eio e rror handling i s o ccasionally correct
play

EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , - PowerPoint PPT Presentation

Mar 08, 2023 •31 likes •381 views

EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , Cindy Rubio-Gonzlez, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Ben Liblit University of Wisconsin Madison FAST 08 February 28, 2008 1 Robustness of File

  1. EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , Cindy Rubio-González, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Ben Liblit University of Wisconsin – Madison FAST ’08 – February 28, 2008 1

  2. Robustness of File Systems � Today’s file systems have robustness issues � Buggy implementation [FiSC-OSDI’04, EXPLODE-OSDI’06] � Unexpected behaviors in corner-case situations � Deficient fault-handling [IRONFS-SOSP’05] � Inconsistent policies: propagate, retry, stop, ignore � Prevalent ignorance � Ext3: Ignore write failures during checkpoint and journal replay � NFS: Sync-failure at the server is not propagated to client � What is the root cause? 2

  3. Incorrect Error Code Propagation NFS NFS Client Server sync() dosync dosync fdatawrite fdatawrite sync_file sync_file fdatawait fdatawait void dosync() { void dosync() { fdatawrite(); fdatawrite(); ... ... ... ... ... ... ... ... sync_file(); sync_file(); fdatawait(); fdatawait(); ... ... ... ... ... ... ... ... } ... ... ... ... ... ... ... ... ... ... 3

  4. Incorrect Error Code Propagation NFS NFS Client Server sync() Unsaved dosync dosync dosync dosync error-codes fdatawrite fdatawrite fdatawrite fdatawrite sync_file sync_file sync_file sync_file fdatawait fdatawait fdatawait fdatawait void dosync() { void dosync() { X fdatawrite(); fdatawrite(); ... ... ... ... ... ... ... ... ... ... ... ... ... ... X sync_file(); sync_file(); X fdatawait(); fdatawait(); ... ... ... ... ... ... ... ... ... ... ... ... } ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... return return return return return return EIO; EIO; EIO; EIO; EIO; EIO; 4

  5. Implications � Misleading error-codes in distributed systems � NFS client receives SUCCEED instead of ERROR � Useless policies � Retry in NFS client is not invoked � Silent failures � Much harder debugging process 5

  6. EDP : Error Detection and Propagation Analysis � Static analysis � Useful to show how error codes flow � Currently: 34 basic error codes (e.g. EIO, ENOMEM) � Target systems � 51 file systems (all directories in linux/fs/* ) � 3 storage drivers (SCSI, IDE, Software-RAID) 6

  7. Results � Number of violations � Error-codes flow through 9022 function calls � 1153 ( 13% ) calls do not save the returned error-codes � Analysis, a closer look � More complex file systems, more violations � Location distance affects error propagation correctness � Write errors are neglected more than read errors � Many violations are not corner-case bugs − Error-codes are consistently ignored 7

  8. Outline � Introduction � Methodology � Challenges � EDP tool � Results � Analysis � Discussion and Conclusion 8

  9. Challenges in Static Analysis � File systems use many error codes � buffer � state[Uptodate] = 0 � journal � flags = ABORT � int err = -EIO; ... return err; � Error codes transform � Block I/O error becomes journal error � Journal error becomes generic error code � Error codes propagate through: � Function call path � Asynchronous path (e.g. interrupt, network messages) 9

  10. EDP � State � Current State: Integer error-codes, function call path � Future: Error transformation, asynchronous path � Implementation � Utilize CIL: Infrastructure for C program analysis [Necula-CC’02] � EDP: ~4000 LOC in Ocaml � 3 components of EDP architecture � Specifying error-code information (e.g. EIO, ENOMEM) � Constructing error channels � Identifying violation points 10

  11. Constructing Error Channels � Propagate function sys_fsync � Dataflow analysis do_fsync � Connect function filemap_fdatawrite VFS pointers filemap_fdatawrt_rn EIO EIO do_writepages generic_writepages mpage_writepages ext3 ext3_writepage � Generation endpoint if (...) � Generates error code return –EIO –EIO; � Example: return –EIO ext3_writepage (int *err) *err = –EIO; *err = –EIO; 11

  12. Detecting Violations Error-complete endpoint � Termination endpoint func() { err = func_call(); err � Error code is no longer propagated if ( err err ) ... � Two termination endpoints: } Unchecked error-complete ( minimally checks) − func() { error-broken − err = func_call(); err ( unchecked, unsaved, overwritten) } Unsaved / Bad Call � Goal: func() { � Find error-broken endpoints func_call(); } Overwritten func() { err = func_call(); err err = func_call_2(); err } 12

  13. Outline � Introduction � Methodology � Results (unsaved error-codes / bad calls) � Graphical outputs � Complete results � Analysis of Results � Discussion and Conclusion 13

  14. HFS 1 3 2 Functions that generate/propagate error-codes func Functions that make bad calls (do not save error-codes) func Good calls (calls that propagate error-codes) Bad calls (calls that do not save error-codes) 14

  15. HFS (Example 1 ) int find_init(find_data *fd) { … 1 fd->search_key = kmalloc(…); if (!fd->search_key) return –ENOMEM; return –ENOMEM; … } int file_lookup() { … Bad call! find_init(fd); find_init(fd); fd->search_key-> search_key->cat = …; … Null pointer dereference } Inconsistencies Callee Good Calls Bad Calls 3 11 find_init find_init 15

  16. HFS (Example 2) 2 16

  17. HFS (Example 2) int __brec_find __brec_find(key) { 2 Finds a record in an HFS node that best matches the given key. Returns ENOENT if it fails. } int brec_find brec_find(key) { … result = __brec_find(key); result = __brec_find(key); … return result; return result; } Inconsistencies Callee Good Calls Bad Calls 3 11 find_init 1 4 __brec_find __brec_find 18 0 brec_find brec_find 17

  18. HFS (Example 3) 3 18

  19. HFS (Example 3) 3 int free_exts free_exts(…) { Traverses a list of extents and locate the extents to be freed. If not found, returns EIO . “panic?” is written before the return EIO statement. } Inconsistencies Callee Good Calls Bad Calls 3 11 find_init 1 4 __brec_find 18 0 brec_find 1 3 free_exts free_exts 19

  20. HFS (Summary) Inconsistencies Callee Good Calls Bad Calls 3 11 find_init find_init 1 4 __brec_find brec_find 18 0 brec_find brec_find 1 3 free_exts free_exts � Not only in HFS � Almost all file systems and storage systems have major inconsistencies 20

  21. ext3 37 bad / 188 calls = 20% 21

  22. ReiserFS 35 bad / 218 calls = 16% 22

  23. IBM JFS 61 bad / 340 calls = 18% 23

  24. NFS Client 54 bad / 446 calls = 12% 24

  25. Coda 0 bad / 54 calls = 0% (internal) 0 bad / 95 calls = 0% (external) 25

  26. Summary � Incorrect error propagation plagues almost all file systems and storage systems Bad Calls EC Calls Fraction File systems 914 7400 12% Storage drivers 177 904 20% 26

  27. Outline � Introduction � Methodology � Results � Analysis of Results � Discussion and Conclude 27

  28. Analysis of Results � Correlate robustness and complexity � Correlate file system size with number of violations More complex file systems, more violations (Corr = 0.82) − � Correlate file system size with frequency of violations Small file systems make frequent violations (Corr = -0.20) − � Location distance of calls affects correct error propagation � Inter-module > inter-file > intra-file bad calls � Read vs. Write failure-handling � Corner-case or consistent mistakes 28

  29. Read vs. Write Failure-Handling � Filter read/write operations (string comparison) � Callee contains “ write ”, or “ sync ”, or “ wait ” � Write ops � Callee contains “ read ” � Read ops Callee Type Bad Calls EC Calls Fraction Read 26* 603 4% Sync+Wait+Write 177 904 20% mm/readahead.c Lots of write failures Read prefetching in are ignored! Memory Management 29

  30. Corner-Case or Consistent Mistakes? # Bad calls to f() � Define bad call frequency = # All calls to f() � Example: sync_blockdev, 15/21 � Bad call frequency: 71% � Corner-case bugs � Bad call frequency < 20% � Consistent bugs � Bad call frequency > 50% 30

  31. CDF of Bad Call Frequency 850 bad calls fall above the 50% mark Cumulative Cumulative #Bad Calls Fraction Bad Call Frequency Less than 100 sync_blockdev 15 bad calls / 21 EC calls violations are corner- Bad Call Freq: 71 % case bugs At x = 71 , y += 15 31

  32. What’s going on? � Not just bugs � But more fundamental design issues � Checkpoint failures are ignored Why? Maybe because of journaling flaw [IOShepherd-SOSP’07] − Cannot recover from checkpoint failures − Ex: A simple block remap could not result in a consistent state − � Many write failures are ignored Lack of recovery policies? Hard to recover? − � Many failures are ignored in the middle of operations Hard to rollback? − 32

  33. Conclusion (developer comments) � ext3 “there's no way of reporting error to userspace. So ignore it” � XFS “Just ignore errors at this point. There is nothing we can do except to try to keep going” � ReiserFS “we can't do anything about an error here” � IBM JFS “ note: todo: log error handler” � CIFS “should we pass any errors back?” � SCSI “Todo: handle failure” 33

  34. Thank you! Questions? AD vanced S ystems L aboratory www.cs.wisc.edu/adsl 34

  35. Extra Slides 35

Recommend

P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC

P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC

E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM E RROR - CORRECTING PAIRS P UBLIC - KEY CRYPTOGRAPHY FOR A PUBLIC - KEY CRYPTOSYSTEM C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES I. M RQUEZ -C ORBELLA 1 R. P

1.2k views • 97 slides
PaSTR TRI: E : Err rror-Bou Bounded Los Lossy Comp Compression on for or Two-El Electron

PaSTR TRI: E : Err rror-Bou Bounded Los Lossy Comp Compression on for or Two-El Electron

PaSTR TRI: E : Err rror-Bou Bounded Los Lossy Comp Compression on for or Two-El Electron n Integr grals s in in Quan antu tum Chem emis istr try Ali Murat Gok (Northwestern University, USA) Sheng Di (Argonne National

671 views • 54 slides
Lab 2 discussion Last Time Debugging Its a science use experiments to refine

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides
Bias and Uncertainty W hen judgm ents are m ade under uncertainty, tw o general types of

Bias and Uncertainty W hen judgm ents are m ade under uncertainty, tw o general types of

E RROR M ANAGEMENT I N E RROR M ANAGEMENT I N F ORENSI C D I GI TAL I MAGI NG F ORENSI C D I GI TAL I MAGI NG A R ESOLUTI ON FOR THE A R ESOLUTI ON FOR THE E NTI RE C RI MI NAL J USTI CE C OMMUNI TY E NTI RE C RI MI NAL J USTI CE C OMMUNI TY

764 views • 43 slides
Ergonomics and Manual Handling Induction Welcome to United Synergies induction for Office

Ergonomics and Manual Handling Induction Welcome to United Synergies induction for Office

Ergonomics and Manual Handling Induction Welcome to United Synergies induction for Office Ergonomic and Manual Handling. The aim of this training is to: ensure awareness of the correct ergonomic principles and workstation set up

606 views • 25 slides
Material Handling Chapter 5 Designing material handling systems Overview of material

Material Handling Chapter 5 Designing material handling systems Overview of material

Material Handling Chapter 5 Designing material handling systems Overview of material handling equipment Unit load design Material handling equipment selection Material Handling Definitions Material handling is the combination

664 views • 41 slides
Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Procedure at Correct Body Site Patient Safety Solutions CONTENT Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure at Correct Suggested Actions. Looking Forward.

198 views • 3 slides
Exception Handling in C++ throw - try - catch ! class InvalidNumber { }; void main() {

Exception Handling in C++ throw - try - catch ! class InvalidNumber { }; void main() {

14 . Exception Handling: Mechanism and Usage Exception Handling Synchronous Errors Asynchronous Errors An Example function : Call may result in an error double sqrt(int number); Traditional Error Handling Exit the program Return an

453 views • 8 slides
Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to Practice? Micropipetting is the foundation to many future experiments Correct pipetting insures correct volumes which creates a greater chance

544 views • 19 slides
Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax developments Recent tax cases Requirement to Correct Deadline 30 September ! Requirement to Correct (RTC) RTC obliges taxpayers to make a disclosure

595 views • 38 slides
e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct Improvement p value before after score Micro organisms 51 86 35 (30, 39) &lt;0.001 Good and Bad Microbes 48 86 36 (32, 40) &lt;0.001 Spread

427 views • 29 slides
Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

10/30/19 Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp prediction negative fn tn prediction 1 10/30/19 Precision and recall Precision : % of predicted items that are correct P = tp/

117 views • 11 slides
LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN WAREHOUSE

LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN WAREHOUSE

Matthew Allen Solutions Manager CB Products EMEA LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN WAREHOUSE MATERIALS LITHIUM ION IN WAREHOUSE MATERIALS HANDLING (NOT COUNTERBALANCE) HANDLING (NOT

702 views • 17 slides
LOADING &amp; HANDLING OF ROLLED CELLULOSE HOW DOES IT DIFFER FROM LOADING &amp; HANDLING OF

LOADING &amp; HANDLING OF ROLLED CELLULOSE HOW DOES IT DIFFER FROM LOADING &amp; HANDLING OF

LOADING &amp; HANDLING OF ROLLED CELLULOSE HOW DOES IT DIFFER FROM LOADING &amp; HANDLING OF PAPER ROLLS? JULY 10, 2019 BY SAM GAYLE TECHNICAL SERVICES MANAGER DAMAGE PREVENTION Rolled Cellulose from Coosa Pines, AL. Resolute Forest

448 views • 19 slides
Topic 16 Creating Correct Programs Creating Correct Programs &quot;It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs &quot;It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs &quot;It is a profoundly erroneous truism, repeated by all the copybooks, and by eminent people when they are making speeches, that we should cultivate the habit of thinking about

463 views • 29 slides
Hand Ball Hand Ball What?? Handling the Ball Handling the Ball Goal - Consistent Calls

Hand Ball Hand Ball What?? Handling the Ball Handling the Ball Goal - Consistent Calls

Hand Ball Hand Ball What?? Handling the Ball Handling the Ball Goal - Consistent Calls Across the State Across the Country Across the World Handling the Ball Three Criteria to Determine if Hand/Arm contact is Handling

360 views • 15 slides
1 Handling exceptions (III) Handling exceptions (II) n try -statements can be nested and

1 Handling exceptions (III) Handling exceptions (II) n try -statements can be nested and

2.6 Error, exception and event Error and exception handling in handling Pascal n There are conditions that have to be fulfilled by a n While errors definitely can occur in Pascal programs, program that sometimes are not fulfilled, which Pascal

143 views • 3 slides
ERC Starting Grant 2018 HANDLING: Writers Handling Pictures: a Material Intermediality

ERC Starting Grant 2018 HANDLING: Writers Handling Pictures: a Material Intermediality

ERC Starting Grant 2018 HANDLING: Writers Handling Pictures: a Material Intermediality (1880-today) Principal Investigator: Anne Reverseau annerever@yahoo.fr / 0492 49 77 32 Host Institution: Universit Catholique de Louvain (UCL) Additional

548 views • 12 slides
Overview Attacks Handling Security Incidents Security Incidents Handling Security

Overview Attacks Handling Security Incidents Security Incidents Handling Security

Overview Attacks Handling Security Incidents Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Chapter 7 Standard Incident Handling Procedures Learn

358 views • 7 slides
Manual Handling Risk Assessment Powerpoint Presentation Manual handling technique. Hansen Manual

Manual Handling Risk Assessment Powerpoint Presentation Manual handling technique. Hansen Manual

Manual Handling Risk Assessment Powerpoint Presentation Manual handling technique. Hansen Manual Handling Operations Regulations 1992. Hansen We must make a suitable and sufficient assessment of the risk SIS Key Manual Handling Issues.

601 views • 4 slides
ROI HSP Project Approach to handling NI codes inbound to ROI IGG 11-01-12 Approach to handling

ROI HSP Project Approach to handling NI codes inbound to ROI IGG 11-01-12 Approach to handling

ROI HSP Project Approach to handling NI codes inbound to ROI IGG 11-01-12 Approach to handling NI codes inbound to ROI There will be a new rejection reason code DIJ (Data Invalid in Jurisdiction) as part of harmonisation. The scenarios

382 views • 4 slides
RFP S72-T28979 Baggage Handling Operations &amp; Maintenance Baggage Handling Operations &amp;

RFP S72-T28979 Baggage Handling Operations &amp; Maintenance Baggage Handling Operations &amp;

RFP S72-T28979 Baggage Handling Operations &amp; Maintenance Baggage Handling Operations &amp; Maintenance Five (5) Year Contract Three Levels of Service Best Management Practices Industry Standard Reactive Services

627 views • 24 slides
Exceptions Defensive programming Anticipating that something could go wrong Handling

Exceptions Defensive programming Anticipating that something could go wrong Handling

Exceptions Defensive programming Anticipating that something could go wrong Handling errors Exception handling and throwing Example: File processing Exception handling and throwing Java: try-catch-finally, throw, throws

420 views • 7 slides
Control Exception Handling: Exception handling is the control of error conditions or other

Control Exception Handling: Exception handling is the control of error conditions or other

Control Exception Handling: Exception handling is the control of error conditions or other unusual events during the execution of a program. 1 Control In a language without exception handling: When an exception occurs, control

1.15k views • 19 slides

More recommend