Yajin Zhou,Xiaoguang Wang,Yue Chen,Zhi Wang

DOI: https://doi.org/10.1145/2660267.2660344

2014-01-01

Abstract:Software fault isolation (SFI) is an effective mechanism to confine untrusted modules inside isolated domains to protect their host applications. Since its debut, researchers have proposed different SFI systems for many purposes such as safe execution of untrusted native browser plugins. However, most of these systems focus on the x86 architecture. In recent years, ARM has become the dominant architecture for mobile devices and gains in popularity in data centers. Hence there is a compelling need for an efficient SFI system for the ARM architecture. Unfortunately, existing systems either have prohibitively high performance overhead or place various limitations on the memory layout and instructions of untrusted modules.In this paper, we propose ARMlock, a hardware-based fault isolation for ARM. It uniquely leverages the memory domain support in ARM processors to create multiple sandboxes. Memory accesses by the untrusted module (including read, write, and execution) are strictly confined by the hardware, and instructions running inside the sandbox execute at the same speed as those outside it. ARMlock imposes virtually no structural constraints on untrusted modules. For example, they can use self-modifying code, receive exceptions, and make system calls. Moreover, system calls can be interposed by ARMlock to enforce the policies set by the host. We have implemented a prototype of ARMlock for Linux that supports the popular ARMv6 and ARMv7 sub-architecture. Our security assessment and performance measurement show that ARMlock is practical, effective, and efficient.

Yu Wang,Junjing Shi,Linzhang Wang,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1145/2875913.2875943

2015-01-01

Abstract:Interrupt-driven programs are often embedded in safety-critical systems to perform hardware/resource dependent data operation tasks, such as data acquisition, processing, and transformation. The interrupt programs and tasks may happen in parallel which in a result causes indeterminist concurrent problems at runtime. Data race is one of the most popular problems challenging researchers and practitioners. Various static analysis, software testing approaches have been proposed to detect data races in source code, testing, and even production run. However, static analysis may report too many false positives due to the lack of execution information. Dynamic testing may miss some important races since it could not generate adequate test cases to test all possible execution scenarios. In this paper, we propose a hybrid approach to detect data races in interrupt-driven programs based on static analysis and dynamic simulation. We implemented a prototype tool and conducted a controlled experiment to demonstrate the applicability of our approach.

Yun Liang,Huping Ding,Tulika Mitra,Abhik Roychoudhury,Yan Li,Vivy Suhendra

DOI: https://doi.org/10.1007/s11241-012-9160-2

2012-01-01

Real-Time Systems

Abstract:Memory accesses form an important source of timing unpredictability. Timing analysis of real-time embedded software thus requires bounding the time for memory accesses. Multiprocessing, a popular approach for performance enhancement, opens up the opportunity for concurrent execution. However due to contention for any shared memory by different processing cores, memory access behavior becomes more unpredictable, and hence harder to analyze. In this paper, we develop a timing analysis method for concurrent software running on multi-cores with a shared instruction cache. Communication across tasks is by message passing. Our method progressively improves the lifetime estimates of tasks that execute concurrently on multiple cores, in order to estimate potential conflicts in the shared cache. Possible conflicts arising from overlapping task lifetimes are accounted for in the hit-miss classification of accesses to the shared cache, to provide safe execution time bounds. We show that our method produces lower worst-case response time (WCRT) estimates than existing shared-cache analysis on a real-world embedded application. Furthermore, we also exploit instruction cache locking to improve WCRT. By locking some beneficial memory blocks into L1 cache, the WCET of the tasks and L2 cache conflicts are reduced, resulting in better WCRT. Experiments demonstrate that significant WCRT reduction is achieved through cache locking.

J. Chang,Xidong Wang

2002-01-01

Abstract:Commercial workloads such as databases and web servers are the dominant applications running on shared-memory multiprocessors. These multithreaded programs use synchronization mechanisms (often locks) to ensure serialized access of shared data, leading to a potential performance bottleneck. Speculative Lock Elision (SLE) [2] technique has demonstrated that hardware optimization can remove many lock-induced serializations by speculative execution. As this technique is evaluated only against scientific workloads without the presence of operating system, it’ s an open question to what extent SLE can improve the performance of commercial workloads whose lock behavior can be different, and whether SLE can be easily implemented when context switches among multiple threads can be complicated and hard-to-recognize in hardware level. This report characterizes the lock behavior of three classes of commercial workloads, online transaction processing (OLTP), web server (Apache), and Java business middleware (SpecJBB). Traces generated by a full-system simulator (Simics) and a detailed memory system timing-model (Ruby) are used to determine the size and frequency of critical sections, the size and frequency of lock-free sections, and the amount of lock contentions. We observe that lock contentions in commercial workloads are not significant, suggesting little performance improvement can be achieved if not applying more sophisticated hardware optimizations. We also realize that identifying thread switching is not an easy issue but really necessary to implement speculation correctly. The significant amount of kernel locks and the different behavior they demonstrate also indicate that further investigations must not ignore kernel behavior. Lock Behavior Characterization of Commercial Workloads CS/ECE 757 Project Report May 14, 2002 2

Huping Ding,Yun Liang,Tulika Mitra

DOI: https://doi.org/10.1145/2463209.2488916

2013-01-01

Abstract:Cache locking improves timing predictability at the cost of performance. We explore a novel approach that opportunistically employs both cache analysis and locking to enhance schedulability in preemptive multi-tasking real-time systems. The cache is spatially shared among the tasks by statically locking a portion of the cache per task. To overcome the issue of limited cache space per task, we keep a portion of the cache unlocked and let all the tasks use it through time-multiplexing. Compared to locking the entire cache for each task during execution, our approach obviates the cost of reloading locked blocks at preemption. But we require static cache analysis for WCET estimation and cache related preemption delay (CRPD) analysis of the unlocked cache space. We design an algorithm to make appropriate locking decisions through accurate cost-benefit analysis. Experimental results show that our integrated approach leads to substantially improved schedulability results compared to cache analysis and cache locking employed individually.

Zehan Cui,Licheng Chen,Wenli Zhang,Yungang Bao,Mingyu Chen,Yongbing Huang

DOI: https://doi.org/10.1145/2370816.2370854

2012-09-19

Abstract:Multithreaded programming relies on locks to ensure the consistency of shared data. Lock contention is the main reason of low parallel efficiency and poor scalability of multithreaded programs. Lock profiling is the primary approach to detect lock contention. Prior lock profiling tools are able to track lock behaviors but directly store profiling data into local memory regardless of the memory interference on targeted programs.

Computer Science,Engineering

Evan Galea,Naser Ezzati-Jivan,M. Dagenais,Majid Rezazadeh

DOI: https://doi.org/10.1109/ISSREW51248.2020.00068

2020-10-01

Abstract:multi-threaded programming is a near-universal architecture in modern computer systems. Thread based programs usually utilize locks to coordinate access to shared resources. However, contention for locks can reduce parallel efficiency and degrade scalability.In this paper, we propose an execution-trace based method to analyze lock contention problems, without requiring an application’s source code. Our methodology uses dynamic analysis through execution tracing, running in several levels of the system to collect detailed runtime data. We combine it with an extended critical path algorithm which allows us to identify locking issues occurring in userspace. The result is a framework that is able to diagnose all contention issues while adding minimal impact on the system. We propose new views and structures to model and visualize collected data, giving programmers powerful comprehension tools to address contention issues.

Computer Science

Yan Cui,Yingxin Wang,Yu Chen,Yuanchun Shi,Wei Han,Xin Liao,Fei Wang

DOI: https://doi.org/10.1109/mascots.2012.42

2012-01-01

Abstract:In response to the increasing ubiquity of multicore processors, there has been widespread development of multithreaded applications that strive to realize their full potential. Unfortunately, lock contention within operating systems can limit the scalability of multicore systems so severely that an increase in the number of cores can actually lead to reduced performance (i.e. scalability collapse). Existing lock implementations have disadvantages in scalability, resource utilization and energy efficiency. In this work, we observe that the number of tasks requesting a lock has a significant correlation with the occurrence of scalability collapse. Based on this observation, we propose a novel lock implementation that allows tasks blocked on a lock to either spin or maintain a power-saving state according to the number of lock requesters. We call our lock implementation protocol a requester-based lock and implement it in the Linux kernel to replace its default spin lock. Based on the results of an analysis, we find that the best policy for a task waiting for a lock to become free is to enter the power saving state immediately after noticing that the lock cannot be acquired. Our lock-requester based lock scheme is evaluated using micro- and macro-benchmarks on AMD 32-core and Intel 40-core systems. Experimental results indicate our lock scheme removes scalability collapse completely for most applications. Furthermore, our method shows better scalability and energy efficiency than mutex locks and adaptive locks.

Yan Cui,Yingxin Wang,Yu Chen,Yuanchun Shi

DOI: https://doi.org/10.1109/TPDS.2014.2308220

2015-01-01

Abstract:Spin lock contention in operating systems can limit scalability on multicore systems so significantly that an increase in the number of cores actually leads to reduced speedup (i.e., scalability collapse). Modeling spin lock contention is an effective way to understand the scalability collapse phenomenon and explore collapse avoidance schemes. However, previous spin lock models have disadvantages in accuracy and efficiency. To overcome these drawbacks, this paper proposes LockSim, an event-driven simulator which models both the sequential execution in lock-protected codes (i.e., critical sections) and shared hardware resource contention caused by the cache coherence protocol. Our simulator is verified against real-world workloads with different degrees of spin lock contention. Experimental results suggest that LockSim can reproduce the scalability collapse phenomenon with better accuracy than previous work. Besides, several metrics are also used to characterize this phenomenon and collapse avoidance methods are investigated.

Robert J. Colvin,Ian J. Hayes,Scott Heiner,Peter Höfner,Larissa Meinicke,Roger C. Su

2024-07-30

Abstract:Developers of low-level systems code providing core functionality for operating systems and kernels must address hardware-level features of modern multicore architectures. A particular feature is pipelined "out-of-order execution" of the code as written, the effects of which are typically summarised as a "weak memory model" - a term which includes further complicating factors that may be introduced by compiler optimisations. In many cases, the nondeterminism inherent in weak memory models can be expressed as micro-parallelism, i.e., parallelism within threads and not just between them. Fortunately Jones' rely/guarantee reasoning provides a compositional method for shared-variable concurrency, whether that be in terms of communication between top-level threads or micro-parallelism within threads. In this paper we provide an in-depth verification of the lock algorithm used in the seL4 microkernel, using rely/guarantee to handle both interthread communication as well as micro-parallelism introduced by weak memory models.

Logic in Computer Science

Huping Ding,Yun Liang,Tulika Mitra

DOI: https://doi.org/10.7873/date2014.040

2014-01-01

Abstract:Cache locking is an effective technique to improve timing predictability in real-time systems. In static cache locking, the locked memory blocks remain unchanged throughout the program execution. Thus static locking may not be effective for large programs where multiple memory blocks are competing for few cache lines available for locking. In comparison, dynamic cache locking overcomes cache space limitation through time-multiplexing of locked memory blocks. Prior dynamic locking technique partitions the program into regions and takes independent locking decisions for each region. We propose a flexible loop-based dynamic cache locking approach. We not only select the memory blocks to be locked but also the locking points (e.g., loop level). We judiciously allow memory blocks from the same loop to be locked at different program points for WCET improvement. We design a constraint-based approach that incorporates a global view to decide on the number of locking slots at each loop entry point and then select the memory blocks to be locked for each loop. Experimental evaluation shows that our dynamic cache locking approach achieves substantial improvement of WCET compared to prior techniques.

Mathias Payer,Antonio Barresi,Thomas R. Gross

DOI: https://doi.org/10.3929/ethz-a-010171214

2014-07-02

Abstract:Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI) is a promising defense mechanism that restricts open control-flow transfers to a static set of well-known locations. We present Lockdown, an approach to dynamic CFI that protects legacy, binary-only executables and libraries. Lockdown adaptively learns the control-flow graph of a running process using information from a trusted dynamic loader. The sandbox component of Lockdown restricts interactions between different shared objects to imported and exported functions by enforcing fine-grained CFI checks. Our prototype implementation shows that dynamic CFI results in low performance overhead.

Cryptography and Security,Programming Languages

Huping Ding,Yun Liang,Tulika Mitra

DOI: https://doi.org/10.1145/2228360.2228434

2012-01-01

Abstract:Caches play an important role in embedded systems by bridging the performance gap between high speed processors and slow memory. At the same time, caches introduce imprecision in Worst-case Execution Time (WCET) estimation due to unpredictable access latencies. Modern embedded processors often include cache locking mechanism for better timing predictability. As the cache contents are statically known, memory access latencies are predictable, leading to precise WCET estimate. Moreover, by carefully selecting the memory blocks to be locked, WCET estimate can be reduced compared to cache modeling without locking. Existing static instruction cache locking techniques strive to lock the entire cache to minimize the WCET. We observe that such aggressive locking mechanisms may have negative impact on the overall WCET as some memory blocks with predictable access behavior get excluded from the cache. We introduce a partial cache locking mechanism that has the flexibility to lock only a fraction of the cache. We judiciously select the memory blocks for locking through accurate cache modeling that determines the impact of the decision on the program WCET. Our synergistic cache modeling and locking mechanism achieves substantial reduction in WCET for a large number of embedded benchmark applications.

Yun Liang,Tulika Mitra,Lei Ju

DOI: https://doi.org/10.1109/tcad.2015.2418320

IF: 2.9

2015-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:The performance of most embedded systems is critically dependent on the average memory access latency. Improving the cache hit rate can have significant positive impact on the performance of an application. Modern embedded processors often feature cache locking mechanisms that allow memory blocks to be locked in the cache under software control. Cache locking was primarily designed to offer timing predictability for hard real-time applications. Hence, the compiler optimization techniques focus on employing cache locking to improve worst-case execution time. However, cache locking can be quite effective in improving the average-case execution time of general embedded applications as well. In this paper, we explore static instruction cache locking to improve average-case program performance. We introduce temporal reuse profile to accurately and efficiently model the cost and benefit of locking memory blocks in the cache. We propose an optimal algorithm and a heuristic approach that use the temporal reuse profile to determine the most beneficial memory blocks to be locked in the cache. Experimental results show that locking heuristic achieves close to optimal results and can improve the cache miss rate by up to 24% across a suite of real-world benchmarks. Moreover, our heuristic provides significant improvement compared to the state-of-the-art locking algorithm both in terms of performance and efficiency.

Yun Liang,Tulika Mitra

DOI: https://doi.org/10.1145/1450135.1450159

2008-01-01

Abstract:Application-specific system-on-chip platforms create the opportunity to customize the cache configuration for optimal performance with minimal chip estate. Simulation, in particular trace-driven simulation, is widely used to estimate cache hit rates. However, simulation is too slow to be deployed in the design space exploration, specially when it involves hundreds of design points and huge traces or long program execution. In this paper, we propose a novel static analysis technique for rapid and accurate design space exploration of instruction caches. Given the program control flow graph (CFG) annotated only with basic block and control flow edge execution counts, our analysis estimates the hit rates for multiple cache configurations in one pass. We achieve this by modeling the cache states at each node of the CFG in probabilistic manner and exploiting the structural similarities among related cache configurations. Experimental results indicate that our analysis is 24--3,855 times faster compared to the fastest known cache simulator while maintaining high accuracy (0.7% average error), in predicting hit rates for popular embedded benchmarks.

Sanjana Singh,Divyanjali Sharma,Subodh Sharma

DOI: https://doi.org/10.48550/arXiv.2103.01553

2021-03-02

Programming Languages

Abstract:We investigate the problem of runtime analysis of C11 programs under Multi-Copy-Atomic semantics (MCA). Under MCA, one can analyze program outcomes solely through interleaving and reordering of thread events. As a result, obtaining intuitive explanations of program outcomes becomes straightforward. Newer versions of ARM (ARMv8 and later), Alpha, and Intel's x-86 support MCA. Our tests reveal that state-of-the-art dynamic verification techniques that analyze program executions under the C11 memory model generate safety property violations that can be interpreted as false alarms under MCA semantics. Sorting the true from false violations puts an undesirable burden on the user. In this work, we provide a dynamic verification technique (MoCA) to analyze C11 program executions which are permitted under the MCA model. We design a happens-before relation and introduce coherence rules to capture precisely those C11 program executions which are allowed under the MCA model. MoCA's exploration of the state-space is based on the state-of-the-art dynamic verification algorithm, source-DPOR. Our experiments validate that MoCA captures all coherent C11 program executions, and is precise for the MCA model.

Thomas Sewell,Felix Kam,Gernot Heiser

DOI: https://doi.org/10.1007/s11241-017-9286-3

2017-07-27

Abstract:Worst-case execution time (WCET) analysis of real-time code needs to be performed on the executable binary code for soundness. Obtaining tight WCET bounds requires determination of loop bounds and elimination of infeasible paths. The binary code, however, lacks information necessary to determine these bounds. This information is usually provided through manual intervention, or preserved in the binary by a specially modified compiler. We propose an alternative approach, using an existing translation-validation framework, to enable high-assurance, automatic determination of loop bounds and infeasible paths. We show that this approach automatically determines all loop bounds and many (possibly all) infeasible paths in the seL4 microkernel, as well as in standard WCET benchmarks which are in the language subset of our C parser. We also design and validate an improvement to the seL4 implementation, which permits a key part of the kernel’s API to be available to users in a mixed-criticality setting.

computer science, theory & methods

Joel Ouaknine,Hristina Palikareva,A. W. Roscoe,James Worrell

DOI: https://doi.org/10.2168/LMCS-9%283%3A24%292013

2013-09-27

Abstract:In a process algebra with hiding and recursion it is possible to create processes which compute internally without ever communicating with their environment. Such processes are said to diverge or livelock. In this paper we show how it is possible to conservatively classify processes as livelock-free through a static analysis of their syntax. In particular, we present a collection of rules, based on the inductive structure of terms, which guarantee livelock-freedom of the denoted process. This gives rise to an algorithm which conservatively flags processes that can potentially livelock. We illustrate our approach by applying both BDD-based and SAT-based implementations of our algorithm to a range of benchmarks, and show that our technique in general substantially outperforms the model checker FDR whilst exhibiting a low rate of inconclusive results.

Logic in Computer Science

Yan Cui,Yu Chen,Yuanchun Shi

DOI: https://doi.org/10.1145/1996029.1996033

2011-01-01

Abstract:Multicore processors have been ubiquitously used in various computing environments. To achieve the performance potential on multicores, applications are often designed to be multithreaded, therefore threads assigned on different cores can execute in parallel. However, the lock contention in operating systems can degrade the scalability of applications so seriously that the overall throughput decreases with the increasing number of cores (lock thrashing) even if there is no data sharing in applications. Many classical solutions have been widely known as the most effective ways to reduce the lock contention. However, the effectiveness of these methods in reducing lock thrashing on large scale multicores is not well known. Therefore, we choose three popular lock thrashing avoidance methods (mutex lock, adaptive mutex lock and scalable spinlock) to explore the answer and investigate how effective they are. Evaluation results using both micro- and macro-benchmarks on an AMD 32-core platform indicate that although different methods can reduce the lock thrashing to different extents, there is still plenty of room for improvement. Further, we analyze the lock characteristics of four different workloads using a discrete event simulation model. Using our observations, we propose a new, adaptive parallel lock (APlock). APlock has the ability of tuning the number of cores waiting for a lock adaptively, aiming to minimize lock thrashing on multicores.

Hao Wu,Zhenzhou Ji,Suxia Zhu

DOI: https://doi.org/10.3969/j.issn.0372-2112.2013.11.003

2013-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Lock-based synchronization may become a performance bottleneck which limits the concurrency in shared-memory machines. In order to solve this problem, a lock-free synchronization algorithm based on hardware CAS (Compare And Swap) primitive is proposed in this paper. In the proposed method, compare and swap instruction provided by underlying processor is used to implement non-blocking synchronization for shared variables in multi-core or multi-thread environment. Global mark value is introduced to avoid performance overhead caused by bits reservation of memory word in the traditional design, and guarantee the consistency. Theoretical analysis and experimental results show that the proposed method can efficiently support arbitary multi-word CAS synchronization, improve the concurrent access performance and provide good scalability.