The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - July-Aug. (2012 vol.38)
pp: 875-888
Gabriel Parmer , The George Washington University, Washtington, DC
Richard West , Boston University, Boston
ABSTRACT
As software systems are becoming increasingly complex, the likelihood of faults and unexpected behaviors will naturally increase. Today, mobile devices to large-scale servers feature many millions of lines of code. Compile-time checks and offline verification methods are unlikely to capture all system states and control flow interactions of a running system. For this reason, many researchers have developed methods to contain faults at runtime by using software and hardware-based techniques to define protection domains. However, these approaches tend to impose isolation boundaries on software components that are static, and thus remain intact while the system is running. An unfortunate consequence of statically structured protection domains is that they may impose undue overhead on the communication between separate components. This paper proposes a new runtime technique that trades communication cost for fault isolation. We describe Mutable Protection Domains (MPDs) in the context of our Composite operating system. MPD dynamically adapts hardware isolation between interacting software components, depending on observed communication “hot-paths,” with the purpose of maximizing fault isolation where possible. In this sense, MPD naturally tends toward a system of maximal component isolation, while collapsing protection domains where costs are prohibitive. By increasing isolation for low-cost interacting components, MPD limits the scope of impact of future unexpected faults. We demonstrate the utility of MPD using a webserver, and identify different hot-paths for different workloads that dictate adaptations to system structure. Experiments show up to 40 percent improvement in throughput compared to a statically organized system, while maintaining high-fault isolation.
INDEX TERMS
Component-based, operating systems, reliability, fault isolation, performance
CITATION
Gabriel Parmer, Richard West, "Mutable Protection Domains: Adapting System Fault Isolation for Reliability and Efficiency", IEEE Transactions on Software Engineering, vol.38, no. 4, pp. 875-888, July-Aug. 2012, doi:10.1109/TSE.2011.61
REFERENCES
[1] Apache Server Project, http:/httpd.apache.org/, 2012.
[2] G. Back and W.C. Hsieh, "Drawing the Red Line in Java," Proc. Seventh Workshop Hot Topics in Operating Systems, 1999.
[3] G. Banga, J.C. Mogul, and P. Druschel, "A Scalable and Explicit Event Delivery Mechanism for UNIX," Proc. USENIX Ann. Technical Conf., 1999.
[4] B.N. Bershad, T.E. Anderson, E.D. Lazowska, and H.M. Levy, "Lightweight Remote Procedure Call," ACM Trans. Computer System, vol. 8, no. 1, pp. 37-55, 1990.
[5] C. Cadar, D. Dunbar, and D.R. Engler, "KlEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs," Proc. Eighth USENIX Conf. Operating Systems Design and Implementation, 2008.
[6] G. Candea, S. Kawamoto, Y. Fujiki, G. Friedman, and A. Fox, "Microreboot—A Technique for Cheap Recovery," Proc. Sixth Conf. Symp. Operating Systems Design and Implementation, 2004.
[7] B.M. Cantrill, M.W. Shapiro, and A.H. Leventhal, "Dynamic Instrumentation of Production Systems," Proc. USENIX Ann. Technical Conf., 2004.
[8] J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, and A. Gupta, "Hive: Fault Containment for Shared-Memory Multiprocessors," SIGOPS Operating Systems Rev., vol. 29, no. 5, pp. 12-25, 1995.
[9] J.S. Chase, M. Baker-Harvey, H.M. Levy, and E.D. Lazowska, "Opal: A Single Address Space System for 64-Bit Architectures," ACM SIGOPS Operating Systems Rev., vol. 26, no. 2, pp. 80-85, 1992.
[10] A. Chou, J. Yang, B. Chelf, S. Hallem, and D. Engler, "An Empirical Study of Operating Systems Errors," Proc. 18th ACM Symp. Operating Systems Principles, 2001.
[11] F.M. David, E.M. Chan, J.C. Carlyle, and R.H. Campbell, "CuriOS: Improving Reliability through Operating System Structure," Proc. Eighth USENIX Conf. Operating Systems Design and Implementation, 2008.
[12] B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, I. Pratt, A. Warfield, P. Barham, and R. Neugebauer, "Xen and the Art of Virtualization," Proc. 19th ACM Symp. Operating Systems Principles, 2003.
[13] D.R. Engler, F. Kaashoek, and J. O'Toole, "Exokernel: An Operating System Architecture for Application-Level Resource Management," Proc. 15th ACM Symp. Operating Systems Principles, 1995.
[14] M. Fahndrich, M. Aiken, C. Hawblitzel, O. Hodson, G.C. Hunt, J.R. Larus, and S. Levi, "Language Support for Fast and Reliable Message-Based Communication in Singularity OS," Proc. First ACM SIGOPS/EuroSys European Conf. Computer Systems, 2006.
[15] J. Fassino, J. Stefani, J. Lawall, and G. Muller, "Think: A Software Framework for Component-Based Operating System Kernels," Proc. Usenix Ann. Technical Conf., 2002.
[16] FastCGI, http:/www.fastcgi.com, 2012.
[17] B. Ford and J. Lepreau, "Evolving Mach 3.0 to a Migrating Thread Model," Proc. Winter USENIX Technical Conf., 1994.
[18] H. Franke, R. Russell, and M. Kirkwood, "Fuss, Futexes and Furwocks: Fast Userlevel Locking in Linux," Proc. Ottawa Linux Symp., 2002.
[19] E. Gabber, C. Small, J. Bruno, J. Brustoloni, and A. Silberschatz, "The Pebble Component-Based Operating System," Proc. Usenix Ann. Technical Conf., 2002.
[20] httperf, www.hpl.hp.com/research/linuxhttperf/, 2012.
[21] T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang, "Cyclone: A Safe Dialect of C," Proc. USENIX Ann. Technical Conf., 2002.
[22] P. Joubert, R.B. King, R. Neves, M. Russinovich, and J.M. Tracey, "High-Performance Memory-Based Web Servers: Kernel and User-Space Performance," Proc. USENIX Ann. Technical Conf., 2001.
[23] A. Lenharth, V.S. Adve, and S.T. King, "Recovery Domains: An Organizing Principle for Recoverable Operating Systems," Proc. 14th Int'l Conf. Architectural Support for Programming Languages and Operating Systems, 2009.
[24] J. Lepreau, M. Hibler, B. Ford, J. Law, and D.B. Orr, "In-Kernel Servers on Mach 3.0: Implementation and Performance," Proc. Third Conf. USENIX MACH III Symp., 1993.
[25] J. LeVasseur, V. Uhlig, J. Stoess, and S. Götz, "Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines," Proc. Sixth Conf. Symp. Operating Systems Design and Implementation, 2004.
[26] H. Levy, Capability-Based Computer Systems. Digital Press, 1984.
[27] J. Liedtke, "Improving IPC by Kernel Design," Proc. 14th ACM Symp. Operating Systems Principles, 1993.
[28] J. Liedtke, "On Micro-Kernel Construction," Proc. 15th ACM Symp. Operating System Principles, 1995.
[29] lwIP, http://www.sics.se/~adam/lwipindex.html, 2012.
[30] NIST Study—The Economic Impacts of Inadequate Infrastructure for Software Testing, http://www.nist.gov/director/prog-ofcreport02-3.pdf , 2012.
[31] J. Ousterhout, "Why Aren't Operating Systems Getting Faster as Fast as Hardware?" Proc. Summer USENIX Conf., 1990.
[32] G. Parmer and R. West, "Hijack: Taking Control of COTS Systems for Real-Time User-Level Services," Proc. IEEE 13th Real Time and Embedded Technology and Applications Symp., 2007.
[33] G. Parmer and R. West, "Towards a Component-Based System for Dependable and Predictable Computing," Proc. IEEE 28th Real-Time Systems Symp., 2007.
[34] G. Parmer and R. West, "Predictable Interrupt Management and Scheduling in the Composite Component-Based System," Proc. Real-Time Systems Symp., 2008.
[35] M.I. Seltzer, Y. Endo, C. Small, and K.A. Smith, "Dealing with Disaster: Surviving Misbehaved Kernel Extensions," Proc. Second USENIX Symp. Operating Systems Design and Implementation, 1996.
[36] M. Stoer and F. Wagner, "A Simple Min-Cut Algorithm," J. ACM, vol. 44, no. 4, pp. 585-591, 1997.
[37] M.M. Swift, M. Annamalai, B.N. Bershad, and H.M. Levy, "Recovering Device Drivers," Proc. Sixth Conf. Symp. Operating Systems Design and Implementation, 2004.
[38] M.M. Swift, B.N. Bershad, and H.M. Levy, "Improving the Reliability of Commodity Operating Systems," Proc. 19th ACM Symp. Operating Systems Principles, 2003.
[39] C. Szyperski, Component Software: Beyond Object-Oriented Programming. Addison-Wesley Longman Publishing Co., 2002.
[40] E. Witchel, J. Cates, and K. Asanović, "Mondrian Memory Protection," Proc. 10th Int'l Conf. Architectural Support for Programming Languages and Operating Systems, 2002.
50 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool