Friedrich-Alexander-Universität Erlangen-Nürnberg  /   Technische Fakultät  /   Department Informatik

dosek: A Dependability Oriented Static Embedded Kernel

Motivation

Recent hardware exhibits an increased susceptibility against transient hardware faults due to shrinking structures sizes and operating voltages. Automotive safety standards take up this fact, recommending the deployment of appropriate counter measures. Here, existing solutions mainly concentrate on the hardening of applications, while the underlying operating system is often left as unreliable computing base.

dosek aims to bridge that gap by utilizing consquent design and implementation concepts for contructing a reliable computing base even on unreliable hardware. dosek is developed from scratch with dependability as the first-class design goal. Targeting safety-critical, embedded applications, the system provides an OSEK/AUTOSAR-conform interface (currently ECC1).

Design Concepts

We claim that a static system design is the right choice for a dependable design and implementation of a robust RTOS.

As presented at ISORC 2014, a statically tailored system leads to a higher inherent robustness of the resulting system due to the reduction of vulnerable run-time state.
dosek is statically tailored towards the concrete application and hardware platform -- without restricting the required OS services.

Extended Static Analysis

The dosek static analysis does not end with a simple control-flow graph of the application but further determines the expected overall system behaviour according to the OSEK specification. This allows to identify all possible system states and transitions at point in time. Based on this knowledge, the operating system code can be specifically tailored to the application, including dependability-oriented optimizations and extensions leveraging several fault-avoidance and -detection strategies.

Strict Fault Avoidance

Dependability-oriented tailoring condenses the vulnerable kernel state to a minimum, reducing the amount of registers and memory exposed to transient faults.
Apart from that, our fault-injection campaigns identified different kinds of indirection as a major catalyst for silent data corruptions. Therefore, a further important fault-avoidance strategy, which we apply throughout the entire system design, is the strict avoidance of indirections, both regarding the data-flow as well as the control-flow.

Constructive Integration of Fault Tolerance Mechanisms

The remaining vulnerable state is then protected by a combination of tailored dependability measures.
Generally, we concentrate on reliable fault-detection and containment within the kernel execution path.
This includes runtime assertions of the expected system state and a fully ANB-encoded kernel execution.
dosek further aims to support the application layer by providing flexible dependability services.

Research BlogRSS, Archive

Replacing the Kernel with a Statemachine , Christian Dietrich

At the OSPERT'15 workshop in Lund, we presented an approach to replace the actual kernel implementation with an equivalent state machine.

Cross-Kernel Flow Analysis at LCTES'15 , Christian Dietrich

The dOSEK group presented the cross-kernel flow analysis at the ACM SIGPLAN/SIGBED Conference on Languages, Compilers, Tools and Theory for Embedded Systems (LCTES'15)

Check it out!

Recent dosek releases can be found at github: https://github.com/danceos/dosek

Publications

OSPERT
2015

Dietrich, Christian ; Hoffmann, Martin ; Lohmann, Daniel:
Back to the Roots: Implementing the RTOS as a Specialized State Machine.
In: Brandenburg, Björn ; Kaiser, Robert (Ed.) : 11th Annual Workshop on Operating Systems Platforms for Embedded Real-Time Applications
(OSPERT '15, Lund, Sweden, July).
2015, pp 7-12. (BibTeX)

(Slides)
LCTES
2015

Dietrich, Christian ; Hoffmann, Martin ; Lohmann, Daniel:
Cross-Kernel Control-Flow-Graph Analysis for Event-Driven Real-Time Systems.
In: ACM (Ed.) : Proceedings of the 16th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, Tools and Theory for Embedded Systems
(The 16th Conference on Languages, Compilers and Tools for Embedded Systems (LCTES 2015), Portland, Oregon, USA, June 2015).
New York, NY, USA : ACM Press, 2015, pp 1-10.
Keywords: Static Analysis; Control-Flow Graph; Cross-Kernel Analysis; Real-Time Systems; Optimization; Compiler
[doi>10.1145/2670529.2754963] (BibTeX)

(Slides) (Raw Data)
RTAS
2015

Best Paper Award

Hoffmann, Martin ; Lukas, Florian ; Dietrich, Christian ; Lohmann, Daniel:
dOSEK: The Design and Implementation of a Dependability-Oriented Static Embedded Kernel.
In: West, Richard (Ed.) : Proceedings of the 20th Real-Time and Embedded Technology and Applications Symposium (RTAS '15)
(21st Real-Time and Embedded Technology and Applications Symposium (RTAS '15), Seatlle, WA, USA, April 2015).
2015, pp 259-270.
Keywords: DanceOS;dOSEK;Arithmetic Encoding;Fault Injection;Operating Systems;Embedded Systems;Real-Time Systems;Dependability;Safety;Memory Protection;MPU;OSEK;AUTOSAR
[doi>10.1109/RTAS.2015.7108449] (BibTeX)

(Raw Data)
ISORC
2014

Hoffmann, Martin ; Borchert, Christoph ; Dietrich, Christian ; Schirmeier, Horst ; Kapitza, Rüdiger ; Spinczyk, Olaf ; Lohmann, Daniel:
Effectiveness of Fault Detection Mechanisms in Static and Dynamic Operating System Designs.
In: IEEE Computer Society (Ed.) : Proceedings of the 17th IEEE International Symposium on Object/Component/Service-oriented Real-time Distributed Computing (ISORC '14)
(IEEE International Symposium on Object/Component/Service-oriented Real-time Distributed Computing, Reno, NV, USA, June 2014).
2014, pp 230-237.
Keywords: DanceOS, dosek, osek, dependability, static system
[doi>10.1109/ISORC.2014.26] (BibTeX)

PRDC
2013

Hoffmann, Martin ; Dietrich, Christian ; Lohmann, Daniel:
dOSEK: A Dependable RTOS for Automotive Applications.
In: - ; - (Ed.) : Proceedings of the 19th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC '13)
(19th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC '13), Vancouver, British Columbia, Canada, 02.-04. Dez. 2013).
2013, pp 120-121.
Keywords: dependability, EAN, DanceOS, OSEK, dosek, embedded systems, CoRed
[doi>10.1109/PRDC.2013.22] (BibTeX)

People Involved in dosek

Theses

Open Topics

Ongoing Theses

Finished Theses

Design and Implementation of a Soft-error Resilient OSEK Real-time Operating System (DanceOS_dOSEK)
Student: Florian Lukas (handed in on 19.05.2014 )
Supervisors: Dr.-Ing. Martin Hoffmann, Prof. Dr.-Ing. habil. Daniel Lohmann, Prof. Dr.-Ing. Wolfgang Schröder-Preikschat


Design and Implementation of an Operating System Service for Dependability Aspects (DanceOS_DepService)
Supervisors: Dr.-Ing. Martin Hoffmann, Prof. Dr.-Ing. habil. Daniel Lohmann


Global Optimization of Non-Functional Properties in OSEK Real-Time Systems by Static Cross-Kernel Flow Analyses (dOSEK_Opt)
Student: Christian Dietrich (handed in on 01.09.2014, Thesis file...)
Supervisors: Dr.-Ing. Martin Hoffmann, Prof. Dr.-Ing. habil. Daniel Lohmann


Priority-Obedient Multicore Interrupt Controller (OSEKV-IRQ)
Supervisors: Christian Dietrich, M. Sc., Prof. Dr.-Ing. habil. Daniel Lohmann


Semi-Extended Tasks: Application-Specific Fine-Grained Task-Stack Sharing in OSEK Systems (dOSEK-SemiExtended)
Student: Stefan Bader (handed in on 29.2.2016, Thesis file...)
Supervisors: Christian Dietrich, M. Sc., Prof. Dr.-Ing. habil. Daniel Lohmann