Generative software-based memory error detection and correction for operating system data structures

Borchert, Christoph; Schirmeier, Horst; Spinczyk, Olaf

doi:10.1109/dsn.2013.6575308

Cited by 32 publications

(20 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Yet, an interesting aspect is the possibility to configure kernel internals, which have different resilience behaviors regarding to soft errors. Here, the essential system component is the scheduler [12]. eCos offers different real-time schedulers to choose from: a multi-level queue (MLQ) scheduler and a bitmap scheduler.…”

Section: A Dynamic Operating System: Ecos (Posix)mentioning

confidence: 99%

“…The robustness of the eCos kernel against memory faults is improved by Generic Object Protection [12]. In-memory kernel objects are enriched by a CRC32 error-detecting code, which is allocated together with each instance of a kernel data structure, such as the scheduler and thread objects.…”

Section: A Hardening Ecosmentioning

confidence: 99%

“…Examples include using watchdog timers [9], graceful degradation with respect to RAM or CPU errors [10], [11], the fine-grained ex-post hardening of operating system (OS) data structures [12], or the transfer of essential operating system code to a dedicated reliable computing base [13].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Effectiveness of Fault Detection Mechanisms in Static and Dynamic Operating System Designs

Hoffmann

Borchert

Dietrich

et al. 2014

2014 IEEE 17th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing

Self Cite

View full text Add to dashboard Cite

Abstract-Developers of embedded (real-time) systems can choose from a variety of operating systems. While some embedded operating systems provide very flexible APIs, e.g., a POSIXcompliant interface for run-time management, others have a completely static structure, which is generated at compile time by utilizing detailed application knowledge. A prominent example for the latter class from the domain of automotive operating systems is OSEK/OS and its successor AUTOSAR/OS. As we have shown in previous work, the design of the operating system has a strong impact on its vulnerability for system failure caused by hardware faults. This observation is gaining importance, because there is an ongoing trend towards low-power and low-cost, yet less reliable, hardware. This work quantifies the difference in vulnerability for soft errors in main memory of a flexible (dynamic) operating systems (eCos) and a static system (CiAO), which has an OSEK-compliant structure. We also analyze the additional degree of robustness that is achieved by hardening an operating system with software-based and hardware-based faulttolerance measures and the corresponding costs. Covering this design space gives developers a better chance for good design decisions with respect to the trade-off between fault tolerance, resource consumption, and interface convenience. Our results indicate that with a combination of hardware-and softwarebased fault-tolerance measures, silent data corruptions in both operating systems can be reduced to below one percent (compared to eCos). However, the analyzed fault-tolerance mechanisms are expensive for the dynamic system, whereas the statically designed operating system can be hardened at much lower price.

show abstract

Section: A Dynamic Operating System: Ecos (Posix)mentioning

confidence: 99%

Section: A Hardening Ecosmentioning

confidence: 99%

See 1 more Smart Citation

Effectiveness of Fault Detection Mechanisms in Static and Dynamic Operating System Designs

Hoffmann

Borchert

Dietrich

et al. 2014

2014 IEEE 17th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…These techniques, though they improve system reliability, still require costly ECC hardware for detecting and identifying memory pages with errors. Other works have attempted to reduce the impact of memory errors on system reliability by writing more reliable software [39], modifying the OS memory allocator [40], or using a compiler to generate a more error-tolerant version of the program [41,42]. Other algorithmic solutions (e.g., memory bounds checks [43], watchdog timers [43], and checkpoint recovery [44][45][46]) have also been applied to achieve resilience to memory errors.…”

Section: B Related Workmentioning

confidence: 99%

Characterizing Application Memory Error Vulnerability to Optimize Datacenter Cost via Heterogeneous-Reliability Memory

Luo

Govindan

Sharma

et al. 2014

2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks

137

150

View full text Add to dashboard Cite

Abstract-Memory devices represent a key component of datacenter total cost of ownership (TCO), and techniques used to reduce errors that occur on these devices increase this cost. Existing approaches to providing reliability for memory devices pessimistically treat all data as equally vulnerable to memory errors. Our key insight is that there exists a diverse spectrum of tolerance to memory errors in new data-intensive applications, and that traditional one-size-fits-all memory reliability techniques are inefficient in terms of cost. For example, we found that while traditional error protection increases memory system cost by 12.5%, some applications can achieve 99.00% availability on a single server with a large number of memory errors without any error protection. This presents an opportunity to greatly reduce server hardware cost by provisioning the right amount of memory reliability for different applications.Toward this end, in this paper, we make three main contributions to enable highly-reliable servers at low datacenter cost. First, we develop a new methodology to quantify the tolerance of applications to memory errors. Second, using our methodology, we perform a case study of three new dataintensive workloads (an interactive web search application, an in-memory key-value store, and a graph mining framework) to identify new insights into the nature of application memory error vulnerability. Third, based on our insights, we propose several new hardware/software heterogeneous-reliability memory system designs to lower datacenter cost while achieving high reliability and discuss their trade-offs. We show that our new techniques can reduce server hardware cost by 4.7% while achieving 99.90% single server availability.

show abstract

“…As an initial technique, we instrumented jino to enrich references with parity information. This technique has some advantages over reference replication [6], as it does not inflate the reference size and so the attack surface of the program, which is the reason why we have selected this approach.…”

Section: Protection Techniquesmentioning

confidence: 99%

A JVM for soft-error-prone embedded systems

et al. 2013

View full text Add to dashboard Cite

The reduction of structure sizes in microcontollers, environmental conditions or low supply voltages increase the susceptibility of embedded systems to soft errors. As a result, the employment of fault-detection and fault-tolerance measures is becoming a mandatory task even for moderately critical applications. Accordingly, software-based techniques have recently gained in popularity, and a multitude of approaches that differ in the number and frequency of tolerated errors as well as their associated overhead have been proposed. Using type-safe programming languages to isolate critical software components is very popular among those techniques. An automated application of fault-detection and fault-tolerance measures based on the type system of the programming language and static code analyses is possible. It facilitates an easy evaluation of the protection characteristics and costs as well as the migration of software to new hardware platforms with different failure rates. Transient faults, however, are not bound to the application code secured by the type system, but can also affect the correctness of the type system itself. Thereby, the type system might lose its ability to isolate critical components. As a consequence, it is essential to also protect the type system itself against soft errors. In this paper, we show how soft errors can affect the integrity of the type system. Furthermore, we provide means to secure it against these faults, thus preserving its isolating character. These measures can be applied selectively to achieve a suitable tradeoff between level of protection and resource consumption.

show abstract

Generative software-based memory error detection and correction for operating system data structures

Cited by 32 publications

References 33 publications

Effectiveness of Fault Detection Mechanisms in Static and Dynamic Operating System Designs

Effectiveness of Fault Detection Mechanisms in Static and Dynamic Operating System Designs

Characterizing Application Memory Error Vulnerability to Optimize Datacenter Cost via Heterogeneous-Reliability Memory

A JVM for soft-error-prone embedded systems

Contact Info

Product

Resources

About