Cuckoo: a Language for Implementing Memory- and Thread-safe System Services

This paper is centered around the design of a thread- and memory-safe language, primarily for the compilation of application-specific services for extensible operating systems. We describe various issues that have influenced the design of our language, called Cuckoo, that guarantees safety of programs with potentially asynchronous flows of control. Comparisons are drawn between Cuckoo and related software safety techniques, including Cyclone and software-based fault isolation (SFI), and performance results suggest our prototype compiler is capable of generating safe code that executes with low runtime overheads, even without potential code optimizations. Compared to Cyclone, Cuckoo is able to safely guard accesses to memory when programs are multithreaded. Similarly, Cuckoo is capable of enforcing memory safety in situations that are potentially troublesome for techniques such as SFI

‘QoS Safe ’ Kernel Extensions for Real-Time Resource Management

General-purpose operating systems are ill-equipped to meet the quality of service (QoS) requirements of complex real-time applications. Consequently, many classes of realtime applications have either been carefully developed to compensate for inadequate system support, or they have been developed to run on special purpose systems. This paper focuses on a safe extension architecture for general purpose systems, to allow applications to customize the behavior of the system for their individual needs. Using Linux as the basis for our work, we describe how application programmers can safely incorporate ‘service extensions ’ into the kernel, so that application-specific QoS guarantees can be provided. We introduce the notion of ‘QoS safety’, which is concerned with meeting the QoS constraints of applications while maintaining system integrity. Our safe extension architecture supports the dynamiclinking of code into the address space of the kernel, to affect service management decisions. Extensions are written in a type-safe language, to monitor and adapt resource usage on behalf of specific applications. Experimental results show that safe kernel extensions can lead to fewer service violations (and, hence, better qualities of service) for realtime tasks, compared to user-level methods that monitor and adapt system resources. 1