ATLAS: Adaptable Thread-Level Address Spaces (DFG: LO 1719/7-1 and DI 2840/1-1)

ATLAS is a joint project with IBR (Co-PI: Christian Dietrich).

Traditionally, an OS process contains a single address space with code and data segments that are shared among all of its threads. The fork() system call creates a new address space (and process) that, even though it starts as an exact clone of its ancestor, provides strong isolation between the respective threads by means of copy-on-write.

The core idea of ATLAS is to provide processes with additional address spaces that are, however, kept in sync with their ancestor: Changes to one of them – we call them address-space views – become immediately visible in the others. Views diverge only in explicitly specified areas. As they still belong to the same process, the threads of this process can be migrated individually between views.

Address-space views provide an efficient mean to implement temporary or permanent thread-level variations in the "view of the world", while threads can still interact with each other regarding the shared parts. In the figure, the code segment diverges and provides a thread-specific variation (e.g., an client-specific optimization or restriction of functionality), while the data segment is shared, so that th1 can still transparently interact with th2 and th3. Such variations can be arbitrary small or complex. They can be prepared in the background in a new view and atomically applied to individual threads by migrating them to the new address space.

Implementation

Address-space views are currently implemented as an extension for the Linux Kernel. The source code is available on Github (luhsra/linux-mmview).

Applications

In our OSDI '20 paper, we present a first application of these technique to implement WfPatch, a wait-free dynamic code-patching approch for large multi-threaded server applications.

People

Dr.-Ing. Florian Rommel

Prof. Dr.Ing. Christian Dietrich

Prof. Dr.-Ing. habil. Daniel Lohmann

Latest News

2026-02-26 Florian Rommel Receives GI/ITG-FGBS Award for Best Doctoral Thesis

Florian Rommel receives an award for the best doctoral thesis in the field of operating systems. The award is granted annually by the SIG on Operating Systems of the German Computer Assiciation (GI Fachgruppe Betriebssysteme) solely on the base of scientific excellence. It includes a price money of 500 €. Congrats, Florain!

In his dissertation Address-Space Views: A Kernel Concept for Thread-Level Memory Polymorphism, Florian designs and implements address-space views, a new kernel concept for thread-specific address-space specialization. With this approach, he can overcome many difficulties that arise from nonatomicity in multithreaded server softtware. He demonstrates this on the example of wait-free runtime-patching, thread-role tailored attack-space reduction, and better kernel debugging on multicore systems.

2025-08-20 PhD Defense: Florian Rommel - Address-Space Views: A Kernel Concept for Thread-Level Memory Polymorphism

Florian Rommel successfully defends his PhD Thesis Address-Space Views: A Kernel Concept for Thread-Level Memory Polymorphism. Congrats, Florian!

Abstract: This thesis introduces address-space views, a novel operating-system primitive that enables efficient, context-specific code adaptation at runtime. Address-space views are variants of an address space that are mostly identical to the original but may differ in user-defined unshared regions. The individual threads of a process can freely migrate between its address-space views. Internally, these views are synchronized, shallow clones of the page-table hierarchy—similar to the clones created by the fork system call. Unlike forked address spaces, however, views cannot diverge from one another except in the explicitly unshared regions. Moreover, they remain attached to the same process.

Via code modifications in the unshared regions, address-space views make it possible to realize thread-level runtime polymorphism—that is, the adaptation of the program's behavior or properties according to the dynamic context. Since the mechanism works directly at the virtual-memory layer, it is flexible, language-agnostic, and highly efficient.

This thesis presents implementations of the concept in the Linux kernel and the DragonFly BSD kernel, plus a Linux variant that applies the concept to the kernel itself rather than to user-space processes. Three case studies explore the concept's practicality, benefits, and trade-offs.

The first case study uses address-space views for the wait-free injection of live patches into running programs. State-of-the-art live-patching techniques require a global quiescent state before a patch can be applied. The new wait-free method creates a dedicated address-space view, applies the patch concurrently, and then migrates individual threads into the patched view without having to stop them. This eliminates downtime, service-quality degradation, and potential concurrency hazards. An evaluation of six server programs (OpenLDAP, Apache, Memcached, Samba, MariaDB, and Node.js) shows significant improvements in service quality for the wait-free approach compared to a conventional approach, which causes tail latencies that are up to 41 times higher.

The second case study utilizes address-space views to enhance dynamic debloating, a technique that eliminates unused code at runtime, thereby reducing the attack surface and preventing code reuse attacks. Existing debloating methods must consider all threads when eliminating code. With address-space views, debloating can be performed for each thread independently, which drastically increases elimination rates. An evaluation with two server applications (Memcached and MariaDB) reveals very high code-removal ratios, ranging from 90% to 98%, and shows that both programs are immune to an automated code-reuse attack performed in the study.

The third case study shows how address-space views can improve source-level debugging in the Linux kernel in terms of performance and user experience: They enable fast, thread-specific breakpoints and can be used to provide additional, unoptimized function variants that offer more comprehensive debug information.

Publications

Thesis Address-Space Views: A Kernel Concept for Thread-Level Memory Polymorphism

Florian Rommel PHD thesisLeibniz Universität Hannover2025.
PDF 10.15488/19722 [BibTex]

EMSOFT Journal A KPAC: Efficient Emulation of the ARM Pointer Authentication Instructions

Illia Ostapyshyn, Gabriele Serra, Tim-Marek Thomas, Daniel LohmannIEEE Transactions on Computer-Aided Design of Integrated Circuits and SystemsIEEE Computer Society Press2024.
PDF 10.1109/TCAD.2024.3443773 [BibTex]

USENIX Conference A MELF: Multivariant Executables for a Heterogeneous World

Dominik Töllner, Christian Dietrich, Illia Ostapyshyn, Florian Rommel, Daniel Lohmann2023 USENIX Annual Technical Conference (USENIX '23)USENIX Association2023.
PDF Details [BibTex]

LCTES Conference B Thread-Level Attack-Surface Reduction

Florian Rommel, Christian Dietrich, Andreas Ziegler, Illia Ostapyshyn, Daniel LohmannProceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded SystemsACM Press2023.
PDF Details Slides Video 10.1145/3589610.3596281 [BibTex]

LCTES Conference B reUpNix: Reconfigurable and Updateable Embedded Systems

Niklas Gollenstede, Ulf Kulau, Christian DietrichProceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded SystemsACM Press2023.
PDF Slides Raw Data 10.1145/3589610.3596273 [BibTex]

OSDI Conference A* From Global to Local Quiescence: Wait-Free Code Patching of Multi-Threaded Processes

Florian Rommel, Christian Dietrich, Birte Friesel, Marcel Köppen, Christoph Borchert, Michael Müller, Olaf Spinczyk, Daniel Lohmann14th Symposium on Operating System Design and Implementation (OSDI '20)2020.
PDF Details Video [BibTex]

Theses

Finished Theses

Synchronized Thread-Level Address-Space Views for the Dragonfly BSD Kernel

Extending the DragonFly BSD kernel to allow the usage of ATLAS synchronized thread-level address-space views in userspace processes

Typ: Bachelorarbeit
Status: abgeschlossen
Supervisors: Florian Rommel
Dominik Töllner
Daniel Lohmann

Hardening Rust: Extending the Compiler and Runtime for Dynamic Object Layout Randomization

Defense for Rust programs against data-only attacks via efficient dynamic object layout randomization

Typ: Masterarbeit
Status: abgeschlossen
Supervisors: Florian Rommel
Dominik Töllner
Bearbeiter: Jan Neugebauer

Predictive Run-Time Attack-Space Reduction

Extend context-based text elimination by a predictive approach.

Typ: Bachelorarbeit
Status: abgeschlossen
Supervisors: Florian Rommel
Daniel Lohmann

What You See Is What I Want: Extending the LLVM Linker for View-Local Data in Multivariant ELFs

Extend the multivariant ELF approach to allow data to be view-local and not shared across multiple views.

Typ: Bachelorarbeit
Status: abgeschlossen
Supervisors: Florian Rommel
Dominik Töllner
Daniel Lohmann
Bearbeiter: Max Känner (abgegeben: 19. Sep 2022)

Size does matter: Extending the LLVM Linker for Fine-Granular Multivariant ELF Executables

Extend the multivariant ELF approach to allow the building of fine-granular executables.

Typ: Bachelorarbeit
Status: abgeschlossen
Supervisors: Dominik Töllner
Florian Rommel
Daniel Lohmann
Bearbeiter: Jan Luca Willke (abgegeben: 11. Aug 2022)

Multivariant ELF Executables for Dynamic Variability via Address-Space Views

Extend the ELF format to support binaries with multiple code variants for the use with ATLAS addess space views [PDF]

Typ: Masterarbeit
Status: abgeschlossen
Supervisors: Florian Rommel
Daniel Lohmann
Bearbeiter: Dominik Töllner

Extending DragonFly BSD for Synchronized Thread-Level Address-Space Views

Extending the DragonFly BSD kernel to allow the usage of ATLAS synchronized thread-level address-space views in userspace processes

Typ: Bachelorarbeit
Status: abgeschlossen
Supervisors: Florian Rommel
Daniel Lohmann