Mixed-Criticality Scheduling and Resource Sharing for High-Assurance Operating Systems

Total Page:16

File Type:pdf, Size:1020Kb

Mixed-Criticality Scheduling and Resource Sharing for High-Assurance Operating Systems Mixed-Criticality Scheduling and Resource Sharing for High-Assurance Operating Systems Anna Lyons Submitted in fulfilment of the requirements for the degree of Doctor of Philosophy School of Computer Science and Engineering University of New South Wales Sydney, Australia September 2018 Abstract Criticality of a software system refers to the severity of the impact of a failure. In a high-criticality system, failure risks significant loss of life or damage to the environ- ment. In a low-criticality system, failure may risk a downgrade in user-experience. As criticality of a software system increases, so too does the cost and time to develop that software: raising the criticality also raises the assurance level, with the highest levels requiring extensive, expensive, independent certification. For modern cyber-physical systems, including autonomous aircraft and other vehicles, the traditional approach of isolating systems of different criticality by using completely separate physical hardware, is no longer practical, being both restrictive and inefficient. The result is mixed-criticality systems, where software applications with different criticalities execute on the same hardware. Sufficient mechanisms are required to ascertain that software in mixed-criticality systems is sufficiently isolated, otherwise, all software on that hardware is promoted to the highest criticality level, driving up costs to impractical levels. For mixed-criticality systems to be viable, both spatial and temporal isolation are required. Current aviation standards allow for mixed-criticality systems where temporal and spatial resources are strictly and statically partitioned in time and space, allowing some improvement over fully isolated hardware. However, further improvements are not only possible, but required for future innovation in cyber-physical systems. This thesis explores further operating systems mechanisms to allow for mixed- criticality software to share resources in far less restrictive ways, opening further possibilities in cyber-physical system design without sacrificing assurance properties. Two key properties are required: first, time must be managed as a central resource of the system, while allowing for overbooking with asymmetric protection without increasing certification burdens. Second, components of different criticalities should be able to safely share resources without suffering undue utilisation penalties. We present a model for capability-controlled access to processing time without incurring over-head related capacity loss or restricting user policy, including pro- cessing time in shared resources. This is achieved by combining the idea of resource reservations, from resource kernels, with the concept of resource overbooking, which is central to policy freedom. The result is the core mechanisms of scheduling contexts, scheduling context donation over IPC, and timeout exceptions which allow system designers to designate their own resource allocation policies. We follow with an implementation of the model in the seL4 microkernel, a high- assurance, high-performance platform. Our final contribution is a thorough evaluation, including microbenchmarks, whole system benchmarks, and isolation benchmarks. The micro- and system benchmarks show that our implementation is low overhead, while the user-level scheduling benchmark demonstrates policy freedom in terms of scheduling is retained. Finally, our isolation benchmarks show that our processor temporal isolation mechanisms are effective, even in the case of shared resources. iii Contents Abstract iii Contentsv Acknowledgements ix Publications xi Acronyms xiii List of Figures xvii List of Tables xix List of Listings xxi 1 Introduction1 1.1 Motivation..................................3 1.2 Definitions..................................6 1.3 Objectives..................................6 1.4 Approach..................................7 1.5 Contributions................................7 1.6 Scope....................................8 2 Core concepts9 2.1 Real-time theory..............................9 2.2 Scheduling................................. 11 2.3 Resource sharing.............................. 17 2.4 Operating systems.............................. 21 2.5 Summary.................................. 26 3 Temporal Isolation & Asymmetric Protection 27 3.1 Scheduling................................. 28 3.2 Mixed-criticality schedulers........................ 33 3.3 Resource sharing.............................. 35 3.4 Summary.................................. 36 4 Operating Systems 39 4.1 Standards.................................. 39 v 4.2 Existing operating systems......................... 42 4.3 Isolation mechanisms............................ 46 4.4 Summary.................................. 53 5 seL4 Basics 57 5.1 Capabilities................................. 57 5.2 System calls and invocations........................ 58 5.3 Physical memory management....................... 59 5.4 Control capabilities............................. 63 5.5 Communication............................... 64 5.6 Scheduling................................. 69 5.7 Summary.................................. 74 6 Design & Model 75 6.1 Scheduling................................. 76 6.2 Resource sharing.............................. 84 6.3 Mechanisms................................. 89 6.4 Policies................................... 90 6.5 Summary.................................. 97 7 Implementation in seL4 99 7.1 Objects................................... 99 7.2 MCS API.................................. 108 7.3 Data Structures and Algorithms....................... 114 7.4 Summary.................................. 118 8 Evaluation 119 8.1 Hardware.................................. 119 8.2 Overheads.................................. 120 8.3 Temporal Isolation............................. 133 8.4 Practicality................................. 141 8.5 Multiprocessor benchmarks......................... 147 8.6 Summary.................................. 149 9 Conclusion 151 9.1 Contributions................................ 152 9.2 Future work................................. 152 9.3 Concluding Remarks............................ 153 Bibliography 155 Appendices 167 Appendix A MCS API 169 A.1 System calls................................. 169 A.2 Invocations................................. 173 Appendix B Code 179 B.1 Sporadic servers............................... 179 vi Appendix C Fastpath Performance 185 C.1 ARM.................................... 185 C.2 x86..................................... 191 vii Acknowledgements It’s a common aphorism to state that research outcomes “stand on the shoulders of giants”, referring to all the research and hard work that the outcomes build upon. It’s definitely true, however I’d like to personally thank those who are rarely recognised: the carers, the cleaners, the cooks, the friends and family, the physiotherapists, the detectives, therapists, and all of the people who form a support group around a person. It takes a village to raise a child, and the same goes for a PhD. In both cases, there’s a lot of thankless, gruelling work, which might sound similar, but you don’t get a certificate and floppy hat at the end. You’re all giants to me. I’d like to thank the following people for their help and support: my partner Kara Hatherly, Debbie & Geoff Fear, Biara Webster, Ryan Williams and his team, Patricia Durning and Gary Penhall. I would never have finished this project without you. I thank my supervisor, Gernot Heiser, for encouraging me, giving me the time I needed, and ultimately proving the support that led to me complete the project in the face of extreme external events. My co-supervisor, Kevin Elphinstone, for being drawn into hours of whiteboard discussion, after I waited earnestly at the coffee machine. Additionally all of the students, engineers and researchers who have helped at some point or another: David Greenaway, Thomas Sewell, Adrian Danis, Kent McLeod, Yanyan Shen, Luke Mondy, Hesham Almatary and Qian Ge. Further thanks to everyone in the Trustworthy Systems team, past and present, you’re all fantastic. Matthew Fernandez, Rafal Kolanski, and Joel Beeren get a special thanks not only for help with the work, but for supporting me in the lab, and the pub, and being my friends even at my worst, you were a huge factor in keeping me sane. Finally I’d like to thank my veritable army of proof readers: Kara Hatherly, Kent McLeod, Peter Chubb, Tim Cerexhe, Alex Legg, Joel Beeren, Sebastion Holzapfel, Robert Sison, Sean Peters, Ihor Kuz and of course, Gernot Heiser. ix Publications This thesis is partially based on work described in the following publications: • Anna Lyons, Kent Mcleod, Hesham Almatary, and Gernot Heiser. Scheduling-context capabilities: A principled, light-weight OS mechanism for managing time. In EuroSys Conference, Porto, Portugal, April 2018. ACM • Anna Lyons and Gernot Heiser. Mixed-criticality support in a high-assurance, general- purpose microkernel. In Workshop on Mixed Criticality Systems, pages 9–14, Rome, Italy, December 2014 xi Acronyms AAV autonomous aerial vehicle.1, 34 AES advanced encryption standard. 136, 137, 147, 149 API application programming interface. 99 APIC advanced PIC. 133 ASID address space ID. 63 BMK bare metal kernel. 133 BWI bandwidth inheritance. 54, 94 CA certification authority.4, 33 CBS constant-bandwidth server. 31, 32, 34, 37, 43–47, 49 CFS completely-fair scheduler. 43 CPU central processing unit. 47, 134, 152 DM deadline monotonic. 15
Recommended publications
  • Access Control and Operating System
    Outline (may not finish in one lecture) Access Control and Operating Access Control Concepts Secure OS System Security • Matrix, ACL, Capabilities • Methods for resisting • Multi-level security (MLS) stronger attacks OS Mechanisms Assurance • Multics • Orange Book, TCSEC John Mitchell – Ring structure • Common Criteria • Amoeba • Windows 2000 – Distributed, capabilities certification • Unix Some Limitations – File system, Setuid • Information flow • Windows • Covert channels – File system, Tokens, EFS • SE Linux – Role-based, Domain type enforcement Access control Access control matrix [Lampson] Common Assumption Objects • System knows who the user is File 1 File 2 File 3 … File n – User has entered a name and password, or other info • Access requests pass through gatekeeper User 1 read write - - read – OS must be designed monitor cannot be bypassed User 2 write write write - - Reference Subjects monitor User 3 - - - read read User process ? Resource … User m read write read write read Decide whether user can apply operation to resource Two implementation concepts Capabilities Access control list (ACL) File 1 File 2 … Operating system concept • “… of the future and always will be …” • Store column of matrix User 1 read write - Examples with the resource User 2 write write - • Dennis and van Horn, MIT PDP-1 Timesharing Capability User 3 - - read • Hydra, StarOS, Intel iAPX 432, Eros, … • User holds a “ticket” for … • Amoeba: distributed, unforgeable tickets each resource User m read write write • Two variations References – store
    [Show full text]
  • Research Purpose Operating Systems – a Wide Survey
    GESJ: Computer Science and Telecommunications 2010|No.3(26) ISSN 1512-1232 RESEARCH PURPOSE OPERATING SYSTEMS – A WIDE SURVEY Pinaki Chakraborty School of Computer and Systems Sciences, Jawaharlal Nehru University, New Delhi – 110067, India. E-mail: [email protected] Abstract Operating systems constitute a class of vital software. A plethora of operating systems, of different types and developed by different manufacturers over the years, are available now. This paper concentrates on research purpose operating systems because many of them have high technological significance and they have been vividly documented in the research literature. Thirty-four academic and research purpose operating systems have been briefly reviewed in this paper. It was observed that the microkernel based architecture is being used widely to design research purpose operating systems. It was also noticed that object oriented operating systems are emerging as a promising option. Hence, the paper concludes by suggesting a study of the scope of microkernel based object oriented operating systems. Keywords: Operating system, research purpose operating system, object oriented operating system, microkernel 1. Introduction An operating system is a software that manages all the resources of a computer, both hardware and software, and provides an environment in which a user can execute programs in a convenient and efficient manner [1]. However, the principles and concepts used in the operating systems were not standardized in a day. In fact, operating systems have been evolving through the years [2]. There were no operating systems in the early computers. In those systems, every program required full hardware specification to execute correctly and perform each trivial task, and its own drivers for peripheral devices like card readers and line printers.
    [Show full text]
  • Operating System Verification—An Overview
    Sadhan¯ a¯ Vol. 34, Part 1, February 2009, pp. 27–69. © Printed in India Operating system verification—An overview GERWIN KLEIN Sydney Research Laboratory, NICTA,∗ Australia, School of Computer Science and Engineering, University of New South Wales, Sydney, Australia e-mail: [email protected] Abstract. This paper gives a high-level introduction to the topic of formal, interactive, machine-checked software verification in general, and the verification of operating systems code in particular. We survey the state of the art, the advantages and limitations of machine-checked code proofs, and describe two specific ongoing larger-scale verification projects in more detail. Keywords. Formal software verification; operating systems; theorem proving. 1. Introduction The fastest, cheapest and easiest way to build something is properly the first time (Parker 2007). This engineer’s credo has made it into popular literature, but it seems to be largely ignored in the world of software development. In the late 1960s a software crisis was diagnosed on a summit in the Bavarian Alps (Naur & Randell 1969): Software was getting more and more complex, and we had no structured way of building it. We ended up with projects that took significantly longer than planned, were more expensive than planned, delivered results that did not fully address customer needs, or at worst were useless. This summit in the late 1960s is widely seen as the birth of the discipline of software engineering. Now, almost 40 years later, we have come a long way. There are numerous books on software engineering, a plenitude of methodologies, programming languages, and processes to choose from.
    [Show full text]
  • Scalability of Microkernel-Based Systems
    Scalability of Microkernel-Based Systems Zur Erlangung des akademischen Grades eines DOKTORS DER INGENIERWISSENSCHAFTEN von der Fakultat¨ fur¨ Informatik der Universitat¨ Fridericiana zu Karlsruhe (TH) genehmigte DISSERTATION von Volkmar Uhlig aus Dresden Tag der mundlichen¨ Prufung:¨ 30.05.2005 Hauptreferent: Prof. Dr. rer. nat. Gerhard Goos Universitat¨ Fridericiana zu Karlsruhe (TH) Korreferent: Prof. Dr. sc. tech. (ETH) Gernot Heiser University of New South Wales, Sydney, Australia Karlsruhe: 15.06.2005 i Abstract Microkernel-based systems divide the operating system functionality into individ- ual and isolated components. The system components are subject to application- class protection and isolation. This structuring method has a number of benefits, such as fault isolation between system components, safe extensibility, co-existence of different policies, and isolation between mutually distrusting components. How- ever, such strict isolation limits the information flow between subsystems including information that is essential for performance and scalability in multiprocessor sys- tems. Semantically richer kernel abstractions scale at the cost of generality and mini- mality–two desired properties of a microkernel. I propose an architecture that al- lows for dynamic adjustment of scalability-relevant parameters in a general, flex- ible, and safe manner. I introduce isolation boundaries for microkernel resources and the system processors. The boundaries are controlled at user-level. Operating system components and applications can transform their semantic information into three basic parameters relevant for scalability: the involved processors (depending on their relation and interconnect), degree of concurrency, and groups of resources. I developed a set of mechanisms that allow a kernel to: 1. efficiently track processors on a per-resource basis with support for very large number of processors, 2.
    [Show full text]
  • Introduction Course Outline Why Does This Fail? Lectures Tutorials
    Course Outline • Prerequisites – COMP2011 Data Organisation • Stacks, queues, hash tables, lists, trees, heaps,…. Introduction – COMP2021 Digital Systems Structure • Assembly programming • Mapping of high-level procedural language to assembly COMP3231/9201/3891/9283 language – or the postgraduate equivalent (Extended) Operating Systems – You are expected to be competent Kevin Elphinstone programmers!!!! • We will be using the C programming language – The dominant language for OS implementation. – Need to understand pointers, pointer arithmetic, explicit 2 memory allocation. Why does this fail? Lectures • Common for all courses (3231/3891/9201/9283) void func(int *x, int *y) • Wednesday, 2-4pm { • Thursday, 5-6pm *x = 1; *y = 2; – All lectures are here (EE LG03) – The lecture notes will be available on the course web site } • Available prior to lectures, when possible. void main() – The lecture notes and textbook are NOT a substitute for { attending lectures. int *a, *b; func(a,b); } 3 4 Tutorials Assignments • Assignments form a substantial component of • Start in week 2 your assessment. • A tutorial participation mark will • They are challenging!!!! – Because operating systems are challenging contribute to your final assessment. • We will be using OS/161, – Participation means participation, NOT – an educational operating system attendance. – developed by the Systems Group At Harvard – Comp9201/3891/9283 students excluded – It contains roughly 20,000 lines of code and comments • You will only get participation marks in your enrolled tutorial. 5 6 1 Assignments Assignments • Assignments are in pairs • Don’t under estimate the time needed to do the – Info on how to pair up available soon assignments. • We usually offer advanced versions of the – ProfQuotes: [About the midterm] "We can't keep you working assignments on it all night, it's not OS.“ Ragde, CS341 – Available bonus marks are small compared to amount of • If you start a couple days before they are due, you will be late.
    [Show full text]
  • A Look at the EROS Operating System Jonathan S
    A Look at the EROS Operating System Jonathan S. Shapiro Johns Hopkins University Abstract EROS is a capability-based, secure operating system originally designed to address the needs of shared computing utilities involving mutually suspicious users. The deploy­ ment plan for the original design was to provide leased compute service to competing business entities, potentially running on a single machine. As a result, the system was structured to preserve security in the face of both hostile dynamic content and hostile users. While the EROS platform can support the efficient deployment of multilevel se­ cure environments, it is primarily focused on business security requirements. These re­ quirements often address integrity as well as security concerns. An EROS-based deploy­ ment can ensure that business-critical data is manipulated exclusively by authorized ap­ plication software, which in turn is guarded against user tampering. Simultaneously, EROS enables users to run untrusted utility software, hand private or proprietary data to that software, and be assured (within reason) that the data cannot be disclosed to the out­ side world. This paper gives a general overview of the EROS system and what it can do. The EROS research project has now ended. Further work based on the EROS system is being pursued under the CapROS project (www.capros.org). The EROS team has moved on to a successor system: Coyotos (www.coyotos.org). 1 Introduction in other publications. Others result from chains of reasoning that are omitted for reasons of space. A This paper accompanies a talk for the 2005 Libre few are opinions derived from years of in-depth Software Meeting in Dijon, France.
    [Show full text]
  • El Debat Polític D'ahir; Al Parlament De La Repúb Ica, Desenrotllat En
    EL TEMPS. - Al pla de Lleida, Penedès, Bages I Via, hi ha bol· res matinals. Per tota la resta de catalunya el cel està completament se~. pel qual motiu les glaçades I gebrades són tmpartants, I ha experimentat la temperatura un notable descens. Les mlnlmes registrades ahir han tingut lloc a Núria amb 11 graus sota zero I a Adrall I Sant Juilià de VIlatorta, amb 6 graus sota zero. IV _ Núm. 700 - Preue 10 cèntims AnY fundadort LLUIS COMPANYS Barcelona, dijous, s de febrer del 19J4 El MOMENT POUTIC El debat polític d'ahir; al Parlament de la Repúb ica, desenrotllat en un ambient de gran passió, vé a augnientar el confusionisme actual - o Uftfi[H[IA ~·~HJI11IUA[II A~~~R~A IPrieto, en nom dels socialistes, s'expresà en SENSE AUTORITAT NI GAllARDIA termes de gran violència.-Segueix la divisió l dintre el Govern lerroux, destacada novament e S darreres hores A despit de la votació de coníiança al Govern Lerroux, obtingudR en la intervenció de Martínez Barrio del Govern Lerroux després de l'apassionat debat parlamentari d'ahir, la situació politica segueiX més con1usa que mat. Si la crisi era inevitable abans d'ahir, ho és Proposicions llei sobre intensificació del Cultiu. la situació social als camps i espe­ El senyor ALVAREZ MENDIZA­ cialment a la provincia de Jaén. (Crònica del nostre redactor a Madrid Alard Prats) .rob apremiant urgencia des d'avui. La sessió parlamentària tingué l'ab· Madrid, 7. - A dos quarts i cmc surd& conseqi.ièncJa de complicar com mat la situació 1 de posar de re­ BAL presenta una esmena en la L'efervescencia que s'observa al carrer, ha tingut per fi ressò al Parla­ minuts de cinc comença la sess10 com lleu en el saló de sessions la profunda esquerda del gabinet, sense solda­ qual demana que es determinin El debat polític ment.
    [Show full text]
  • Labels and Event Processes in the Asbestos Operating System
    Labels and Event Processes in the Asbestos Operating System Petros Efstathopoulos∗ Maxwell Krohn† Steve VanDeBogart∗ Cliff Frey† David Ziegler† Eddie Kohler∗ David Mazieres` ‡ Frans Kaashoek† Robert Morris† ∗UCLA †MIT ‡Stanford/NYU http://asbestos.cs.ucla.edu/ ABSTRACT purposes [20]. Most servers instead revert to the most insecure de- sign, monolithic code running with many privileges. It should come Asbestos, a new prototype operating system, provides novel la- as no surprise that high-impact breaches continue. beling and isolation mechanisms that help contain the effects New operating system primitives are needed [21], and the best of exploitable software flaws. Applications can express a wide place to explore candidates is the unconstrained context of a new range of policies with Asbestos’s kernel-enforced label mechanism, OS. Hence the Asbestos operating system, which can enforce strict including controls on inter-process communication and system- application-defined security policies even on efficient, unprivileged wide information flow. A new event process abstraction provides servers. lightweight, isolated contexts within a single process, allowing the same process to act on behalf of multiple users while preventing Asbestos’s contributions are twofold. First, all access control it from leaking any single user’s data to any other user. A Web checks use Asbestos labels, a primitive that combines advantages server that uses Asbestos labels to isolate user data requires about of discretionary and nondiscretionary access control. Labels deter- 1.5 memory pages per user, demonstrating that additional security mine which services a process can invoke and with which other can come at an acceptable cost. processes it can interact.
    [Show full text]
  • Download Full Book
    For Business and Pleasure Keire, Mara Laura Published by Johns Hopkins University Press Keire, Mara Laura. For Business and Pleasure: Red-Light Districts and the Regulation of Vice in the United States, 1890–1933. Johns Hopkins University Press, 2010. Project MUSE. doi:10.1353/book.467. https://muse.jhu.edu/. For additional information about this book https://muse.jhu.edu/book/467 [ Access provided at 1 Oct 2021 16:48 GMT with no institutional affiliation ] This work is licensed under a Creative Commons Attribution 4.0 International License. For Business & Pleasure This page intentionally left blank studies in industry and society Philip B. Scranton, Series Editor Published with the assistance of the Hagley Museum and Library For Business & Pleasure Red-Light Districts and the Regulation of Vice in the United States, 1890–1933 mara l. keire The Johns Hopkins University Press Baltimore ∫ 2010 The Johns Hopkins University Press All rights reserved. Published 2010 Printed in the United States of America on acid-free paper 2 4 6 8 9 7 5 3 1 The Johns Hopkins University Press 2715 North Charles Street Baltimore, Maryland 21218-4363 www.press.jhu.edu Library of Congress Cataloging-in-Publication Data Keire, Mara L. (Mara Laura), 1967– For business and pleasure : red-light districts and the regulation of vice in the United States, 1890–1933 / Mara L. Keire. p. cm. — (Studies in industry and society) Includes bibliographical references and index. isbn-13: 978-0-8018-9413-8 (hbk. : alk. paper) isbn-10: 0-8018-9413-1 (hbk. : alk. paper) 1. Red-light districts—United States—History—20th century.
    [Show full text]
  • Mobile and Embedded Device
    Mobile and Embedded Device Selecting an Operating System Why use an OS? ● In our previous work we have seen how to execute a number of tasks on our system ● Some of these tasks can run asynchronously – For example interrupt driven tasks ● So if we want to exploit the resources of our system efficiently we require some software support to do this – Namely an operating system Which Operating System? ● There are a number of choices when selecting an OS – Size, cost, features ● Free – FreeRTOS: http://www.freertos.org – TinyOS: http://www.tinyos.net – Chibios: http://www.chibios.org/ – eCos, uKOS, EROS, Nut/OS – Various Linux flavours ● Commercial – VxWorks: http://www.windriver.com – QNX: http://www.qnx.com – SafeRTOS: http://www.highintegritysystems.com/safertos.html – uC/OSII: http://www.micrium.com – Salvo: http://www.pumpkininc.com – INTEGRITY, VelOSity, THEOS, RMX Why FreeRTOS ● Free (Both “Speech” and “Beer”) – No Royalties, Open Source – Although documentation costs ● Lightweight – Low overhead, simple code ● Portable – ~8 major architectures officially supported, more unofficially ● Cooperative or Preemptive – We're going to be using preemptive ● Good Documentation – http://www.freertos.org – Look under FreeRTOS API – Functional docs plus code examples ● Developed by an Ex-Student! – Richard Barry, BSc CRTS What required from an OS? ● For small embedded systems they are required to be – Small memory footprint – Efficient use of resources – Fast ● We require what is normally called an 'executive' rather than an operating system – Lots
    [Show full text]
  • Reinterpreting Eros in Plato's Symposium
    Reinterpreting Eros in Plato’s Symposium Master’s Thesis Presented to The Faculty of the Graduate School of Arts and Sciences Brandeis University Department of Ancient Greek and Roman Studies Leonard Muellner, Advisor In Partial Fulfillment of the Requirements for Master’s Degree by Peter Caccavale May 2012 Acknowledgements I would like to thank everyone who encouraged me throughout this process including my family, friends and colleagues. Without your support and guidance I am sure this thesis would never have been successful. I owe special thanks to my advisor, Professor Leonard Muellner, whose continued guidance and suggestions transformed this thesis from scattered thoughts to a structured work. From weekly meetings to editing a constant stream of drafts, your help was invaluable and I am very thankful for all of your advice. I would also like to thank my readers, Professor Patricia Johnston and Professor Cheryl Walker. I appreciate the time you took to read such a large thesis and your suggestions and comments were instrumental in fixing my errors in both grammar and logic. Finally, I am happy to be able to thank Christina for her unwavering support and encouragement. By now you have probably heard more about Plato and Greek grammar than you ever would have wanted, but you have also added more to this work than I think you realize. P.G.C. ii ABSTRACT Redefining Eros in Plato’s Symposium A thesis presented to the Department of Classical Studies Graduate School of Arts and Sciences Brandeis University Waltham, Massachusetts By Peter Caccavale At the heart of the Symposium there lies the conceptual problem of defining the term eros in a manner that remains faithful to both its linguistic and philosophical context.
    [Show full text]
  • Design of a Hard Real-Time Multi-Core Testbed for Energy Measurement$
    Microelectronics Journal 42 (2011) 1176–1185 Contents lists available at ScienceDirect Microelectronics Journal journal homepage: www.elsevier.com/locate/mejo Design of a hard real-time multi-core testbed for energy measurement$ Tongquan Wei a,Ã, Xiaodao Chen b,Ã, Piyush Mishra c a East China Normal University, Shanghai, China b Michigan Technological University, Houghton, MI, United States c GE Global Research, Niskayuna, NY, United States article info abstract Article history: This paper presents a systematic methodology for designing a hard real-time multi-core testbed to Received 9 May 2010 validate and benchmark various rate monotonic scheduling (RMS)-based task allocation and scheduling Received in revised form schemes in energy consumption. The hard real-time multi-core testbed comprises Intel Core Duo T2500 28 September 2010 processor with dynamic voltage scaling (DVS) capability and runs the Linux Fedora 8 operating system Accepted 7 March 2011 supporting soft real-time scheduling. POSIX threads API and Linux FIFO scheduling policy are utilized to Available online 20 July 2011 facilitate the design and Dhrystone-based tasks are generated to verify the design. A LabView-based Keywords: DAQ system is designed to measure the energy consumption of CPU and system board of the testbed. Dynamic voltage scaling A case study of task allocation and scheduling algorithms is also presented that aim to optimize the Hard real-time systems schedule feasibility and energy consumed by the processor and memory module in the multi-core Multi-core testbed platform. The experience from the implementation is summarized to serve as potential guidelines for Rate monotonic scheduling Task allocation and scheduling.
    [Show full text]