an evolutionary study of linux memory management for fun
play

An Evolutionary Study of Linux Memory Management for Fun and Profit - PowerPoint PPT Presentation

An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang Karsten Schwan Moinuddin K. Qureshi Virtual Memory: A Long History Physical Hardware DRAM Disk 2 Virtual Memory: A Long History Virtual Memory (per process)


  1. An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang Karsten Schwan Moinuddin K. Qureshi

  2. Virtual Memory: A Long History Physical Hardware DRAM Disk 2

  3. Virtual Memory: A Long History Virtual Memory (per process) Physical Hardware DRAM Disk 2

  4. Virtual Memory: A Long History Virtual Memory (per process) Physical Hardware DRAM Disk 2

  5. Virtual Memory: A Long History Virtual Memory (per process) Physical Hardware DRAM Disk OS Core Component + Development 2

  6. Virtual Memory: A Long History Virtual Memory (per process) Physical Hardware DRAM Disk OS Core Component + Development Pervasively Used 2

  7. Why Memory Manager Study Matters? Features & Functions 3

  8. Why Memory Manager Study Matters? Features & Functions Hardware Support 3

  9. Why Memory Manager Study Matters? Features & Functions Hardware Support System Reliability 3

  10. Why Memory Manager Study Matters? Features & Functions Hardware Support System Reliability Study on Memory Manager 3

  11. Why Memory Manager Study Matters? Features & Functions Hardware Support System Reliability Study on Memory Manager Building Better Memory Manager 3

  12. On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] 4

  13. On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] Approach: Source code analysis, Linux 2.4, 2.6 4

  14. On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] Approach: Source code analysis, Linux 2.4, 2.6 Milestone 4

  15. On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] Approach: Source code analysis, Linux 2.4, 2.6 Milestone Our Focus : Patch study, Linux 2.6 – 4.0 4

  16. On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] Approach: Source code analysis, Linux 2.4, 2.6 Milestone Our Focus : Patch study, Linux 2.6 – 4.0 + + + Pattern Memory Bug Semantic Optimization 4

  17. Preview of Our Findings Code changes are highly concentrated around the key functions • 80% of patches  25% of its source code • ...... • 5

  18. Preview of Our Findings Code changes are highly concentrated around the key functions • 80% of patches  25% of its source code • ...... • • Memory error – Checking – Concurrency – Logic – Programming • Memory errors: Null pointer & page alignment • Complex page states  Checking & logic bugs • ...... 5

  19. Preview of Our Findings Code changes are highly concentrated around the key functions • 80% of patches  25% of its source code • ...... • • Memory error – Checking – Concurrency – Logic – Programming • Memory errors: Null pointer & page alignment • Complex page states  Checking & logic bugs • ...... • Data structures -- Policy trade-off -- Fast path • 4 data structures, 5 design trade-offs, 8 types of fast paths • ...... 5

  20. Preview of Our Findings Code changes are highly concentrated around the key functions • 80% of patches  25% of its source code • ...... • • Memory error – Checking – Concurrency – Logic – Programming • Memory errors: Null pointer & page alignment • Complex page states  Checking & logic bugs • ...... • Data structures -- Policy trade-off -- Fast path • 4 data structures, 5 design trade-offs, 8 types of fast paths • ...... 35 key functionalities in 13 hot files • The well-developed memory allocators still have many checking & lock bugs • ...... • 5

  21. Methodology Used in Our Study Memory Allocation Resource Controller Garbage Collection Page Cache & Write-back Virtual Memory Management Swapping Exception Handling Misc (e.g., data structure) 8 components 6

  22. Methodology Used in Our Study Memory Allocation Resource Controller Garbage Collection Page Cache & Write-back Virtual Memory Management Swapping Exception Handling Misc (e.g., data structure) 8 components 4587 patches in 5 years 6

  23. Methodology Used in Our Study Patches Follow-up Description Source Code Discussions Analysis 6

  24. Methodology Used in Our Study Patches Follow-up Description Source Code Discussions Analysis Labeling & MChecker BugID Causes Type Component …… Commit Time Involved Functions MPatch 6

  25. How Is the Memory Manager Changed? 80 70 60 Lines of Code (x1000) 50 40 30 20 10 0 2.6.32 (2009) 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 7

  26. How Is the Memory Manager Changed? 80 70 60 Lines of Code (x1000) 50 40 30 The LoC has increased by 60% since Linux 2.6.32. 20 10 0 2.6.32 (2009) 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 7

  27. Where Is the Memory Manager Changing? 8

  28. Where Is the Memory Manager Changing? Memory Manager Components 8

  29. Where Is the Memory Manager Changing? Linux Version 8

  30. Where Is the Memory Manager Changing? Number of Committed Patches 8

  31. Where Is the Memory Manager Changing? 8

  32. Where Is the Memory Manager Changing? 80% of the code changes  25% of the source code 8

  33. Where Is the Memory Manager Changing? 8

  34. Where Is the Memory Manager Changing? 8

  35. Where Is the Memory Manager Changing? 8

  36. Where Is the Memory Manager Changing? 8

  37. Where Is the Memory Manager Changing? 13 hot files from 90 files  recent development focus 8

  38. Why Is the Memory Manager Changed? Bug Code Maintenance Optimization New Feature 60 50 Percentage (%) 40 30 20 10 0 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 9

  39. Why Is the Memory Manager Changed? Code Maintenance New Feature 60 50 Percentage (%) 40 30 20 10 0 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 9

  40. Why Is the Memory Manager Changed? Bug Optimization 60 50 Percentage (%) 40 30 20 70% more bugs in well-developed memory manager! 10 0 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 9

  41. On the Bugs in Memory Manager 10

  42. On the Bugs in Memory Manager Types of Memory Bugs 10

  43. On the Bugs in Memory Manager Memory Manager Component 10

  44. On the Bugs in Memory Manager Memory Allocation: 26%, Virtual Memory Management: 22%, GC: 14% 10

  45. On the Bugs in Memory Manager 10

  46. On the Bugs in Memory Manager • Page alignment Null pointer • 10

  47. On the Bugs in Memory Manager • Page alignment Null pointer • • Inappropriate check Missing check • Wrong check • 10

  48. On the Bugs in Memory Manager • Page alignment • Lock contention Null pointer Missing lock • • • Inappropriate check Missing check • Wrong check • 10

  49. On the Bugs in Memory Manager • Page alignment • Lock contention Null pointer Missing lock • • Fault handler • Inappropriate check • Missing check State update • • Wrong check Case-by-case • • 10

  50. On the Bugs in Memory Manager • Page alignment • Lock contention • API Null pointer Missing lock Misc • • • Fault handler • Inappropriate check • Missing check State update • • Wrong check Case-by-case • • 10

  51. Memory Bugs: Case Studies Page Alignment mm/nommu.c @@ -1762,6 +1765,8 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; /* insanity checks first */ if (old_len == 0 || new_len == 0) return (unsigned long) -EINVAL; 11

  52. Memory Bugs: Case Studies Page Alignment mm/nommu.c @@ -1762,6 +1765,8 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; /* insanity checks first */ if (old_len == 0 || new_len == 0) return (unsigned long) -EINVAL; Bug: device drivers’ mmap() failed. Cause: NOMMU does not do page_align(), which is inconsistent with MMU arch. 11

  53. Memory Bugs: Case Studies Page Alignment mm/nommu.c @@ -1762,6 +1765,8 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; /* insanity checks first */ + old_len = PAGE_ALIGN(old_len); + new_len = PAGE_ALIGN(new_len); if (old_len == 0 || new_len == 0) return (unsigned long) -EINVAL; Bug: device drivers’ mmap() failed. Cause: NOMMU does not do page_align(), which is inconsistent with MMU arch. 11

  54. Memory Bugs: Case Studies Checking mm/bootmem.c @@ -156,21 +157,31 @@ static void __init free_bootmem_core(bootmem_data_t *bdata, unsigned long addr, 12

  55. Memory Bugs: Case Studies Checking mm/bootmem.c @@ -156,21 +157,31 @@ static void __init free_bootmem_core(bootmem_data_t *bdata, unsigned long addr, Bug: free pages wrongly. Cause: miss boundary checking. 12

Recommend


More recommend