DOCSLIB.ORG

Baseband Exploitation in 2013: Hexagon Challenges

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Baseband Exploitation in 2013: Hexagon Challenges Baseband exploitation in 2013: Hexagon challenges Ralf-Philipp Weinmann <ralf comsec!ris.com# Presented at Pacsec 2013 2013-11-1$% &okyo, Japan Who am I+ ● ,ecurit( researcher from -ermany ● Previousl( in academia (Uni.ersit( of 1!xembourg) ● 3ow 4orking for my own company ● 5een interest in securit( of mobile% wireless and embedded systems ● First to demonstrate remotel( exploitable .!lnerabilities in baseband stacks (3 years ago2 7.erview ● Importance of Hexagon for mobile exploitation ● Intro to the 89,P: architect!re ● Past iss!es with B1;,& ● 7n the complexit( of ROP and similar techniques ● ;n example vulnerabilit( ● Concl!sions &he now: cellular baseband market 2013 1?> ?> 8!alcomm @ediate' :3> 13> *ntel 7thers 1TE: Baseband market share distrib!tion 3> B?> 8!alcomm A.er(bod( else Hexagon architect!re ● 7riginated from 8=7Ms general p!rpose 9,P – 0sed for onl( a!dio processing and L1 in early da(s ● C1*W architecture [1-$ instr!ctions per cycle] ● Barrel processor /interlea.ed m!ltithreading2 ● 32-bit !nified address space for code and data – Byte addressable ● 32 -eneral registers /32-bit2 – also usable pair4ise: 64-bit register pairs ● ,!pports nestable loops ● @any addressing modes (specific to 9,P !sage cases2 ● 1ea'ed docs claim !p F3x fewer cycles than ;R@B on control code” *nstr!ction packets ● ;tomic units grouping instructions executed in parallel ● $ parallel pipelines /called slots2 ● Different ins. t(pes assigned to different slots ● Constraints for grouping appl( – HW reso!rces cannot be o.ersubscribed ● Manuals: no branching into middle of packet – Empirically: (o! can ret!rn into middle of packet =hipset evolution ● 89,P:.1: @,@H:00 – Pantech Racer Vega (anyone+I+2 ● 89,P:.2: 8,9H:J0 /.1Kv22% @,@H200 /.1Kv22% =,@HB00% @9@HB00 – e"g. Sharp IS03/*S05 ● 89,P:.3: @9@B00 /.1K.22% =,@H?00% 6,@B000% 8,9H:J0a% @9@H200a% @,@H::0% 8,9Hx?2 – e"g. Sony Xperia acro H9 IS12S ● 89,P:.$: @,@HB:0% @9@Bx1J – e"g. Sams!ng -alaxy S4 (-&-iBJ052, Apple iPhone 5, Blac'Berry Z10 ● 89,P:.J: @,@HB?$ – e"g. LG G2, Sony Xperia Z Ultra Problems with I,A (revisions2 ● Hexagon ProgrammerNs guide onl( a.ailable for v2 ● ;rchitect!re has significantl( e.ol.ed since ● Many details g!essed and deduced from toolchain – Example: immext /payload extender) ● Cer( hard to build tools from scratch because of sheer complexit( of *,; – &esting? – Easier to start from publicly released toolchain Usef!l instr!ctions ● &ransfer: rL O rP Q| immediate ● ;1U: Rd O add/Rs, Rt QQ immediate2 [1: bit signed immediate for arithmetic, 10 bit for logicalE ● combine: Rdd=combine(immediate, immediate2 DH bit signed immediates] ● @0L: Rd O mux(P!% RsQQimmediate% RtQQimmediate2 DH bit signed immediates] ● 37P: 7f xx xx xx Control registers ● LC0 [C1]% SA0 [C0]% LC1 [C3]% SA1 [C2]: 1oop registers ● PC [C9]: Program counter ● USR [C8]: 0ser stat!s register ● M0 [C6] M1 [C7]: Modifier registers /circular addressing2 ● P3:0 [C4]: Predicate registers ● UGP [C10]: 0ser -eneral Pointer /&1,2 ● GP [C11]: Global Pointer Calling conventions ● allocframe/siRe Du1$E2 Saved LR – Push LR and FP to top of stack. Saved FP – ,!btract size D8-b(te alignedE from SP Procedure – FP = addressof(oldFPonStack) local data ● deallocframe – 1oad sa.ed 6P and 1R .alues from address referenced at 6P Saved LR – Restore SP to pre.ious frame Saved FP Hexagon code, examples some_func: 01 02 03 A3: memw (r0 + #0xC) = r3 ; memw (r0 + #8) = r1 00 30 02 A4: memw (r0 + #0x10) = r2 ; memw (r0 + #0) = #0 00 40 9F 52: { jumpr r31 80 C0 40 3C: memw (r0 + #4) = #0 } [...] 60 46 04 7C { r1:0 = combine (#0x33, #8) 46 42 33 04 immext (#0x43309180) 82 45 00 78 r2 = ##filename @ "/local/mnt/" … 43 C1 03 78 r3 = #0x60A } 51 42 33 04 { immext (#0x43309440) A4 46 00 78 r4 = ##message @ "<PRESENCE" … 00 40 5D 3C memw (r29 + #0) = #0 80 C0 5D 3C memw (r29 + #4) = #0 } 4A 63 64 5A { call logmsg 00 C1 5D 3C memw (r29 + #8) = #0 } [...] ,ecurity of chip fabric ● Old(er2 8!alcomm chipsets /e"g. @,@?200): – baseband 4as master /access to AP memory & flash) ● =!rrent-gen chipsets ha.e separate AR@? core for bringup /RPM2 – @odem firm4are no4 is loaded by HL7S (e"g" Android% i7,2 ● =hipset fabric has “hardware fire4alls” – 3o doc!mentation leaked on these ● 0nclear 4hether baseband → AP escalation is possible – What abo!t 9@;+ 3ew R&7, ● Cer( old 8ualcomm chips use proprietar( 7, REL ● 1ater% REL 4as propped onto O51$ – commercial microkernel based on 1$ ● Hexagon-based baseband firm4ares abandon 751$ – BLA,&K8!R& apparently redesigned from scratch – ,ome remnants of RAL for compatibility can be fo!nd Sec!rity mitigations ● Stack coo'ies% generated b( build toolchain ● 3on-executable stac'Kheap – albeit% according to 8=OM securit( ad.isor( 80-N3172-14 /Ma( 2012): F&he c!stomer must FAnable 9ata Axecution Pre.ention .erify that an( support in QuR&KB1;,&-based performance impact is images” acceptable.G ● 5ernel/user-mode separation in Dc!stomer O 7A@E 8uRT/B1;ST Dalso H0-N31?2-1$E ● Safe unlinking for heap ● 3o ;,1R ROP & Roll ● 3ote that deallocframe sets 6P – .ery similar popping SP off stac' on other architect!res ● *nstruction pac'ets can be split – as long as they are not in cache ● =ompo!nd instructions are anno(ing – create constraints for gadgets ● 6or a!tomation: !se ,@& sol.er to handle constraints – See BH 2010 tal' & W77& paper on same subject ● ,till some 4a( to go ● @anual gadget search 4or's% b!t .ery labor-intensi.e ● ;lternate gadgets ending in T!mp r31 and deallocframe gadgets to get 4ork done Hands-on training ● ,martphones: most modem firmwares signature checked at boot time (mostl( older @DMs% though) ● 0,B modems: firm4are freel( modifiable [ca.eat% there ma( be exceptions: ha.en't seen any (etE ● ,ome ,amsung -alaxy ,$s /-&-iBJ0J) with @,@HB:0: no signature check on modem firmware – ,ec!re boot t(pe: ,amsung ● ;ccording to lea'ed docs modem bringup and sigcheck done b( Krait core – ,BL hac's may help 4ith getting aro!nd chec's &ools ● 89,P:.J toolchain released by 80*= – based on -== $"$ ● Can be !sed to compile C/=UU code for Hexagon and inspect using objdump ● Modem firmware: empt( A16 section header – need to populate to ma'e objd!mp disassemble ● IDA Pro Hexagon pl!gin by -,@5 /89,P:.$2 – also based on released bin!tils – .er( rudimentary at the moment – crashes on some firmwares /e.g. iPhone J baseband) Leaked b!gs: An example /CR 3106292 ● Bac'ground: some 4hile ago, archi.e of chipset docs on @,@HB:0 appeared on L9; 9evelopers site – Someone had p!t 7 ;@,, sec!rity b!lletins into this ● =lassic stac' buffer o.erflow ● *n 1&A air interface ● 7ccurs 4hen processing &est 1oopbac' messages – Simple 13 messages > 100 b(tes trigger this problem ● @itigated b( !se of -fstack-protector ● ;ppeared in @a( 2012 sec!rit( ad.isory – 9etailed description gi.en ● Still% s!rprising to see s!ch straightforward b!gs – Possible explanation: 1&A stack 4as still F(oungG &he Way Forward ● 3e4 architect!re has raised bar of entr( significantl( ● Ho4e.er, Q!alcomm dominates mar'et – People 4ill and do have interest in their chips ● Well-f!nded attackers will adapt ● P!blic leaks of v!lnerabilit( information ma'e attac'ers task easier – &a'edown possible, but the internet “doesn't forget” – 9onNt find bugs% find bug description – 7A@s sometimes have slo4 patch c(cles ● R7P exploitation needs a!tomation – 3ot as difficult as assumed .
Load more

Recommended publications
  • Antikernel: a Decentralized Secure Hardware-Software Operating
    Antikernel A Decentralized Secure Hardware-Software Operating System Andrew Zonenberg (@azonenberg) Senior Security Consultant, IOActive Bülent Yener Professor, Rensselaer Polytechnic Institute This work is based on Zonenberg’s 2015 doctoral dissertation, advised by Yener. IOActive, Inc. Copyright ©2016. All Rights Reserved. Kernel mode = full access to all state • What OS code needs this level of access? – Memory manager only needs heap metadata – Scheduler only needs run queue – Drivers only need their peripheral – Nothing needs access to state of user-mode apps • No single subsystem that needs access to all state • Any code with ring 0 privs is incompatible with LRP! IOActive, Inc. Copyright ©2016. All Rights Reserved. Monolithic kernel, microkernel, … Huge Huge attack surface Small Better 0 code size - Ring Can we get here? None Monolithic Micro ??? IOActive, Inc. Copyright ©2016. All Rights Reserved. Exokernel (MIT, 1995) • OS abstractions can often hurt performance – You don’t need a full FS to store temporary data on disk • Split protection / segmentation from abstraction Word proc FS Cache Disk driver DHCP server IOActive, Inc. Copyright ©2016. All Rights Reserved. Exokernel (MIT, 1995) • OS does very little: – Divide resources into blocks (CPU time quanta, RAM pages…) – Provide controlled access to them IOActive, Inc. Copyright ©2016. All Rights Reserved. But wait, there’s more… • By removing non-security abstractions from the kernel, we shrink the TCB and thus the attack surface! IOActive, Inc. Copyright ©2016. All Rights Reserved. So what does the kernel have to do? • Well, obviously a few things… – Share CPU time between multiple processes – Allow processes to talk to hardware/drivers – Allow processes to talk to each other – Page-level RAM allocation/access control IOActive, Inc.
    [Show full text]
  • Mali-400 MP: a Scalable GPU for Mobile Devices
    Mali-400 MP: A Scalable GPU for Mobile Devices Tom Olson Director, Graphics Research, ARM Outline . ARM and Mobile Graphics . Design Constraints for Mobile GPUs . Mali Architecture Overview . Multicore Scaling in Mali-400 MP . Results 2 About ARM . World’s leading supplier of semiconductor IP . Processor Architectures and Implementations . Related IP: buses, caches, debug & trace, physical IP . Software tools and infrastructure . Business Model . License fees . Per-chip royalties . Graphics at ARM . Acquired Falanx in 2006 . ARM Mali is now the world’s most widely licensed GPU family 3 Challenges for Mobile GPUs . Size . Power . Memory Bandwidth 4 More Challenges . Graphics is going into “anything that has a screen” . Mobile . Navigation . Set Top Box/DTV . Automotive . Video telephony . Cameras . Printers . Huge range of form factors, screen sizes, power budgets, and performance requirements . In some applications, a huge difference between peak and average performance requirements 5 Solution: Scalability . Address a wide variety of performance points and applications with a single IP and a single software stack. Need static scalability to adapt to different peak requirements in different platforms / markets . Need dynamic scalability to reduce power when peak performance isn’t needed 6 Options for Scalability . Fine-grained: Multiple pipes, wide SIMD, etc . Proven approach, efficient and effective . But, adding pipes / lanes is invasive . Hard for IP licensees to do on their own . And, hard to partition to provide dynamic scalability . Coarse-grained: Multicore . Easy for licensees to select desired performance . Putting cores on separate power islands allows dynamic scaling 7 Mali 400-MP Top Level Architecture Asynch Mali-400 MP Top-Level APB Geometry Pixel Processor Pixel Processor Pixel Processor Pixel Processor Processor #1 #2 #3 #4 CLKs MaliMMUs RESETs IRQs IDLEs MaliL2 AXI .
    [Show full text]
  • Nyami: a Synthesizable GPU Architectural Model for General-Purpose and Graphics-Specific Workloads
    Nyami: A Synthesizable GPU Architectural Model for General-Purpose and Graphics-Specific Workloads Jeff Bush Philip Dexter†, Timothy N. Miller†, and Aaron Carpenter⇤ San Jose, California †Dept. of Computer Science [email protected] ⇤ Dept. of Electrical & Computer Engineering Binghamton University {pdexter1, millerti, carpente}@binghamton.edu Abstract tempt to bridge this gap, Intel developed Larrabee (now called Graphics processing units (GPUs) continue to grow in pop- Xeon Phi) [25]. Larrabee is architected around small in-order ularity for general-purpose, highly parallel, high-throughput cores with wide vector ALUs to facilitate graphics rendering and systems. This has forced GPU vendors to increase their fo- multi-threading to hide instruction latencies. The use of small, cus on general purpose workloads, sometimes at the expense simple processor cores allows many cores to be packed onto a of the graphics-specific workloads. Using GPUs for general- single die and into a limited power envelope. purpose computation is a departure from the driving forces be- Although GPUs were originally designed to render images for hind programmable GPUs that were focused on a narrow subset visual displays, today they are used frequently for more general- of graphics rendering operations. Rather than focus on purely purpose applications. However, they must still efficiently per- graphics-related or general-purpose use, we have designed and form what would be considered traditional graphics tasks (i.e. modeled an architecture that optimizes for both simultaneously rendering images onto a screen). GPUs optimized for general- to efficiently handle all GPU workloads. purpose computing may downplay graphics-specific optimiza- In this paper, we present Nyami, a co-optimized GPU archi- tions, even going so far as to offload them to software.
    [Show full text]
  • Dynamic Task Scheduling and Binding for Many-Core Systems Through Stream Rewriting
    Dynamic Task Scheduling and Binding for Many-Core Systems through Stream Rewriting Dissertation zur Erlangung des akademischen Grades Doktor-Ingenieur (Dr.-Ing.) der Fakultät für Informatik und Elektrotechnik der Universität Rostock vorgelegt von Lars Middendorf, geb. am 21.09.1982 in Iserlohn aus Rostock Rostock, 03.12.2014 Gutachter Prof. Dr.-Ing. habil. Christian Haubelt Lehrstuhl "Eingebettete Systeme" Institut für Angewandte Mikroelektronik und Datentechnik Universität Rostock Prof. Dr.-Ing. habil. Heidrun Schumann Lehrstuhl Computergraphik Institut für Informatik Universität Rostock Prof. Dr.-Ing. Michael Hübner Lehrstuhl für Eingebettete Systeme der Informationstechnik Fakultät für Elektrotechnik und Informationstechnik Ruhr-Universität Bochum Datum der Abgabe: 03.12.2014 Datum der Verteidigung: 05.03.2015 Acknowledgements First of all, I would like to thank my supervisor Prof. Dr. Christian Haubelt for his guidance during the years, the scientific assistance to write this thesis, and the chance to research on a very individual topic. In addition, I thank my colleagues for interesting discussions and a pleasant working environment. Finally, I would like to thank my family for supporting and understanding me. Contents 1 INTRODUCTION........................................................................................................................1 1.1 STREAM REWRITING ...................................................................................................................5 1.2 RELATED WORK .........................................................................................................................7
    [Show full text]
  • An Overview of MIPS Multi-Threading White Paper
    Public Imagination Technologies An Overview of MIPS Multi-Threading White Paper Copyright © Imagination Technologies Limited. All Rights Reserved. This document is Public. This publication contains proprietary information which is subject to change without notice and is supplied ‘as is’, without any warranty of any kind. Filename : Overview_of_MIPS_Multi_Threading.docx Version : 1.0.3 Issue Date : 19 Dec 2016 Author : Imagination Technologies 1 Revision 1.0.3 Imagination Technologies Public Contents 1. Motivations for Multi-threading ................................................................................................. 3 2. Performance Gains from Multi-threading ................................................................................. 4 3. Types of Multi-threading ............................................................................................................ 4 3.1. Coarse-Grained MT ............................................................................................................ 4 3.2. Fine-Grained MT ................................................................................................................ 5 3.3. Simultaneous MT ................................................................................................................ 6 4. MIPS Multi-threading .................................................................................................................. 6 5. R6 Definition of MT: Virtual Processors ..................................................................................
    [Show full text]
  • C for a Tiny System Implementing C for a Tiny System and Making the Architecture More Suitable for C
    Abstract We have implemented support for Padauk microcontrollers, tiny 8-Bit devices with 60 B to 256 B of RAM, in the Small Device C Compiler (SDCC), showing that the use of (mostly) standard C to program such minimal devices is feasible. We report on our experience and on the difficulties in supporting the hardware multithreading present on some of these devices. To make the devices a better target for C, we propose various enhancements of the architecture, and empirically evaluated their impact on code size. arXiv:2010.04633v1 [cs.PL] 9 Oct 2020 1 C for a tiny system Implementing C for a tiny system and making the architecture more suitable for C Philipp Klaus Krause, Nicolas Lesser October 12, 2020 1 The architecture Padauk microcontrollers use a Harvard architecture with an OTP or Flash pro- gram memory and an 8 bit wide RAM data memory. There also is a third address space for input / output registers. These three memories are accessed using separate instructions. Figure 1 shows the 4 architecture variants, which are commonly called pdk13, pdk14, pdk15 and pdk16 (these names are different from the internal names found in files from the manufacturer-provided IDE) by the width of their program memory. Each instruction is exactly one word in program memory. Most instructions execute in a single cycle, the few excep- tions take 2 cycles. Most instructions use either implicit addressing or direct addressing; the latter usually use the accumulator and one memory operand and write their result into the accumulator or memory. On the pdk13, pdk14 and pdk15, the bit set, reset and test instructions, which use direct addressing, can only access the lower half of the data address space.
    [Show full text]
  • Antikernel: a Decentralized Secure Hardware-Software Operating System Architecture
    Antikernel: A Decentralized Secure Hardware-Software Operating System Architecture Andrew Zonenberg1 and B¨ulent Yener2 1 IOActive Inc., Seattle WA 98105, USA, [email protected] 2 Rensselaer Polytechnic Institute, Troy NY 12180, USA, [email protected] Abstract. The \kernel" model has been part of operating system ar- chitecture for decades, but upon closer inspection it clearly violates the principle of least required privilege. The kernel is a single entity which provides many services (memory management, interfacing to drivers, context switching, IPC) having no real relation to each other, and has the ability to observe or tamper with all state of the system. This work presents Antikernel, a novel operating system architecture consisting of both hardware and software components and designed to be fundamen- tally more secure than the state of the art. To make formal verification easier, and improve parallelism, the Antikernel system is highly modular and consists of many independent hardware state machines (one or more of which may be a general-purpose CPU running application or systems software) connected by a packet-switched network-on-chip (NoC). We create and verify an FPGA-based prototype of the system. Keywords: network on chip · system on chip · security · operating sys- tems · hardware accelerators 1 Introduction The Antikernel architecture is intended to be more, yet less, than simply a \ker- nel in hardware". By breaking up functionality and decentralizing as much as possible we aim to create a platform that allows applications to pick and choose the OS features they wish to use, thus reducing their attack surface dramati- cally compared to a conventional OS (and potentially experiencing significant performance gains, as in an exokernel).3 Antikernel is a decentralized architecture with no system calls; all OS func- tionality is accessed through message passing directly to the relevant service.
    [Show full text]
  • On the Exploration of the DRISC Architecture
    UvA-DARE (Digital Academic Repository) On the exploration of the DRISC architecture Yang, Q. Publication date 2014 Link to publication Citation for published version (APA): Yang, Q. (2014). On the exploration of the DRISC architecture. General rights It is not permitted to download or to forward/distribute the text or part of it without the consent of the author(s) and/or copyright holder(s), other than for strictly personal, individual use, unless the work is under an open content license (like Creative Commons). Disclaimer/Complaints regulations If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library: https://uba.uva.nl/en/contact, or a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible. UvA-DARE is a service provided by the library of the University of Amsterdam (https://dare.uva.nl) Download date:30 Sep 2021 Chapter 1 Introduction Contents 1.1 Background . 8 1.2 Multithreading . 8 1.3 Multiple cores . 10 1.4 What’s next . 11 1.5 Case study . 12 1.6 What have we done . 14 1.7 Overview and organization . 16 7 8 CHAPTER 1. INTRODUCTION 1.1 Background Moore’s law, first raised in 1965 [M 65] but later widely accepted as being “the number of transistors on integrated circuits+ doubles approximately every two year” (fig.
    [Show full text]
  • Programming the Cray XMT at PNNL
    21‐May‐12 What is parallel computing? Using multiple computing elements to solve a problem faster Multiple systems Multiple processors Multiple nodes Multiple cores Parallel computing is becoming ubiquitous due to power constraints Multiple cores rather than faster clock speeds Programming the Cray XMT Since cores share memory and programming cores as separate computing elements is too heavy weight, shared memory programming John Feo will become ubiquitous Director Center for Adaptive Supercomputing Software Intel 48‐core x86 processor AMD Athlon X2 6400+ dual‐core en.wikipedia.org/wiki/Multi‐core_processor www.pcper.com/reviews/Processors/Intel‐Shows‐48‐core‐x86‐Processor‐Single‐chip‐Cloud‐Computer May 21, 2012 1 Shared memory Hiding memory latencies The Good Memory hierarchy Read and write any data item C1 . Cn Reduce latency by storing some data nearby No partitioning No message passing Vectors L1 L1 Reads and write performed by Amortize latency by fetching N words at a time L2 L2 hardware Little overhead lower latency, Parallelism higher bandwidth Hide latency by switching tasks The Bad L3 Can also hide other forms of latencies Read and write any data item Race conditions Memory 4 1 21‐May‐12 Barrel processor Multithreading Many threads per processor core Hide latencies via parallelism Thread-level context switch at every instruction cycle Maintain multiple active threads per processor, so that gaps introduced by long latency operations in one thread are filled by instructions in other threads registers ALU “stream” program counter
    [Show full text]
  • Abstract PRET Machines
    Abstract PRET Machines Invited TCRTS award paper Edward A. Lee (award recipient) Jan Reineke Michael Zimmer UC Berkeley Saarland University Swarm64 AS Berkeley, CA 94720 Saarland Informatics Campus Berlin, Germany Email: [email protected] Saarbrucken,¨ Germany Email: [email protected] Email: [email protected] Abstract—Prior work has shown that it is possible to design stability is maintained if events occur within some specified microarchitectures called PRET machines that deliver precise latency after some stimulus. and repeatable timing of software execution without sacrificing No engineered system is perfect. No matter what specifica- performance. That prior work provides specific designs for PRET microarchitectures and compares them against conventional de- tions we use for what a “correct behavior” of the system is, signs. This paper defines a class of microarchitectures called there will always be the possibility that the realized system will abstract PRET machines (APMs) that capture the essential deviate from that behavior in the field. The goal of engineering, temporal properties of PRET machines. We show that APMs therefore, needs to be to clearly define what is a correct deliver deterministic timing with no loss of performance for a behavior, to design a system that realizes that behavior with family of real-time problems consisting of sporadic event streams with deadlines equal to periods. On the other hand, we observe high probability, to provide detectors for violations, and to a tradeoff between deterministic timing and the ability to meet provide safe fallback behaviors when violations occur. deadlines for sporadic event streams with constrained deadlines. A straightforward way to define correct behavior is to specify what properties the output of a system must exhibit for each possible input.
    [Show full text]
  • Concurrent Programming CLASS NOTES
    COMP 409 Concurrent Programming CLASS NOTES Based on professor Clark Verbrugge's notes Format and figures by Gabriel Lemonde-Labrecque Contents 1 Lecture: January 4th, 2008 7 1.1 Final Exam . .7 1.2 Syllabus . .7 2 Lecture: January 7th, 2008 8 2.1 What is a thread (vs a process)? . .8 2.1.1 Properties of a process . .8 2.1.2 Properties of a thread . .8 2.2 Lifecycle of a process . .9 2.3 Achieving good performances . .9 2.3.1 What is speedup? . .9 2.3.2 What are threads good for then? . 10 2.4 Concurrent Hardware . 10 2.4.1 Basic Uniprocessor . 10 2.4.2 Multiprocessors . 10 3 Lecture: January 9th, 2008 11 3.1 Last Time . 11 3.2 Basic Hardware (continued) . 11 3.2.1 Cache Coherence Issue . 11 3.2.2 On-Chip Multiprocessing (multiprocessors) . 11 3.3 Granularity . 12 3.3.1 Coarse-grained multi-threading (CMT) . 12 3.3.2 Fine-grained multithreading (FMT) . 12 3.4 Simultaneous Multithreading (SMT) . 12 4 Lecture: January 11th, 2008 14 4.1 Last Time . 14 4.2 \replay architecture" . 14 4.3 Atomicity . 15 5 Lecture: January 14th, 2008 16 6 Lecture: January 16th, 2008 16 6.1 Last Time . 16 6.2 At-Most-Once (AMO) . 16 6.3 Race Conditions . 18 7 Lecture: January 18th, 2008 19 7.1 Last Time . 19 7.2 Mutual Exclusion . 19 8 Lecture: January 21st, 2008 21 8.1 Last Time . 21 8.2 Kessel's Algorithm . 22 8.3 Brief Interruption to Introduce Java and PThreads .
    [Show full text]
  • Understanding SPARC Processor Performance
    Understanding SPARC Processor Performance MAY 15 & 16, 2019 CLEVELAND PUBLIC AUDITORIUM, CLEVELAND, OHIO WWW.NEOOUG.ORG/GLOC About the Speaker • Akiva Lichtner • Physics background • Twenty years experience in IT • Enterprise production support analyst • Java developer • Oracle query plan manager … • Spoke here at G.L.O.C. about TDD and Java dynamic tracing Audience • Developers • System administrators • Tech support analysts • IT managers Motivation • I have been working in tech support for a large application • We have run SPARC T4 servers and now we run T7 servers • Application servers, database servers • Environments are all different • Users complained for years about “environment X” being slow, finally figured out why • What I learned can be very useful for users of SPARC servers What is SPARC? • First released in 1987, created by Sun Microsystems to replace the Motorola 68000 in its workstation products • During the .com boom Solaris/SPARC and Windows/Intel were the only supported platforms for the JVM • In 2000 the bubble burst and Sun server sales plunged • Sun acquired Afara Websystems, which had built an interesting new processor, and renamed it the UltraSPARC T1 • Was followed by T2 through M8, evolutions of the same design • More recently Oracle has added significant new functionality Processor Design • High core count (even in the early days) • Many threads per core • “Barrel” processor • Designed to switch efficiently • Non-uniform memory access • Per-processor shared cache • Core-level shared cache A picture speaks a thousand
    [Show full text]