SAFER SLOTH: Efficient, hardware-tailored memory protection

The goal of the SLOTH family of operating system kernels is to provide a unified priority space to the real-time applications. By automated mapping of tasks to interrupts, we eliminate rate-monotonic priority inversion and increase execution determinism. In its standard implementation, however, SLOTH has been criticized for being unsafe, since interrupt service routines are executed in supervisor mode. SAFER SLOTH mitigates this shortcoming-while keeping the favorable properties of SLOTH-and provides a safe and isolated execution environment for application tasks. Adopting the SLOTH philosophy of embracing and exploiting hardware particularities, its generative approach automatically tailors the system to both the application and the target architecture. We achieve efficient MPU-based memory protection at reduced latency and low performance overhead by leveraging code inlining and compiler optimizations. In comparison to a commercial AUTOSAR OS, SAFER SLOTH achieves speedups between 8x (worst case) and 23x (best case) on kernel latencies while retaining the SLOTH advantages of strict priority obedience, excellent determinism and small memory footprints.

[1]  Wolfgang Schröder-Preikschat,et al.  Sloth: Threads as Interrupts , 2009, 2009 30th IEEE Real-Time Systems Symposium.

[2]  Mani B. Srivastava,et al.  A System For Coarse Grained Memory Protection In Tiny Embedded Processors , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[3]  Eddie Kohler,et al.  Harbor: software-based memory protection for sensor nodes , 2007, IPSN '07.

[4]  Eddie Kohler,et al.  SOS: A Dynamic Operating System for Sensor Networks , 2005 .

[5]  Gernot Heiser,et al.  The Mungi Single-Address-Space Operating System , 1994, Softw. Pract. Exp..

[6]  Dinakar Dhurjati,et al.  Memory safety without garbage collection for embedded applications , 2005, TECS.

[7]  Wolfgang Schröder-Preikschat,et al.  Sleepy Sloth: Threads as Interrupts as Threads , 2011, 2011 IEEE 32nd Real-Time Systems Symposium.

[8]  Martín Abadi,et al.  XFI: software guards for system address spaces , 2006, OSDI '06.

[9]  Gernot Heiser,et al.  Sequoll: A framework for model checking binaries , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[10]  Wolfgang Schröder-Preikschat,et al.  Configurable memory protection by aspects , 2007, PLOS '07.

[11]  John A. Stankovic,et al.  t-kernel: providing reliable OS support to wireless sensor networks , 2006, SenSys '06.

[12]  Jack B. Dennis,et al.  Virtual memory, processes, and sharing in Multics , 1967, CACM.

[13]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[14]  Eric Eide,et al.  Efficient memory safety for TinyOS , 2007, SenSys '07.

[15]  Mani B. Srivastava,et al.  A dynamic operating system for sensor nodes , 2005, MobiSys '05.

[16]  Dionisio de Niz,et al.  Predictable Interrupt Management for Real Time Kernels over conventional PC Hardware , 2006, 12th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS'06).

[17]  George C. Necula,et al.  Dependent Types for Low-Level Programming , 2007, ESOP.

[18]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, SIGP.

[19]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.