Cuckoo: a Language for Implementing Memory- and Thread-safe System Services

This paper is centered around the design of a thread- and memory-safe language, primarily for the compilation of application-specific services for extensible operating systems. We describe various issues that have influenced the design of our language, called Cuckoo, that guarantees safety of programs with potentially asynchronous flows of control. Comparisons are drawn between Cuckoo and related software safety techniques, including Cyclone and software-based fault isolation (SFI), and performance results suggest our prototype compiler is capable of generating safe code that executes with low runtime overheads, even without potential code optimizations. Compared to Cyclone, Cuckoo is able to safely guard accesses to memory when programs are multithreaded. Similarly, Cuckoo is capable of enforcing memory safety in situations that are potentially troublesome for techniques such as SFI

Mixed-Criticality Scheduling with I/O

This paper addresses the problem of scheduling tasks with different criticality levels in the presence of I/O requests. In mixed-criticality scheduling, higher criticality tasks are given precedence over those of lower criticality when it is impossible to guarantee the schedulability of all tasks. While mixed-criticality scheduling has gained attention in recent years, most approaches typically assume a periodic task model. This assumption does not always hold in practice, especially for real-time and embedded systems that perform I/O. For example, many tasks block on I/O requests until devices signal their completion via interrupts; both the arrival of interrupts and the waking of blocked tasks can be aperiodic. In our prior work, we developed a scheduling technique in the Quest real-time operating system, which integrates the time-budgeted management of I/O operations with Sporadic Server scheduling of tasks. This paper extends our previous scheduling approach with support for mixed-criticality tasks and I/O requests on the same processing core. Results show the effective schedulability of different task sets in the presence of I/O requests is superior in our approach compared to traditional methods that manage I/O using techniques such as Sporadic Servers.Comment: Second version has replaced simulation experiments with real machine experiments, third version fixed minor error in Equation 5 (missing a plus sign

Building real-time embedded applications on QduinoMC: a web-connected 3D printer case study

Single Board Computers (SBCs) are now emerging with multiple cores, ADCs, GPIOs, PWM channels, integrated graphics, and several serial bus interfaces. The low power consumption, small form factor and I/O interface capabilities of SBCs with sensors and actuators makes them ideal in embedded and real-time applications. However, most SBCs run non-realtime operating systems based on Linux and Windows, and do not provide a user-friendly API for application development. This paper presents QduinoMC, a multicore extension to the popular Arduino programming environment, which runs on the Quest real-time operating system. QduinoMC is an extension of our earlier single-core, real-time, multithreaded Qduino API. We show the utility of QduinoMC by applying it to a specific application: a web-connected 3D printer. This differs from existing 3D printers, which run relatively simple firmware and lack operating system support to spool multiple jobs, or interoperate with other devices (e.g., in a print farm). We show how QduinoMC empowers devices with the capabilities to run new services without impacting their timing guarantees. While it is possible to modify existing operating systems to provide suitable timing guarantees, the effort to do so is cumbersome and does not provide the ease of programming afforded by QduinoMC.http://www.cs.bu.edu/fac/richwest/papers/rtas_2017.pdfAccepted manuscrip

Scalable Overlay Multicast Tree Construction for QoS-Constrained Media Streaming

Overlay networks have become popular in recent times for content distribution and end-system multicasting of media streams. In the latter case, the motivation is based on the lack of widespread deployment of IP multicast and the ability to perform end-host processing. However, constructing routes between various end-hosts, so that data can be streamed from content publishers to many thousands of subscribers, each having their own QoS constraints, is still a challenging problem. First, any routes between end-hosts using trees built on top of overlay networks can increase stress on the underlying physical network, due to multiple instances of the same data traversing a given physical link. Second, because overlay routes between end-hosts may traverse physical network links more than once, they increase the end-to-end latency compared to IP-level routing. Third, algorithms for constructing efficient, large-scale trees that reduce link stress and latency are typically more complex. This paper therefore compares various methods to construct multicast trees between end-systems, that vary in terms of implementation costs and their ability to support per-subscriber QoS constraints. We describe several algorithms that make trade-offs between algorithmic complexity, physical link stress and latency. While no algorithm is best in all three cases we show how it is possible to efficiently build trees for several thousand subscribers with latencies within a factor of two of the optimal, and link stresses comparable to, or better than, existing technologies

Predictable migration and communication in the Quest-V multikernal

Quest-V is a system we have been developing from the ground up, with objectives focusing on safety, predictability and efficiency. It is designed to work on emerging multicore processors with hardware virtualization support. Quest-V is implemented as a ``distributed system on a chip'' and comprises multiple sandbox kernels. Sandbox kernels are isolated from one another in separate regions of physical memory, having access to a subset of processing cores and I/O devices. This partitioning prevents system failures in one sandbox affecting the operation of other sandboxes. Shared memory channels managed by system monitors enable inter-sandbox communication. The distributed nature of Quest-V means each sandbox has a separate physical clock, with all event timings being managed by per-core local timers. Each sandbox is responsible for its own scheduling and I/O management, without requiring intervention of a hypervisor. In this paper, we formulate bounds on inter-sandbox communication in the absence of a global scheduler or global system clock. We also describe how address space migration between sandboxes can be guaranteed without violating service constraints. Experimental results on a working system show the conditions under which Quest-V performs real-time communication and migration.National Science Foundation (1117025

The X-ray eclipse of OY Car resolved with XMM-Newton: X-ray emission from the polar regions of the white dwarf

We present the XMM-Newton X-ray eclipse lightcurve of the dwarf nova OY Car. The eclipse ingress and egress are well resolved for the first time in any dwarf nova placing strong constraints on the size and location of the X-ray emitting region. We find good fits to a simple linear eclipse model, giving ingress/egress durations of 30+/-3 sec. Remarkably this is shorter than the ingress/egress duration of the sharp eclipse in the optical as measured by Wood et al. (1989) and ascribed to the white dwarf (43+/-2 sec). We also find that the X-ray eclipse is narrower than the optical eclipse by 14+/-2 sec, which is precisely the difference required to align the second and third contact points of the X-ray and optical eclipses. We discuss these results and conclude that X-ray emission in OY Car most likely arises from the polar regions of the white dwarf. Our data were originally reported by Ramsay et al (2001), but they did not make a quantitative measurement of eclipse parameters. We have also corrected important timing anomalies present in the data available at that time.Comment: 6 pages, 5 figures; accepted for publication in MNRA

Melt-preferred orientation, anisotropic permeability, and melt-band formation in a deforming, partially molten aggregate

Shear deformation of partially molten rock in laboratory experiments causes the emergence of melt-enriched sheets (bands in cross-section) that are aligned at about 15-20 degrees to the shear plane. Deformation and deviatoric stress also cause the coherent alignment of pores at the grain scale. This leads to a melt-preferred orientation that may, in turn, give rise to an anisotropic permeability. Here we develop a simple, general model of anisotropic permeability in partially molten rocks. We use linearised analysis and nonlinear numerical solutions to investigate its behaviour under simple-shear deformation. In particular, we consider implications of the model for the emergence and angle of melt-rich bands. Anisotropic permeability affects the angle of bands and, in a certain parameter regime, it can give rise to low angles consistent with experiments. However, the conditions required for this regime have a narrow range and seem unlikely to be entirely met by experiments. Anisotropic permeability may nonetheless affect melt transport and the behaviour of partially molten rocks in Earth's mantle.Comment: 19 pages, 7 figures, accepted for publication in Geophysical Journal International on 3 September 201