ski exposing kernel concurrency bugs through systematic
play

SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule - PowerPoint PPT Presentation

Sep 29, 2022 •165 likes •840 views

SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration Pedro Fonseca (MPI-SWS) Rodrigo Rodrigues Bjrn Brandenburg (MPI-SWS) (NOVA University of Lisbon) OSDI 2014 SKI: Exposing Kernel Concurrency Bugs

  1. SKI: Exposing Kernel Concurrency Bugs through Systematic Schedule Exploration Pedro Fonseca (MPI-SWS) Rodrigo Rodrigues Björn Brandenburg (MPI-SWS) (NOVA University of Lisbon) OSDI 2014 SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  2. Kernel concurrency bugs ● Bugs that depend on the instruction interleavings – Triggered only by a subset of the interleavings SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  3. Kernel concurrency bugs ● Bugs that depend on the instruction interleavings – Triggered only by a subset of the interleavings ● Plenty of kernel concurrency bugs in kernels! SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  4. Kernel concurrency bugs ● Bugs that depend on the instruction interleavings – Triggered only by a subset of the interleavings ● Plenty of kernel concurrency bugs in kernels! The bug is a race and not always easy to reproduce . [...] On my The bug is a race and not always easy to reproduce . [...] On my particular machine, [the test case] usually triggers [the bug] particular machine, [the test case] usually triggers [the bug] within 10 minutes but enabling debug options can change the within 10 minutes but enabling debug options can change the timing such that it never hits. Once the bug is triggered, the timing such that it never hits. Once the bug is triggered, the machine is in trouble and needs to be rebooted. machine is in trouble and needs to be rebooted. Linux 3.0.41 change log SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  5. Kernel concurrency bugs ● Bugs that depend on the instruction interleavings – Triggered only by a subset of the interleavings ● Plenty of kernel concurrency bugs in kernels! The bug is a race and not always easy to reproduce . [...] On my The bug is a race and not always easy to reproduce . [...] On my particular machine, [the test case] usually triggers [the bug] particular machine, [the test case] usually triggers [the bug] within 10 minutes but enabling debug options can change the within 10 minutes but enabling debug options can change the timing such that it never hits. Once the bug is triggered, the timing such that it never hits. Once the bug is triggered, the machine is in trouble and needs to be rebooted. machine is in trouble and needs to be rebooted. Linux 3.0.41 change log [The bug] was quite hard to decode as the reproduction time [The bug] was quite hard to decode as the reproduction time is between 2 days and 3 weeks and intrusive tracing is between 2 days and 3 weeks and intrusive tracing makes it less likely [...] makes it less likely [...] Linux 3.4.41 change log SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  6. Kernel concurrency bugs ● Bugs that depend on the instruction interleavings – Triggered only by a subset of the interleavings ● Plenty of kernel concurrency bugs in kernels! Three of the fve 3.4.9 machines [...] locked up. The bug is a race and not always easy to reproduce . [...] On my Three of the fve 3.4.9 machines [...] locked up. The bug is a race and not always easy to reproduce . [...] On my I've tried reproducing the issue, but so far I've particular machine, [the test case] usually triggers [the bug] I've tried reproducing the issue, but so far I've particular machine, [the test case] usually triggers [the bug] been unsuccessful [...] within 10 minutes but enabling debug options can change the been unsuccessful [...] within 10 minutes but enabling debug options can change the timing such that it never hits. Once the bug is triggered, the Linux kernel mailing list (5/1/2013) timing such that it never hits. Once the bug is triggered, the machine is in trouble and needs to be rebooted. machine is in trouble and needs to be rebooted. Linux 3.0.41 change log [The bug] was quite hard to decode as the reproduction time [The bug] was quite hard to decode as the reproduction time is between 2 days and 3 weeks and intrusive tracing is between 2 days and 3 weeks and intrusive tracing makes it less likely [...] makes it less likely [...] Linux 3.4.41 change log SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  7. Approaches to explore interleavings ● Stress testing approach – Hope to fnd the interleaving SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  8. Approaches to explore interleavings ● Stress testing approach – Hope to fnd the interleaving ● Systematic approach – Take full control of the interleavings – Existing tools focus on user-mode applications SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  9. Approaches to explore interleavings ● Stress testing approach – Hope to fnd the interleaving ● Systematic approach – Take full control of the interleavings – Existing tools focus on user-mode applications This talk SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  10. Approaches to explore interleavings ● Stress testing approach – Hope to fnd the interleaving ● Systematic approach – Take full control of the interleavings – Existing tools focus on user-mode applications Focus on operating system kernels This talk SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  11. SKI Finding kernel concurrency bugs ● Testing applications versus kernels ● Our approach ● Implementation ● Evaluation SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  12. Existing user-mode tools App Existing user-mode Kernel-level abstractions Threads and sync. objects systematic tools LD_PRELOAD, ptrace Kernel SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  13. Existing user-mode tools App Existing user-mode Kernel-level abstractions User-mode testing tool Threads and sync. objects systematic tools LD_PRELOAD, ptrace Kernel Scheduler SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  14. Kernel-mode challenges Testing tool ● Kernel doesn't have a good instrumentation interface Kernel Scheduler SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  15. Kernel-mode challenges ● Kernel doesn't have a good instrumentation interface Kernel Scheduler ● An alternative would be to modify the kernel – But kernel modifcations: SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  16. Kernel-mode challenges ● Kernel doesn't have a good instrumentation interface Kernel Scheduler ● An alternative would be to modify the kernel – But kernel modifcations: ● Change the tested software ● Are non-trivial ● Hinder portability SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  17. Kernel-mode challenges ● Kernel doesn't have a good instrumentation interface Kernel Scheduler ● An alternative would be to modify the kernel – But kernel modifcations: ● Change the tested software ● Are non-trivial ● Hinder portability Avoid kernel modifcations SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  18. User-mode versus kernel-mode App Existing user-mode Kernel-level abstractions Threads and sync. objects systematic tools LD_PRELOAD, ptrace Kernel Scheduler HW-level abstractions Our tool mov, add, jmp, registers, APIC (modifed VMM) Hardware SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  19. User-mode versus kernel-mode App Existing user-mode Kernel-level abstractions Threads and sync. objects systematic tools LD_PRELOAD, ptrace Kernel Scheduler HW-level abstractions Kernel testing tool Our tool mov, add, jmp, registers, APIC (modifed VMM) Hardware SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  20. SKI Finding kernel concurrency bugs SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  21. SKI Finding kernel concurrency bugs Systematic Full control of the kernel interleavings SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  22. SKI Finding kernel concurrency bugs Systematic Practical + No modifcations Full control of the to the kernel kernel interleavings Fast SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  23. SKI Finding kernel concurrency bugs ● Challenges testing the kernel code ● SKI's approach ● Implementation ● Evaluation SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  24. SKI's approach VM App Challenges 1. How to control the schedules? Kernel 2. Which contexts are schedulable? 3. Which schedules to choose? HW-level abstractions mov, add, jmp, registers, APIC SKI VMM SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  25. 1. How to control the kernel schedules? Thread 1 Thread 2 MOV ADD PUSH t MOV MOV SUB JMP CPU SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  26. 1. How to control the kernel schedules? Pin each tested thread to a diferent CPU (thread afnity) ● Thread 1 Thread 2 Thread 1 Thread 2 MOV MOV ADD ADD PUSH PUSH Pin t MOV MOV MOV MOV SUB SUB JMP JMP CPU CPU 1 CPU 2 SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

  27. 1. How to control the kernel schedules? Pin each tested thread to a diferent CPU (thread afnity) ● Pause and resume CPUs to control schedules ● Thread 1 Thread 2 Thread 1 Thread 2 Thread 1 Thread 2 MOV MOV MOV ADD ADD PUSH PUSH PUSH MOV Pin Control t MOV MOV SUB MOV MOV ADD SUB SUB MOV JMP JMP JMP CPU CPU 1 CPU 2 CPU 1 CPU 2 SKI: Exposing Kernel Concurrency Bugs Pedro Fonseca

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding and Genera-ng High Quality Patches for Concurrency Bugs Haopeng Liu , Yuxi Chen and

Understanding and Genera-ng High Quality Patches for Concurrency Bugs Haopeng Liu , Yuxi Chen and

1 Understanding and Genera-ng High Quality Patches for Concurrency Bugs Haopeng Liu , Yuxi Chen and Shan Lu 2 What are concurrency bugs Synchroniza-on mistakes in mul--threaded programs 3 What are concurrency bugs Synchroniza-on

826 views • 65 slides
Detecting and Avoiding Concurrency Bugs Pil Jae Jang Cyril Agbi Paper similarities Testing

Detecting and Avoiding Concurrency Bugs Pil Jae Jang Cyril Agbi Paper similarities Testing

Detecting and Avoiding Concurrency Bugs Pil Jae Jang Cyril Agbi Paper similarities Testing Parallel programming is hard to debug due to interleaving bugs A viable solution is to better equip programmers to detect and fix these bugs

585 views • 41 slides
A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire

A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire

A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire Michael Stephanie Westley Le Goues Dewey-Vogt Forrest Weimer 1 http://genprog.cs.virginia.edu Everyday, almost 300 Annual cost of bugs

647 views • 63 slides
DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu ,

DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu ,

1 DCatch: Automatically Detecting Distributed Concurrency Bugs in Cloud Systems Haopeng Liu , Guangpu Li, Jeffrey Lukman, Jiaxin Li, Shan Lu, Haryadi Gunawi, and Chen Tian* * 2 Cloud systems 3 Cloud systems 4 Distributed concurrency bugs

1.3k views • 93 slides
Detecting Concurrency Errors of Erlang Programs Using Systematic Testing Kostis Sagonas

Detecting Concurrency Errors of Erlang Programs Using Systematic Testing Kostis Sagonas

Detecting Concurrency Errors of Erlang Programs Using Systematic Testing Kostis Sagonas kostis@it.uu.se Outline Erlang Concurrency errors and their sources Systematic Concurrency Testing Concuerror & Demo Techniques to

646 views • 20 slides
Concurrency Bugs Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Fall 2017 ::

Concurrency Bugs Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Fall 2017 ::

Fall 2017 :: CSE 306 Concurrency Bugs Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau) Fall 2017 :: CSE 306 Concurrency Bugs are Serious The Therac-25 incident (1980s) The accidents occurred when the high-power electron

297 views • 27 slides
CMBS Bedbugs Hosted by 1st Service Solutions Part 1 of our 2015 Webinar Series: Exposing the

CMBS Bedbugs Hosted by 1st Service Solutions Part 1 of our 2015 Webinar Series: Exposing the

CMBS Bedbugs Hosted by 1st Service Solutions Part 1 of our 2015 Webinar Series: Exposing the Truth About CMBS MYTHS AND FACTS ABOUT BEDBUGS 2 Myths About BedBugs Bed bugs only bite in the dark Although bed bugs tend to be more active

500 views • 24 slides
Threads and Concurrency Threads and Concurrency A First Look at Some Key Concepts A First Look

Threads and Concurrency Threads and Concurrency A First Look at Some Key Concepts A First Look

Threads and Concurrency Threads and Concurrency A First Look at Some Key Concepts A First Look at Some Key Concepts kernel The software component that controls the hardware directly, and implements the core privileged OS functions. Modern

208 views • 10 slides
Finding Concurrency Bugs in Java David Hovemeyer and William Pugh July 25, 2004 David Hovemeyer

Finding Concurrency Bugs in Java David Hovemeyer and William Pugh July 25, 2004 David Hovemeyer

Outline Introduction Concurrency Bug Patterns Conclusions Finding Concurrency Bugs in Java David Hovemeyer and William Pugh July 25, 2004 David Hovemeyer and William Pugh Finding Concurrency Bugs in Java Outline Introduction Concurrency

521 views • 18 slides
of Concurrency Bugs Yan Cai ( ) ycai.mail@gmail.com State Key Lab. of Computer Science, I

of Concurrency Bugs Yan Cai ( ) ycai.mail@gmail.com State Key Lab. of Computer Science, I

ISHCS 2016 (International Symposium on High Confidence Software), PKU, Beijing, Dec. 18, 2016 Probabilistic Detection and Sampling of Concurrency Bugs Yan Cai ( ) ycai.mail@gmail.com State Key Lab. of Computer Science, I nstitute of S

517 views • 26 slides
Frightening small children and disconcerting grown-ups: Concurrency in the Linux kernel Jade

Frightening small children and disconcerting grown-ups: Concurrency in the Linux kernel Jade

Frightening small children and disconcerting grown-ups: Concurrency in the Linux kernel Jade Alglave, Luc Maranget, Paul McKenney, Andrea Parri and Alan Stern Concurrency in Linux can be a contentious topic Model URL SPARC [McKenney, 2001,

807 views • 35 slides
Concurrency Bugs Ben Liblit with Guoliang Jin and Shan Lu We need reliable software Peoples

Concurrency Bugs Ben Liblit with Guoliang Jin and Shan Lu We need reliable software Peoples

Automated Repair of Concurrency Bugs Ben Liblit with Guoliang Jin and Shan Lu We need reliable software Peoples daily life now depends on reliable software Software companies spend lots of resources on debugging More than 50% effort

792 views • 55 slides
Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs Facts on Debugging Software bugs are

840 views • 63 slides
[537] Concurrency Bugs Chapter 32 Tyler Harter 10/22/14 Review Semaphores CVs vs.

[537] Concurrency Bugs Chapter 32 Tyler Harter 10/22/14 Review Semaphores CVs vs.

[537] Concurrency Bugs Chapter 32 Tyler Harter 10/22/14 Review Semaphores CVs vs. Semaphores CV rules of thumb: - Keep state in addition to CVs - Always do wait/signal with lock held - Whenever you acquire a lock, recheck state

1.24k views • 96 slides
Testing and Debugging for Concurrent Programs Yi-Fan Tsai yifan.tsai@colorado.edu Concurrency

Testing and Debugging for Concurrent Programs Yi-Fan Tsai yifan.tsai@colorado.edu Concurrency

Concurrency Bugs in Real World Testing Debugging References Testing and Debugging for Concurrent Programs Yi-Fan Tsai yifan.tsai@colorado.edu Concurrency Bugs in Real World Testing Debugging References Outline Concurrency Bugs in Real

584 views • 34 slides
Shan Lu 1 Dec. 2008 , thesis defense @ Univ. of Illinois Understanding, Detecting, and

Shan Lu 1 Dec. 2008 , thesis defense @ Univ. of Illinois Understanding, Detecting, and

Shan Lu 1 Dec. 2008 , thesis defense @ Univ. of Illinois Understanding, Detecting, and Exposing Concurrency Bugs Jan. 2009 , starts @ Univ. of Wisconsin Jul. 2009 , should I write a proposal or paper or both? Nov.

545 views • 20 slides
Risk Management and Stress Testing From Theory to Practice Michele Bonollo

Risk Management and Stress Testing From Theory to Practice Michele Bonollo

Conference for 65th Birthday Professor Wolfgang Runggaldier Risk Management and Stress Testing From Theory to Practice Michele Bonollo michele.bonollo@sgsbpvn.it Bressanone, 18 luglio 2007 What did I learn from Wolfgang Runggaldier? A

501 views • 25 slides
Staffs Proposed Stress Test Methodology for Disallowed 2017 Catastrophic Wildfire Costs Str

Staffs Proposed Stress Test Methodology for Disallowed 2017 Catastrophic Wildfire Costs Str

Staffs Proposed Stress Test Methodology for Disallowed 2017 Catastrophic Wildfire Costs Str tress Tes est Workshop April 10, , 2019 Brandon Gerstle CPUC Energy Div ivisio ion 1

649 views • 29 slides
Persuasion in Global Games with Application to Stress Testing Nicolas Inostroza Alessandro Pavan

Persuasion in Global Games with Application to Stress Testing Nicolas Inostroza Alessandro Pavan

Persuasion in Global Games with Application to Stress Testing Nicolas Inostroza Alessandro Pavan December 26, 2019 Motivation Coordination: central to many socio-economic environments Damages to society of mkt coordination on undesirable

688 views • 41 slides
Caring'Safely Module'723 Organizational'Health Trauma'Informed'Employee'Wellness 1

Caring'Safely Module'723 Organizational'Health Trauma'Informed'Employee'Wellness 1

Caring'Safely Module'723 Organizational'Health Trauma'Informed'Employee'Wellness 1 www.CaringSafely.org In'This'Module Trauma'informed'practice'and'compassion'fatigue ACEs'in'helping'professionals The'impact'of'chronic'stress

263 views • 5 slides
1 Measuring quality Costs of quality assurance Is it possible to quantify software

1 Measuring quality Costs of quality assurance Is it possible to quantify software

Key Points Many different characteristics of quality Quality Assurance and Testing Importance of having independent quality assurance from development The deliverable of QA is information CSE 403 Write it down Lecture 22 QA

359 views • 5 slides
Stress testing for competitive advantage beyond regulatory compliance Led by: The Center for

Stress testing for competitive advantage beyond regulatory compliance Led by: The Center for

Stress testing for competitive advantage beyond regulatory compliance Led by: The Center for Financial Professionals & Dennis Bennett, MRMIA Presenters: Tally Ferguson, BOK Financial Venkat Iyer, Santander Chris Smigielski, TIAA Bank MEET

521 views • 21 slides
Financial stability May 2019 Household indebtedness remains the greatest risk... Total

Financial stability May 2019 Household indebtedness remains the greatest risk... Total

Financial stability May 2019 Household indebtedness remains the greatest risk... Total household debt as a share of annual disposable household income added together over the Sources: Statistics Sweden and the Riksbank last four quarters. The

237 views • 12 slides
Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework

Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework

Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework Stochastic Stress Framework Atilla Gunal Technical Computing Group Microsoft Agenda Agenda The Product Concurrency Runtime The

362 views • 21 slides

More recommend