specifying and checking file system crash consistency
play

Specifying and Checking File System Crash-Consistency Models Steven - PowerPoint PPT Presentation

Jan 01, 2024 •255 likes •982 views

Specifying and Checking File System Crash-Consistency Models Steven Lang September 4, 2016 Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universitt Mainz Motivation The problem: POSIX

  1. Specifying and Checking File System Crash-Consistency Models Steven Lang September 4, 2016

  2. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Motivation The problem: ◮ POSIX file-system-interfaces do not define possible outcomes of a crash ◮ Can lead to ◮ Corrupt application states ◮ Catastrophic data loss 1 Steven Lang September 4, 2016

  3. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Motivation Replace-Via-Rename Pattern / ∗ " f i l e " has old data ∗ / fd = open ( " f i l e . tmp" ) ; w r i t e ( fd , new , s i z e ) ; c l o s e ( fd ) ; rename ( " f i l e . tmp" , " f i l e " ) ; 2 Steven Lang September 4, 2016

  4. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Motivation Replace-Via-Rename Pattern open / ∗ " f i l e " has old data ∗ / fd = open ( " f i l e . tmp" ) ; write 0 w r i t e ( fd , new , s i z e ) ; c l o s e ( fd ) ; rename ( " f i l e . tmp" , " f i l e " ) ; rename write 1 2 Steven Lang September 4, 2016

  5. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Motivation Replace-Via-Rename Pattern open / ∗ " f i l e " has old data ∗ / fd = open ( " f i l e . tmp" ) ; write 0 w r i t e ( fd , new , s i z e ) ; c l o s e ( fd ) ; rename ( " f i l e . tmp" , " f i l e " ) ; rename write 1 file’s on-disk state possible executions seen on disk new open, write 0 , rename, write 1 , ... 2 Steven Lang September 4, 2016

  6. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Motivation Replace-Via-Rename Pattern open / ∗ " f i l e " has old data ∗ / fd = open ( " f i l e . tmp" ) ; write 0 w r i t e ( fd , new , s i z e ) ; c l o s e ( fd ) ; rename ( " f i l e . tmp" , " f i l e " ) ; rename write 1 file’s on-disk state possible executions seen on disk new open, write 0 , rename, write 1 , ... old open, write 0 , crash 2 Steven Lang September 4, 2016

  7. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Motivation Replace-Via-Rename Pattern open / ∗ " f i l e " has old data ∗ / fd = open ( " f i l e . tmp" ) ; write 0 w r i t e ( fd , new , s i z e ) ; c l o s e ( fd ) ; rename ( " f i l e . tmp" , " f i l e " ) ; rename write 1 file’s on-disk state possible executions seen on disk new open, write 0 , rename, write 1 , ... old open, write 0 , crash empty open, rename, crash 2 Steven Lang September 4, 2016

  8. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Motivation Replace-Via-Rename Pattern open / ∗ " f i l e " has old data ∗ / fd = open ( " f i l e . tmp" ) ; write 0 w r i t e ( fd , new , s i z e ) ; c l o s e ( fd ) ; rename ( " f i l e . tmp" , " f i l e " ) ; rename write 1 file’s on-disk state possible executions seen on disk new open, write 0 , rename, write 1 , ... old open, write 0 , crash empty open, rename, crash partial new open, write 0 , rename, crash 2 Steven Lang September 4, 2016

  9. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Motivation Introduction Background Crash-Consistency Models FERRITE Conclusion Outlook 3 Steven Lang September 4, 2016

  10. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Introduction ◮ Modern file system optimizations relax the order in which operations are executed Good: ◮ Provide significant performance gains Bad: ◮ Invisible to applications ◮ Machine crashes during out-of-order execution can harm the data’s persistence 4 Steven Lang September 4, 2016

  11. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Introduction ◮ Key challenge for application writers: ◮ Understand the behavior of file systems across system crashes ◮ They make assumptions about crash guarantees provided by file systems ◮ They base their aplications on these assumptions 5 Steven Lang September 4, 2016

  12. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Introduction ◮ Being too optimistic about crash guarantees leads to serious data losses 6 Steven Lang September 4, 2016

  13. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Introduction ◮ Being too optimistic about ◮ Being too conservative is crash guarantees leads to expensive in energy, performance, and hardware serious data losses lifespan 6 Steven Lang September 4, 2016

  14. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Background The POSIX file system interface ◮ POSIX standard defines a set of system calls for fs access operation description open allocate file descriptor perform file operations write, read link, unlink, mkdir perform directory operations explicitly flush data to disk sync, fsync deallocate file descriptor close ◮ fsync system call is key to provide data integrity 7 Steven Lang September 4, 2016

  15. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Crash-Consistency Models ◮ Used to define permissible states of a file system after a crash ◮ Consist of: ◮ Litmus tests : demonstrate allowed/forbidden behaviors of file systems across crashes ◮ Formal specifications : logic and state machines, describing crash-consistency behavior axiomatic and operational 8 Steven Lang September 4, 2016

  16. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Crash-Consistency Models Litmus tests Litmus tests consist of three parts: 1. Initial setup (optional) Example: initial: f ← creat("f", 0600) 9 Steven Lang September 4, 2016

  17. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Crash-Consistency Models Litmus tests Litmus tests consist of three parts: 1. Initial setup (optional) 2. Main body Example: initial: f ← creat("f", 0600) main: write(f, "data") fsync(f) mark("done") close(f) 9 Steven Lang September 4, 2016

  18. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Crash-Consistency Models Litmus tests Litmus tests consist of three parts: 1. Initial setup (optional) 2. Main body 3. Final checking Example: initial: f ← creat("f", 0600) main: write(f, "data") fsync(f) mark("done") close(f) exists?: marked("done") ∧ content("f") � = "data" 9 Steven Lang September 4, 2016

  19. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Crash-Consistency Models Litmus tests: Prefix-append (PA) ◮ The prefix-append (PA) litmus test checks whether, in the event of a crash, a file always contains a prefix of the data that has been appended to it initial: N ← 2500 as , bs ← "a" * N, "b" * N f ← creat("file", 0600) write(f, as) main: write(f, bs) exists?: content("file") � as + bs ◮ Also known as "safe-append" ◮ Popular file systems ( ext4 ) do not guarantee this property 10 Steven Lang September 4, 2016

  20. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Crash-Consistency Models Litmus tests: Atomic-replace-via-rename (ARVR) ◮ ARVR checks whether replacing file contents via rename is atomic across crashes initial: g ← creat("file", 0600) write(g, old) main: f ← creat("file.tmp", 0600) write(f, new) rename("file.tmp", "file") exists?: content("file") � = old ∧ content("file") � = new 11 Steven Lang September 4, 2016

  21. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Crash-Consistency Models Formal specifications Two styles of specification: ◮ axiomatic : describe valid crash behaviors declaratively, using a set of axioms and ordering relations ◮ operational : abstract machines that simulate relevant aspects of file system behavior 12 Steven Lang September 4, 2016

  22. Specifying and Checking File System Crash-Consistency Models Johannes Gutenberg Universität Mainz Crash-Consistency Models Formal specifications Two styles of specification: ◮ axiomatic : describe valid crash behaviors declaratively, using a set of axioms and ordering relations ◮ operational : abstract machines that simulate relevant aspects of file system behavior Example models will be shown for: ◮ seqfs , an ideal file system with strong crash consistency guarantees ◮ ext4 , a real file system with weak consistency guarantees 12 Steven Lang September 4, 2016

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Specifying and Checking File System Crash-Consistency Models James Bornholt Antoine Kaufmann

Specifying and Checking File System Crash-Consistency Models James Bornholt Antoine Kaufmann

Specifying and Checking File System Crash-Consistency Models James Bornholt Antoine Kaufmann Jialin Li Arvind Krishnamurthy Emina Torlak Xi Wang University of Washington File systems persist our data Application File System File systems

937 views • 91 slides
to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram

to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram

CrashMonkey: A Framework to Systematically Test File-System Crash Consistency Ashlie Martinez Vijay Chidambaram University of Texas at Austin Crash Consistency File-system updates change multiple blocks on storage Data blocks, inodes,

499 views • 46 slides
TxFS: Leveraging File-System Crash Consistency to Provide ACID Transactions Yige Hu, Zhiting

TxFS: Leveraging File-System Crash Consistency to Provide ACID Transactions Yige Hu, Zhiting

TxFS: Leveraging File-System Crash Consistency to Provide ACID Transactions Yige Hu, Zhiting Zhu, Ian Neal, Youngjin Kwon, Tianyu Chen, Vijay Chidambaram, Emmett Witchel The University of Texas at Austin 1 Crash Applications need crash

819 views • 30 slides
Optimistic Crash Consistency Vijay Chidambaram Thanumalayan Sankaranarayana Pillai Andrea

Optimistic Crash Consistency Vijay Chidambaram Thanumalayan Sankaranarayana Pillai Andrea

Optimistic Crash Consistency Vijay Chidambaram Thanumalayan Sankaranarayana Pillai Andrea Arpaci-Dusseau Remzi Arpaci-Dusseau Crash Consistency Problem Single file-system operation updates multiple on-disk data structures System may crash

1.29k views • 83 slides
From Crash Consistency to Transactions Yige Hu Youngjin Kwon Vijay Chidambaram Emmett Witchel

From Crash Consistency to Transactions Yige Hu Youngjin Kwon Vijay Chidambaram Emmett Witchel

From Crash Consistency to Transactions Yige Hu Youngjin Kwon Vijay Chidambaram Emmett Witchel Persistent data is structured; crash consistency hard Structured data abstractions built on file system SQLite, BerkeleyDB...

468 views • 34 slides
The problem: crash consistency Single operaBon updates mulBple blocks System might crash in

The problem: crash consistency Single operaBon updates mulBple blocks System might crash in

Consistency Without Ordering Vijay Chidambaram, Tushar Sharma, Andrea ArpaciDusseau, Remzi ArpaciDusseau The Advanced Systems Laboratory University of Wisconsin Madison The problem: crash consistency Single operaBon updates mulBple

953 views • 49 slides
Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez,

Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez,

Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez, Soujanya Ponnapalli, Pandian Raju, Vijay Chidambaram Crashes I crashed This is very File saved! important File missing Image

878 views • 87 slides
Understanding and Finding Crash-Consistency Bugs in Parallel File Systems Jinghan Sun , Chen Wang,

Understanding and Finding Crash-Consistency Bugs in Parallel File Systems Jinghan Sun , Chen Wang,

Understanding and Finding Crash-Consistency Bugs in Parallel File Systems Jinghan Sun , Chen Wang, Jian Huang, and Marc Snir University of Illinois at Urbana-Champaign Contact: Jinghan Sun (js39@illinois.edu) PFS failures are frequent and

912 views • 17 slides
Using Model Checking to Find Serious File System Errors Junfeng Yang, Paul Twohey, Dawson Engler

Using Model Checking to Find Serious File System Errors Junfeng Yang, Paul Twohey, Dawson Engler

Using Model Checking to Find Serious File System Errors Junfeng Yang, Paul Twohey, Dawson Engler Stanford University Madanlal Musuvathi Microsoft Research Authors Dawson Junfeng Paul Madan FS Errors are Destructive Kernel crash, FS

806 views • 31 slides
Cer$fying a Crash-safe File System Nickolai Zeldovich Collaborators: Tej Chajed, Haogang

Cer$fying a Crash-safe File System Nickolai Zeldovich Collaborators: Tej Chajed, Haogang

Cer$fying a Crash-safe File System Nickolai Zeldovich Collaborators: Tej Chajed, Haogang Chen, Alex Konradi, Stephanie Wang, Daniel Ziegler, Adam Chlipala, M. Frans Kaashoek File systems should not lose data People use file systems to

1.17k views • 98 slides
Verifying a high-performance crash-safe file system using a tree specifica6on Haogang Chen, Tej

Verifying a high-performance crash-safe file system using a tree specifica6on Haogang Chen, Tej

Verifying a high-performance crash-safe file system using a tree specifica6on Haogang Chen, Tej Chajed , Stephanie Wang, Alex Konradi, Atalay leri, Adam Chlipala, M. Frans Kaashoek, Nickolai Zeldovich File systems are difficult to make correct

1.19k views • 100 slides
Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej

Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej

Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej Chajed, Adam Chlipala, Frans Kaashoek, and Nickolai Zeldovich MIT CSAIL 1 / 1 File systems are complex and have bugs File systems are complex (e.g.,

765 views • 52 slides
Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej

Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej

Using Crash Hoare Logic for Certifying the FSCQ File System Haogang Chen, Daniel Ziegler, Tej Chajed, Adam Chlipala, Frans Kaashoek, and Nickolai Zeldovich MIT CSAIL 1 / 27 File systems are complex and have bugs File systems are complex (e.g.,

1.18k views • 50 slides
File Systems: Consistency Issues 1 File Systems: Consistency Issues File systems maintain many

File Systems: Consistency Issues 1 File Systems: Consistency Issues File systems maintain many

File Systems: Consistency Issues 1 File Systems: Consistency Issues File systems maintain many data structures Free list/bit vector Directories File headers and inode structures Data blocks All data structures are cached for better

357 views • 14 slides
Application Crash Consistency and Performance with CCFS Thanumalayan Sankaranarayana Pillai,

Application Crash Consistency and Performance with CCFS Thanumalayan Sankaranarayana Pillai,

Application Crash Consistency and Performance with CCFS Thanumalayan Sankaranarayana Pillai, Ramnatthan Alagappan, Lanyue Lu, Vijay Chidambaram, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau Application-Level Crash Consistency Storage must

2.09k views • 139 slides
Module 11: File-System Interface File Concept Access :Methods Directory Structure

Module 11: File-System Interface File Concept Access :Methods Directory Structure

Module 11: File-System Interface File Concept Access :Methods Directory Structure Protection Consistency Semantics Silberschatz, Galvin, and Gagne 1999 Applied Operating System Concepts 11.1 File Concept Contiguous

755 views • 50 slides
TRUSTED DOCUMENT DELIVERY: MALAYSIAS E -COURT SYSTEM Hamidah Mohamed Deril Deputy Registrar,

TRUSTED DOCUMENT DELIVERY: MALAYSIAS E -COURT SYSTEM Hamidah Mohamed Deril Deputy Registrar,

FEDERAL COURT OF MALAYSI A TRUSTED DOCUMENT DELIVERY: MALAYSIAS E -COURT SYSTEM Hamidah Mohamed Deril Deputy Registrar, SILVERSTR & SONS LAWYER BOUTIQUE Chief Registrars Office, Federal Court of Malaysia New York Office Hobes

952 views • 47 slides
REQUIREMENTS UNDER IFC Western India Regional Council of ICAI 3 rd June, 2017 CA.Abhay Mehta

REQUIREMENTS UNDER IFC Western India Regional Council of ICAI 3 rd June, 2017 CA.Abhay Mehta

REPORTING REQUIREMENTS UNDER IFC Western India Regional Council of ICAI 3 rd June, 2017 CA.Abhay Mehta Mehta Chokshi & Shah Statutory Provisions governing IFC Managements Responsibility Board of Directors Sec.134(5)(e) - DRS of the

1.43k views • 81 slides
Changes to Licensing A presentation to the private security industry to explain the changes in

Changes to Licensing A presentation to the private security industry to explain the changes in

Changes to Licensing A presentation to the private security industry to explain the changes in our processes. 1 2 3 4 Why are we What are we What do the Useful changing? changing? new information processes and getting look like?

445 views • 19 slides
What is APCPI? is APCPI? The APCPI is the procurement monitoring, assessment and The APCPI is

What is APCPI? is APCPI? The APCPI is the procurement monitoring, assessment and The APCPI is

A GENCY P ROCURE ROCUREMENT C OMPLIANCE A ND ND P ERFORMANCE I NDICATOR I NDICATOR OR S YSTEM OR S YSTEM Performance Monitoring Division Performance Monitoring Division GPPB-TSO GPPB-TSO What is APCPI? is APCPI? The APCPI is the

815 views • 78 slides
COMBA MBATING TING FAKE KE NEWS WS ONLINE: LINE: Exploring Australian Co-regulatory

COMBA MBATING TING FAKE KE NEWS WS ONLINE: LINE: Exploring Australian Co-regulatory

COMBA MBATING TING FAKE KE NEWS WS ONLINE: LINE: Exploring Australian Co-regulatory Framework For Malaysia Asst. Prof. Dr. Mahyuddin Daud Department of Civil Laws Ahmad Ibrahim Kulliyyah of Laws International Islamic University Malaysia

648 views • 33 slides
2012 Investor Day 31 January 2012 1 Agen enda da Time Content Who Page Welcome and

2012 Investor Day 31 January 2012 1 Agen enda da Time Content Who Page Welcome and

2012 Investor Day 31 January 2012 1 Agen enda da Time Content Who Page Welcome and introduction 10:00 Carolyn McCall 3 Capital Allocation 10:20 Introduction Chris Kennedy 8 Network development and optimisation Alan

1.8k views • 145 slides
Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor

Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor

Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor Computer Science, ECE, CyLab Carnegie Mellon University February 2014 Personal Information is Everywhere 2 Research Challenge Programs and

682 views • 57 slides
Intel Capital Investing in Global Innovation January 2014 Strategic, Long Term Investor

Intel Capital Investing in Global Innovation January 2014 Strategic, Long Term Investor

Intel Capital Investing in Global Innovation January 2014 Strategic, Long Term Investor Intels Global Investment and M&A Organization Our Mission Enhance Intels strategic objectives by making and Intel el managing financially

472 views • 18 slides

More recommend