26 research outputs found
Schedulability Analysis for Multi-Core Systems Accounting for Resource Stress and Sensitivity
Timing verification of multi-core systems is complicated by contention for shared hardware resources between co-running tasks on different cores. This paper introduces the Multi-core Resource Stress and Sensitivity (MRSS) task model that characterizes how much stress each task places on resources and how much it is sensitive to such resource stress. This model facilitates a separation of concerns, thus retaining the advantages of the traditional two-step approach to timing verification (i.e. timing analysis followed by schedulability analysis). Response time analysis is derived for the MRSS task model, providing efficient context-dependent and context independent schedulability tests for both fixed priority preemptive and fixed priority non-preemptive scheduling. Dominance relations are derived between the tests, and proofs of optimal priority assignment provided. The MRSS task model is underpinned by a proof-of-concept industrial case study
Modeling Power Consumption and Temperature in TLM Models
International audienceMany techniques and tools exist to estimate the power consumption and the temperature map of a chip. These tools help the hardware designers develop power efficient chips in the presence of temperature constraints. For this task, the application can be ignored or at least abstracted by some high level scenarios; at this stage, the actual embedded software is generally not available yet. However, after the hardware is defined, the embedded software can still have a significant influence on the power consumption; i.e., two implementations of the same application can consume more or less power. Moreover, the actual software powe
Isolation Without Taxation: {N}ear-Zero-Cost Transitions for {WebAssembly} and {SFI}
Software sandboxing or software-based fault isolation (SFI) is a lightweight
approach to building secure systems out of untrusted components. Mozilla, for
example, uses SFI to harden the Firefox browser by sandboxing third-party
libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate
untrusted tenants on their edge clouds. While there have been significant
efforts to optimize and verify SFI enforcement, context switching in SFI
systems remains largely unexplored: almost all SFI systems use
\emph{heavyweight transitions} that are not only error-prone but incur
significant performance overhead from saving, clearing, and restoring registers
when context switching. We identify a set of \emph{zero-cost conditions} that
characterize when sandboxed code has sufficient structured to guarantee
security via lightweight \emph{zero-cost} transitions (simple function calls).
We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions,
eliminating the undue performance tax on systems that rely on Lucet for
sandboxing (e.g., we speed up image and font rendering in Firefox by up to
29.7\% and 10\% respectively). To remove the Lucet compiler and its correct
implementation of the Wasm specification from the trusted computing base, we
(1) develop a \emph{static binary verifier}, VeriZero, which (in seconds)
checks that binaries produced by Lucet satisfy our zero-cost conditions, and
(2) prove the soundness of VeriZero by developing a logical relation that
captures when a compiled Wasm function is semantically well-behaved with
respect to our zero-cost conditions. Finally, we show that our model is useful
beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that
uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our
zero-cost conditions; our prototype performs on-par with the state-of-the-art
Native Client SFI system