improving the reliability of commodity operating systems
play

Improving the Reliability of Commodity Operating Systems Mike - PowerPoint PPT Presentation

May 03, 2023 •378 likes •1.1k views

Improving the Reliability of Commodity Operating Systems Mike Swift, Brian Bershad, Hank Levy University of Washington Slides courtesy of Michael Swift University of Wisconsin-Madison Outline Introduction Vision Design

  1. Improving the Reliability of Commodity Operating Systems Mike Swift, Brian Bershad, Hank Levy University of Washington Slides courtesy of Michael Swift University of Wisconsin-Madison

  2. Outline • Introduction • Vision • Design • Evaluation • Summary

  3. The Problem • Operating system crashes are a huge problem today – 5% of Windows systems crash every day • Device drivers are the biggest cause of crashes – Drivers cause 85% of Windows XP crashes – Drivers are 7 times buggier than the kernel in Linux • We built Nooks, a system that prevents drivers from crashing the OS – We can prevent 99% of faults in our tests that crash native Linux

  4. Crashes Today User User Program Program Driver Kernel

  5. Crashes Today User User Program Program Driver Kernel

  6. Crashes Today User User Program Program Driver Kernel

  7. Outline • Introduction • Vision • Design • Evaluation • Summary

  8. Vision User User Program Program Driver Kernel

  9. Vision User User Program Program Driver Kernel

  10. Reality • Windows XP – 113 million copies sold in 2002 – 40 million lines of code – $1 billion development cost – 35,000 drivers available • Linux: – 18 million users – 30 million lines of code – Equivalent $1 billion development cost

  11. Vision Requirements 1. Isolation 2. Recovery 3. Compatibility No code changes • No new languages • No new OS • No new hardware • No new perspective •

  12. Outline • Introduction • Vision • Design • Evaluation • Summary

  13. Assumptions and Principles • Assumptions: – Drivers are generally well behaved – Don’t need to prevent every crash to be useful • Principles: – Design for fault resistance (not fault tolerance) – Design for mistakes (not abuse)

  14. Goal We want a practical, “best-effort” solution • Prevents many crashes • Good performance • Works with today’s operating systems and drivers

  15. Design of Nooks • Standard Linux kernel and drivers • Plus: – Isolation – Recovery • Compatible with existing code

  16. Existing Kernels User User Program Program Driver Kernel

  17. Isolation - Memory User User Program Program Driver Stack Kernel Heap Lightweight Kernel Protection Domains

  18. Isolation - Control Transfer User User Program Program Driver Kernel

  19. Isolation - Control Transfer User User Program Program Driver XPC Kernel XPC eXtension Procedure Call

  20. Isolation - Data Access User User Program Program Driver Kernel

  21. Isolation - Data Access User User Program Program Driver Kernel Copy-in / Copy-out

  22. Isolation - Interposition User User Program Program Driver Kernel

  23. Isolation - Interposition User User Program Program Driver Kernel XPC XPC Wrappers

  24. Design Summary • Isolation – Lightweight Kernel Protection Domains – eXtension Procedure Call (XPC) – Copy-in/Copy-out – Wrappers

  25. Recovery - Fault Detection User User Program Program Driver Kernel Recovery Processor

  26. Recovery - Fault Detection User User Program Program Driver Kernel Recovery

  27. Recovery - Fault Detection User User Detector Program Program Driver Kernel Recovery

  28. Recovery User User Program Program Driver Kernel STOP Recovery Stop

  29. Recovery User User Program Program Kernel Recovery Stop / Unload

  30. Recovery User User Program Program Driver Kernel GO Recovery Stop / Unload / Reload

  31. Design Summary • Isolation – Lightweight Kernel Protection Domains – eXtension Procedure Call (XPC) – Copy-in/Copy-out – Wrappers • Recovery – Hardware and software checks – Stop / Unload and GC / Reload

  32. Some Limitations • Blame the processor • Blame the operating system • Blame us

  33. Outline • Vision • Design • Evaluation – Reliability – Performance – Implementation Cost • Summary

  34. Tested Drivers • Sound card drivers – SoundBlaster 16 (sb) – Ensoniq 1371 • Network drivers – Intel Pro/1000 Gigabit Ethernet (e1000) – AMD PCnet32 10/100 Mb Ethernet (pcnet32) – 3COM 3c90x 10/100 Mb Ethernet – 3Com 3c59x 10/100 Mb Ethernet • Filesystems – VFAT Windows-compatible filesystem (vfat) • Other – kHTTPd in-kernel web server (khttpd)

  35. Reliability Test Methodology Load driver Inject bugs Test Nothing Failure Reboot

  36. Reliability Test Methodology Load driver Inject bugs Test Nothing Failure Recovery Reboot

  37. Nooks Stops Crashes 200 No Nooks Number of crashes 150 Nooks 119 100 50 0 pcnet32 Extension

  38. Nooks Stops Crashes 200 No Nooks Number of crashes 150 Nooks 119 100 50 0 0 pcnet32 Extension

  39. Nooks Stops Crashes 200 No Nooks Number of crashes 150 Nooks 119 100 52 50 0 0 pcnet32 e1000 Extension

  40. Nooks Stops Crashes 200 No Nooks Number of crashes 150 Nooks 119 100 52 50 0 0 0 pcnet32 e1000 Extension

  41. Nooks Stops Crashes 200 No Nooks Number of crashes 150 Nooks 119 100 52 50 10 0 0 1 0 pcnet32 e1000 sb Extension

  42. Nooks Stops Crashes 200 175 No Nooks Number of crashes 150 Nooks 119 100 52 50 10 10 0 0 1 2 2 0 pcnet32 e1000 sb kHTTPd VFAT Extension

  43. Performance • Dominant cost is XPC – Performance depends frequency of interaction with kernel

  44. Perf. Relative to Native Linux 0.2 0.4 0.6 0.8 0 1 150 Relative Performance sb Play MP3 XPC/sec Receive Stream Send Stream Workload Apache SpecWeb Compile Local Simple Web

  45. Perf. Relative to Native Linux 0.2 0.4 0.6 0.8 0 1 150 Relative Performance sb Play MP3 8,923 Receive e1000 Stream 60,352 Send e1000 Stream Workload XPC/sec Apache SpecWeb Compile Local Simple Web

  46. Perf. Relative to Native Linux 0.2 0.4 0.6 0.8 0 1 150 Relative Performance sb Play MP3 8,923 Receive e1000 Stream 60,352 1,960 Send e1000 Stream Workload Apache e1000 SpecWeb XPC/sec Compile Local Simple Web

  47. Perf. Relative to Native Linux 0.2 0.4 0.6 0.8 0 1 150 Relative Performance sb Play MP3 8,923 Receive e1000 Stream 60,352 1,960 Send e1000 Stream Workload Apace e1000 SpecWeb 22,653 Compile VFAT Local XPC/sec 61,183 Simple kHTTPd Web

  48. Implementation Cost • Changes to old code – Kernel: 924 out of 1.1 million lines – Device drivers+VFAT: 0 out of 33,000 lines – kHTTPd: 13 out of 2,000 lines • New code – Nooks reliability layer: 22,266 lines

  49. Summary • Nooks provides a new reliability layer between drivers and the OS • Nooks prevents 99% of tested faults that cause Linux to crash • Nooks imposes a modest performance cost

  50. Why didn’t we use a microkernel? • Doesn’t address our limitations – Isolation not much better – Fault detection not much better – Recovery not much better – Doesn’t improve performance • Requires more changes to the kernel • Makes compatibility more difficult

  51. Recovery • Goals: – Restore driver state so it can process requests as if it had never failed – Conceal failure from applications • Observation: – Driver interface specifies how driver responds to requests • Approach: Model drivers as state machines

  52. Drivers as State Machines send complete

  53. Drivers as State Machines • Recovery: – Advance driver from initial state to open close state at time of crash – Reply to requests with valid config responses according to driver state

  54. Shadow Drivers • Generic code that: – Normally: • Records state-changing inputs – On failure: • Restarts driver • Replays inputs to recover • Emulates driver to applications/OS  One shadow driver handles recovery for an entire class of drivers

  55. Shadow Driver Overview Device write(…) Driver write(…) Kernel Tap write(…) Shadow Driver

  56. Preparing for Recovery Device config(…) Driver config(…) Kernel Tap config(…) Shadow config Driver …

  57. Recovering a Failed Driver Device Device ) … Driver Driver ( r e t s i g e r c c i o n o Kernel Tap Tap n i n t n ( f … i e g c ) t register(…) Shadow config Driver …

  58. Recovering a Failed Driver • Summary: – Reset driver – Reinitialize driver – Replay logged requests

  59. Spoofing a Failed Driver Device Driver write(…) return Kernel Tap write(…) return Shadow Driver

  60. Spoofing a Failed Driver Shadow acts as driver -- replies to requests with valid possible responses – Applications and OS unaware that driver failed – No device control General Strategies: 1. Answer request from log 2. Act busy 3. Block caller 4. Queue request 5. Drop request

  61. Completing Recovery Device Driver Kernel Tap Tap Tap Shadow Driver

  62. Design Summary • Isolation – Lightweight Kernel Protection Domains – eXtension Procedure Call (XPC) – Object Table – Wrappers • Recovery – Shadow Drivers

  63. Outline • Introduction • Problem • Design • Evaluation – Implementation – Benefit – Cost • Summary and Future Work

Recommend

CS5460: Operating Systems Lecture 20: File System Reliability CS 5460: Operating Systems File

CS5460: Operating Systems Lecture 20: File System Reliability CS 5460: Operating Systems File

CS5460: Operating Systems Lecture 20: File System Reliability CS 5460: Operating Systems File System Optimizations Technique Effect Disk buffer cache Eliminates problem Modern Aggregated disk I/O Reduces seeks Prefetching Overlap/hide

459 views • 32 slides
Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems ACSAC, December 13th, 2019 1 HP Labs, United Kingdom (ronny.chevalier@hp.com, david.plaquin@hp.com, cid@hp.com) 2 CIDRE Team,

820 views • 56 slides
Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems Shaya

Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems Shaya

Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems Shaya Potter and Jason Nieh June 23, 2010 USENIX ATC IBM Research Research performed at Columbia University Desktop Applications are Buggy! Desktop

793 views • 50 slides
TrustLogin: Securing Password-Login On Commodity Operating Systems Fengwei Zhang 1 Kevin Leach 2

TrustLogin: Securing Password-Login On Commodity Operating Systems Fengwei Zhang 1 Kevin Leach 2

TrustLogin: Securing Password-Login On Commodity Operating Systems Fengwei Zhang 1 Kevin Leach 2 Haining Wang 3 Angelos Stavrou 1 1 Wayne State University 2 University of Virginia 3 University of Delaware November 16, 2015 1 Overview of The Talk

461 views • 22 slides
CONSISTENT PKCS#11 CONSISTENT PKCS#11 IN OPERATING SYSTEMS IN OPERATING SYSTEMS IMPROVING USER

CONSISTENT PKCS#11 CONSISTENT PKCS#11 IN OPERATING SYSTEMS IN OPERATING SYSTEMS IMPROVING USER

CONSISTENT PKCS#11 CONSISTENT PKCS#11 IN OPERATING SYSTEMS IN OPERATING SYSTEMS IMPROVING USER EXPERIENCE AND SECURITY IN RHEL AND FEDORA IMPROVING USER EXPERIENCE AND SECURITY IN RHEL AND FEDORA Jakub Jelen Software Engineer Red Hat

961 views • 38 slides
CuriOS: Improving Reliability through Operating System Structure Nils Asmussen Paper Reading

CuriOS: Improving Reliability through Operating System Structure Nils Asmussen Paper Reading

Introduction Related OSs Design of CuriOS Evaluation Conclusion CuriOS: Improving Reliability through Operating System Structure Nils Asmussen Paper Reading Group 08/29/2012 1 / 21 Introduction Related OSs Design of CuriOS Evaluation

243 views • 23 slides
RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need

RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need

CS 4410 Operating Systems RAID Summer 2016 Cornell University Today Performance and reliability using RAID. 2 Need for performance Disks are improving, but not as fast as CPUs. 1970s seek time: 50-100 ms. 2000s seek time:

462 views • 15 slides
WHO WATCHES THE WATCHMEN? Protecting Operating System Reliability Mechanisms Bj orn D

WHO WATCHES THE WATCHMEN? Protecting Operating System Reliability Mechanisms Bj orn D

WHO WATCHES THE WATCHMEN? Protecting Operating System Reliability Mechanisms Bj orn D obel, Hermann H artig Hollywood, 10/07/2012 Splitting Systems Bank App DOpE VPFS Linux L4/Fiasco.OC Microkernel D obel, H artig,

420 views • 17 slides
Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron Brightwell Scalable System Software Sandia National Laboratories Albuquerque, NM, USA International Workshop on Runtime and Operating Systems for

575 views • 32 slides
About Me Bhuvan Urgaonkar Operating Systems Assistant Professor, CSE Operating Systems

About Me Bhuvan Urgaonkar Operating Systems Assistant Professor, CSE Operating Systems

About Me Bhuvan Urgaonkar Operating Systems Assistant Professor, CSE Operating Systems Ph.D., Sept. 2005, Univ. of Mass. Amherst CSE 411 CSE 411 Research areas Operating systems, Distributed systems, Computer networks

500 views • 8 slides
2D Materials: A General Overview A specialty and commodity chemical distributor operating out of

2D Materials: A General Overview A specialty and commodity chemical distributor operating out of

2D Materials: A General Overview A specialty and commodity chemical distributor operating out of Asia, Europe, America and the Middle East. We provide services along the supply chains: ranging from the procurement, product development and

220 views • 20 slides
EECS 750: Advanced Operating Systems 01/31 /2014 Heechul Yun Administrative Next summary

EECS 750: Advanced Operating Systems 01/31 /2014 Heechul Yun Administrative Next summary

EECS 750: Advanced Operating Systems 01/31 /2014 Heechul Yun Administrative Next summary assignment due by 11:59 p.m., Sunday Improving Performance Isolation on Chip Multiprocessors via an Operating System Scheduler, PACT07

344 views • 22 slides
IMPROVING TURBINE RELIABILITY THROUGH COMPONENT DESIGN OPTIMIZATION Prasad Padman - Moog

IMPROVING TURBINE RELIABILITY THROUGH COMPONENT DESIGN OPTIMIZATION Prasad Padman - Moog

IMPROVING TURBINE RELIABILITY THROUGH COMPONENT DESIGN OPTIMIZATION Prasad Padman - Moog Francesco Vanni - DNV GL Date: 26 April, 2017 Windergy 2017, New Delhi Key learnings 1. Reducing Wind LCoE is important for the industry 2. Improving

701 views • 14 slides
CPS 210: Operating Systems CPS 210: Operating Systems Operating Systems: The Big Picture

CPS 210: Operating Systems CPS 210: Operating Systems Operating Systems: The Big Picture

CPS 210: Operating Systems CPS 210: Operating Systems Operating Systems: The Big Picture Operating Systems: The Big Picture The operating system (OS) is the interface between user applications and the hardware. User Applications virtual

245 views • 24 slides
Roadmap for Section 1.2. History of Operating Systems Tasks of an Operating System OS as

Roadmap for Section 1.2. History of Operating Systems Tasks of an Operating System OS as

Unit OS1: Overview of Operating Systems 1.2. The Evolution of Operating Systems Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 1.2. History of Operating Systems Tasks of

556 views • 12 slides
History Where the idea for Operating systems came from Genealogy of Operating Systems

History Where the idea for Operating systems came from Genealogy of Operating Systems

BS1 WS19/20 topic-based slides History Where the idea for Operating systems came from Genealogy of Operating Systems Critical Innovations Hardware and Software Hardware Development Operating System Development Operating Systems

631 views • 23 slides
Software Reliability Categorizing and specifying the reliability of software systems CS 422

Software Reliability Categorizing and specifying the reliability of software systems CS 422

Chapter 18 Chapter 18 Software Reliability Learning Objective ... Define the basic principles underlying software reliability engineering (metrics, measurement, and prediction) Frederick T Sheldon Assistant Professor of Computer Science

435 views • 14 slides
Belief Reliability for Uncertain Random Systems Rui Kang Center for Resilience and Safety of

Belief Reliability for Uncertain Random Systems Rui Kang Center for Resilience and Safety of

Belief Reliability for Uncertain Random Systems Rui Kang Center for Resilience and Safety of Critical Infrastructures School of Reliability and Systems Engineering Beihang University, Beijing, China A short introduction School of Reliability

1.07k views • 84 slides
Flash Reliability in Produc4on: The Importance of Measurement

Flash Reliability in Produc4on: The Importance of Measurement

Flash Reliability in Produc4on: The Importance of Measurement and Analysis in Improving System Reliability Bianca Schroeder (Currently on sabbatical at Microsoft Research Redmond)

515 views • 38 slides
Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is

Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is

Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is an Operating System? try to come up with a defjnition of what the term operating system means. Discuss your fjndings amongst yourselves. Operating

607 views • 26 slides
Architectural Support for Operating Systems (Chapter 2) CS 4410 Operating Systems [R. Agarwal,

Architectural Support for Operating Systems (Chapter 2) CS 4410 Operating Systems [R. Agarwal,

Architectural Support for Operating Systems (Chapter 2) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M. George, E. Sirer, R. Van Renesse] Lets start at the very beginning 2 A Short History of Operating Systems 3 History of

822 views • 34 slides
Active Arc Quenching Standards Improving Critical Electrical System Reliability and Eliminating

Active Arc Quenching Standards Improving Critical Electrical System Reliability and Eliminating

Active Arc Quenching Standards Improving Critical Electrical System Reliability and Eliminating the requirement for arc-rated PPE Tech4 LLC Mike Bukovitz, P.E. 20 April 2020 Introduction My Background The Arc Terminator Project

625 views • 39 slides
Active Arc Quenching Presentation Objectives: Improving Critical Electrical System Reliability

Active Arc Quenching Presentation Objectives: Improving Critical Electrical System Reliability

Active Arc Quenching Presentation Objectives: Improving Critical Electrical System Reliability and Eliminating the requirement for arc-rated PPE Tech4 LLC Mike Bukovitz, P.E. Introducing: The Arc Quencher Recognized & Certified? YES!

489 views • 30 slides
CSE 3320 Operating Systems Computer and Operating Systems Overview Jia Rao Department of

CSE 3320 Operating Systems Computer and Operating Systems Overview Jia Rao Department of

CSE 3320 Operating Systems Computer and Operating Systems Overview Jia Rao Department of Computer Science and Engineering http://ranger.uta.edu/~jrao Overview Recap of last class o What is an operating system ? o Functionalities of

530 views • 24 slides

More recommend