OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander...
-
Upload
monique-osment -
Category
Documents
-
view
217 -
download
0
Transcript of OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander...
![Page 1: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/1.jpg)
OPERATING SYSTEM TRANSACTIONS
Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn,
and Emmett Witchel
The University of Texas at Austin
![Page 2: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/2.jpg)
2
OS APIs don’t handle concurrency
OS is weak link in concurrent programming model
Can’t make consistent updates to system resources across multiple system calls Race conditions for resources such as the file
system No simple work-around
Applications can’t express consistency requirements
OS can’t infer requirements
![Page 3: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/3.jpg)
3
System transactions
System transactions ensure consistent updates by concurrent applications Prototype called TxOS
Solve problems System level race conditions (TOCTTOU)
Build better applications LDAP directory server Software installation
![Page 4: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/4.jpg)
4
System-level races
if(access(“foo”)) {
fd = open(“foo”); write(fd,…); …}
(root)
foo == /etc/passwd
Time-of-check-to-time-of-use (TOCTTOU) race condition
![Page 5: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/5.jpg)
5
TOCTTOU race eliminated
sys_xbegin();if(access(“foo”)) { fd = open(“foo”); write(fd,…); …}sys_xend();
(root)
![Page 6: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/6.jpg)
6
How to make consistent updates to stable storage?
Database
rename()
Sys Tx
Example 1: better application design
Application Technique
Editor
User directory service (LDAP)
Enterprise data storage
????
Simple
Complex
![Page 7: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/7.jpg)
7
Ex 2: transactional software install
sys_xbegin();
apt-get upgrade
sys_xend();
A failed install is automatically rolled back Concurrent, unrelated operations are
unaffected System crash: reboot to entire upgrade or
none
![Page 8: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/8.jpg)
8
System transactions
Simple API: sys_xbegin, sys_xend, sys_xabort Transaction wraps group of system calls
Results isolated from other threads until commit Transactions execute concurrently for
performance Conflicting transactions must serialize for
safety Conflict most often read & write of same datum Too much serialization hurts performance
![Page 9: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/9.jpg)
9
Related work
Developers changing syscall API for concurrency Ad hoc, partial solutions: openat(), etc.
System transactions have been proposed and built QuickSilver [SOSP ‘91], LOCUS [SOSP ’85]
Key contribution: new design and implementation Uphold strong guarantees and good performance
System transactions != transactional memory TxOS runs on commodity hardware
![Page 10: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/10.jpg)
10
Outline
Example uses of system transactions TxOS design and implementation Evaluation
![Page 11: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/11.jpg)
11
Building a transactional system Version management
Private copies instead of undo log Detect conflicts
Minimize performance impact of true conflicts
Eliminate false conflicts Resolve conflicts
Non-transactional code must respect transactional code
![Page 12: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/12.jpg)
12
TxOS in action
CPU 0 (low priority)sys_xbegin();chmod(“f”, 0x755);sys_xend();
CPU 1 (high priority)sys_xbegin();chown(“f”, 1001);sys_xend();
0x7001000
Inode “f” Header
Private Copies Private Copies
0x7551000
Inode “f” Data
0x7001001
Conflicting
Annotation
Contention Mgr.
Abort CPU 0 (lower
prio)
Inode “f” Data
![Page 13: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/13.jpg)
13
System comparison
Previous Systems
TxOS
Speculative write locationIsolation mechanismRollback mechanismCommit mechanism
Deadlock prone
Can cause priority
inversion
Shared data structures
Two-phase locking
Undo log
Discard undo log,release locks
Private copies of data structuresPrivate copies + annotationsDiscard private copiesPublish private copy by ptr swap
![Page 14: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/14.jpg)
14
R Add/Del
Add/Del+R
R
Add/Del
Add/Del+R
R W
R
W
Minimizing false conflicts
sys_xbegin();create(“/tmp/foo”);sys_xend();
sys_xbegin();create(“/tmp/bar”);sys_xend();
Insight: object semantics allow more permissive conflict definition and therefore more concurrency
TxOS supports precise conflict definitions per object type
Increases concurrency without relaxing isolation
R Add/Del
R
Add/Del
OK if different
files created,
Dir not read
![Page 15: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/15.jpg)
15
Serializing transactions and non-transactions (strong isolation)
TxOS mixes transactional and non-tx code In database, everything is transaction Semantically murky in historical systems
Critical to correctness Allows incremental adoption of transactions TOCTTOU attacker will not use a transaction
Problem: can’t roll back non-transactional syscall Always aborting transaction undermines
fairness
![Page 16: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/16.jpg)
16
Strong isolation in TxOS
CPU 0
symlink(“/etc/passwd”, “/tmp/foo”);
CPU 1sys_xbegin();if(access(“/tmp/foo”)) open(“/tmp/foo”);sys_xend();
Dentry “/tmp/foo” Header
Dentry “/tmp/foo” Data
Conflicting
Annotation
Options: Abort CPU1 Deschedule
CPU0
Contention Manager
![Page 17: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/17.jpg)
17
Transactions for application state
System transactions only manage system state
Applications can select their approach Copy-on-write paging Hardware or Software Transactional
Memory (TM) Application-specific compensation code
![Page 18: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/18.jpg)
18
Transactions: a core OS abstraction
Easy to make kernel subsystems transactional
Transactional filesystems in TxOS Transactions implemented in VFS or higher FS responsible for atomic updates to stable
store Journal + TxOS = Transactional
Filesystem 1 developer-month transactional ext3
prototype
![Page 19: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/19.jpg)
19
Evaluation
Example uses of system transactions TxOS design and implementation Evaluation
What is the cost of using transactions? What overheads are imposed on non-
transactional applications?
![Page 20: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/20.jpg)
20
TxOS Prototype
Extend Linux 2.6.22 to support system transactions Add 8,600 LOC to Linux Minor modifications to 14,000 LOC
Runs on commodity hardware Transactional semantics for a range of
resources: File system, signals, processes, pipes
![Page 21: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/21.jpg)
21
Hardware and benchmarks
Quadcore 2.66 GHz Intel Core 2 CPU, 4 GB RAMBenchmark Description
install install of svn 1.4.4
make Compile nano 2.06 inside a tx
dpkg dpkg install OpenSSH 4.6
LFS large/small
Wrap each phase in a tx
RAB Reimplemeted Andrew BenchmarkEach phase in a tx
![Page 22: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/22.jpg)
22
Transactional software install
A failed install is automatically rolled back Concurrent, unrelated operations are unaffected
System crash: reboot to entire upgrade or none
sys_xbegin();dpkg –i openssh;sys_xend();
10% overhead
sys_xbegin();install svn;sys_xend();
70% overhead
![Page 23: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/23.jpg)
23
Transaction overheads
LFS Large Read Rnd
LFS Small Delete
dpkg
0 0.5 1 1.5 2 2.5 3
Execution Time Normalized to Linux
Memory overheads on LFS large: 13% high, 5% low (kernel)
![Page 24: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/24.jpg)
24
Write speedups
LFS S Create
LFS L Write Seq
LFS L Write Rand
RAB mkdir
RAB cp
0 2 4 6 8 10 12 14 16 18 20
Speedup over Linux
Better I/O scheduling – not luck Tx boundaries provide I/O scheduling hint to OS
![Page 25: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/25.jpg)
25
Lightweight DB alternative
OpenLDAP directory server Replace BDB backend with transactions +
flat files 2-4.2x speedup on write-intensive
workloads Comparable performance on read-only
workloads Primarily serviced from memory cache
rename()
DatabasesSys Tx
![Page 26: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/26.jpg)
26
Non-transactional overheads
Non-transactional Linux compile: <2% on TxOS Transactions are “pay-to-play”
Single system call: 42% geometric mean With additional optimizations: 14%
geomean Optimizations approximated by eliding
checks
![Page 27: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/27.jpg)
27
What is practical?
22 08/07
23 24 25 26 27 28 29 30 31 09/09
11.051.1
1.151.2
Mean Linux Syscall Overhead, Normal-ized to 2.6.22
Feature creep over 2 years costs 16% Developers are willing to give up performance for
useful features Transactions are in same range (14%), more powerful
![Page 28: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/28.jpg)
28
OSes should support transactions Practical implementation techniques for
modern OS Transactions solve long-standing problems
Replace ad hoc solutions Transactions enable better concurrent
programs
http://www.cs.utexas.edu/~porterde/[email protected]
![Page 29: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/29.jpg)
29
Backup Slides
![Page 30: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/30.jpg)
30
Windows kernel transaction manager
Framework for 2-Phase Commit Coordinate transactional file system, registry
Transactional FS and registry Completely different implementation FS updates in place, Registry uses private copies Little opportunity for code reuse across
subsystems Explicitly transacted code
More conservative, limited design choice TxOS allows implicit transactions, application
wrappers
![Page 31: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/31.jpg)
31
Distributed transactions
User/language-level transactions Cannot isolate OS managed resources
TABS [SOSP ‘85], Argus [SOSP ‘87], Sinfonia [SOSP ’07]
TABS – transactional windows manager Grayed out aborted dialog
Argus – similar strategies for limiting false conflicts
![Page 32: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/32.jpg)
32
Transactional file systems
Good idea, difficult to implement Challenging to implement below VFS layer Valor [FAST ‘09] introduces OS support in
page cache Lack simple abstractions
Users must understand implementation details Deadlock detection (Transactional NTFS) Logging and locking mechanism (Valor)
Lack support for other OS resources in transactions Windows KTM supports transactional
registry
![Page 33: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/33.jpg)
33
Speculator
Goal: hide latency of operations NFS client requests, synchronous writes,
etc. Similar implementation at points Different goals, not sufficient to provide
transactional semantics Isolation vs. dependences
![Page 34: OPERATING SYSTEM TRANSACTIONS Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alexander Benn, and Emmett Witchel The University of Texas at.](https://reader035.fdocuments.net/reader035/viewer/2022062511/551b011f55034607418b49f8/html5/thumbnails/34.jpg)
34
xCalls [EuroSys ’09]
User-level techniques for transactional system calls Within a single application only
Works for many common cases (buffering writes) Edge cases difficult without system support
E.g., close() or munmap() can implicitly delete a file