This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
The Design and Verification of the Rio File Cache
April 2001 (vol. 50 no. 4)
pp. 322-337

Abstract—Today's file systems are limited in speed and reliability by memory's vulnerability to operating system crashes. Because memory is viewed as unsafe, systems periodically write modified file data back to disk. These extra disk writes lower system performance and the delay period before data is safe lowers reliability. The goal of the Rio (RAM I/O) file cache is to make ordinary main memory safe for persistent storage by enabling memory to survive operating system crashes. Reliable main memory enables the Rio file cache to be as reliable as a write-through file cache, where every write is safe instantly, and as fast as a pure write-back file cache, with no reliability-induced writes to disk. This paper describes the systematic, quantitative process we used to design and verify the Rio file cache on Intel PCs running FreeBSD and the reliability and performance of the resulting system.

[1] M. Abbott et al., "Durable Memory RS/6000 System Design," Proc. 24th Ann. Int'l Symp. Fault-Tolerant Computing, IEEE CS Press, Los Alamitos, Calif., 1994, pp. 414-423.
[2] S. Akyurek and K. Salem, “Management of Partially Safe Buffers,” IEEE Trans. Computers, vol. 44, no. 3, pp. 394-407, Mar. 1995.
[3] “The Power Protection Handbook,” technical report, Am. Power Conversion, 1996.
[4] J. Arlat et al., "Fault Injection for Dependability Validation: A Methodology and Some Applications," IEEE Trans. Software Eng., Feb. 1990, pp. 166-182.
[5] M. Baker, J.H. Hartman, M.D. Kupfer, K.W. Shirriff, and J. Ousterhout, "Measurements of a Distributed File System," Proc. 13th ACM Symp. Operating Systems Principles, pp. 198-211, Oct. 1991.
[6] M. Baker,S. Asami,E. Deprit,, and J. Ousterhout,“Non-volatile Memory for fast reliable file systems,” Proc. Int’l Conf. Architectural Support Programming Languages and Operating Systems, pp. 10-22, Oct. 1992.
[7] M. Baker and M. Sullivan, “The Recovery Box: Using Fast Recovery to Provide High Availability in the UNIX Environment,” Proc. USENIX Summer Conf., June 1992.
[8] M. Banâtre and G. Muller,“Ensuring data security and integrity with a fast stable storage,” Fourth Int’l Conf. on Data Eng., Feb. 1988, pp. 285-293.
[9] M. Banatre, G. Muller, B. Rochat, and P. Sanchez, “Design Decisions for the FTM: A General Purpose Fault Tolerant Machine,” Proc. 1991 Int'l Symp. Fault-Tolerant Computing, pp. 71-78, June 1991.
[10] J.H. Barton, E.W. Czeck, Z.Z. Segall, and D.P. Siewiorek, Fault Injection Experiments Using FIAT IEEE Trans. Computers, vol. 39, no. 4, pp. 575-582, Apr. 1990.
[11] A. Bensoussan, C.T. Clingen, and R.C. Daley, “The Multics Virtual Memory: Concepts and Design,” Comm. ACM, vol. 15, no. 5, pp. 308-318, May 1972.
[12] P. Biswas, K.K. Ramakrishnan, D. Towsley, and C.M. Krishna, “Performance Analysis of Distributed File Systems with Non-Volatile Caches,” Proc. 1993 Int'l Symp. High Performance Distributed Computing (HPDC-2), pp. 252-262, July 1993.
[13] J. Carreira, H. Madeira, and J.G. Silva, Xception: A Technique for the Experimental Evaluation of Dependability in Modern Computers IEEE Trans. Software Eng., vol. 24, no. 2, pp. 125-136, Feb. 1998.
[14] J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, and A. Gupta, “Hive: Fault Containment for Shared-Memory Multiprocessors,” Proc. 1995 Symp. Operating Systems Principles, Dec. 1995.
[15] P.M. Chen, L.T. Ng, S. Chandra, C. Aycock, G. Rajamani, and D. Lowell, “The Rio File Cache: Surviving Operating System Crashes,” Proc. 1996 Int'l Conf. Architectural Support for Programming Languages and Operating Systems, pp. 74-83, Oct. 1996.
[16] R. Chillarege and N.S. Bowen, “Understanding Large System Failures—A Fault Injection Experiment,” Proc. IEEE Int'l Symp. Fault-Tolerant Computing, pp. 356–363, June 1989.
[17] G. Copeland,R. Krishnamurty,, and M. Smith,“The case for safe RAM,” Proc. 15th VLDB Conf., pp. 327-336,Amsterdam, 1989.
[18] D.J. DeWitt, R.H. Katz, F. Olken, L.D. Shapiro, and M.R. Stonebraker, “Implementation Techniques for Main Memory Database Systems,” Proc. ACM SIGMOD, 1984.
[19] F. Eskesen, M. Hack, A. Iyengar, R.P. King, and N. Halim, “Software Exploitation of a Fault-Tolerant Computer with a Large Memory,” Proc. 1998 Symp. Fault-Tolerant Computing (FTCS), pp. 336-345, June 1998.
[20] J. Gait,“Phoenix: A safe in-memory file system,” Comm. ACM, vol. 33, no. 1, pp. 81-86, Jan. 1990.
[21] G.R. Ganger and Y.N. Patt, “Metadata Update Performance in File Systems,” Proc. 1994 Operating Systems Design and Implementation (OSDI), Nov. 1994.
[22] F. Van Gilluwe, The Undocumented PC: A Programmer's Guide to I/O, CPUs, and Fixed Memory Areas. Addison-Wesley Developer Press, 1997.
[23] J. Gray, "A Census of Tandem System Availability Between 1985 and 1990," IEEE Trans. Reliability, vol. 39, no. 4, pp. 409-418, Oct. 1990.
[24] J. Gray and D.P. Siewiorek, "High-Availability Computer Systems," Computer, pp. 39-48, Sept. 1991.
[25] T. Haerder and A. Reuter,“Principles of transaction-oriented database recovery,” ACM Computing Surveys, vol. 15, no. 4, pp. 287-317, Dec. 1983.
[26] R. Hagmann, “Reimplementing the Cedar File System Using Logging and Group Commit,” Proc. 11th ACM Symp. Operating Systems Principles, pp. 155-162, Nov. 1987, also in ACM Operating Systems Rev., vol. 21, no. 5, 1987.
[27] J.H. Hartman and J.K. Ousterhout, “Letter to the Editor,” Operating Systems Review, vol. 27, no. 1, pp. 7-9, Jan. 1993.
[28] J.L. Hennessy and D.A. Patterson, Computer Architecture: A Quantitative Approach, Morgan Kaufmann, San Mateo, Calif., 1990.
[29] D. Hitz, J. Lau, and M. Malcolm, “File System Design for an NFS File Server Appliance,” Proc. 1994 USENIX Winter Conf., Jan. 1994.
[30] Y. Hu and Q. Yang, “DCD—Disk Caching Disk: A New Approach for Boosting I/O Performance,” Proc. 23rd Int'l Symp. Computer Architecture (ISCA '96), pp. 169-178, May 1996.
[31] J. Hudak, B.-H. Suh, D. Siewiorek, and Z. Segall, “Evaluation and Comparison of Fault-Tolerant Software Techniques,” IEEE Trans. Reliability, vol. 42, no. 2, June 1993.
[32] “Intel 82371AB PCI ISA IDE Xcelerator (PIIX4) Datasheet,” Intel Corp., 1997.
[33] “Intel Architecture Software Developer's Manual: Volumes 1-3,” Intel Corp., 1997.
[34] R.K. Iyer, “Experimental Evaluation,” Proc. 1995 Int'l Symp. Fault-Tolerant Computing, pp. 115-132, July 1995.
[35] R. Jain, The Art of Computer Systems Performance Analysis. John Wiley&Sons, 1991.
[36] M.S. Johnson, “Some Requirements for Architectural Support of Software Debugging,” Proc. 1982 Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 140-148, Apr. 1982.
[37] B.W. Johnson, Design and Analysis of Fault-Tolerant Digital Systems, pp. 394-402. Reading, Mass.: Addison-Wesley, June 1989.
[38] G.A. Kanawati, N.A. Kanawati, and J.A. Abraham, FERRARI: A Flexible Software-Based Fault and Error Injection System IEEE Trans. Computers, vol. 44, no. 2, pp. 248-260, Feb. 1995.
[39] W. Kao, R. Iyer, and D. Tang, "FINE: A Fault Injection and Monitoring Environment for Tracing the UNIX System Behavior Under Faults," IEEE Trans. Software Eng., vol. 19, no. 11, pp. 1,105-1,118, Nov. 1993.
[40] P.B. Kessler, “Fast Breakpoints: Design and Implementation,” Proc. 1990 Conf. Programming Language Design and Implementation (PLDI), pp. 78-84, June 1990.
[41] P. Koopman and J. DeVale, Comparing the Robustness of POSIX Operating Systems Proc. 29th Int'l Symp. Fault-Tolerant Computing (FTCS-29), pp. 30-37, 1999.
[42] N.P. Kropp, P.J. Koopman, and D.P. Siewiorek, Automated Robustness Testing of Off-the-Shelf Software Components Proc. Symp. Fault-Tolerant Computing (FTCS), pp. 230-239, 1998, .
[43] I. Lee and R.K. Iyer, “Faults, Symptoms, and Software Fault Tolerance in Tandem GUARDIAN90 Operating System,” Proc. 23rd IEEE Int'l Symp. Fault-Tolerant Computing (FTCS23), pp. 20-29, Toulouse, France 1993.
[44] B. Liskov, S. Ghemawat, R. Gruber, P. Johnson, L. Shrira, and M. Williams, "Replication in the Harp file System," Proc. 13th SOSP, pp. 226-238, Oct. 1991.
[45] D.E. Lowell and P.M. Chen, “Free Transactions with Rio Vista,” Proc. 1997 Symp. Operating Systems Principles, pp. 92-101, Oct. 1997.
[46] D.E. Lowell, S. Chandra, and P.M. Chen, “Exploring Failure Transparency and the Limits of Generic Recovery,” Proc. 2000 Operating Systems Design and Implementation (OSDI), Oct. 2000.
[47] B. Lyon and R. Sandberg, “Breaking through the NFS Performance Barrier,” technical report, Legato Systems, Inc., 1990.
[48] M.K. McKusick, M.J. Karels, and K. Bostic, “A Pageable Memory Based Filesystem,” Proc. USENIX Summer Conf., June 1990.
[49] M.K. McKusick et al., The Design and Implementation of the 4.4 BSD Operating System, Addison-Wesley, Reading, Mass., 1996.
[50] M.K. McKusick and G.R. Ganger, “Soft Updates: A Technique for Eliminating Most Synchronous Writes in the Fast Filesystem,” Proc. 1999 USENIX Ann. Technical Conf.: FREENIX Track, June 1999.
[51] R.M. Needham, A.J. Herbert, and J.G. Mitchell, “How to Connect Stable Memory to a Computer,” Operating System Review, vol. 17, no. 1, p. 16, Jan. 1983.
[52] W.T. Ng and P.M. Chen, “The Systematic Improvement of Fault Tolerance in the Rio File Cache,” Proc. 1999 Symp. Fault-Tolerant Computing (FTCS), June 1999.
[53] T. Nightingale, Y. Hu, and Q. Yang, “The Design and Implementation of a DCD Device Driver for Unix,” Proc. 1999 USENIX Technical Conf., June 1999.
[54] J.K. Ousterhout et al., "A Trace-Driven Analysis of the UNIX 4.2 BSD File System," Proc. 10th Symp. Operating Systems Principles, pp. 15-24, Dec. 1985.
[55] D. Pnevmatikatos, E.P. Markatos, G. Magklis, and S. Ioannidis, “On Using Network RAM as a Non-Volatile Buffer,” Cluster Computing, vol. 2, pp. 295-303, 1999.
[56] R. Rashid et al., "Machine-Independent Virtual Memory Management for Paged Uniprocessor and Multiprocessor Architectures," IEEE Trans. Computers, Aug. 1988, pp. 896-908.
[57] M. Rela, H. Madeira, and J. Silva, “Experimental Evaluation of the Fail-Silent Behavior in Programs with Consistency Checks,” Proc. IEEE Int'l Symp. Fault-Tolerant Computing, pp. 394–403, 1996.
[58] M. Rosenblum, “The Design and Implementation of a Log-structured File System,” PhD thesis, Univ. of California at Berkeley, June 1992.
[59] M. Rosenblum and J.K. Ousterhout, "The Design and Implementation of a Log-Structured File System," ACM Trans. Computer Systems, vol. 10, no. 1, Feb. 1992.
[60] T. Shanley, Protected Mode Software Architecture. Addison-Wesley Developer Press, 1996.
[61] D.P. Siewiorek, J.J. Hudak, B.-H. Suh, and Z. Segal, “Development of a Benchmark to Measure System Robustness,” Proc. 1993 Int'l Symp. Fault-Tolerant Computing, pp. 88-97, June 1993.
[62] D.P. Siewiorek and R.S. Swarz, Reliable Computer Systems—Design and Evaluation. Natick, Mass.: A.K. Peters Ltd., 1998.
[63] A. Silberschatz and P.B. Galvin, Operating Systems Concepts, 5th ed., Addison-Wesley, Reading, Mass., 1998.
[64] J. Silva, J. Carreira, H. Madeira, D. Costa, and F. Moreira, “Experimental Assessment of Parallel Systems,” Proc. IEEE Int'l Symp. Fault-Tolerant Computing, pp. 415–424, 1996.
[65] M. Sullivan and R. Chillarege, "Software Defects and Their Impact on System Availability—A Study of Field Failures in Operating Systems," Proc. Int'l Symp. Fault-Tolerant Computing, pp. 2-9, 1991.
[66] M. Sullivan and R. Chillarege, “A Comparison of Software Defects in Database Management Systems and Operating Systems,” Proc. 1992 Int'l Symp. Fault-Tolerant Computing, pp. 475-484, July 1992.
[67] M. Sullivan personal communication, Dec. 1995.
[68] A. Tanenbaum, Distributed Operating Systems. Prentice-Hall, 1995.
[69] T.K. Tsai and R.K. Iyer, "An Approach to Benchmarking of Fault-Tolerant Commercial Systems," Proc. 26th Ann. Int'l Symp. Fault-Tolerant Computing, IEEE CS Press, Los Alamitos, Calif., 1996, pp. 314-323.
[70] R. Wahbe, “Efficient Data Breakpoints,” Proc. Fourth Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS-IV), pp. 200-212, Oct. 1992.
[71] R. Wahbe, S. Lucco, T. Anderson, and S. Graham, Efficient Software-Based Fault Isolation Proc. 14th ACM Symp. Operating System Principles, pp. 203-216, Dec. 1993.
[72] R.Y. Wang, T.E. Anderson, and D.A. Patterson, “Virtual Log Based File Systems for a Programmable Disk,” Proc. 1995 Symp. Operating Systems Principles, pp. 29-43, Feb. 1999.
[73] M. Wu and W. Zwaenepoel, “eNVy: A Non-Volatile, Main Memory Storage System,” Proc. 1994 Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), Oct. 1994.

Index Terms:
File systems, reliable main memory, software fault injection.
Citation:
Wee Teck Ng, Peter M. Chen, "The Design and Verification of the Rio File Cache," IEEE Transactions on Computers, vol. 50, no. 4, pp. 322-337, April 2001, doi:10.1109/12.919278
Usage of this product signifies your acceptance of the Terms of Use.