首页 > 最新文献

Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles最新文献

英文 中文
PRES: probabilistic replay with execution sketching on multiprocessors PRES:多处理器上带有执行草图的概率重播
Pub Date : 2009-10-11 DOI: 10.1145/1629575.1629593
Soyeon Park, Yuanyuan Zhou, Weiwei Xiong, Zuoning Yin, Rini T. Kaushik, Kyuhyung Lee, Shan Lu
Bug reproduction is critically important for diagnosing a production-run failure. Unfortunately, reproducing a concurrency bug on multi-processors (e.g., multi-core) is challenging. Previous techniques either incur large overhead or require new non-trivial hardware extensions. This paper proposes a novel technique called PRES (probabilistic replay via execution sketching) to help reproduce concurrency bugs on multi-processors. It relaxes the past (perhaps idealistic) objective of "reproducing the bug on the first replay attempt" to significantly lower production-run recording overhead. This is achieved by (1) recording only partial execution information (referred to as "sketches") during the production run, and (2) relying on an intelligent replayer during diagnosis time (when performance is less critical) to systematically explore the unrecorded non-deterministic space and reproduce the bug. With only partial information, our replayer may require more than one coordinated replay run to reproduce a bug. However, after a bug is reproduced once, PRES can reproduce it every time. We implemented PRES along with five different execution sketching mechanisms. We evaluated them with 11 representative applications, including 4 servers, 3 desktop/client applications, and 4 scientific/graphics applications, with 13 real-world concurrency bugs of different types, including atomicity violations, order violations and deadlocks. PRES (with synchronization or system call sketching) significantly lowered the production-run recording overhead of previous approaches (by up to 4416 times), while still reproducing most tested bugs in fewer than 10 replay attempts. Moreover, PRES scaled well with the number of processors; PRES's feedback generation from unsuccessful replays is critical in bug reproduction.
Bug重现对于诊断生产运行故障至关重要。不幸的是,在多处理器(例如,多核)上重现并发错误是具有挑战性的。以前的技术要么产生很大的开销,要么需要新的重要的硬件扩展。本文提出了一种称为PRES(通过执行草图的概率重播)的新技术来帮助再现多处理器上的并发错误。它放松了过去(也许是理想主义的)“在第一次重播尝试时再现错误”的目标,从而显著降低了生产运行的记录开销。这是通过以下方式实现的:(1)在生产运行期间仅记录部分执行信息(称为“草图”),以及(2)在诊断期间(当性能不太关键时)依赖智能重播器系统地探索未记录的非确定性空间并重现错误。由于只有部分信息,我们的重播器可能需要多次协调重播运行来重现bug。但是,在错误被复制一次之后,PRES可以每次都复制它。我们将PRES与五种不同的执行草图机制一起实现。我们用11个代表性应用程序对它们进行了评估,其中包括4个服务器应用程序、3个桌面/客户端应用程序和4个科学/图形应用程序,其中有13个不同类型的真实并发错误,包括原子性违反、顺序违反和死锁。PRES(使用同步或系统调用草图)显著降低了以前方法的生产运行记录开销(最多减少了4416倍),同时在不到10次重放尝试中仍然再现了大多数测试过的错误。此外,PRES可以很好地随处理器数量的增加而扩展;PRES从不成功的重放中产生的反馈对bug繁殖至关重要。
{"title":"PRES: probabilistic replay with execution sketching on multiprocessors","authors":"Soyeon Park, Yuanyuan Zhou, Weiwei Xiong, Zuoning Yin, Rini T. Kaushik, Kyuhyung Lee, Shan Lu","doi":"10.1145/1629575.1629593","DOIUrl":"https://doi.org/10.1145/1629575.1629593","url":null,"abstract":"Bug reproduction is critically important for diagnosing a production-run failure. Unfortunately, reproducing a concurrency bug on multi-processors (e.g., multi-core) is challenging. Previous techniques either incur large overhead or require new non-trivial hardware extensions.\u0000 This paper proposes a novel technique called PRES (probabilistic replay via execution sketching) to help reproduce concurrency bugs on multi-processors. It relaxes the past (perhaps idealistic) objective of \"reproducing the bug on the first replay attempt\" to significantly lower production-run recording overhead. This is achieved by (1) recording only partial execution information (referred to as \"sketches\") during the production run, and (2) relying on an intelligent replayer during diagnosis time (when performance is less critical) to systematically explore the unrecorded non-deterministic space and reproduce the bug. With only partial information, our replayer may require more than one coordinated replay run to reproduce a bug. However, after a bug is reproduced once, PRES can reproduce it every time.\u0000 We implemented PRES along with five different execution sketching mechanisms. We evaluated them with 11 representative applications, including 4 servers, 3 desktop/client applications, and 4 scientific/graphics applications, with 13 real-world concurrency bugs of different types, including atomicity violations, order violations and deadlocks. PRES (with synchronization or system call sketching) significantly lowered the production-run recording overhead of previous approaches (by up to 4416 times), while still reproducing most tested bugs in fewer than 10 replay attempts. Moreover, PRES scaled well with the number of processors; PRES's feedback generation from unsuccessful replays is critical in bug reproduction.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"97 1","pages":"177-192"},"PeriodicalIF":0.0,"publicationDate":"2009-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86625477","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 283
Fabric: a platform for secure distributed computation and storage Fabric:一个安全的分布式计算和存储平台
Pub Date : 2009-10-11 DOI: 10.1145/1629575.1629606
Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, A. Myers
Fabric is a new system and language for building secure distributed information systems. It is a decentralized system that allows heterogeneous network nodes to securely share both information and computation resources despite mutual distrust. Its high-level programming language makes distribution and persistence largely transparent to programmers. Fabric supports data-shipping and function-shipping styles of computation: both computation and information can move between nodes to meet security requirements or to improve performance. Fabric provides a rich, Java-like object model, but data resources are labeled with confidentiality and integrity policies that are enforced through a combination of compile-time and run-time mechanisms. Optimistic, nested transactions ensure consistency across all objects and nodes. A peer-to-peer dissemination layer helps to increase availability and to balance load. Results from applications built using Fabric suggest that Fabric has a clean, concise programming model, offers good performance, and enforces security.
Fabric是构建安全分布式信息系统的一种新的系统和语言。它是一个分散的系统,允许异构网络节点在相互不信任的情况下安全地共享信息和计算资源。它的高级编程语言使得分发和持久化对程序员来说基本上是透明的。Fabric支持数据传输和功能传输的计算方式:计算和信息都可以在节点之间移动,以满足安全要求或提高性能。Fabric提供了一个丰富的、类似java的对象模型,但是数据资源被标记为机密性和完整性策略,这些策略通过编译时和运行时机制的组合来执行。乐观的嵌套事务确保了所有对象和节点之间的一致性。点对点传播层有助于提高可用性和平衡负载。使用Fabric构建的应用程序的结果表明,Fabric具有干净、简洁的编程模型,提供了良好的性能,并增强了安全性。
{"title":"Fabric: a platform for secure distributed computation and storage","authors":"Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, A. Myers","doi":"10.1145/1629575.1629606","DOIUrl":"https://doi.org/10.1145/1629575.1629606","url":null,"abstract":"Fabric is a new system and language for building secure distributed information systems. It is a decentralized system that allows heterogeneous network nodes to securely share both information and computation resources despite mutual distrust. Its high-level programming language makes distribution and persistence largely transparent to programmers. Fabric supports data-shipping and function-shipping styles of computation: both computation and information can move between nodes to meet security requirements or to improve performance. Fabric provides a rich, Java-like object model, but data resources are labeled with confidentiality and integrity policies that are enforced through a combination of compile-time and run-time mechanisms. Optimistic, nested transactions ensure consistency across all objects and nodes. A peer-to-peer dissemination layer helps to increase availability and to balance load. Results from applications built using Fabric suggest that Fabric has a clean, concise programming model, offers good performance, and enforces security.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"38 1","pages":"321-334"},"PeriodicalIF":0.0,"publicationDate":"2009-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84271838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 172
Dynamo: amazon's highly available key-value store Dynamo: amazon的高可用键值存储
Pub Date : 2007-10-14 DOI: 10.1145/1294261.1294281
Giuseppe deCandia, Deniz Hastorun, M. Jampani, Gunavardhan Kakulapati, A. Lakshman, A. Pilchin, S. Sivasubramanian, Peter Vosshall, W. Vogels
Reliability at massive scale is one of the biggest challenges we face at Amazon.com, one of the largest e-commerce operations in the world; even the slightest outage has significant financial consequences and impacts customer trust. The Amazon.com platform, which provides services for many web sites worldwide, is implemented on top of an infrastructure of tens of thousands of servers and network components located in many datacenters around the world. At this scale, small and large components fail continuously and the way persistent state is managed in the face of these failures drives the reliability and scalability of the software systems. This paper presents the design and implementation of Dynamo, a highly available key-value storage system that some of Amazon's core services use to provide an "always-on" experience. To achieve this level of availability, Dynamo sacrifices consistency under certain failure scenarios. It makes extensive use of object versioning and application-assisted conflict resolution in a manner that provides a novel interface for developers to use.
亚马逊是世界上最大的电子商务运营商之一,大规模的可靠性是我们面临的最大挑战之一;即使是最轻微的中断也会造成严重的财务后果并影响客户信任。Amazon.com平台为全球许多网站提供服务,它是在位于世界各地许多数据中心的数以万计的服务器和网络组件的基础设施上实现的。在这种规模下,大大小小的组件都会不断地发生故障,而面对这些故障时管理持久状态的方式会驱动软件系统的可靠性和可伸缩性。本文介绍了Dynamo的设计和实现,Dynamo是一个高可用的键值存储系统,Amazon的一些核心服务使用它来提供“永远在线”的体验。为了达到这种级别的可用性,Dynamo在某些故障场景下牺牲了一致性。它以一种为开发人员提供新颖接口的方式,广泛地使用了对象版本控制和应用程序辅助的冲突解决。
{"title":"Dynamo: amazon's highly available key-value store","authors":"Giuseppe deCandia, Deniz Hastorun, M. Jampani, Gunavardhan Kakulapati, A. Lakshman, A. Pilchin, S. Sivasubramanian, Peter Vosshall, W. Vogels","doi":"10.1145/1294261.1294281","DOIUrl":"https://doi.org/10.1145/1294261.1294281","url":null,"abstract":"Reliability at massive scale is one of the biggest challenges we face at Amazon.com, one of the largest e-commerce operations in the world; even the slightest outage has significant financial consequences and impacts customer trust. The Amazon.com platform, which provides services for many web sites worldwide, is implemented on top of an infrastructure of tens of thousands of servers and network components located in many datacenters around the world. At this scale, small and large components fail continuously and the way persistent state is managed in the face of these failures drives the reliability and scalability of the software systems.\u0000 This paper presents the design and implementation of Dynamo, a highly available key-value storage system that some of Amazon's core services use to provide an \"always-on\" experience. To achieve this level of availability, Dynamo sacrifices consistency under certain failure scenarios. It makes extensive use of object versioning and application-assisted conflict resolution in a manner that provides a novel interface for developers to use.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"21 1","pages":"205-220"},"PeriodicalIF":0.0,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90666547","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4382
MUVI: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs MUVI:自动推断多变量访问相关性并检测相关的语义和并发性错误
Pub Date : 2007-10-14 DOI: 10.1145/1294261.1294272
Shan Lu, Soyeon Park, Chongfeng Hu, Xiao Ma, Weihang Jiang, Zhenmin Li, R. A. Popa, Yuanyuan Zhou
Software defects significantly reduce system dependability. Among various types of software bugs, semantic and concurrency bugs are two of the most difficult to detect. This paper proposes a novel method, called MUVI, that detects an important class of semantic and concurrency bugs. MUVI automatically infers commonly existing multi-variable access correlations through code analysis and then detects two types of related bugs: (1) inconsistent updates--correlated variables are not updated in a consistent way, and (2) multi-variable concurrency bugs--correlated accesses are not protected in the same atomic sections in concurrent programs.We evaluate MUVI on four large applications: Linux, Mozilla,MySQL, and PostgreSQL. MUVI automatically infers more than 6000 variable access correlations with high accuracy (83%).Based on the inferred correlations, MUVI detects 39 new inconsistent update semantic bugs from the latest versions of these applications, with 17 of them recently confirmed by the developers based on our reports.We also implemented MUVI multi-variable extensions to tworepresentative data race bug detection methods (lock-set and happens-before). Our evaluation on five real-world multi-variable concurrency bugs from Mozilla and MySQL shows that the MUVI-extension correctly identifies the root causes of four out of the five multi-variable concurrency bugs with 14% additional overhead on average. Interestingly, MUVI also helps detect four new multi-variable concurrency bugs in Mozilla that have never been reported before. None of the nine bugs can be identified correctly by the original race detectors without our MUVI extensions.
软件缺陷显著降低了系统的可靠性。在各种类型的软件错误中,语义错误和并发错误是最难检测的两种。本文提出了一种新的方法,称为MUVI,用于检测一类重要的语义和并发错误。MUVI通过代码分析自动推断普遍存在的多变量访问相关性,然后检测两种类型的相关错误:(1)不一致的更新——相关变量没有以一致的方式更新;(2)多变量并发性错误——相关访问在并发程序的相同原子段中没有得到保护。我们在四个大型应用程序上评估MUVI: Linux、Mozilla、MySQL和PostgreSQL。MUVI以高精度(83%)自动推断超过6000个变量访问相关性。基于推断的相关性,MUVI从这些应用程序的最新版本中检测到39个新的不一致更新语义错误,其中17个最近由开发人员根据我们的报告确认。我们还实现了对两种具有代表性的数据竞争错误检测方法(锁集和happens-before)的MUVI多变量扩展。我们对来自Mozilla和MySQL的五个真实的多变量并发性bug进行了评估,结果表明muvi扩展正确地识别了五个多变量并发性bug中的四个的根本原因,平均增加了14%的额外开销。有趣的是,MUVI还帮助检测了Mozilla中四个新的多变量并发错误,这些错误以前从未被报告过。如果没有我们的MUVI扩展,原始的竞赛检测器无法正确识别这九个错误。
{"title":"MUVI: automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs","authors":"Shan Lu, Soyeon Park, Chongfeng Hu, Xiao Ma, Weihang Jiang, Zhenmin Li, R. A. Popa, Yuanyuan Zhou","doi":"10.1145/1294261.1294272","DOIUrl":"https://doi.org/10.1145/1294261.1294272","url":null,"abstract":"Software defects significantly reduce system dependability. Among various types of software bugs, semantic and concurrency bugs are two of the most difficult to detect. This paper proposes a novel method, called MUVI, that detects an important class of semantic and concurrency bugs. MUVI automatically infers commonly existing multi-variable access correlations through code analysis and then detects two types of related bugs: (1) inconsistent updates--correlated variables are not updated in a consistent way, and (2) multi-variable concurrency bugs--correlated accesses are not protected in the same atomic sections in concurrent programs.We evaluate MUVI on four large applications: Linux, Mozilla,MySQL, and PostgreSQL. MUVI automatically infers more than 6000 variable access correlations with high accuracy (83%).Based on the inferred correlations, MUVI detects 39 new inconsistent update semantic bugs from the latest versions of these applications, with 17 of them recently confirmed by the developers based on our reports.We also implemented MUVI multi-variable extensions to tworepresentative data race bug detection methods (lock-set and happens-before). Our evaluation on five real-world multi-variable concurrency bugs from Mozilla and MySQL shows that the MUVI-extension correctly identifies the root causes of four out of the five multi-variable concurrency bugs with 14% additional overhead on average. Interestingly, MUVI also helps detect four new multi-variable concurrency bugs in Mozilla that have never been reported before. None of the nine bugs can be identified correctly by the original race detectors without our MUVI extensions.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"39 1","pages":"103-116"},"PeriodicalIF":0.0,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89549943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 226
Sinfonia: a new paradigm for building scalable distributed systems Sinfonia:构建可扩展分布式系统的新范例
Pub Date : 2007-10-14 DOI: 10.1145/1294261.1294278
M. Aguilera, A. Merchant, Mehul A. Shah, Alistair C. Veitch, C. Karamanolis
We propose a new paradigm for building scalable distributed systems. Our approach does not require dealing with message-passing protocols -- a major complication in existing distributed systems. Instead, developers just design and manipulate data structures within our service called Sinfonia. Sinfonia keeps data for applications on a set of memory nodes, each exporting a linear address space. At the core of Sinfonia is a novel minitransaction primitive that enables efficient and consistent access to data, while hiding the complexities that arise from concurrency and failures. Using Sinfonia, we implemented two very different and complex applications in a few months: a cluster file system and a group communication service. Our implementations perform well and scale to hundreds of machines.
我们提出了一种构建可扩展分布式系统的新范例。我们的方法不需要处理消息传递协议——这是现有分布式系统中的一个主要复杂问题。相反,开发人员只需在我们名为sinonia的服务中设计和操作数据结构。Sinfonia将应用程序的数据保存在一组内存节点上,每个节点导出一个线性地址空间。Sinfonia的核心是一个新颖的小事务原语,它支持对数据的高效和一致的访问,同时隐藏了并发和故障带来的复杂性。使用Sinfonia,我们在几个月内实现了两个非常不同且复杂的应用程序:集群文件系统和组通信服务。我们的实现性能良好,可扩展到数百台机器。
{"title":"Sinfonia: a new paradigm for building scalable distributed systems","authors":"M. Aguilera, A. Merchant, Mehul A. Shah, Alistair C. Veitch, C. Karamanolis","doi":"10.1145/1294261.1294278","DOIUrl":"https://doi.org/10.1145/1294261.1294278","url":null,"abstract":"We propose a new paradigm for building scalable distributed systems. Our approach does not require dealing with message-passing protocols -- a major complication in existing distributed systems. Instead, developers just design and manipulate data structures within our service called Sinfonia. Sinfonia keeps data for applications on a set of memory nodes, each exporting a linear address space. At the core of Sinfonia is a novel minitransaction primitive that enables efficient and consistent access to data, while hiding the complexities that arise from concurrency and failures. Using Sinfonia, we implemented two very different and complex applications in a few months: a cluster file system and a group communication service. Our implementations perform well and scale to hundreds of machines.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"12 1","pages":"159-174"},"PeriodicalIF":0.0,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91216566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 313
Improving file system reliability with I/O shepherding 通过I/O引导提高文件系统的可靠性
Pub Date : 2007-10-14 DOI: 10.1145/1294261.1294290
Haryadi S. Gunawi, Vijayan Prabhakaran, S. Krishnan, A. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau
We introduce a new reliability infrastructure for file systems called I/O shepherding. I/O shepherding allows a file system developer to craft nuanced reliability policies to detect and recover from a wide range of storage system failures. We incorporate shepherding into the Linux ext3 file system through a set of changes to the consistency management subsystem, layout engine, disk scheduler, and buffer cache. The resulting file system, CrookFS, enables a broad class of policies to be easily and correctly specified. We implement numerous policies, incorporating data protection techniques such as retry, parity, mirrors, checksums, sanity checks, and data structure repairs; even complex policies can be implemented in less than 100 lines of code, confirming the power and simplicity of the shepherding framework. We also demonstrate that shepherding is properly integrated, adding less than 5% overhead to the I/O path.
我们为文件系统引入了一种新的可靠性基础设施,称为I/O引导。I/O引导允许文件系统开发人员制定细致的可靠性策略,以检测各种存储系统故障并从中恢复。我们通过对一致性管理子系统、布局引擎、磁盘调度器和缓冲区缓存进行一系列更改,将牧羊功能整合到Linux ext3文件系统中。生成的文件系统CrookFS可以方便而正确地指定一大类策略。我们实施了许多策略,结合了数据保护技术,如重试、奇偶校验、镜像、校验和、完整性检查和数据结构修复;即使是复杂的策略也可以在不到100行的代码中实现,这证实了管理框架的强大和简单性。我们还演示了牧羊是正确集成的,为I/O路径增加了不到5%的开销。
{"title":"Improving file system reliability with I/O shepherding","authors":"Haryadi S. Gunawi, Vijayan Prabhakaran, S. Krishnan, A. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau","doi":"10.1145/1294261.1294290","DOIUrl":"https://doi.org/10.1145/1294261.1294290","url":null,"abstract":"We introduce a new reliability infrastructure for file systems called I/O shepherding. I/O shepherding allows a file system developer to craft nuanced reliability policies to detect and recover from a wide range of storage system failures. We incorporate shepherding into the Linux ext3 file system through a set of changes to the consistency management subsystem, layout engine, disk scheduler, and buffer cache. The resulting file system, CrookFS, enables a broad class of policies to be easily and correctly specified. We implement numerous policies, incorporating data protection techniques such as retry, parity, mirrors, checksums, sanity checks, and data structure repairs; even complex policies can be implemented in less than 100 lines of code, confirming the power and simplicity of the shepherding framework. We also demonstrate that shepherding is properly integrated, adding less than 5% overhead to the I/O path.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"39 1","pages":"293-306"},"PeriodicalIF":0.0,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85339609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
Secure web applications via automatic partitioning 通过自动分区保护web应用程序
Pub Date : 2007-10-14 DOI: 10.1145/1294261.1294265
Stephen Chong, Jed Liu, A. Myers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng
Swift is a new, principled approach to building web applications that are secure by construction. In modern web applications, some application functionality is usually implemented as client-side code written in JavaScript. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the browser, and Java code running on the server. To improve interactive performance, code and data are placed on the client side. However, security-critical code and data are always placed on the server. Code and data can also be replicated across the client and server, to obtain both security and performance. A max-flow algorithm is used to place code and data in a way that minimizes client-server communication.
Swift是一种新的、有原则的方法,用于构建安全的web应用程序。在现代web应用程序中,一些应用程序功能通常是用JavaScript编写的客户端代码实现的。将代码和数据移动到客户机可能会产生安全漏洞,但是目前还没有好的方法来确定何时这样做是安全的。Swift自动分区应用程序代码,同时保证最终的放置是安全有效的。应用程序代码编写为类似java的代码,并使用指定web应用程序信息的机密性和完整性的信息流策略进行注释。编译器使用这些策略自动将程序划分为在浏览器中运行的JavaScript代码和在服务器上运行的Java代码。为了提高交互性能,代码和数据被放置在客户端。但是,安全关键代码和数据总是放在服务器上。还可以跨客户机和服务器复制代码和数据,以获得安全性和性能。最大流算法用于以最小化客户机-服务器通信的方式放置代码和数据。
{"title":"Secure web applications via automatic partitioning","authors":"Stephen Chong, Jed Liu, A. Myers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng","doi":"10.1145/1294261.1294265","DOIUrl":"https://doi.org/10.1145/1294261.1294265","url":null,"abstract":"Swift is a new, principled approach to building web applications that are secure by construction. In modern web applications, some application functionality is usually implemented as client-side code written in JavaScript. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the browser, and Java code running on the server. To improve interactive performance, code and data are placed on the client side. However, security-critical code and data are always placed on the server. Code and data can also be replicated across the client and server, to obtain both security and performance. A max-flow algorithm is used to place code and data in a way that minimizes client-server communication.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"1 1","pages":"31-44"},"PeriodicalIF":0.0,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89470867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 269
TxLinux: using and managing hardware transactional memory in an operating system TxLinux:在操作系统中使用和管理硬件事务内存
Pub Date : 2007-10-14 DOI: 10.1145/1294261.1294271
C. Rossbach, O. S. Hofmann, Donald E. Porter, Hany E. Ramadan, Bhandari Aditya, E. Witchel
TxLinux is a variant of Linux that is the first operating system to use hardware transactional memory (HTM) as a synchronization primitive, and the first to manage HTM in the scheduler. This paper describes and measures TxLinux and discusses two innovations in detail: cooperation between locks and transactions, and theintegration of transactions with the OS scheduler. Mixing locks and transactions requires a new primitive, cooperative transactional spinlocks (cxspinlocks) that allow locks and transactions to protect the same data while maintaining the advantages of both synchronization primitives. Cxspinlocks allow the system to attemptexecution of critical regions with transactions and automatically roll back to use locking if the region performs I/O. Integrating the scheduler with HTM eliminates priority inversion. On a series ofreal-world benchmarks TxLinux has similar performance to Linux, exposing concurrency with as many as 32 concurrent threads on 32 CPUs in the same critical region.
TxLinux是Linux的一个变体,它是第一个使用硬件事务性内存(HTM)作为同步原语的操作系统,也是第一个在调度器中管理HTM的操作系统。本文对TxLinux进行了描述和度量,并详细讨论了两个创新:锁和事务之间的合作,以及事务与操作系统调度器的集成。混合锁和事务需要一个新的原语,即协作性事务自旋锁(cxspinlocks),它允许锁和事务保护相同的数据,同时保持两种同步原语的优势。Cxspinlocks允许系统尝试使用事务执行关键区域,并在该区域执行I/O时自动回滚到使用锁定。将调度器与HTM集成可以消除优先级反转。在一系列实际的基准测试中,TxLinux具有与Linux相似的性能,在相同的关键区域的32个cpu上显示多达32个并发线程的并发性。
{"title":"TxLinux: using and managing hardware transactional memory in an operating system","authors":"C. Rossbach, O. S. Hofmann, Donald E. Porter, Hany E. Ramadan, Bhandari Aditya, E. Witchel","doi":"10.1145/1294261.1294271","DOIUrl":"https://doi.org/10.1145/1294261.1294271","url":null,"abstract":"TxLinux is a variant of Linux that is the first operating system to use hardware transactional memory (HTM) as a synchronization primitive, and the first to manage HTM in the scheduler. This paper describes and measures TxLinux and discusses two innovations in detail: cooperation between locks and transactions, and theintegration of transactions with the OS scheduler. Mixing locks and transactions requires a new primitive, cooperative transactional spinlocks (cxspinlocks) that allow locks and transactions to protect the same data while maintaining the advantages of both synchronization primitives. Cxspinlocks allow the system to attemptexecution of critical regions with transactions and automatically roll back to use locking if the region performs I/O. Integrating the scheduler with HTM eliminates priority inversion. On a series ofreal-world benchmarks TxLinux has similar performance to Linux, exposing concurrency with as many as 32 concurrent threads on 32 CPUs in the same critical region.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"129 1","pages":"87-102"},"PeriodicalIF":0.0,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74513706","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 139
Attested append-only memory: making adversaries stick to their word 证明仅附加记忆:使对手信守诺言
Pub Date : 2007-10-14 DOI: 10.1145/1294261.1294280
Byung-Gon Chun, Petros Maniatis, S. Shenker, J. Kubiatowicz
Researchers have made great strides in improving the fault tolerance of both centralized and replicated systems against arbitrary (Byzantine) faults. However, there are hard limits to how much can be done with entirely untrusted components; for example, replicated state machines cannot tolerate more than a third of their replica population being Byzantine. In this paper, we investigate how minimal trusted abstractions can push through these hard limits in practical ways. We propose Attested Append-Only Memory (A2M), a trusted system facility that is small, easy to implement and easy to verify formally. A2M provides the programming abstraction of a trusted log, which leads to protocol designs immune to equivocation -- the ability of a faulty host to lie in different ways to different clients or servers -- which is a common source of Byzantine headaches. Using A2M, we improve upon the state of the art in Byzantine-fault tolerant replicated state machines, producing A2M-enabled protocols (variants of Castro and Liskov's PBFT) that remain correct (linearizable) and keep making progress (live) even when half the replicas are faulty, in contrast to the previous upper bound. We also present an A2M-enabled single-server shared storage protocol that guarantees linearizability despite server faults. We implement A2M and our protocols, evaluate them experimentally through micro- and macro-benchmarks, and argue that the improved fault tolerance is cost-effective for a broad range of uses, opening up new avenues for practical, more reliable services.
研究人员在提高集中式和复制式系统对任意(拜占庭式)故障的容错性方面取得了很大进展。然而,对于完全不受信任的组件,可以做多少事情是有严格限制的;例如,复制状态机不能容忍超过三分之一的副本人口是拜占庭式的。在本文中,我们将研究最小可信抽象如何以实际方式突破这些硬限制。我们提出了一种小型、易于实现和易于正式验证的可信系统设施A2M。A2M提供了可信日志的编程抽象,这使得协议设计不受模棱两可的影响——有故障的主机能够以不同的方式向不同的客户机或服务器撒谎——这是拜占庭式头痛的常见来源。使用A2M,我们改进了拜占庭容错复制状态机的最新技术,生成了支持A2M的协议(Castro和Liskov的PBFT的变体),即使在一半副本出错的情况下,它仍然保持正确(线性化)并继续取得进展(实时),这与之前的上限形成了对比。我们还提出了一个支持a2m的单服务器共享存储协议,该协议保证了服务器故障时的线性性。我们实现了A2M和我们的协议,通过微观和宏观基准测试对它们进行了实验评估,并认为改进的容错性对于广泛的使用是经济有效的,为实用的、更可靠的服务开辟了新的途径。
{"title":"Attested append-only memory: making adversaries stick to their word","authors":"Byung-Gon Chun, Petros Maniatis, S. Shenker, J. Kubiatowicz","doi":"10.1145/1294261.1294280","DOIUrl":"https://doi.org/10.1145/1294261.1294280","url":null,"abstract":"Researchers have made great strides in improving the fault tolerance of both centralized and replicated systems against arbitrary (Byzantine) faults. However, there are hard limits to how much can be done with entirely untrusted components; for example, replicated state machines cannot tolerate more than a third of their replica population being Byzantine. In this paper, we investigate how minimal trusted abstractions can push through these hard limits in practical ways. We propose Attested Append-Only Memory (A2M), a trusted system facility that is small, easy to implement and easy to verify formally. A2M provides the programming abstraction of a trusted log, which leads to protocol designs immune to equivocation -- the ability of a faulty host to lie in different ways to different clients or servers -- which is a common source of Byzantine headaches. Using A2M, we improve upon the state of the art in Byzantine-fault tolerant replicated state machines, producing A2M-enabled protocols (variants of Castro and Liskov's PBFT) that remain correct (linearizable) and keep making progress (live) even when half the replicas are faulty, in contrast to the previous upper bound. We also present an A2M-enabled single-server shared storage protocol that guarantees linearizability despite server faults. We implement A2M and our protocols, evaluate them experimentally through micro- and macro-benchmarks, and argue that the improved fault tolerance is cost-effective for a broad range of uses, opening up new avenues for practical, more reliable services.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"37 1","pages":"189-204"},"PeriodicalIF":0.0,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78586235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 300
/*icomment: bugs or bad comments?*/ /* iccomment: bug还是坏评论?* /
Pub Date : 2007-10-14 DOI: 10.1145/1294261.1294276
Lin Tan, Ding Yuan, G. Krishna, Yuanyuan Zhou
Commenting source code has long been a common practice in software development. Compared to source code, comments are more direct, descriptive and easy-to-understand. Comments and sourcecode provide relatively redundant and independent information regarding a program's semantic behavior. As software evolves, they can easily grow out-of-sync, indicating two problems: (1) bugs -the source code does not follow the assumptions and requirements specified by correct program comments; (2) bad comments - comments that are inconsistent with correct code, which can confuse and mislead programmers to introduce bugs in subsequent versions. Unfortunately, as most comments are written in natural language, no solution has been proposed to automatically analyze commentsand detect inconsistencies between comments and source code. This paper takes the first step in automatically analyzing commentswritten in natural language to extract implicit program rulesand use these rules to automatically detect inconsistencies between comments and source code, indicating either bugs or bad comments. Our solution, iComment, combines Natural Language Processing(NLP), Machine Learning, Statistics and Program Analysis techniques to achieve these goals. We evaluate iComment on four large code bases: Linux, Mozilla, Wine and Apache. Our experimental results show that iComment automatically extracts 1832 rules from comments with 90.8-100% accuracy and detects 60 comment-code inconsistencies, 33 newbugs and 27 bad comments, in the latest versions of the four programs. Nineteen of them (12 bugs and 7 bad comments) have already been confirmed by the corresponding developers while the others are currently being analyzed by the developers.
在软件开发中,注释源代码一直是一种常见的做法。与源代码相比,注释更加直接、描述性和易于理解。注释和源代码提供了有关程序语义行为的相对冗余和独立的信息。随着软件的发展,它们很容易变得不同步,这表明了两个问题:(1)bug——源代码没有遵循正确的程序注释所指定的假设和要求;(2)不良注释——与正确代码不一致的注释,这些注释会混淆并误导程序员在后续版本中引入错误。不幸的是,由于大多数注释都是用自然语言编写的,因此没有提出任何解决方案来自动分析注释并检测注释与源代码之间的不一致。本文在自动分析用自然语言编写的注释方面迈出了第一步,提取隐式程序规则,并使用这些规则自动检测注释和源代码之间的不一致,指出错误或坏注释。我们的解决方案iComment结合了自然语言处理(NLP)、机器学习、统计和程序分析技术来实现这些目标。我们在四个大型代码库上评估iccomment: Linux、Mozilla、Wine和Apache。实验结果表明,iComment在四个程序的最新版本中自动从注释中提取1832条规则,准确率为90.8-100%,并检测出60个注释代码不一致,33个新bug和27个坏评论。其中19个(12个bug和7个坏评论)已经被相应的开发人员确认,而其他的正在由开发人员进行分析。
{"title":"/*icomment: bugs or bad comments?*/","authors":"Lin Tan, Ding Yuan, G. Krishna, Yuanyuan Zhou","doi":"10.1145/1294261.1294276","DOIUrl":"https://doi.org/10.1145/1294261.1294276","url":null,"abstract":"Commenting source code has long been a common practice in software development. Compared to source code, comments are more direct, descriptive and easy-to-understand. Comments and sourcecode provide relatively redundant and independent information regarding a program's semantic behavior. As software evolves, they can easily grow out-of-sync, indicating two problems: (1) bugs -the source code does not follow the assumptions and requirements specified by correct program comments; (2) bad comments - comments that are inconsistent with correct code, which can confuse and mislead programmers to introduce bugs in subsequent versions. Unfortunately, as most comments are written in natural language, no solution has been proposed to automatically analyze commentsand detect inconsistencies between comments and source code. This paper takes the first step in automatically analyzing commentswritten in natural language to extract implicit program rulesand use these rules to automatically detect inconsistencies between comments and source code, indicating either bugs or bad comments. Our solution, iComment, combines Natural Language Processing(NLP), Machine Learning, Statistics and Program Analysis techniques to achieve these goals. We evaluate iComment on four large code bases: Linux, Mozilla, Wine and Apache. Our experimental results show that iComment automatically extracts 1832 rules from comments with 90.8-100% accuracy and detects 60 comment-code inconsistencies, 33 newbugs and 27 bad comments, in the latest versions of the four programs. Nineteen of them (12 bugs and 7 bad comments) have already been confirmed by the corresponding developers while the others are currently being analyzed by the developers.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"20 1","pages":"145-158"},"PeriodicalIF":0.0,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78905539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 278
期刊
Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1