Surviving Sensor Network Software Faults Yang Chen, John Regehr (U. Utah) Omprakash Gnawali (USC) Maria Kazandjieva, Philip Levis (Stanford)

Slides:



Advertisements
Similar presentations
Threads, SMP, and Microkernels
Advertisements

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Chap 4 Multithreaded Programming. Thread A thread is a basic unit of CPU utilization It comprises a thread ID, a program counter, a register set and a.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Chapter 4 Threads, SMP, and Microkernels Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Computer Systems/Operating Systems - Class 8
Review: Chapters 1 – Chapter 1: OS is a layer between user and hardware to make life easier for user and use hardware efficiently Control program.
Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
1 Efficient Memory Safety for TinyOS Nathan Cooprider Will Archer Eric Eide David Gay † John Regehr University of Utah School of Computing † Intel Research.
How to Code on TinyOS Xufei Mao Advisor: Dr. Xiang-yang Li CS Dept. IIT.
Virtual Memory Virtual Memory Management in Mach Labels and Event Processes in Asbestos Ingar Arntzen.
1 TinyOS 2.1: Deploying Memory Safety Nathan Cooprider Yang Chen Will Archer Eric Eide David Gay † John Regehr University of Utah School of Computing †
Random Testing of Interrupt-Driven Software John Regehr University of Utah.
CMPT 300: Operating Systems Review THIS REIVEW SHOULD NOT BE USED AS PREDICTORS OF THE ACTUAL QUESTIONS APPEARING ON THE FINAL EXAM.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
1 Efficient Memory Safety for TinyOS 2.1 Yang Chen Nathan Cooprider Will Archer Eric Eide David Gay † John Regehr University of Utah School of Computing.
1/28/2004CSCI 315 Operating Systems Design1 Operating System Structures & Processes Notice: The slides for this lecture have been largely based on those.
Chapter 11 Operating Systems
Real-Time Kernels and Operating Systems. Operating System: Software that coordinates multiple tasks in processor, including peripheral interfacing Types.
1 Chapter 4 Threads Threads: Resource ownership and execution.
A. Frank - P. Weisberg Operating Systems Introduction to Tasks/Threads.
1 I/O Management in Representative Operating Systems.
Chapter 51 Threads Chapter 5. 2 Process Characteristics  Concept of Process has two facets.  A Process is: A Unit of resource ownership:  a virtual.
Highly Available ACID Memory Vijayshankar Raman. Introduction §Why ACID memory? l non-database apps: want updates to critical data to be atomic and persistent.
Chapter 3 Operating Systems Introduction to CS 1 st Semester, 2015 Sanghyun Park.
Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.
Processes and Threads Processes have two characteristics: – Resource ownership - process includes a virtual address space to hold the process image – Scheduling/execution.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
Dhanshree Nimje Smita Khartad
Simulation of Distributed Application and Protocols using TOSSIM Valliappan Annamalai.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.
30 October Agenda for Today Introduction and purpose of the course Introduction and purpose of the course Organization of a computer system Organization.
Processes Introduction to Operating Systems: Module 3.
An OBSM method for Real Time Embedded Systems Veronica Eyo Sharvari Joshi.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM
1 Software Reliability in Wireless Sensor Networks (WSN) -Xiong Junjie
CS533 Concepts of Operating Systems Jonathan Walpole.
Threads, SMP, and Microkernels Chapter 4. Processes and Threads Operating systems use processes for two purposes - Resource allocation and resource ownership.
Software Architecture of Sensors. Hardware - Sensor Nodes Sensing: sensor --a transducer that converts a physical, chemical, or biological parameter into.
Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.
The Structuring of Systems Using Upcalls By David D. Clark Presented by Samuel Moffatt.
Free Transactions with Rio Vista Landon Cox April 15, 2016.
Embedded Real-Time Systems
Free Transactions with Rio Vista
Presented by: Daniel Taylor
Processes and threads.
Simulation of Distributed Application and Protocols using TOSSIM
Introduction to Operating Systems
Chapter 9: Virtual-Memory Management
Threads, SMP, and Microkernels
Page Replacement.
Mid Term review CSC345.
Free Transactions with Rio Vista
Process Description and Control
TinyOS CSE466 Final Project Presentation
Lecture Topics: 11/1 General Operating System Concepts Processes
Lecture 4- Threads, SMP, and Microkernels
Efficient Memory Safety for TinyOS 2.1
Threads and Concurrency
Threads Chapter 4.
Embedded Operating Systems
Operating Systems Lecture 1.
Chapter 4: Threads.
CS510 Operating System Foundations
System calls….. C-program->POSIX call
CSE 153 Design of Operating Systems Winter 2019
Presentation transcript:

Surviving Sensor Network Software Faults Yang Chen, John Regehr (U. Utah) Omprakash Gnawali (USC) Maria Kazandjieva, Philip Levis (Stanford)

Topics Motivation Idea Implementation Evaluation Related Works Conclusion

Motivation Hardware/driver unreliability/unstable – Harvard Reventador Voltano Network downtime – SPI (serial peripheral interface) off-by-one bug, 1 developer one month, 30 hours of experiments on a controlled testbed with wired debugging backchannel Memory violation Reboot w/o losing precious data – Routing Info (CTP) – Link Status – Time Synchronization (FTSP) – App data (Tenet, app-level programming interface, data flow based)

Topics Motivation Idea Implementation Evaluation Related Works Conclusion

Idea of Neutron Partial Reboot – Isolate soft components into rebootable units Restore precious data or status – Reinitialize precious data when rebooting some unit Requirements – Identify precious data – Identify fault unit – Reinitialize some data

Current Support TinyOS – Single stack frame – Static compile & link – I/O callbacks (Commands, events), event trigger – Concurrent Model (Interruptions, tasks), FSMs for sys call Safe TinyOS – Memory protection with Deputy compiler by static & dyn. Checks – Dependent type system (array bounds info in memory) – Actions: for debugging, display error with Leds; for deployment, reboot node – Safety violation should not be frequent otherwise node keep rebooting TOSThreads – Preemptive threading lib (run all tasks in a single thread with highest priority) – TinyOS kernel thread (post message between kernel & TOSthread as tasks) – No diff from traditional uni-proccesor microkernel OS

Neutron Design

Topics Motivation Idea Implementation Evaluation Related Works Conclusion

Extensions to TinyOS

App Recovery Unit 1.No call between units 2.Each unit Instantiates at least one thread 3.nesC component above sys call belongs to at most one unit 4.nesC component below sys call belongs to kernel unit 5.Kernel unit has one thread

Isolating App Recovery Units Namespace – Local state only accessible by interface Analysis app component linking graph – Components interactions Deputy’s memory safety – No pointer and array violation Neutron statically prevents naming resources in app units, and dynamically prevents fabricating pointers and other backdoors

Safe termination Termination safe (TOSThread) – Cancel sys calls & halt threads – Recaim dynamically allocated memory – Re-initialize app unit’s RAM – Restart unit’s threads

Kernel Recovery Unit TinyOS, no virtual memory, non-volatile storage configured at compile time, limited shared state App State – TOSThreads scheduler (the running thread, the kernel thread, the yielding thread), Ready queue, Counter of active app threads – Thread control blocks & stacks – Sys call structures – Sys call Keep App Runnable – Cancel outstanding sys calls, protect app level kernel state – Cancel pending sys calls, reinitialize sys call structures

Implementation Change TinyOS boot sequence – TinyOS: low level h/w, platform, s/w – Neutron: separate s/w initialization into kernel state and thread state, in reboot, thread state was skipped – Memory structures handled by thread state initialization – Any component needs maintained across kernel reboots register with initialization routing

Precious annotation – Apply to top level of a variable, not struct and union Precious groups – Precious states with one single nesC component – Semantically dependent variables in same component – Forbidden pointers to refer: across precious groups, precious to non-precious data, precious into heap

Efficiency & Integrity Avoid propagating corrupt precious data propagate to other units Modified compiler to add.data (initialized).bss (un- initialized) segments Check precious variables for possible corruption Push persisting vars on the stack Copy initial values from ROM to the recovering.data section Zero the recovering.bss section Pop persisting vars, replace initial values

Topics Motivation Idea Implementation Evaluation Related Works Conclusion

Evaluation

Benefit: FTSP

Benefit: CTP

Overhead

Reboot time

Topics Motivation Idea Implementation Evaluation Related Works Conclusion

Related Work Language-based OS – Most use MMU to isolate processes – Singularity, KaffeOS, SPIN, type-safety by C#, Java, and Modula-3 – SafeDrive, Nooks, rebootable exec environment Reboot-based mechanisms for recovering – Microreboots for j2ee – Rx and recovery domains, checkpointing and re-execution, transaction rollback – Failure-oblivious computing, zero developer overhead System support for persistent state – EROS, Grasshoper, KeyKOS, uniform interface to reboot-volatile and reboot-persistent storage – Rio Vista, persistent file cache with transaction library, swap partition

Topics Motivation Idea Implementation Evaluation Related Works Conclusion

Neutron uses conservative, compile-time techniques instead of exec rollback, re-exec, or transactional store – Resource limit Assumptions – Memory faults are uncommon – Testing vs. deployment – Re-execution after cleanup will avoid the fault Good match to TinyOS’s FSM-based interfaces and strongly decoupled components

Question?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.