The Experts below are selected from a list of 1905 Experts worldwide ranked by ideXlab platform
Mani Srivastava - One of the best experts on this subject based on the ideXlab platform.
-
a system for coarse grained Memory Protection in tiny embedded processors
Design Automation Conference, 2007Co-Authors: Ram Kumar, Akhilesh Singhania, Andrew Castner, Eddie Kohler, Mani SrivastavaAbstract:Many embedded systems contain resource constrained microcontrollers where applications, operating system components and device drivers reside within a single address space with no form of Memory Protection. Programming errors in one application can easily corrupt the state of the operating system and other applications on the microcontroller. In this paper we propose a system that provides Memory Protection in tiny embedded processors. . Our system consists of a software run-time working with minimal low-cost architectural extensions to the processor core that prevents corruption of state by buggy applications. We restrict Memory accesses and control flow of applications to Protection domains within the address space. The software run-time consists of a Memory map: a flexible and efficient data structure that records ownership and layout information of the entire address space. Memory map checks are done for store instructions by hardware accelerators that significantly improve the performance of our system. We preserve control flow integrity by maintaining a Safe stack that stores return addresses in a protected Memory region. Cross domain function calls are redirected through a software based jump table. Enhancements to the microcontroller call and return instructions use the jump table to track the current active domain. We have implemented our scheme on a VHDL model of ATMEGA103 microcontroller. Our evaluations show that embedded applications can enjoy the benefits of Memory Protection with minimal impact on performance and a modest increase in the area of the microcontroller.
-
DAC - A system for coarse grained Memory Protection in tiny embedded processors
Proceedings of the 44th annual conference on Design automation - DAC '07, 2007Co-Authors: Ram Kumar, Akhilesh Singhania, Andrew Castner, Eddie Kohler, Mani SrivastavaAbstract:Many embedded systems contain resource constrained microcontrollers where applications, operating system components and device drivers reside within a single address space with no form of Memory Protection. Programming errors in one application can easily corrupt the state of the operating system and other applications on the microcontroller. In this paper we propose a system that provides Memory Protection in tiny embedded processors. . Our system consists of a software run-time working with minimal low-cost architectural extensions to the processor core that prevents corruption of state by buggy applications. We restrict Memory accesses and control flow of applications to Protection domains within the address space. The software run-time consists of a Memory map: a flexible and efficient data structure that records ownership and layout information of the entire address space. Memory map checks are done for store instructions by hardware accelerators that significantly improve the performance of our system. We preserve control flow integrity by maintaining a Safe stack that stores return addresses in a protected Memory region. Cross domain function calls are redirected through a software based jump table. Enhancements to the microcontroller call and return instructions use the jump table to track the current active domain. We have implemented our scheme on a VHDL model of ATMEGA103 microcontroller. Our evaluations show that embedded applications can enjoy the benefits of Memory Protection with minimal impact on performance and a modest increase in the area of the microcontroller.
-
harbor software based Memory Protection for sensor nodes
Information Processing in Sensor Networks, 2007Co-Authors: Ram Kumar, Eddie Kohler, Mani SrivastavaAbstract:Many sensor nodes contain resource constrained microcontrollers where user level applications, operating system components, and device drivers share a single address space with no form of hardware Memory Protection. Programming errors in one application can easily corrupt the state of the operating system or other applications. In this paper, we propose Harbor, a Memory Protection system that prevents many forms of Memory corruption. We use software based fault isolation ("sandboxing") to restrict application Memory accesses and control flow to Protection domains within the address space. A flexible and efficient Memory map data structure records ownership and layout information for Memory regions; writes are validated using the Memory map. Control flow integrity is preserved by maintaining a safe stack that stores return addresses in a protected Memory region. Run-time checks validate computed control flow instructions. Cross domain calls perform low-overhead control transfers between domains. Checks are introduced by rewriting an application's compiled binary. The sand- boxed result is verified on the sensor node before it is admitted for execution. Harbor's fault isolation properties depend only on the correctness of this verifier and the Harbor runtime. We have implemented and tested Harbor on the SOS operating system. Harbor detected and prevented Memory corruption caused by programming errors in application modules that had been in use for several months. Harbor's overhead, though high, is less than that of application-specific virtual machines, and reasonable for typical sensor workloads.
-
IPSN - Harbor: software-based Memory Protection for sensor nodes
Proceedings of the 6th international conference on Information processing in sensor networks - IPSN '07, 2007Co-Authors: Ram Kumar, Eddie Kohler, Mani SrivastavaAbstract:Many sensor nodes contain resource constrained microcontrollers where user level applications, operating system components, and device drivers share a single address space with no form of hardware Memory Protection. Programming errors in one application can easily corrupt the state of the operating system or other applications. In this paper, we propose Harbor, a Memory Protection system that prevents many forms of Memory corruption. We use software based fault isolation ("sandboxing") to restrict application Memory accesses and control flow to Protection domains within the address space. A flexible and efficient Memory map data structure records ownership and layout information for Memory regions; writes are validated using the Memory map. Control flow integrity is preserved by maintaining a safe stack that stores return addresses in a protected Memory region. Run-time checks validate computed control flow instructions. Cross domain calls perform low-overhead control transfers between domains. Checks are introduced by rewriting an application's compiled binary. The sand- boxed result is verified on the sensor node before it is admitted for execution. Harbor's fault isolation properties depend only on the correctness of this verifier and the Harbor runtime. We have implemented and tested Harbor on the SOS operating system. Harbor detected and prevented Memory corruption caused by programming errors in application modules that had been in use for several months. Harbor's overhead, though high, is less than that of application-specific virtual machines, and reasonable for typical sensor workloads.
Craig Zilles - One of the best experts on this subject based on the ideXlab platform.
-
UFO: A General-Purpose User-Mode Memory Protection Technique for Application Use
2020Co-Authors: Naveen Neelakantam, Craig ZillesAbstract:In this paper, we advocate for a general-purpose, fine-grain Memory Protection mechanism for use by applications and software development tools. The hardware component of this mechanism consists of two bits (fault-on-read and fault-on-write) that are associated with each cache block and transferred with the block by the cache coherence system. When an access is performed that violates the Protection on the block, a user handler is called, which can perform an arbitrary software-defined action. We describe a complete implementation that handles real world issues like protecting arbitrarily large regions, context switches, swapping, and multiprocessing. We demonstrate three examples of this mechanism in applications: 1) to detect self-modifying code (SMC) in a dynamic translator, 2) to detect common Memory-related software bugs, and 3) to guard mostly-invariant heap variables in order to enable speculative optimizations. Because checking for conflicts does not directly impact performance, we find our mechanism has run-time overhead that is either negligible or at least comparable to special-purpose hardware for the same application. Furthermore, by virtue of providing a software interface to use the fine-grain Protection mechanism, we can support multiple uses of the Protection mechanism within the same application, enabling arbitrary composition of tools and libraries which use it.
-
using hardware Memory Protection to build a high performance strongly atomic hybrid transactional Memory
International Symposium on Computer Architecture, 2008Co-Authors: Lee W Baugh, Naveen Neelakantam, Craig ZillesAbstract:We demonstrate how fine-grained Memory Protection can be used in support of transactional Memory systems: first showing how a software transactional Memory system (STM) can be made strongly atomic by using Memory Protection on transactionally-held state, then showing how such a strongly-atomic STM can be used with a bounded hardware TM system to build a hybrid TM system in which zero-overhead hardware transactions may safely run concurrently with potentially-conflicting software transactions. We experimentally demonstrate how this hybrid TM organization avoids the common-case overheads associated with previous hybrid TM proposals, achieving performance rivaling an unbounded HTM system without the hardware complexity of ensuring completion of arbitrary transactions in hardware. As part of our findings, we identify key policies regarding contention management within and across the hardware and software TM components that are key to achieving robust performance with a hybrid TM.
-
ISCA - Using Hardware Memory Protection to Build a High-Performance, Strongly-Atomic Hybrid Transactional Memory
ACM SIGARCH Computer Architecture News, 2008Co-Authors: Lee W Baugh, Naveen Neelakantam, Craig ZillesAbstract:We demonstrate how fine-grained Memory Protection can be used in support of transactional Memory systems: first showing how a software transactional Memory system (STM) can be made strongly atomic by using Memory Protection on transactionally-held state, then showing how such a strongly-atomic STM can be used with a bounded hardware TM system to build a hybrid TM system in which zero-overhead hardware transactions may safely run concurrently with potentially-conflicting software transactions. We experimentally demonstrate how this hybrid TM organization avoids the common-case overheads associated with previous hybrid TM proposals, achieving performance rivaling an unbounded HTM system without the hardware complexity of ensuring completion of arbitrary transactions in hardware. As part of our findings, we identify key policies regarding contention management within and across the hardware and software TM components that are key to achieving robust performance with a hybrid TM.
Mojtaba Mehrara - One of the best experts on this subject based on the ideXlab platform.
-
PPOPP - Transactional Memory with strong atomicity using off-the-shelf Memory Protection hardware
Proceedings of the 14th ACM SIGPLAN symposium on Principles and practice of parallel programming - PPoPP '09, 2009Co-Authors: Martin Abadi, Tim Harris, Mojtaba MehraraAbstract:This paper introduces a new way to provide strong atomicity in an implementation of transactional Memory. Strong atomicity lets us offer clear semantics to programs, even if they access the same locations inside and outside transactions. It also avoids differences between hardware-implemented transactions and software-implemented ones. Our approach is to use off-the-shelf page-level Memory Protection hardware to detect conflicts between normal Memory accesses and transactional ones. This page-level mechanism ensures correctness but gives poor performance because of the costs of manipulating Memory Protection settings and receiving notifications of access violations. However, in practice, we show how a combination of careful object placement and dynamic code update allows us to eliminate almost all of the Protection changes. Existing implementations of strong atomicity in software rely on detecting conflicts by conservatively treating some non-transactional accesses as short transactions. In contrast, our page-level mechanism lets us be less conservative about how non-transactional accesses are treated; we avoid changes to non-transactional code until a possible conflict is detected dynamically, and we can respond to phase changes where a given instruction sometimes generates conflicts and sometimes does not. We evaluate our implementation with C# versions of many of the STAMP benchmarks, and show how it performs within 25% of an implementation with weak atomicity on all the benchmarks we have studied. It avoids pathological cases in which other implementations of strong atomicity perform poorly.
-
transactional Memory with strong atomicity using off the shelf Memory Protection hardware
ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, 2009Co-Authors: Martin Abadi, Tim Harris, Mojtaba MehraraAbstract:This paper introduces a new way to provide strong atomicity in an implementation of transactional Memory. Strong atomicity lets us offer clear semantics to programs, even if they access the same locations inside and outside transactions. It also avoids differences between hardware-implemented transactions and software-implemented ones. Our approach is to use off-the-shelf page-level Memory Protection hardware to detect conflicts between normal Memory accesses and transactional ones. This page-level mechanism ensures correctness but gives poor performance because of the costs of manipulating Memory Protection settings and receiving notifications of access violations. However, in practice, we show how a combination of careful object placement and dynamic code update allows us to eliminate almost all of the Protection changes. Existing implementations of strong atomicity in software rely on detecting conflicts by conservatively treating some non-transactional accesses as short transactions. In contrast, our page-level mechanism lets us be less conservative about how non-transactional accesses are treated; we avoid changes to non-transactional code until a possible conflict is detected dynamically, and we can respond to phase changes where a given instruction sometimes generates conflicts and sometimes does not. We evaluate our implementation with C# versions of many of the STAMP benchmarks, and show how it performs within 25% of an implementation with weak atomicity on all the benchmarks we have studied. It avoids pathological cases in which other implementations of strong atomicity perform poorly.
-
Exploiting selective placement for low-cost Memory Protection
ACM Transactions on Architecture and Code Optimization, 2008Co-Authors: Mojtaba Mehrara, Todd AustinAbstract:Many embedded processing applications, such as those found in the automotive or medical field, require hardware designs that are at the same time low cost and reliable. Traditionally, reliable Memory systems have been implemented using coded storage techniques, such as ECC. While these designs can effectively detect and correct Memory faults such as transient errors and single-bit defects, their use bears a significant cost overhead. In this article, we propose a novel partial Memory Protection scheme that provides high-coverage fault Protection for program code and data, but with much lower cost than traditional approaches. Our approach profiles program code and data usage to assess which program elements are most critical to maintaining program correctness. Critical code and variables are then placed into a limited protected storage resources. To ensure high coverage of program elements, our placement technique considers all program components simultaneously, including code, global variables, stack frames, and heap variables. The fault coverage of our approach is gauged using Monte Carlo fault-injection experiments, which confirm that our technique provides high levels of fault Protection (99p coverage) with limited Memory Protection resources (36p protected area).
-
Memory System Performance and Correctness - Reliability-aware data placement for partial Memory Protection in embedded processors
Proceedings of the 2006 workshop on Memory system performance and correctness - MSPC '06, 2006Co-Authors: Mojtaba Mehrara, Todd AustinAbstract:Low cost Protection of embedded systems against soft errors has recently become a major concern. This issue is even more critical in Memory elements that are inherently more prone to transient faults. In this paper, we propose a reliability aware data placement technique in order to partially protect embedded Memory systems. We show that by adopting this method instead of traditional placement schemes with complete Memory Protection, an acceptable level of fault tolerance can be achieved while incurring less area and power overhead. In this approach, each variable in the program is placed in either protected or non-protected Memory area according to the profile-driven liveness analysis of all Memory variables. In order to measure the level of fault coverage, we inject faults into the Memory during the course of program execution in a Monte Carlo simulation framework. Subsequently, we calculate the coverage of partial Protection scheme based on the number of protected, failed and crashed runs during the fault injection experiment.
Ram Kumar - One of the best experts on this subject based on the ideXlab platform.
-
a system for coarse grained Memory Protection in tiny embedded processors
Design Automation Conference, 2007Co-Authors: Ram Kumar, Akhilesh Singhania, Andrew Castner, Eddie Kohler, Mani SrivastavaAbstract:Many embedded systems contain resource constrained microcontrollers where applications, operating system components and device drivers reside within a single address space with no form of Memory Protection. Programming errors in one application can easily corrupt the state of the operating system and other applications on the microcontroller. In this paper we propose a system that provides Memory Protection in tiny embedded processors. . Our system consists of a software run-time working with minimal low-cost architectural extensions to the processor core that prevents corruption of state by buggy applications. We restrict Memory accesses and control flow of applications to Protection domains within the address space. The software run-time consists of a Memory map: a flexible and efficient data structure that records ownership and layout information of the entire address space. Memory map checks are done for store instructions by hardware accelerators that significantly improve the performance of our system. We preserve control flow integrity by maintaining a Safe stack that stores return addresses in a protected Memory region. Cross domain function calls are redirected through a software based jump table. Enhancements to the microcontroller call and return instructions use the jump table to track the current active domain. We have implemented our scheme on a VHDL model of ATMEGA103 microcontroller. Our evaluations show that embedded applications can enjoy the benefits of Memory Protection with minimal impact on performance and a modest increase in the area of the microcontroller.
-
DAC - A system for coarse grained Memory Protection in tiny embedded processors
Proceedings of the 44th annual conference on Design automation - DAC '07, 2007Co-Authors: Ram Kumar, Akhilesh Singhania, Andrew Castner, Eddie Kohler, Mani SrivastavaAbstract:Many embedded systems contain resource constrained microcontrollers where applications, operating system components and device drivers reside within a single address space with no form of Memory Protection. Programming errors in one application can easily corrupt the state of the operating system and other applications on the microcontroller. In this paper we propose a system that provides Memory Protection in tiny embedded processors. . Our system consists of a software run-time working with minimal low-cost architectural extensions to the processor core that prevents corruption of state by buggy applications. We restrict Memory accesses and control flow of applications to Protection domains within the address space. The software run-time consists of a Memory map: a flexible and efficient data structure that records ownership and layout information of the entire address space. Memory map checks are done for store instructions by hardware accelerators that significantly improve the performance of our system. We preserve control flow integrity by maintaining a Safe stack that stores return addresses in a protected Memory region. Cross domain function calls are redirected through a software based jump table. Enhancements to the microcontroller call and return instructions use the jump table to track the current active domain. We have implemented our scheme on a VHDL model of ATMEGA103 microcontroller. Our evaluations show that embedded applications can enjoy the benefits of Memory Protection with minimal impact on performance and a modest increase in the area of the microcontroller.
-
harbor software based Memory Protection for sensor nodes
Information Processing in Sensor Networks, 2007Co-Authors: Ram Kumar, Eddie Kohler, Mani SrivastavaAbstract:Many sensor nodes contain resource constrained microcontrollers where user level applications, operating system components, and device drivers share a single address space with no form of hardware Memory Protection. Programming errors in one application can easily corrupt the state of the operating system or other applications. In this paper, we propose Harbor, a Memory Protection system that prevents many forms of Memory corruption. We use software based fault isolation ("sandboxing") to restrict application Memory accesses and control flow to Protection domains within the address space. A flexible and efficient Memory map data structure records ownership and layout information for Memory regions; writes are validated using the Memory map. Control flow integrity is preserved by maintaining a safe stack that stores return addresses in a protected Memory region. Run-time checks validate computed control flow instructions. Cross domain calls perform low-overhead control transfers between domains. Checks are introduced by rewriting an application's compiled binary. The sand- boxed result is verified on the sensor node before it is admitted for execution. Harbor's fault isolation properties depend only on the correctness of this verifier and the Harbor runtime. We have implemented and tested Harbor on the SOS operating system. Harbor detected and prevented Memory corruption caused by programming errors in application modules that had been in use for several months. Harbor's overhead, though high, is less than that of application-specific virtual machines, and reasonable for typical sensor workloads.
-
IPSN - Harbor: software-based Memory Protection for sensor nodes
Proceedings of the 6th international conference on Information processing in sensor networks - IPSN '07, 2007Co-Authors: Ram Kumar, Eddie Kohler, Mani SrivastavaAbstract:Many sensor nodes contain resource constrained microcontrollers where user level applications, operating system components, and device drivers share a single address space with no form of hardware Memory Protection. Programming errors in one application can easily corrupt the state of the operating system or other applications. In this paper, we propose Harbor, a Memory Protection system that prevents many forms of Memory corruption. We use software based fault isolation ("sandboxing") to restrict application Memory accesses and control flow to Protection domains within the address space. A flexible and efficient Memory map data structure records ownership and layout information for Memory regions; writes are validated using the Memory map. Control flow integrity is preserved by maintaining a safe stack that stores return addresses in a protected Memory region. Run-time checks validate computed control flow instructions. Cross domain calls perform low-overhead control transfers between domains. Checks are introduced by rewriting an application's compiled binary. The sand- boxed result is verified on the sensor node before it is admitted for execution. Harbor's fault isolation properties depend only on the correctness of this verifier and the Harbor runtime. We have implemented and tested Harbor on the SOS operating system. Harbor detected and prevented Memory corruption caused by programming errors in application modules that had been in use for several months. Harbor's overhead, though high, is less than that of application-specific virtual machines, and reasonable for typical sensor workloads.
Lee W Baugh - One of the best experts on this subject based on the ideXlab platform.
-
using hardware Memory Protection to build a high performance strongly atomic hybrid transactional Memory
International Symposium on Computer Architecture, 2008Co-Authors: Lee W Baugh, Naveen Neelakantam, Craig ZillesAbstract:We demonstrate how fine-grained Memory Protection can be used in support of transactional Memory systems: first showing how a software transactional Memory system (STM) can be made strongly atomic by using Memory Protection on transactionally-held state, then showing how such a strongly-atomic STM can be used with a bounded hardware TM system to build a hybrid TM system in which zero-overhead hardware transactions may safely run concurrently with potentially-conflicting software transactions. We experimentally demonstrate how this hybrid TM organization avoids the common-case overheads associated with previous hybrid TM proposals, achieving performance rivaling an unbounded HTM system without the hardware complexity of ensuring completion of arbitrary transactions in hardware. As part of our findings, we identify key policies regarding contention management within and across the hardware and software TM components that are key to achieving robust performance with a hybrid TM.
-
ISCA - Using Hardware Memory Protection to Build a High-Performance, Strongly-Atomic Hybrid Transactional Memory
ACM SIGARCH Computer Architecture News, 2008Co-Authors: Lee W Baugh, Naveen Neelakantam, Craig ZillesAbstract:We demonstrate how fine-grained Memory Protection can be used in support of transactional Memory systems: first showing how a software transactional Memory system (STM) can be made strongly atomic by using Memory Protection on transactionally-held state, then showing how such a strongly-atomic STM can be used with a bounded hardware TM system to build a hybrid TM system in which zero-overhead hardware transactions may safely run concurrently with potentially-conflicting software transactions. We experimentally demonstrate how this hybrid TM organization avoids the common-case overheads associated with previous hybrid TM proposals, achieving performance rivaling an unbounded HTM system without the hardware complexity of ensuring completion of arbitrary transactions in hardware. As part of our findings, we identify key policies regarding contention management within and across the hardware and software TM components that are key to achieving robust performance with a hybrid TM.
