Multi-core devices for safety-critical systems: a survey

Multi-core devices are envisioned to support the development of next-generation safety-critical systems, enabling the on-chip integration of functions of different criticality. This integration provides multiple system-level potential benefits such as cost, size, power, and weight reduction. However, safety certification becomes a challenge and several fundamental safety technical requirements must be addressed, such as temporal and spatial independence, reliability, and diagnostic coverage. This survey provides a categorization and overview at different device abstraction levels (nanoscale, component, and device) of selected key research contributions that support the compliance with these fundamental safety requirements.This work has been partially supported by the Spanish Ministry of Economy and Competitiveness under grant TIN2015-65316-P, Basque Government under grant KK-2019-00035 and the HiPEAC Network of Excellence. The Spanish Ministry of Economy and Competitiveness has also partially supported Jaume Abella under Ramon y Cajal postdoctoral fellowship (RYC-2013-14717).Peer ReviewedPostprint (author's final draft

Adaptive Transactional Memories: Performance and Energy Consumption Tradeoffs

Energy efficiency is becoming a pressing issue, especially in large data centers where it entails, at the same time, a non-negligible management cost, an enhancement of hardware fault probability, and a significant environmental footprint. In this paper, we study how Software Transactional Memories (STM) can provide benefits on both power saving and the overall applications’ execution performance. This is related to the fact that encapsulating shared-data accesses within transactions gives the freedom to the STM middleware to both ensure consistency and reduce the actual data contention, the latter having been shown to affect the overall power needed to complete the application’s execution. We have selected a set of self-adaptive extensions to existing STM middlewares (namely, TinySTM and R-STM) to prove how self-adapting computation can capture the actual degree of parallelism and/or logical contention on shared data in a better way, enhancing even more the intrinsic benefits provided by STM. Of course, this benefit comes at a cost, which is the actual execution time required by the proposed approaches to precisely tune the execution parameters for reducing power consumption and enhancing execution performance. Nevertheless, the results hereby provided show that adaptivity is a strictly necessary requirement to reduce energy consumption in STM systems: Without it, it is not possible to reach any acceptable level of energy efficiency at all

Leveraging Non-Volatile Memory in Modern Storage Management Architectures

Non-volatile memory technologies (NVM) introduce a novel class of devices that combine characteristics of both storage and main memory. Like storage, NVM is not only persistent, but also denser and cheaper than DRAM. Like DRAM, NVM is byte-addressable and has lower access latency. In recent years, NVM has gained a lot of attention both in academia and in the data management industry, with views ranging from skepticism to over excitement. Some critics claim that NVM is not cheap enough to replace flash-based SSDs nor is it fast enough to replace DRAM, while others see it simply as a storage device. Supporters of NVM have observed that its low latency and byte-addressability requires radical changes and a complete rewrite of storage management architectures. This thesis takes a moderate stance between these two views. We consider that, while NVM might not replace flash-based SSD or DRAM in the near future, it has the potential to reduce the gap between them. Furthermore, treating NVM as a regular storage media does not fully leverage its byte-addressability and low latency. On the other hand, completely redesigning systems to be NVM-centric is impractical. Proposals that attempt to leverage NVM to simplify storage management result in completely new architectures that face the same challenges that are already well-understood and addressed by the traditional architectures. Therefore, we take three common storage management architectures as a starting point, and propose incremental changes to enable them to better leverage NVM. First, in the context of log-structured merge-trees, we investigate the impact of storing data in NVM, and devise methods to enable small granularity accesses and NVM-aware caching policies. Second, in the context of B+Trees, we propose to extend the buffer pool and describe a technique based on the concept of optimistic consistency to handle corrupted pages in NVM. Third, we employ NVM to enable larger capacity and reduced costs in a index+log key-value store, and combine it with other techniques to build a system that achieves low tail latency. This thesis aims to describe and evaluate these techniques in order to enable storage management architectures to leverage NVM and achieve increased performance and lower costs, without major architectural changes.:1 Introduction 1.1 Non-Volatile Memory 1.2 Challenges 1.3 Non-Volatile Memory & Database Systems 1.4 Contributions and Outline 2 Background 2.1 Non-Volatile Memory 2.1.1 Types of NVM 2.1.2 Access Modes 2.1.3 Byte-addressability and Persistency 2.1.4 Performance 2.2 Related Work 2.3 Case Study: Persistent Tree Structures 2.3.1 Persistent Trees 2.3.2 Evaluation 3 Log-Structured Merge-Trees 3.1 LSM and NVM 3.2 LSM Architecture 3.2.1 LevelDB 3.3 Persistent Memory Environment 3.4 2Q Cache Policy for NVM 3.5 Evaluation 3.5.1 Write Performance 3.5.2 Read Performance 3.5.3 Mixed Workloads 3.6 Additional Case Study: RocksDB 3.6.1 Evaluation 4 B+Trees 4.1 B+Tree and NVM 4.1.1 Category #1: Buffer Extension 4.1.2 Category #2: DRAM Buffered Access 4.1.3 Category #3: Persistent Trees 4.2 Persistent Buffer Pool with Optimistic Consistency 4.2.1 Architecture and Assumptions 4.2.2 Embracing Corruption 4.3 Detecting Corruption 4.3.1 Embracing Corruption 4.4 Repairing Corruptions 4.5 Performance Evaluation and Expectations 4.5.1 Checksums Overhead 4.5.2 Runtime and Recovery 4.6 Discussion 5 Index+Log Key-Value Stores 5.1 The Case for Tail Latency 5.2 Goals and Overview 5.3 Execution Model 5.3.1 Reactive Systems and Actor Model 5.3.2 Message-Passing Communication 5.3.3 Cooperative Multitasking 5.4 Log-Structured Storage 5.5 Networking 5.6 Implementation Details 5.6.1 NVM Allocation on RStore 5.6.2 Log-Structured Storage and Indexing 5.6.3 Garbage Collection 5.6.4 Logging and Recovery 5.7 Systems Operations 5.8 Evaluation 5.8.1 Methodology 5.8.2 Environment 5.8.3 Other Systems 5.8.4 Throughput Scalability 5.8.5 Tail Latency 5.8.6 Scans 5.8.7 Memory Consumption 5.9 Related Work 6 Conclusion Bibliography A PiBenc

Towards Implicit Parallel Programming for Systems

Multi-core processors require a program to be decomposable into independent parts that can execute in parallel in order to scale performance with the number of cores. But parallel programming is hard especially when the program requires state, which many system programs use for optimization, such as for example a cache to reduce disk I/O. Most prevalent parallel programming models do not support a notion of state and require the programmer to synchronize state access manually, i.e., outside the realms of an associated optimizing compiler. This prevents the compiler to introduce parallelism automatically and requires the programmer to optimize the program manually. In this dissertation, we propose a programming language/compiler co-design to provide a new programming model for implicit parallel programming with state and a compiler that can optimize the program for a parallel execution. We define the notion of a stateful function along with their composition and control structures. An example implementation of a highly scalable server shows that stateful functions smoothly integrate into existing programming language concepts, such as object-oriented programming and programming with structs. Our programming model is also highly practical and allows to gradually adapt existing code bases. As a case study, we implemented a new data processing core for the Hadoop Map/Reduce system to overcome existing performance bottlenecks. Our lambda-calculus-based compiler automatically extracts parallelism without changing the program's semantics. We added further domain-specific semantic-preserving transformations that reduce I/O calls for microservice programs. The runtime format of a program is a dataflow graph that can be executed in parallel, performs concurrent I/O and allows for non-blocking live updates

Towards Implicit Parallel Programming for Systems

Multi-core processors require a program to be decomposable into independent parts that can execute in parallel in order to scale performance with the number of cores. But parallel programming is hard especially when the program requires state, which many system programs use for optimization, such as for example a cache to reduce disk I/O. Most prevalent parallel programming models do not support a notion of state and require the programmer to synchronize state access manually, i.e., outside the realms of an associated optimizing compiler. This prevents the compiler to introduce parallelism automatically and requires the programmer to optimize the program manually. In this dissertation, we propose a programming language/compiler co-design to provide a new programming model for implicit parallel programming with state and a compiler that can optimize the program for a parallel execution. We define the notion of a stateful function along with their composition and control structures. An example implementation of a highly scalable server shows that stateful functions smoothly integrate into existing programming language concepts, such as object-oriented programming and programming with structs. Our programming model is also highly practical and allows to gradually adapt existing code bases. As a case study, we implemented a new data processing core for the Hadoop Map/Reduce system to overcome existing performance bottlenecks. Our lambda-calculus-based compiler automatically extracts parallelism without changing the program's semantics. We added further domain-specific semantic-preserving transformations that reduce I/O calls for microservice programs. The runtime format of a program is a dataflow graph that can be executed in parallel, performs concurrent I/O and allows for non-blocking live updates

Composing Systemic Aspects into Component-Oriented DOC Middleware

The advent and maturation of component-based middleware frameworks have sim-plified the development of large-scale distributed applications by separating system devel-opment and configuration concerns into different aspects that can be specified and com-posed at various stages of the application development lifecycle. Conventional component middleware technologies, such as J2EE [73] and .NET [34], were designed to meet the quality of service (QoS) requirements of enterprise applications, which focus largely on scalability and reliability. Therefore, conventional component middleware specifications and implementations are not well suited for distributed real-time and embedded (DRE) ap-plications with more stringent QoS requirements, such as low latency/jitter, timeliness, and online fault recovery. In the DRE system development community, a new generation of enhanced commercial off-the-shelf (COTS) middleware, such as Real-time CORBA 1.0 (RT-CORBA)[39], is increasingly gaining acceptance as (1) the cost and time required to develop and verify DRE applications precludes developers from implementing complex DRE applications from scratch and (2) implementations of standard COTS middleware specifications mature and encompass key QoS properties needed by DRE systems. However, although COTS middleware standardizes mechanisms to configure and control underlying OS support for an application’s QoS requirements, it does not yet provide sufficient abstractions to separate QoS policy configurations such as real-time performance requirements, from application functionality. Developers are therefore forced to configure QoS policies in an ad hoc way, and the code to configure these policies is often scattered throughout and tangled with other parts of a DRE system. As a result, it is hard for developers to configure, validate, modify, and evolve complex DRE systems consistently. It is therefore necessary to create a new generation of QoS-enabled component middleware that provides more comprehensive support for addressing QoS-related concerns modularly, so that they can be introduced and configured as separate systemic aspects. By analyzing and identifying the limitations of applying conventional middleware technologies for DRE applications, this dissertation presents a new design and its associated techniques for enhancing conventional component-oriented middleware to provide programmability of DRE relevant real-time QoS concerns. This design is realized in an implementation of the standard CORBA Component Model (CCM) [38], called the Component-Integrated ACE ORB (CIAO). This dissertation also presents both architectural analysis and empirical results that demonstrate the effectiveness of this approach. This dissertation provides three contributions to the state of the art in composing systemic behaviors into component middleware frameworks. First, it illustrates how component middleware can simplify development and evolution of DRE applications while ensuring stringent QoS requirements by composing systemic QoS aspects. Second, it contributes to the design and implementation of QoS-enabled CCM by analyzing and documenting how systemic behaviors can be composed into component middleware. Finally, it presents empirical and analytical results to demonstrate the effectiveness and the advantage of composing systemic behaviors in component middleware. The work in this dissertation has a broader impact beyond the CCM in which it was developed, as it can be applied to other component-base middleware technologies which wish to support DRE applications

A layered approach to improving Blockchain systems security

During the past several years, blockchain systems have gained a lot of traction and adoption, with during peak periods, the total capitalisation of these systems exceeding 2 trillion. Given the permissionless nature of blockchain systems and their large scope in terms of software - e.g. distributed consensus, untrusted program execution - numerous attack vectors need to be studied, understood and protected against for blockchain systems to be able to deliver their promises of a safer financial system. In this thesis, we study and contribute to improving the security of various parts of the blockchain stack, from the execution to the application layer. We start with one of the lowest layers of the Ethereum blockchain stack, the EVM, and study the resource metering mechanism that is used to limit the total amount of resources that can be consumed by a smart contract. We discover inconsistencies in the metering mechanism and show and responsibly disclose that it would have been possible to execute transactions that would result in a denial of service attack on the Ethereum blockchain. Our findings were part of the motivation of Ethereum for changing some of its gas metering mechanisms. We then broaden our analysis to other blockchain systems and study how different fee mechanisms affect the transactional throughput as well as the usage of the blockchain. We discover that low fees, which are in theory attractive to users, can lead to a lot of spam. We find that for two of the blockchain we analyse, EOS and Ripple, this type of spam leads to system outages where the blockchain is unable to process transactions. Finally, we find that a common motivation for spam transactions is to artificially inflate the activity of the application layer, through wash-trading for example. In the last main chapter of this thesis, we move to the application layer and turn our focus on decentralised finance (DeFi) ecosystem, which is one of the most prevalent types of application implemented on top of blockchain systems. We start by giving formal definitions of the different types of security, namely technical and economic security. With that definition in mind, in the first part of this chapter, we study technical security exploits and develop an automated tool to detect on-chain exploits. We find that the majority of the exploits found through techniques such as program analysis are not exploited in practice, either because of the lack of feasibility of the exploit or because of the lack of economic incentive to do so. In the second part of this chapter, we focus on economic security and study the liquidation mechanism that is used to protect the users of DeFi lending protocols. We highlight how the efficiency of the liquidations has increased over time, and how depegging events of stablecoin have caused very large amounts of liquidations because of the over-confidence in their stability.Open Acces