we crashed now what
play

We Crashed, Now What? Lorenzo Cavallaro Cristiano Giuffrida Andrew - PowerPoint PPT Presentation

Apr 02, 2024 •167 likes •772 views

We Crashed, Now What? Lorenzo Cavallaro Cristiano Giuffrida Andrew S. Tanenbaum Vrije Universiteit Amsterdam 6 th Usenix Workshop on Hot Topics in System Dependability October 3, 2010, Vancouver, BC, Canada We Crashed, Now What? Cristiano

  1. We Crashed, Now What? Lorenzo Cavallaro Cristiano Giuffrida Andrew S. Tanenbaum Vrije Universiteit Amsterdam 6 th Usenix Workshop on Hot Topics in System Dependability October 3, 2010, Vancouver, BC, Canada We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 1

  3. OS Dependability Threats We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 3

  4. OS Dependability Threats We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 3

  5. OS Dependability Threats We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 3

  6. Are Core Components Safe? We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 4

  7. Are Core Components Safe? ”We’re getting bloated and huge. We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 4

  8. Are Core Components Safe? ”We’re getting bloated and huge. Yes, it’s a problem. We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 4

  9. Are Core Components Safe? ”We’re getting bloated and huge. Yes, it’s a problem. [ . . . ] I’d like to say we have a plan.” We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 4

  10. Are Core Components Safe? ”We’re getting bloated and huge. Yes, it’s a problem. [ . . . ] I’d like to say we have a plan.” Linus Torvalds on the Linux kernel, 2009 We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 4

  11. High-coverage Crash Recovery Rapid evolution and huge size cause more bugs Crash recovery solution with smaller TCB needed Whole-OS crash recovery We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 5

  12. High-coverage Crash Recovery Rapid evolution and huge size cause more bugs Crash recovery solution with smaller TCB needed Whole-OS crash recovery How? We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 5

  13. High-coverage Crash Recovery Rapid evolution and huge size cause more bugs Crash recovery solution with smaller TCB needed Whole-OS crash recovery How? 1. Extend existing work on isolated subsystems to the entire OS We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 5

  14. High-coverage Crash Recovery Rapid evolution and huge size cause more bugs Crash recovery solution with smaller TCB needed Whole-OS crash recovery How? 1. Extend existing work on isolated subsystems to the entire OS 2. Design a new high-coverage crash recovery infrastructure We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 5

  15. ? Entire OS Isolated Subsystems Work on extensions and drivers e.g., Safedrive , Nooks , Minix 3 Filesystems e.g., Membrane Assume isolated untrusted parties with well-defined interfaces Several recoverer-recoveree pairs to scale to the entire OS Complex and hard-to-maintain recovery infrastructure High exposure of the recovery code to the programmer We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 6

  16. ? Entire OS Isolated Subsystems Work on extensions and drivers e.g., Safedrive , Nooks , Minix 3 Filesystems e.g., Membrane Assume isolated untrusted parties with well-defined interfaces Several recoverer-recoveree pairs to scale to the entire OS . . . it is like a dog chasing its tail! Complex and hard-to-maintain recovery infrastructure High exposure of the recovery code to the programmer We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 6

  17. Emerging High-coverage Solutions Shadow kernel vs Pure instrumentation e.g., Otherworld e.g., Recovery Domains We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 7

  18. Emerging High-coverage Solutions Shadow kernel vs Pure instrumentation e.g., Otherworld e.g., Recovery Domains Best-effort (weak failure model) We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 7

  19. Emerging High-coverage Solutions Shadow kernel vs Pure instrumentation e.g., Otherworld e.g., Recovery Domains Best-effort Heavyweight (weak failure model) (high complexity) (poor performance) (poor scalability) We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 7

  20. WWW: What We Want We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 8

  21. WWW: What We Want High coverage We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 8

  22. WWW: What We Want Low complexity We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 8

  23. WWW: What We Want Reasonable performance and scalability We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 8

  24. WWW: What We Want Good maintainability We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 8

  25. WWW: What We Want Address the many challenges of the crash recovery problem We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 8

  26. The Crash Recovery Problem — I Crash detection Detect crashes proactively or reactively Isolate crashes so they do not disrupt the recovery process We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 9

  27. The Crash Recovery Problem — I Crash detection Detect crashes proactively or reactively Isolate crashes so they do not disrupt the recovery process State transfer Create a new execution context to restart execution Transfer the state from the old execution context We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 9

  28. The Crash Recovery Problem — I Crash detection Detect crashes proactively or reactively Isolate crashes so they do not disrupt the recovery process State transfer Create a new execution context to restart execution Transfer the state from the old execution context State consistency Restore a stable and consistent state in the new context Allow for deterministic execution upon restart We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 9

  29. The Crash Recovery Problem — II State dependency tracking Preserve state dependencies among different contexts Allow for a globally coherent state upon restart We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 10

  30. The Crash Recovery Problem — II State dependency tracking Preserve state dependencies among different contexts Allow for a globally coherent state upon restart State corruption Detect arbitrary data corruption Attempt to recover from arbitrary data corruption We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 10

  31. The Crash Recovery Problem — II State dependency tracking Preserve state dependencies among different contexts Allow for a globally coherent state upon restart State corruption Detect arbitrary data corruption Attempt to recover from arbitrary data corruption Restart Determine a safe execution point to resume operation Attempt to avoid further crashes We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 10

  32. Our Approach Combine OS design and lightweight instumentation We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 11

  33. Our Approach Combine OS design and lightweight instumentation OS Design Reduce complexity at recovery time Good performance and scalability We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 11

  34. Our Approach Combine OS design and lightweight instumentation OS Design Reduce complexity at recovery time Good performance and scalability Lightweight Compiler-based Instrumentation High coverage and component-agnostic recovery Good maintainability and evolvability We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 11

  35. OS Architecture R3 . . . App App App App App . . . VFS SCH NET VM PM . . . PRN HDD NDD SND RS R0 Microkernel We break down the OS into several userspace components Multiserver microkernel architecture based on message-passing We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 12

  36. The Programming Model O.S. Component We rely on an event-driven model We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 13

  37. The Programming Model O.S. Component Events trigger execution of the task loop We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 13

  38. The Programming Model O.S. Component Idempotent messages possible within the task loop We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 13

  39. The Programming Model O.S. Component Idempotent messages possible within the task loop We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 13

  40. The Programming Model O.S. Component Idempotent messages possible within the task loop We Crashed, Now What? Cristiano Giuffrida , Lorenzo Cavallaro, Andrew S. Tanenbaum 13

Recommend

FireBox Safe and secure extinguish, salvage, transport and storage of crashed electric vehicles

FireBox Safe and secure extinguish, salvage, transport and storage of crashed electric vehicles

FireBox Safe and secure extinguish, salvage, transport and storage of crashed electric vehicles FireBox andreas.krebs@blubox.ch The FireBox consists of : Salvage container with Extinguisher N-EXT extinguish system FireBox

534 views • 26 slides
124TH AVE/116TH ST: Highest crash rate in Kirkland From 2012 to 2014, automobiles crashed 56 times

124TH AVE/116TH ST: Highest crash rate in Kirkland From 2012 to 2014, automobiles crashed 56 times

Slater Ave NE NE 116th St 124th Ave NE 124TH AVE/116TH ST: Highest crash rate in Kirkland From 2012 to 2014, automobiles crashed 56 times in or near the intersection. 1.5 1.2 0.9 0.6 .55 1.26 0.3 crashes for every crashes for every

291 views • 6 slides
Problem report #1 From: me@dot.com To: zeller@gnu.org Subject: Crash Your program crashed.

Problem report #1 From: me@dot.com To: zeller@gnu.org Subject: Crash Your program crashed.

Tracking Problems Andreas Zeller 1 Whats a problem? A problem is a questionable property of a program run It becomes a failure if its incorrect a request for enhancement if missing and a feature if normal

411 views • 18 slides
ATA Conference 2008 Electronic Dictionaries The following story is true. Only the names have been

ATA Conference 2008 Electronic Dictionaries The following story is true. Only the names have been

ATA Conference 2008 Electronic Dictionaries The following story is true. Only the names have been changed to protect the innocent On October 1, 2008, MultiTran crashed. Real comments from the Russian Translators group on Yahoo: Is anyone

157 views • 12 slides
Implementing Consequence-Driven Cybersecurity with Continuous ICS Monitoring & Threat Modeling

Implementing Consequence-Driven Cybersecurity with Continuous ICS Monitoring & Threat Modeling

Implementing Consequence-Driven Cybersecurity with Continuous ICS Monitoring & Threat Modeling Phil Neray, VP of Industrial Cybersecurity Agenda NotPetya: How a Single Piece of Code Crashed the World (Wired) VPNFilter Update

610 views • 24 slides
Applicable Flight Accidents Azerbaijan Airlines Flight 217 22:40 December 23 rd 2005. Instrument

Applicable Flight Accidents Azerbaijan Airlines Flight 217 22:40 December 23 rd 2005. Instrument

Applicable Flight Accidents Azerbaijan Airlines Flight 217 22:40 December 23 rd 2005. Instrument Failure Antonov AN 140 100 Crashed in the Caspian Sea near Nardaran 18 Passengers 5 Crew with 23 Fatalities After climbing to 6900ft

392 views • 12 slides
Automount NFS Computer Center, CS, NCTU Automatic mounting Problems of /etc/fstab

Automount NFS Computer Center, CS, NCTU Automatic mounting Problems of /etc/fstab

Automount NFS Computer Center, CS, NCTU Automatic mounting Problems of /etc/fstab Maintenance of /etc/fstab in large network Crashed NFS server will make operation blocked automount daemon Mount filesystems when they are

238 views • 12 slides
Prisoners of Unita Corporal Manuel Rojas Garcia 28 October 1987 at 15:25, while on a

Prisoners of Unita Corporal Manuel Rojas Garcia 28 October 1987 at 15:25, while on a

Angola Field Group Presents. Prisoners of Unita Corporal Manuel Rojas Garcia 28 October 1987 at 15:25, while on a reconnaissance flight over Moxico, Colonel Manuel Rojas Garcia and Captain Ramon Quesada, were shot down The plane crashed

537 views • 36 slides
Ground Operations Wrong Runway Departures SEARAST, NARAST, SARAST BANGKOK, THAILAND

Ground Operations Wrong Runway Departures SEARAST, NARAST, SARAST BANGKOK, THAILAND

Commercial Aviation Safety Team (CAST) Ground Operations Wrong Runway Departures SEARAST, NARAST, SARAST BANGKOK, THAILAND November 12 - 20, 2007 Glenn W. Michael 1 Analytical Task On August 27, 2006 Comair Flight 5191 crashed

218 views • 21 slides
The Consensus Hierarchy Synchronous Systems In real systems, one can sometimes 1 Read/Write

The Consensus Hierarchy Synchronous Systems In real systems, one can sometimes 1 Read/Write

Consensus #4 The Consensus Hierarchy Synchronous Systems In real systems, one can sometimes 1 Read/Write Registers, tell if a processor had crashed 2 T&S, F&I, Swap, Timeouts Broken TCP connections . . .

331 views • 31 slides
Tech SEO fixes for large sites that made a difference 20 years web experience - 15 years of

Tech SEO fixes for large sites that made a difference 20 years web experience - 15 years of

Tech SEO fixes for large sites that made a difference 20 years web experience - 15 years of online marketing (SEO, SEM, social media, web analytics) Built first website in 1994 Once crashed a website for 4 days and still received almost 1.3

471 views • 35 slides
ReCrash Making crashes reproducible by preserving object states Shay Artzi, Sunghun Kim*,

ReCrash Making crashes reproducible by preserving object states Shay Artzi, Sunghun Kim*,

ReCrash Making crashes reproducible by preserving object states Shay Artzi, Sunghun Kim*, Michael D. Ernst MIT * now at HKUST Eclipse bug 30280: 2 days to reproduce, 4 minutes to fix 2003-01-27 08:01 User: Eclipse crashed I have no idea

965 views • 70 slides
Egon PElzEdEr ?? ?? octobEr 11, 1931 We have no photo of Captain Egon Pelzeder. A tragic

Egon PElzEdEr ?? ?? octobEr 11, 1931 We have no photo of Captain Egon Pelzeder. A tragic

Egon PElzEdEr ?? ?? octobEr 11, 1931 We have no photo of Captain Egon Pelzeder. A tragic mishap on October 11, 1931 took his life and the lives of two 12 year old boys from RI, when his plane caught fire and crashed at the airport.

508 views • 15 slides
Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez,

Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez,

Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez, Soujanya Ponnapalli, Pandian Raju, Vijay Chidambaram Crashes I crashed This is very File saved! important File missing Image

878 views • 87 slides

More recommend