Kevoree Modeling Framework (KMF): Efficient modeling techniques for runtime use

The creation of Domain Specific Languages(DSL) counts as one of the main goals in the field of Model-Driven Software Engineering (MDSE). The main purpose of these DSLs is to facilitate the manipulation of domain specific concepts, by providing developers with specific tools for their domain of expertise. A natural approach to create DSLs is to reuse existing modeling standards and tools. In this area, the Eclipse Modeling Framework (EMF) has rapidly become the defacto standard in the MDSE for building Domain Specific Languages (DSL) and tools based on generative techniques. However, the use of EMF generated tools in domains like Internet of Things (IoT), Cloud Computing or Models@Runtime reaches several limitations. In this paper, we identify several properties the generated tools must comply with to be usable in other domains than desktop-based software systems. We then challenge EMF on these properties and describe our approach to overcome the limitations. Our approach, implemented in the Kevoree Modeling Framework (KMF), is finally evaluated according to the identified properties and compared to EMF.Comment: ISBN 978-2-87971-131-7; N° TR-SnT-2014-11 (2014

Hey, You Got Your Language In My Operating System!

Several projects in the operating systems research community suggest a trend of convergence among features once divided between operating systems and languages. We describe how partial evaluation and transformational programming systems apply to this trend by providing a general framework for application support, from compilation to run-time services. We contend that the community will no longer think of implementing a static collection of services and calling it an operating system; instead, this general framework will allow applications to be flexibly configured, and the ``operating system\u27\u27 will simply be the application support that is supplied at run-time

Snowflake: Spanning administrative domains

Many distributed systems provide a ``single-system image\u27\u27 to their users, so the user has the illusion that they are using a single system when in fact they are using many distributed resources. It is a powerful abstraction that helps users to manage the complexity of using distributed resources. The goal of the Snowflake project is to discover how single-system images can be made to span administrative domains. Our current prototype organizes resources in namespaces and distributes them using Java Remote Method Invocation. Challenging issues include how much flexibility should be built into the namespace interface, and how transparent the network and persistent storage should be. We outline future work on making Snowflake administrator-friendly

The Expected Lifetime of “Single-Address-Space” Operating Systems

Trends toward shared-memory programming paradigms, large (64-bit) address spaces, and memory-mapped files have led some to propose the use of a single virtual-address space, shared by all processes and processors. Typical proposals require the single address space to contain all process-private data, shared data, and stored files. To simplify management of an address space where stale pointers make it difficult to re-use addresses, some have claimed that a 64-bit address space is sufficiently large that there is no need to ever re-use addresses. Unfortunately, there has been no data to either support or refute these claims, or to aid in the design of appropriate address-space management policies. In this paper, we present the results of extensive kernel-level tracing of the workstations in our department, and discuss the implications for single-address-space operating systems. We found that single-address-space systems will not outgrow the available address space, but only if reasonable space-allocation policies are used, and only if the system can adapt as larger address spaces become available

The Virtual Block Interface: A Flexible Alternative to the Conventional Virtual Memory Framework

Computers continue to diversify with respect to system designs, emerging memory technologies, and application memory demands. Unfortunately, continually adapting the conventional virtual memory framework to each possible system configuration is challenging, and often results in performance loss or requires non-trivial workarounds. To address these challenges, we propose a new virtual memory framework, the Virtual Block Interface (VBI). We design VBI based on the key idea that delegating memory management duties to hardware can reduce the overheads and software complexity associated with virtual memory. VBI introduces a set of variable-sized virtual blocks (VBs) to applications. Each VB is a contiguous region of the globally-visible VBI address space, and an application can allocate each semantically meaningful unit of information (e.g., a data structure) in a separate VB. VBI decouples access protection from memory allocation and address translation. While the OS controls which programs have access to which VBs, dedicated hardware in the memory controller manages the physical memory allocation and address translation of the VBs. This approach enables several architectural optimizations to (1) efficiently and flexibly cater to different and increasingly diverse system configurations, and (2) eliminate key inefficiencies of conventional virtual memory. We demonstrate the benefits of VBI with two important use cases: (1) reducing the overheads of address translation (for both native execution and virtual machine environments), as VBI reduces the number of translation requests and associated memory accesses; and (2) two heterogeneous main memory architectures, where VBI increases the effectiveness of managing fast memory regions. For both cases, VBI significanttly improves performance over conventional virtual memory

Protected pointers in wireless sensor networks

With reference to a distributed architecture consisting of sensor nodes connected by wireless links in an arbitrary network topology, we consider a segment-oriented implementation of the single address space paradigm of memory reference. In our approach, applications consist of active entities called components, which are distributed in the network nodes. A component accesses a given segment by presenting a handle for this segment. A handle is a form of pointer protected cryptographically. Handles allow an effective implementation of communications between components, and key replacement. The number of messages generated by the execution of the communication primitives is independent of the network size. The key replacement mechanism is well suited to reliable application rekeying over an unreliable network

Password systems: design and implementation

Critical infrastructures require protection systems that are both flexible and efficient. Flexibility is essential to capture the multi-organizational and state-based nature of these systems, efficiency is necessary to cope with limitations of hardware resources. To meet these requirements, we consider a classical protection environment featuring subjects that attempt to access the protected objects. We approach the problem of specifying the access privileges held by each subject. Our protection model associates a password system with each object; the password system features a password for each access privilege defined for this object. A subject can access the object if it holds a key matching one of the passwords in the password system, and the access privilege corresponding to this password permits to accomplish the access. Password systems are implemented as hierarchical bidimensional one-way chains. Trade-offs are possible between the memory requirements for storage of a password system and the processing time necessary to validate a key

Processes in KaffeOS: lsolation, resource management, and sharing in Java

Journal ArticleSingle-language runtime systems, in the form of Java virtual machines, are widely deployed platforms for executing untrusted mobile code. These runtimes provide some of the features that operating systems provide: inter-application memory protection and basic system services. They do not. however, provide the ability to isolate applications from each other, or limit their resource consumption. This paper describes KaffeOS, a system that provides these features for a Java runtime. The KaffeOS architecture take many lessons from operating from operating system design, such as the use of a user/kernel boundary

Memory protection in embedded systems

With reference to an embedded system featuring no support for memory management, we present a model of a protection system based on passwords. At the hardware level, our model takes advantage of a memory protection unit (MPU) interposed between the processor and the complex of the main memory and the input-output devices. The MPU supports both concepts of a protection context and a protection domain. A protection context is a set of access rights for the memory pages; a protection domain is a set of one or more protection contexts. Passwords are associated with protection domains. A process that holds a given password can take advantage of this password to activate the corresponding domain. A small set of protection primitives makes it possible to modify the composition of the domains in a strictly controlled fashion. The proposed protection model is evaluated from a number of important viewpoints, which include password distribution, review and revocation, the memory requirements for storage of the information concerning protection, and the time necessary for password validation