Auflistung nach Autor:in "Schirmeier, Horst"
1 - 5 von 5
Treffer pro Seite
Sortieroptionen
- TextdokumentBeastie In For Checkup: Analyzing FreeBSD with LockDoc(Tagungsband des FG-BS Herbsttreffens 2021, 2021) Lochmann, Alexander; Schirmeier, HorstLockDoc is an approach to extract locking rules for kernel data structures, based on a dynamic execution trace. The recorded trace can e.g. be used to verify existing locking documentation. LockDoc results for Linux indicated that only 53 % of all examined data types were accessed consistently with their respective locking documentation [5]: Linux systematically elides locks for performance reasons, and the existing documentation is partially outdated or inconsistent. Without a solid “ground truth”, it is impossible to reliably attribute LockDoc’s findings to bugs in Linux, or to issues with the LockDoc approach itself. Therefore, in this paper we present results from applying LockDoc to a much more straightforwardly and “cleanly” implemented operating system: FreeBSD offers sophisticated locking documentation – e.g. for many data structures, each individual field is annotated with a precise locking rule. We report that, for four centrally documented data types, FreeBSD adheres to the documented locking rules in 72.4 % of all dynamic data-structure accesses. Investigating the remaining rule-violating accesses, we already triggered two commits for the FreeBSD kernel fixing unprotected accesses, and nudge this value to 73.6 %.
- KonferenzbeitragFail*: towards a versatile fault-injection experiment framework(ARCS 2012 Workshops, 2012) Schirmeier, Horst; Hoffmann, Martin; Kapitza, Rüdiger; Lohmann, Daniel; Spinczyk, OlafMany years of research on dependable, fault-tolerant software systems yielded many tool implementations for vulnerability analysis and experimental validation of resilience measures. We identify two disjoint classes of fault-injection (FI) experiment tools in the field, and argue that both are plagued by inherent deficiencies, such as insufficient target state access, little or no means to switch to another target system, and non-reusable experiment code. In this article, we present a novel design approach for a FI infrastructure that aims at combining the strengths of both classes. Our FAIL* experiment framework provides carefully-chosen abstractions simplifying both the implementation of different simulator/hardware target backends and the reuse of experiment code, while retaining the ability for deep target-state access for specialized FI experiments. An exemplary report on first experiences with a prototype implementation based on existing X86 and ARM simulators demonstrates the tool's versatility.
- TextdokumentImproving Linux-Kernel Tests for LockDoc with Feedback-driven Fuzzing(Tagungsband des FG-BS Herbsttreffens 2020, 2020) Lochmann, Alexander; Thunig, Robin; Schirmeier, HorstLockDoc is an approach to extract locking rules for kernel data structures from a dynamic execution trace recorded while the system is under a benchmark load. These locking rules can e.g. be used to locate synchronization bugs. For high rule precision and thorough bug finding, the approach heavily depends on the choice of benchmarks: They must trigger the execution of as much code as possible in the kernel subsystem relevant for the targeted data structures. However, existing test suites such as those provided by the Linux Test Project (LTP) only achieve – in the case of LTP – about 35 percent basic-block coverage for the VFS subsystem, which is the relevant subsystem when extracting locking rules for filesystem-related data structures. In this article, we discuss how to complement the LTP suites to improve the code coverage for our LockDoc scenario. We repurpose syzkaller – a coverage-guided fuzzer with the goal to validate the robustness of kernel APIs – to 1) not aim for kernel crashes, and to 2) maximize code coverage for a specific kernel subsystem. Thereby, we generate new benchmark programs that can be run in addition to the LTP, and increase VFS basic-block coverage by 26.1 percent.
- KonferenzbeitragProtecting the dynamic dispatch in C++ by dependability aspects(INFORMATIK 2012, 2012) Borchert, Christoph; Schirmeier, Horst; Spinczyk, OlafComputer systems, especially devices with highly-miniaturized feature sizes, are unreliable. Data memory is susceptible to a number of physical effects that cause faults, which can be observed as spontaneous bit flips. Although in many application scenarios corrupt data is harmless (“almost” correct result often suffices), control-flow transitions are very sensitive to faults. Indirect jumps, such as the dynamic dispatch of virtual functions in C++, often crash the system in case of a single bit flip. This paper describes a suitable software-based fault-tolerance mechanism, which can be applied to arbitrary C++ software by source-to-source compilation. The overall cost for this mechanism is below 10 % for both runtime and memory overhead. Our evaluation results show that this approach eliminates 67.1 % of all irregular program terminations in a case study using an embedded weather-station software, whose entire data memory is corrupted by single-bit flips.
- KonferenzbeitragReturn-address protection in C/C++ code by dependability aspects(INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt, 2013) Borchert, Christoph; Schirmeier, Horst; Spinczyk, OlafDue to shrinking structure sizes on memory chips, the probability of memory failures, such as spontaneous bit flips, is increasing. Especially in the domain of massproduced cheap embedded systems, hardware solutions are not affordable. Therefore, there is a need for cost-efficient software-based fault-tolerance mechanisms. In this paper we focus on such a mechanism for the protection of CPU stacks. A baseline assessment conducted with 21 benchmark and test programs shows that the stack is the most fault-susceptible data memory region - even more critical than the OS kernel's scheduler data structure, for instance. Our mechanism, which is based on profiling and a generic aspect-oriented implementation, supports detection and correction of bit flips in return addresses and frame pointers on the stack. It thereby reduces the number of stack-related program failures by 48.7 % and the number of all RAM-related failures by 13.3 % on the average over all benchmarks. The average code size overhead is 3.76 %, and a runtime overhead is only measurable for the subset of short-running benchmarks.