eio e rror handling i s o ccasionally correct
play

EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , - PowerPoint PPT Presentation

Mar 08, 2023 •31 likes •381 views

EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , Cindy Rubio-Gonzlez, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Ben Liblit University of Wisconsin Madison FAST 08 February 28, 2008 1 Robustness of File

  1. EIO : E rror-handling i s O ccasionally Correct Haryadi S. Gunawi , Cindy Rubio-González, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Ben Liblit University of Wisconsin – Madison FAST ’08 – February 28, 2008 1

  2. Robustness of File Systems � Today’s file systems have robustness issues � Buggy implementation [FiSC-OSDI’04, EXPLODE-OSDI’06] � Unexpected behaviors in corner-case situations � Deficient fault-handling [IRONFS-SOSP’05] � Inconsistent policies: propagate, retry, stop, ignore � Prevalent ignorance � Ext3: Ignore write failures during checkpoint and journal replay � NFS: Sync-failure at the server is not propagated to client � What is the root cause? 2

  3. Incorrect Error Code Propagation NFS NFS Client Server sync() dosync dosync fdatawrite fdatawrite sync_file sync_file fdatawait fdatawait void dosync() { void dosync() { fdatawrite(); fdatawrite(); ... ... ... ... ... ... ... ... sync_file(); sync_file(); fdatawait(); fdatawait(); ... ... ... ... ... ... ... ... } ... ... ... ... ... ... ... ... ... ... 3

  4. Incorrect Error Code Propagation NFS NFS Client Server sync() Unsaved dosync dosync dosync dosync error-codes fdatawrite fdatawrite fdatawrite fdatawrite sync_file sync_file sync_file sync_file fdatawait fdatawait fdatawait fdatawait void dosync() { void dosync() { X fdatawrite(); fdatawrite(); ... ... ... ... ... ... ... ... ... ... ... ... ... ... X sync_file(); sync_file(); X fdatawait(); fdatawait(); ... ... ... ... ... ... ... ... ... ... ... ... } ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... return return return return return return EIO; EIO; EIO; EIO; EIO; EIO; 4

  5. Implications � Misleading error-codes in distributed systems � NFS client receives SUCCEED instead of ERROR � Useless policies � Retry in NFS client is not invoked � Silent failures � Much harder debugging process 5

  6. EDP : Error Detection and Propagation Analysis � Static analysis � Useful to show how error codes flow � Currently: 34 basic error codes (e.g. EIO, ENOMEM) � Target systems � 51 file systems (all directories in linux/fs/* ) � 3 storage drivers (SCSI, IDE, Software-RAID) 6

  7. Results � Number of violations � Error-codes flow through 9022 function calls � 1153 ( 13% ) calls do not save the returned error-codes � Analysis, a closer look � More complex file systems, more violations � Location distance affects error propagation correctness � Write errors are neglected more than read errors � Many violations are not corner-case bugs − Error-codes are consistently ignored 7

  8. Outline � Introduction � Methodology � Challenges � EDP tool � Results � Analysis � Discussion and Conclusion 8

  9. Challenges in Static Analysis � File systems use many error codes � buffer � state[Uptodate] = 0 � journal � flags = ABORT � int err = -EIO; ... return err; � Error codes transform � Block I/O error becomes journal error � Journal error becomes generic error code � Error codes propagate through: � Function call path � Asynchronous path (e.g. interrupt, network messages) 9

  10. EDP � State � Current State: Integer error-codes, function call path � Future: Error transformation, asynchronous path � Implementation � Utilize CIL: Infrastructure for C program analysis [Necula-CC’02] � EDP: ~4000 LOC in Ocaml � 3 components of EDP architecture � Specifying error-code information (e.g. EIO, ENOMEM) � Constructing error channels � Identifying violation points 10

  11. Constructing Error Channels � Propagate function sys_fsync � Dataflow analysis do_fsync � Connect function filemap_fdatawrite VFS pointers filemap_fdatawrt_rn EIO EIO do_writepages generic_writepages mpage_writepages ext3 ext3_writepage � Generation endpoint if (...) � Generates error code return –EIO –EIO; � Example: return –EIO ext3_writepage (int *err) *err = –EIO; *err = –EIO; 11

  12. Detecting Violations Error-complete endpoint � Termination endpoint func() { err = func_call(); err � Error code is no longer propagated if ( err err ) ... � Two termination endpoints: } Unchecked error-complete ( minimally checks) − func() { error-broken − err = func_call(); err ( unchecked, unsaved, overwritten) } Unsaved / Bad Call � Goal: func() { � Find error-broken endpoints func_call(); } Overwritten func() { err = func_call(); err err = func_call_2(); err } 12

  13. Outline � Introduction � Methodology � Results (unsaved error-codes / bad calls) � Graphical outputs � Complete results � Analysis of Results � Discussion and Conclusion 13

  14. HFS 1 3 2 Functions that generate/propagate error-codes func Functions that make bad calls (do not save error-codes) func Good calls (calls that propagate error-codes) Bad calls (calls that do not save error-codes) 14

  15. HFS (Example 1 ) int find_init(find_data *fd) { … 1 fd->search_key = kmalloc(…); if (!fd->search_key) return –ENOMEM; return –ENOMEM; … } int file_lookup() { … Bad call! find_init(fd); find_init(fd); fd->search_key-> search_key->cat = …; … Null pointer dereference } Inconsistencies Callee Good Calls Bad Calls 3 11 find_init find_init 15

  16. HFS (Example 2) 2 16

  17. HFS (Example 2) int __brec_find __brec_find(key) { 2 Finds a record in an HFS node that best matches the given key. Returns ENOENT if it fails. } int brec_find brec_find(key) { … result = __brec_find(key); result = __brec_find(key); … return result; return result; } Inconsistencies Callee Good Calls Bad Calls 3 11 find_init 1 4 __brec_find __brec_find 18 0 brec_find brec_find 17

  18. HFS (Example 3) 3 18

  19. HFS (Example 3) 3 int free_exts free_exts(…) { Traverses a list of extents and locate the extents to be freed. If not found, returns EIO . “panic?” is written before the return EIO statement. } Inconsistencies Callee Good Calls Bad Calls 3 11 find_init 1 4 __brec_find 18 0 brec_find 1 3 free_exts free_exts 19

  20. HFS (Summary) Inconsistencies Callee Good Calls Bad Calls 3 11 find_init find_init 1 4 __brec_find brec_find 18 0 brec_find brec_find 1 3 free_exts free_exts � Not only in HFS � Almost all file systems and storage systems have major inconsistencies 20

  21. ext3 37 bad / 188 calls = 20% 21

  22. ReiserFS 35 bad / 218 calls = 16% 22

  23. IBM JFS 61 bad / 340 calls = 18% 23

  24. NFS Client 54 bad / 446 calls = 12% 24

  25. Coda 0 bad / 54 calls = 0% (internal) 0 bad / 95 calls = 0% (external) 25

  26. Summary � Incorrect error propagation plagues almost all file systems and storage systems Bad Calls EC Calls Fraction File systems 914 7400 12% Storage drivers 177 904 20% 26

  27. Outline � Introduction � Methodology � Results � Analysis of Results � Discussion and Conclude 27

  28. Analysis of Results � Correlate robustness and complexity � Correlate file system size with number of violations More complex file systems, more violations (Corr = 0.82) − � Correlate file system size with frequency of violations Small file systems make frequent violations (Corr = -0.20) − � Location distance of calls affects correct error propagation � Inter-module > inter-file > intra-file bad calls � Read vs. Write failure-handling � Corner-case or consistent mistakes 28

  29. Read vs. Write Failure-Handling � Filter read/write operations (string comparison) � Callee contains “ write ”, or “ sync ”, or “ wait ” � Write ops � Callee contains “ read ” � Read ops Callee Type Bad Calls EC Calls Fraction Read 26* 603 4% Sync+Wait+Write 177 904 20% mm/readahead.c Lots of write failures Read prefetching in are ignored! Memory Management 29

  30. Corner-Case or Consistent Mistakes? # Bad calls to f() � Define bad call frequency = # All calls to f() � Example: sync_blockdev, 15/21 � Bad call frequency: 71% � Corner-case bugs � Bad call frequency < 20% � Consistent bugs � Bad call frequency > 50% 30

  31. CDF of Bad Call Frequency 850 bad calls fall above the 50% mark Cumulative Cumulative #Bad Calls Fraction Bad Call Frequency Less than 100 sync_blockdev 15 bad calls / 21 EC calls violations are corner- Bad Call Freq: 71 % case bugs At x = 71 , y += 15 31

  32. What’s going on? � Not just bugs � But more fundamental design issues � Checkpoint failures are ignored Why? Maybe because of journaling flaw [IOShepherd-SOSP’07] − Cannot recover from checkpoint failures − Ex: A simple block remap could not result in a consistent state − � Many write failures are ignored Lack of recovery policies? Hard to recover? − � Many failures are ignored in the middle of operations Hard to rollback? − 32

  33. Conclusion (developer comments) � ext3 “there's no way of reporting error to userspace. So ignore it” � XFS “Just ignore errors at this point. There is nothing we can do except to try to keep going” � ReiserFS “we can't do anything about an error here” � IBM JFS “ note: todo: log error handler” � CIFS “should we pass any errors back?” � SCSI “Todo: handle failure” 33

  34. Thank you! Questions? AD vanced S ystems L aboratory www.cs.wisc.edu/adsl 34

  35. Extra Slides 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC

P UBLIC - KEY CRYPTOGRAPHY (PKC) E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM P UBLIC

E RROR - CORRECTING PAIRS FOR A PUBLIC - KEY CRYPTOSYSTEM E RROR - CORRECTING PAIRS P UBLIC - KEY CRYPTOGRAPHY FOR A PUBLIC - KEY CRYPTOSYSTEM C ODE BASED CRYPTOGRAPHY P REREQUISITES E RROR - CORRECTING CODES I. M RQUEZ -C ORBELLA 1 R. P

1.2k views • 97 slides
PaSTR TRI: E : Err rror-Bou Bounded Los Lossy Comp Compression on for or Two-El Electron

PaSTR TRI: E : Err rror-Bou Bounded Los Lossy Comp Compression on for or Two-El Electron

PaSTR TRI: E : Err rror-Bou Bounded Los Lossy Comp Compression on for or Two-El Electron n Integr grals s in in Quan antu tum Chem emis istr try Ali Murat Gok (Northwestern University, USA) Sheng Di (Argonne National

671 views • 54 slides
Lab 2 discussion Last Time Debugging Its a science use experiments to refine

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides
Bias and Uncertainty W hen judgm ents are m ade under uncertainty, tw o general types of

Bias and Uncertainty W hen judgm ents are m ade under uncertainty, tw o general types of

E RROR M ANAGEMENT I N E RROR M ANAGEMENT I N F ORENSI C D I GI TAL I MAGI NG F ORENSI C D I GI TAL I MAGI NG A R ESOLUTI ON FOR THE A R ESOLUTI ON FOR THE E NTI RE C RI MI NAL J USTI CE C OMMUNI TY E NTI RE C RI MI NAL J USTI CE C OMMUNI TY

764 views • 43 slides
Ergonomics and Manual Handling Induction Welcome to United Synergies induction for Office

Ergonomics and Manual Handling Induction Welcome to United Synergies induction for Office

Ergonomics and Manual Handling Induction Welcome to United Synergies induction for Office Ergonomic and Manual Handling. The aim of this training is to: ensure awareness of the correct ergonomic principles and workstation set up

606 views • 25 slides
Material Handling Chapter 5 Designing material handling systems Overview of material

Material Handling Chapter 5 Designing material handling systems Overview of material

Material Handling Chapter 5 Designing material handling systems Overview of material handling equipment Unit load design Material handling equipment selection Material Handling Definitions Material handling is the combination

664 views • 41 slides
Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Procedure at Correct Body Site Patient Safety Solutions CONTENT Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure at Correct Suggested Actions. Looking Forward.

198 views • 3 slides
Exception Handling in C++ throw - try - catch ! class InvalidNumber { }; void main() {

Exception Handling in C++ throw - try - catch ! class InvalidNumber { }; void main() {

14 . Exception Handling: Mechanism and Usage Exception Handling Synchronous Errors Asynchronous Errors An Example function : Call may result in an error double sqrt(int number); Traditional Error Handling Exit the program Return an

453 views • 8 slides
Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to Practice? Micropipetting is the foundation to many future experiments Correct pipetting insures correct volumes which creates a greater chance

544 views • 19 slides
Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax developments Recent tax cases Requirement to Correct Deadline 30 September ! Requirement to Correct (RTC) RTC obliges taxpayers to make a disclosure

595 views • 38 slides
e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct Improvement p value before after score Micro organisms 51 86 35 (30, 39) &lt;0.001 Good and Bad Microbes 48 86 36 (32, 40) &lt;0.001 Spread

427 views • 29 slides
Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

10/30/19 Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp prediction negative fn tn prediction 1 10/30/19 Precision and recall Precision : % of predicted items that are correct P = tp/

117 views • 11 slides
LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN WAREHOUSE

LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN WAREHOUSE

Matthew Allen Solutions Manager CB Products EMEA LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN MATERIALS HANDLING LITHIUM ION IN WAREHOUSE MATERIALS LITHIUM ION IN WAREHOUSE MATERIALS HANDLING (NOT COUNTERBALANCE) HANDLING (NOT

702 views • 17 slides
LOADING &amp; HANDLING OF ROLLED CELLULOSE HOW DOES IT DIFFER FROM LOADING &amp; HANDLING OF

LOADING &amp; HANDLING OF ROLLED CELLULOSE HOW DOES IT DIFFER FROM LOADING &amp; HANDLING OF

LOADING &amp; HANDLING OF ROLLED CELLULOSE HOW DOES IT DIFFER FROM LOADING &amp; HANDLING OF PAPER ROLLS? JULY 10, 2019 BY SAM GAYLE TECHNICAL SERVICES MANAGER DAMAGE PREVENTION Rolled Cellulose from Coosa Pines, AL. Resolute Forest

448 views • 19 slides
Topic 16 Creating Correct Programs Creating Correct Programs &quot;It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs &quot;It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs &quot;It is a profoundly erroneous truism, repeated by all the copybooks, and by eminent people when they are making speeches, that we should cultivate the habit of thinking about

463 views • 29 slides
Hand Ball Hand Ball What?? Handling the Ball Handling the Ball Goal - Consistent Calls

Hand Ball Hand Ball What?? Handling the Ball Handling the Ball Goal - Consistent Calls

Hand Ball Hand Ball What?? Handling the Ball Handling the Ball Goal - Consistent Calls Across the State Across the Country Across the World Handling the Ball Three Criteria to Determine if Hand/Arm contact is Handling

360 views • 15 slides
Graph-based, Self-Supervised Program Repair from Diagnostic Feedback ICML 2020 Michihiro

Graph-based, Self-Supervised Program Repair from Diagnostic Feedback ICML 2020 Michihiro

Graph-based, Self-Supervised Program Repair from Diagnostic Feedback ICML 2020 Michihiro Yasunaga, Percy Liang Stanford University Why program repair? Programmers spend 75% of time fixing source code errors Automatic program repair can

1.69k views • 130 slides
Hypothesis Testing Mark Lunt Centre for Epidemiology Versus Arthritis University of Manchester

Hypothesis Testing Mark Lunt Centre for Epidemiology Versus Arthritis University of Manchester

Formulating a hypothesis test Interpreting a hypothesis test Common types of hypothesis test Power calculations Hypothesis tests and confidence intervals Hypothesis Testing Mark Lunt Centre for Epidemiology Versus Arthritis University of

498 views • 48 slides
Mean Tests &amp; X 2 Parametric vs Nonparametric Errors Selection of a Statistical Test SW242

Mean Tests &amp; X 2 Parametric vs Nonparametric Errors Selection of a Statistical Test SW242

Mean Tests &amp; X 2 Parametric vs Nonparametric Errors Selection of a Statistical Test SW242 Creation &amp; Description of a Data Set 4 Levels of Measurement * Nominal, ordinal, interval, ratio * Variable Types * Independent Variables,

586 views • 23 slides
Static typing: beyond the basics of Static typing: beyond the basics of def foo(x: int) -&gt;

Static typing: beyond the basics of Static typing: beyond the basics of def foo(x: int) -&gt;

Static typing: beyond the basics of Static typing: beyond the basics of def foo(x: int) -&gt; str: def foo(x: int) -&gt; str: Vita Smid Vita Smid | EuroPython 2019 EuroPython 2019 July 10, 2019 July 10, 2019 Vita Vita Prague Prague

448 views • 32 slides
BERT Basic Error Response Type Bert Why: Document WG Choice What: method to sign

BERT Basic Error Response Type Bert Why: Document WG Choice What: method to sign

BERT Basic Error Response Type Bert Why: Document WG Choice What: method to sign responses on line Pros ... Simplifies negative wild card responses Fairly simple signing model model Satisfies universal signing requirement

623 views • 5 slides
Website http://exceptionsafecode.com Bibliography Video Comments Contact Email

Website http://exceptionsafecode.com Bibliography Video Comments Contact Email

Exception-Safe Coding C++ Now! 2012 Talk by Jon Kalb Website http://exceptionsafecode.com Bibliography Video Comments Contact Email jon@exceptionsafecode.com Follow @JonathanKalb Rsum jonkalb@a9.com Dedication To

1.37k views • 109 slides
SMT error analysis and mapping to syntactic, semantic and structural fixes Nora Aranberri IXA

SMT error analysis and mapping to syntactic, semantic and structural fixes Nora Aranberri IXA

Introduction Error classification schemes Our approach The SMT systems Error analysis results Fixing possibilities with SSS Conclusions SMT error analysis and mapping to syntactic, semantic and structural fixes Nora Aranberri IXA Group

553 views • 44 slides
Hypothesis testing get data that differ from the null hypothesis. If the data would be quite

Hypothesis testing get data that differ from the null hypothesis. If the data would be quite

Hypothesis testing asks how unusual it is to Hypothesis testing get data that differ from the null hypothesis. If the data would be quite unlikely under H 0 , we reject H 0 . So we need to know how good the sample is, and how likely it is that

334 views • 14 slides

More recommend