-77419-8_10

2008-01-01

Abstract:Developing distributed real-time systems with high degrees of assurance on the system reliability is becoming increasingly important, yet remains difficult and error-prone. The Time-triggered Message-triggered Object (TMO) scheme is a high-level distributed object-oriented programming approach that has proved to be effective in developing such systems. The TMO programming scheme allows real-time application developers to explicitly specify temporal constraints in terms of global time in simple and natural forms. TMOSM is a middleware model that provides the execution support mechanisms for TMOs and TMOSL is a C++ class library that provides a convenient application programming interface (API) for developing TMO applications. The TMO scheme, TMOSM, and TMOSL have evolved during these years in order to support complex distributed real-time applications more effectively. This paper presents some recent additions on the TMOSM API that resulted from this evolution.

Jiaqi Zhang,Wenguang Chen,Xinmin Tian,Weimin Zheng

DOI: https://doi.org/10.1109/PDCAT.2008.77

2008-01-01

Abstract:With the dominance of multicore processors, parallel programming has become more important. Transactional Memory is a promising solution to synchronisation issues that are hurting parallel programmers. While there are a lot of researches on the implementation tradeoffs of TM, there is rare study on the applications that may utilize the techniques, which is essential to both providing feedbacks to the TM designers and to helping potential users. This paper makes the first step of this work by presenting our identification of emerging applications for the comprehensive study of TM. The selection is based on application-domains including popular server/client softwares, multimedia applications, bioinformatics applications, data mining applications, and other scientific applications, which cover most of the dwarfs. A preliminary experiment is also provided to illustrate what we can get from this work.

Yancan Mao,Jianjun Zhao,Zhonghao Yang,Shuhao Zhang,Haikun Liu,Volker Markl

2023-07-24

Abstract:Transactional Stream Processing Engines (TSPEs) form the backbone of modern stream applications handling shared mutable states. Yet, the full potential of these systems, specifically in exploiting parallelism and implementing dynamic scheduling strategies, is largely unexplored. We present MorphStream, a TSPE designed to optimize parallelism and performance for transactional stream processing on multicores. Through a unique three-stage execution paradigm (i.e., planning, scheduling, and execution), MorphStream enables dynamic scheduling and parallel processing in TSPEs. Our experiment showcased MorphStream outperforms current TSPEs across various scenarios and offers support for windowed state transactions and non-deterministic state access, demonstrating its potential for broad applicability.

Databases,Distributed, Parallel, and Cluster Computing

Youhui Zhang,Liu Dong,Gu Yu,Dongsheng Wang

DOI: https://doi.org/10.1007/11572961_48

2005-01-01

Abstract:This paper presents THU-SOC, a new methodology and tool dedicated to explore design space by executing full-scale SW application code on the transaction level models of the SoC platform. The SoC platform supports alternative Transaction Level Models (TLMs), bus-functional model and bus-arbitration model, which enables it to cooperate with different levels of hardware descriptions. So, users are only required to provide functional descriptions to construct a whole cycle-accurate system simulation for a broad design space exploration in the architecture design. When the architecture is determined, the high-level descriptions can be replaced by RTL-level descriptions to accomplish the system verification, and the interface between the tool and the descriptions is unmodified. Moreover, THU-SOC integrates some behavior models of necessary components in a SoC system, such as ISS (Instruction-Set Simulator) simulator of CPU, interrupt controller, bus arbiter, memory controller, UART controller, so users can focus themselves on the design of the target component. The tool is written in C++ and supports the PLI (Programming Language Interface), therefore its performance is satisfying and different kinds of hardware description languages, such as System-C, Verilog, VHDL and so on, are supported.

Yurong Chen,Shaowen Sun,Tian Lan,Guru Venkataramani

DOI: https://doi.org/10.1145/3273045.3273048

2018-01-01

Abstract:Network-based models are increasingly adopted to deliver key software service and utilities (e.g., data storage, search, and processing) to end users. The need to satisfy diverse user requirements and to fit different application environment often leads to continual expansion and addition of new (and in many cases excessive) features, known as the feature creep problem. Existing work mitigating feature bloat often either debloats programs at source code level (which may not always be available, in particular for legacy systems) or customize binary only with respect to very limited scope of inputs. In this paper, we propose a new approach, TOSS, for automated customization of online servers and software systems, which are implemented using a client-server architecture based on the underlying network protocols. Specifically, TOSS harnesses program tracing and tainting-guided symbolic execution to identify desired (feature-related) code from the original program binary, and apply static binary rewriting to remove redundant features and directly create customized program binary with only desired features. We implement a prototype of TOSS and evaluate its feasibility using real-world executables including Mosquitto, which relies on the Message Queuing Telemetry Transport (MQTT) protocol for lightweight Internet of Things (IoT) communications. The results show that TOSS is able to create a functional program binary with only desired features and significantly reduce potential attack surface by eliminating undesired protocol/program features.

Hongfa Xue,Yurong Chen,Guru Venkataramani,Tian Lan,Guang Jin,Jason Li

DOI: https://doi.org/10.1145/3243734.3278518

2018-01-01

Abstract:The ongoing expansion and addition of new features in software development bring inefficiency and vulnerabilities into programs, resulting in an increased attack surface with higher possibility of exploitation. Creating customized software systems that contain just-enough features and yet satisfy specific user needs is currently an extremely slow, build-to-order process. In this paper, we propose MORPH, an Interactive Program Feature Customization framework to provide broad capabilities for automated program feature identification and feature customization. Our preliminary results show that MORPH can identify program features at an average accuracy of 92.7% and swiftly generate variations of self-contained, customized programs in an unsupervised fashion.

Hong Zhu,Ian Bayley,Dongmei Liu,Xiaoyu Zheng

DOI: https://doi.org/10.48550/arXiv.1912.09881

2019-12-20

Software Engineering

Abstract:This paper presents an automated tool called Morphy for datamorphic testing. It classifies software test artefacts into test entities and test morphisms, which are mappings on testing entities. In addition to datamorphisms, metamorphisms and seed test case makers, Morphy also employs a set of other test morphisms including test case metrics and filters, test set metrics and filters, test result analysers and test executers to realise test automation. In particular, basic testing activities can be automated by invoking test morphisms. Test strategies can be realised as complex combinations of test morphisms. Test processes can be automated by recording, editing and playing test scripts that invoke test morphisms and strategies. Three types of test strategies have been implemented in Morphy: datamorphism combination strategies, cluster border exploration strategies and strategies for test set optimisation via genetic algorithms. This paper focuses on the datamorphism combination strategies by giving their definitions and implementation algorithms. The paper also illustrates their uses for testing both traditional software and AI applications with three case studies.

Martin Beck,Koustubha Bhat,Lazar Stricevic,Geng Chen,Diogo Behrens,Ming Fu,Viktor Vafeiadis,Haibo Chen,Hermann Haertig

DOI: https://doi.org/10.1145/3575693.3579849

2023-01-01

Abstract:CPUs with weak memory-consistency models (WMMs), such as Arm and RISC-V, are rapidly increasing their market share. Porting legacy x86 applications to such CPUs requires introducing extra synchronization to prevent WMM-related concurrency bugs---a task often left to human experts. Given the rarity of such experts and the enormous size of legacy applications, we develop AtoMig, an effective, fully automated tool for porting large, real-world applications to WMM CPU architectures. AtoMig detects shared memory access patterns with novel static analysis strategies and performs program transformations to properly protect them from WMM effects. In the absence of sufficiently scalable verification methods, AtoMig shows practicality of focusing on code patterns more prone to WMM faults, trading off completeness for scalability. We validate the correctness of AtoMig's transformations on several small concurrent benchmarks via model checking. We demonstrate the scalability and performance of our approach by applying AtoMig to popular real-world large code bases with up to millions of lines of code, viz., MariaDB, Postgres, SQlite, LevelDB, and Memcached. As part of this work, we also found a WMM bug in MariaDB, which AtoMig fixes automatically.

Xiangyu Li,Yihao Zhang,Xiaokun Luan,Xiaoyong Xue,Meng Sun

DOI: https://doi.org/10.1109/qrs-c60940.2023.00075

2023-01-01

Abstract:This paper introduces MedTiny, a streamlined component-based modeling language, evolved from Mediator. Existing modeling languages struggle to provide convenience in expressing recurrent component configurations, which are common in modern large-scale parallel computation models in distributed environments. Furthermore, Mediator frequently conducts repetitive flag manipulations to synchronize between distributed entities. To address these issues, we propose syntactic enhancements, including component array with static foreach iterator and automatic synchronization flag manipulation. These enhancements significantly reduce code size and effectively address the aforementioned problems. After simplification, we successfully incorporate language feature enhancements into MedTiny without compromising its formality. Subsequently, we develop a prototype code generator that targets multi-threaded Python for code execution and PRISM model checker for verification. To demonstrate MedTiny's efficiency, we include a case study on a character counting MapReduce algorithm.

Elaine Cheong,Judith Liebman,Jie Liu,Feng Zhao

DOI: https://doi.org/10.1145/952532.952668

2003-01-01

Abstract:ABSTRACTNetworked embedded systems such as wireless sensor networks are usually designed to be event-driven so that they are reactive and power efficient. Programming embedded systems with multiple reactive tasks is difficult due to the complex nature of managing the concurrency of execution threads and consistency of shared states. This paper describes a globally asynchronous and locally synchronous model (TinyGALS) for programming event-driven embedded systems. Software components are composed locally through synchronous method calls to form modules, and asynchronous message passing is used between modules to separate the flow of control. In addition, a guarded yet synchronous model (TinyGUYS) is designed to allow thread-safe sharing of global state by multiple modules without explicitly passing messages. This programming model is structured such that all asynchronous message passing code and module triggering mechanisms can be automatically generted from a high-level specification. We have implemented the programming model and code generation facilities on a wireless sensor network platform known as the Berkeley motes. As an example, we have redesigned a multi-hop ad hoc communication protocol using the TinyGALS model.

Zhongyu Pei,Xingman Chen,Songtao Yang,Haixin Duan,Chao Zhang

DOI: https://doi.org/10.1109/tdsc.2022.3191693

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Acquiring and analyzing exploits, which take advantage of vulnerabilities to conduct malicious actions, are crucial for victims (and defenders) when responding to system compromising incidents. However, exploits are sensitive and valuable assets that are not available to victims. The most common resource available for victims to investigate is network traffic, which covers the exploitation period. Thus reconstructing exploits from network traffic is demanded. In practice, the reconstruction process is performed manually, thus inefficient and non-scalable. In this article, we present an automated solution TAICHI to reconstruct exploits from network traffic, able to generate replica exploits and facilitate timely incident analysis. By nature, a working exploit has to satisfy (1) path constraints which ensure the program path same as the original exploit's is explored and the same vulnerability is triggered, and (2) exploit constraints which ensure the same exploitation strategy is applied, e.g., to bypass deployed defenses or to stitch multiple gadgets together. We propose a hybrid solution to this problem by integrating techniques including multi-version execution (MVE), dynamic taint analysis (DTA), and concolic execution. We have implemented a prototype of TAICHI on x86 and x86-64 Linux and tested it on the Cyber Grand Challenge (CGC) dataset, several Capture the Flag (CTF) challenges, and Metasploit exploit modules targeting real world applications. The evaluation results showed that TAICHI could reconstruct exploits efficiently with a high success rate. Moreover, it could be applied to production environments without disrupting running services, and could reconstruct exploits even if only one round of exploitation traffic is available.

Lin Yan,Tao Feng,Gang Chen,Yao Guo,Xiangqun Chen

2011-01-01

Abstract:With the development of Internet of Things (IoT) in recent years, Web protocols have been adopted as a key communication method, thus IoT evolves into Web of Things (WoT). Different web service implementations have been proposed to provide a standard framework to connect heterogenous devices in WoT. However, most of the existing efforts focus only on providing device-level web services, making it difficult for programmers to develop complicated applications. This paper proposes an application-oriented programming supporting framework for WoT called MiWoT, which provides a uniform framework to hide the heterogeneity of smart devices. In order to enhance programming support of WoT applications, MiWoT also provides a highlevel application-oriented device abstraction interface, which allows developers great flexibility and simplicity to develop applications. We build a prototype of MiWoT in a SmartLab project and show its feasibility through a case study.

Fengling Zhang,Lei Bu,Linzhang Wang,Jianhua Zhao,Xin Chen,Tian Zhang,Xuandong Li

DOI: https://doi.org/10.1016/j.entcs.2013.09.001

2013-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Wireless Sensor Networks (WSNs) are widely used in different kinds of environments. They may encounter lots of stochastic uncertainties and disturbances like message loss and node dynamics. Thus, it is critical to ensure the correctness of low level protocols in WSNs and evaluate their performance under different circumstances. In this paper, we propose a new method to analyze and evaluate WSN protocols based on stochastic timed automata and statistical model checking. For modeling, the work flow of a WSN protocol can be modeled with classical timed automata. Then, to model the uncertainties such as message loss and node dynamics, which are common in realistic circumstances, the timed automata can be extended by stochastic transitions, resulting in the stochastic timed automata. For analysis, the correctness of the protocol can be answered by classical model checking on the timed automata, while the performance of the protocol under realistic environments can be evaluated by statistical model checking on the stochastic model. To illustrate the feasibility and scalability of the modeling and verification method presented in this paper, Timing-sync Protocol for Sensor Networks (TPSN) will be studied completely throughout the paper.

Wei Dong,Luyao Luo,Chun Chen,Jiajun Bu,Xue Liu,Yunhao Liu

DOI: https://doi.org/10.1109/tpds.2016.2542815

IF: 5.3

2016-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Detecting and diagnosing anomalies in networked embedded systems like sensor networks is a very difficult task, due to the variable workloads and severe resource constraints. We notice that most node-level debugging tools can provide detailed program information inside the node but fail to detect when and where a problem occurs in the network. On the other hand, most network-level diagnosis tools can effectively detect a problem from the network but fail to narrow down the problem within the node because they lack detailed program information. To close the gap, we propose D2, a new anomaly detection and diagnosis method by combining program profiling and symptom mining. D2 employs binary instrumentation to perform lightweight function count profiling. Based on the statistics, D2 uses PCA (Principal Component Analysis) based approach for automatically detecting network anomalies. Compared to previous methods, D2 is able to point programmers closer to the most likely causes by a novel approach combining statistical tests and program call graph analysis. We implement our method based on TinyOS 2.1.1 and evaluate its effectiveness by case studies in the development of a working sensor network. Results show that our method is effective for detecting and diagnosing problems in real-world sensor network systems, and at the same time, incurs an acceptable overhead.