Michael Wawrzoniak, Rodrigo Bruno, Ana Klimovic, Gustavo Alonso
Serverless Function-as-a-Service (FaaS) platforms provide applications with resources that are highly elastic, quick to instantiate, accounted at fine granularity, and without the need for explicit runtime resource orchestration. This combination of the core properties underpins the success and popularity of the serverless FaaS paradigm. However, these benefits are not available to most cloud applications because they are designed for networked virtual machines/containers environments. Since such cloud applications cannot take advantage of the highly elastic resources of serverless and require run-time orchestration systems to operate, they suffer from lower resource utilization, additional management complexity, and costs relative to their FaaS serverless counterparts. We propose Imaginary Machines, a new serverless model for cloud applications. This model (1.) exposes the highly elastic resources of serverless platforms as the traditional network-of-hosts model that cloud applications expect, and (2.) it eliminates the need for explicit run-time orchestration by transparently managing application resources based on signals generated during cloud application executions. With the Imaginary Machines model, unmodified cloud applications become serverless applications. While still based on the network-of-host model, they benefit from the highly elastic resources and do not require runtime orchestration, just like their specialized serverless FaaS counterparts, promising increased resource utilization while reducing management costs.
{"title":"Imaginary Machines: A Serverless Model for Cloud Applications","authors":"Michael Wawrzoniak, Rodrigo Bruno, Ana Klimovic, Gustavo Alonso","doi":"arxiv-2407.00839","DOIUrl":"https://doi.org/arxiv-2407.00839","url":null,"abstract":"Serverless Function-as-a-Service (FaaS) platforms provide applications with\u0000resources that are highly elastic, quick to instantiate, accounted at fine\u0000granularity, and without the need for explicit runtime resource orchestration.\u0000This combination of the core properties underpins the success and popularity of\u0000the serverless FaaS paradigm. However, these benefits are not available to most\u0000cloud applications because they are designed for networked virtual\u0000machines/containers environments. Since such cloud applications cannot take\u0000advantage of the highly elastic resources of serverless and require run-time\u0000orchestration systems to operate, they suffer from lower resource utilization,\u0000additional management complexity, and costs relative to their FaaS serverless\u0000counterparts. We propose Imaginary Machines, a new serverless model for cloud applications.\u0000This model (1.) exposes the highly elastic resources of serverless platforms as\u0000the traditional network-of-hosts model that cloud applications expect, and (2.)\u0000it eliminates the need for explicit run-time orchestration by transparently\u0000managing application resources based on signals generated during cloud\u0000application executions. With the Imaginary Machines model, unmodified cloud\u0000applications become serverless applications. While still based on the\u0000network-of-host model, they benefit from the highly elastic resources and do\u0000not require runtime orchestration, just like their specialized serverless FaaS\u0000counterparts, promising increased resource utilization while reducing\u0000management costs.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"27 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141506629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michael Wawrzoniak, Rodrigo Bruno, Ana Klimovic, Gustavo Alonso
Elasticity is a key property of cloud computing. However, elasticity is offered today at the granularity of virtual machines, which take tens of seconds to start. This is insufficient to react to load spikes and sudden failures in latency sensitive applications, leading users to resort to expensive overprovisioning. Function-as-a-Service (FaaS) provides significantly higher elasticity than VMs, but comes coupled with an event-triggered programming model and a constrained execution environment that makes them unsuitable for off-the-shelf applications. Previous work tries to overcome these obstacles but often requires re-architecting the applications. In this paper, we show how off-the-shelf applications can transparently benefit from ephemeral elasticity with FaaS. We built Boxer, an interposition layer spanning VMs and AWS Lambda, that intercepts application execution and emulates the network-of-hosts environment that applications expect when deployed in a conventional VM/container environment. The ephemeral elasticity of Boxer enables significant performance and cost savings for off-the-shelf applications with, e.g., recovery times over 5x faster than EC2 instances and absorbing load spikes comparable to overprovisioned EC2 VM instances.
{"title":"Boxer: FaaSt Ephemeral Elasticity for Off-the-Shelf Cloud Applications","authors":"Michael Wawrzoniak, Rodrigo Bruno, Ana Klimovic, Gustavo Alonso","doi":"arxiv-2407.00832","DOIUrl":"https://doi.org/arxiv-2407.00832","url":null,"abstract":"Elasticity is a key property of cloud computing. However, elasticity is\u0000offered today at the granularity of virtual machines, which take tens of\u0000seconds to start. This is insufficient to react to load spikes and sudden\u0000failures in latency sensitive applications, leading users to resort to\u0000expensive overprovisioning. Function-as-a-Service (FaaS) provides significantly\u0000higher elasticity than VMs, but comes coupled with an event-triggered\u0000programming model and a constrained execution environment that makes them\u0000unsuitable for off-the-shelf applications. Previous work tries to overcome\u0000these obstacles but often requires re-architecting the applications. In this\u0000paper, we show how off-the-shelf applications can transparently benefit from\u0000ephemeral elasticity with FaaS. We built Boxer, an interposition layer spanning\u0000VMs and AWS Lambda, that intercepts application execution and emulates the\u0000network-of-hosts environment that applications expect when deployed in a\u0000conventional VM/container environment. The ephemeral elasticity of Boxer\u0000enables significant performance and cost savings for off-the-shelf applications\u0000with, e.g., recovery times over 5x faster than EC2 instances and absorbing load\u0000spikes comparable to overprovisioned EC2 VM instances.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"213 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141518702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Service liquidity across edge-to-cloud or multi-cloud will serve as the cornerstone of the next generation of cloud computing systems (Cloud 2.0). Provided that cloud-based services are predominantly containerized, an efficient and robust live container migration solution is required to accomplish service liquidity. In a nod to this growing requirement, in this research, we leverage FastFreeze, a popular platform for process checkpoint/restore within a container, and promote it to be a robust solution for end-to-end live migration of containerized services. In particular, we develop a new platform, called FastMig that proactively controls the checkpoint/restore operations of FastFreeze, thereby, allowing for robust live migration of containerized services via standard HTTP interfaces. The proposed platform introduces post-checkpointing and pre-restoration operations to enhance migration robustness. Notably, the pre-restoration operation includes containerized service startup options, enabling warm restoration and reducing the migration downtime. In addition, we develop a method to make FastFreeze robust against failures that commonly happen during the migration and even during the normal operation of a containerized service. Experimental results under real-world settings show that the migration downtime of a containerized service can be reduced by 30X compared to the situation where the original FastFreeze was deployed for the migration. Moreover, we demonstrate that FastMig and warm restoration method together can significantly mitigate the container startup overhead. Importantly, these improvements are achieved without any significant performance reduction and only incurs a small resource usage overhead, compared to the bare (ie non-FastFreeze) containerized services.
{"title":"FastMig: Leveraging FastFreeze to Establish Robust Service Liquidity in Cloud 2.0","authors":"Sorawit Manatura, Thanawat Chanikaphon, Chantana Chantrapornchai, Mohsen Amini Salehi","doi":"arxiv-2407.00313","DOIUrl":"https://doi.org/arxiv-2407.00313","url":null,"abstract":"Service liquidity across edge-to-cloud or multi-cloud will serve as the\u0000cornerstone of the next generation of cloud computing systems (Cloud 2.0).\u0000Provided that cloud-based services are predominantly containerized, an\u0000efficient and robust live container migration solution is required to\u0000accomplish service liquidity. In a nod to this growing requirement, in this\u0000research, we leverage FastFreeze, a popular platform for process\u0000checkpoint/restore within a container, and promote it to be a robust solution\u0000for end-to-end live migration of containerized services. In particular, we\u0000develop a new platform, called FastMig that proactively controls the\u0000checkpoint/restore operations of FastFreeze, thereby, allowing for robust live\u0000migration of containerized services via standard HTTP interfaces. The proposed\u0000platform introduces post-checkpointing and pre-restoration operations to\u0000enhance migration robustness. Notably, the pre-restoration operation includes\u0000containerized service startup options, enabling warm restoration and reducing\u0000the migration downtime. In addition, we develop a method to make FastFreeze\u0000robust against failures that commonly happen during the migration and even\u0000during the normal operation of a containerized service. Experimental results\u0000under real-world settings show that the migration downtime of a containerized\u0000service can be reduced by 30X compared to the situation where the original\u0000FastFreeze was deployed for the migration. Moreover, we demonstrate that\u0000FastMig and warm restoration method together can significantly mitigate the\u0000container startup overhead. Importantly, these improvements are achieved\u0000without any significant performance reduction and only incurs a small resource\u0000usage overhead, compared to the bare (ie non-FastFreeze) containerized\u0000services.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"12 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141518703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
José L. Risco-Martín, David Atienza, J. Manuel Colmenar, Oscar Garnica
For the last thirty years, several Dynamic Memory Managers (DMMs) have been proposed. Such DMMs include first fit, best fit, segregated fit and buddy systems. Since the performance, memory usage and energy consumption of each DMM differs, software engineers often face difficult choices in selecting the most suitable approach for their applications. This issue has special impact in the field of portable consumer embedded systems, that must execute a limited amount of multimedia applications (e.g., 3D games, video players and signal processing software, etc.), demanding high performance and extensive memory usage at a low energy consumption. Recently, we have developed a novel methodology based on genetic programming to automatically design custom DMMs, optimizing performance, memory usage and energy consumption. However, although this process is automatic and faster than state-of-the-art optimizations, it demands intensive computation, resulting in a time consuming process. Thus, parallel processing can be very useful to enable to explore more solutions spending the same time, as well as to implement new algorithms. In this paper we present a novel parallel evolutionary algorithm for DMMs optimization in embedded systems, based on the Discrete Event Specification (DEVS) formalism over a Service Oriented Architecture (SOA) framework. Parallelism significantly improves the performance of the sequential exploration algorithm. On the one hand, when the number of generations are the same in both approaches, our parallel optimization framework is able to reach a speed-up of 86.40x when compared with other state-of-the-art approaches. On the other, it improves the global quality (i.e., level of performance, low memory usage and low energy consumption) of the final DMM obtained in a 36.36% with respect to two well-known general-purpose DMMs and two state-of-the-art optimization methodologies.
{"title":"A parallel evolutionary algorithm to optimize dynamic memory managers in embedded systems","authors":"José L. Risco-Martín, David Atienza, J. Manuel Colmenar, Oscar Garnica","doi":"arxiv-2407.09555","DOIUrl":"https://doi.org/arxiv-2407.09555","url":null,"abstract":"For the last thirty years, several Dynamic Memory Managers (DMMs) have been\u0000proposed. Such DMMs include first fit, best fit, segregated fit and buddy\u0000systems. Since the performance, memory usage and energy consumption of each DMM\u0000differs, software engineers often face difficult choices in selecting the most\u0000suitable approach for their applications. This issue has special impact in the\u0000field of portable consumer embedded systems, that must execute a limited amount\u0000of multimedia applications (e.g., 3D games, video players and signal processing\u0000software, etc.), demanding high performance and extensive memory usage at a low\u0000energy consumption. Recently, we have developed a novel methodology based on\u0000genetic programming to automatically design custom DMMs, optimizing\u0000performance, memory usage and energy consumption. However, although this\u0000process is automatic and faster than state-of-the-art optimizations, it demands\u0000intensive computation, resulting in a time consuming process. Thus, parallel\u0000processing can be very useful to enable to explore more solutions spending the\u0000same time, as well as to implement new algorithms. In this paper we present a\u0000novel parallel evolutionary algorithm for DMMs optimization in embedded\u0000systems, based on the Discrete Event Specification (DEVS) formalism over a\u0000Service Oriented Architecture (SOA) framework. Parallelism significantly\u0000improves the performance of the sequential exploration algorithm. On the one\u0000hand, when the number of generations are the same in both approaches, our\u0000parallel optimization framework is able to reach a speed-up of 86.40x when\u0000compared with other state-of-the-art approaches. On the other, it improves the\u0000global quality (i.e., level of performance, low memory usage and low energy\u0000consumption) of the final DMM obtained in a 36.36% with respect to two\u0000well-known general-purpose DMMs and two state-of-the-art optimization\u0000methodologies.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"40 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141718063","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Till Smejkal, Robert Khasanov, Jeronimo Castrillon, Hermann Härtig
Energy efficiency has become a key concern in modern computing. Major processor vendors now offer heterogeneous architectures that combine powerful cores with energy-efficient ones, such as Intel P/E systems, Apple M1 chips, and Samsungs Exyno's CPUs. However, apart from simple cost-based thread allocation strategies, today's OS schedulers do not fully exploit these systems' potential for adaptive energy-efficient computing. This is, in part, due to missing application-level interfaces to pass information about task-level energy consumption and application-level elasticity. This paper presents E-Mapper, a novel resource management approach integrated into Linux for improved execution on heterogeneous processors. In E-Mapper, we base resource allocation decisions on high-level application descriptions that user can attach to programs or that the system can learn automatically at runtime. Our approach supports various programming models including OpenMP, Intel TBB, and TensorFlow. Crucially, E-Mapper leverages this information to extend beyond existing thread-to-core allocation strategies by actively managing application configurations through a novel uniform application-resource manager interface. By doing so, E-Mapper achieves substantial enhancements in both performance and energy efficiency, particularly in multi-application scenarios. On an Intel Raptor Lake and an Arm big.LITTLE system, E-Mapper reduces the application execution on average by 20 % with an average reduction in energy consumption of 34 %. We argue that our solution marks a crucial step toward creating a generic approach for sustainable and efficient computing across different processor architectures.
{"title":"E-Mapper: Energy-Efficient Resource Allocation for Traditional Operating Systems on Heterogeneous Processors","authors":"Till Smejkal, Robert Khasanov, Jeronimo Castrillon, Hermann Härtig","doi":"arxiv-2406.18980","DOIUrl":"https://doi.org/arxiv-2406.18980","url":null,"abstract":"Energy efficiency has become a key concern in modern computing. Major\u0000processor vendors now offer heterogeneous architectures that combine powerful\u0000cores with energy-efficient ones, such as Intel P/E systems, Apple M1 chips,\u0000and Samsungs Exyno's CPUs. However, apart from simple cost-based thread\u0000allocation strategies, today's OS schedulers do not fully exploit these\u0000systems' potential for adaptive energy-efficient computing. This is, in part,\u0000due to missing application-level interfaces to pass information about\u0000task-level energy consumption and application-level elasticity. This paper\u0000presents E-Mapper, a novel resource management approach integrated into Linux\u0000for improved execution on heterogeneous processors. In E-Mapper, we base\u0000resource allocation decisions on high-level application descriptions that user\u0000can attach to programs or that the system can learn automatically at runtime.\u0000Our approach supports various programming models including OpenMP, Intel TBB,\u0000and TensorFlow. Crucially, E-Mapper leverages this information to extend beyond\u0000existing thread-to-core allocation strategies by actively managing application\u0000configurations through a novel uniform application-resource manager interface.\u0000By doing so, E-Mapper achieves substantial enhancements in both performance and\u0000energy efficiency, particularly in multi-application scenarios. On an Intel\u0000Raptor Lake and an Arm big.LITTLE system, E-Mapper reduces the application\u0000execution on average by 20 % with an average reduction in energy consumption of\u000034 %. We argue that our solution marks a crucial step toward creating a generic\u0000approach for sustainable and efficient computing across different processor\u0000architectures.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"161 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141506627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
End-users can get functions-as-a-service from serverless platforms, which promise lower hosting costs, high availability, fault tolerance, and dynamic flexibility for hosting individual functions known as microservices. Machine learning tools are seen to be reliably useful, and the services created using these tools are in increasing demand on a large scale. The serverless platforms are uniquely suited for hosting these machine learning services to be used for large-scale applications. These platforms are well known for their cost efficiency, fault tolerance, resource scaling, robust APIs for communication, and global reach. However, machine learning services are different from the web-services in that these serverless platforms were originally designed to host web services. We aimed to understand how these serverless platforms handle machine learning workloads with our study. We examine machine learning performance on one of the serverless platforms - Google Cloud Run, which is a GPU-less infrastructure that is not designed for machine learning application deployment.
终端用户可以从无服务器平台上获得功能即服务(functions-as-a-service),这些平台承诺较低的托管成本、高可用性、容错性和动态灵活性,以托管被称为微服务(microservices)的单个功能。机器学习工具被认为是可靠有用的,使用这些工具创建的服务在大规模需求中日益增多。无服务器平台非常适合托管这些用于大规模应用的机器学习服务。这些平台以其成本效益、容错、资源扩展、强大的通信 API 和全球覆盖而闻名。然而,机器学习服务不同于网络服务,因为这些无服务器平台最初是为托管网络服务而设计的。我们的研究旨在了解这些无服务器平台如何处理机器学习工作负载。我们研究了无服务器平台之一--谷歌云运行(Google Cloud Run)上的机器学习性能,这是一种无 GPU 的基础设施,并非为机器学习应用部署而设计。
{"title":"Evaluating Serverless Machine Learning Performance on Google Cloud Run","authors":"Prerana Khatiwada, Pranjal Dhakal","doi":"arxiv-2406.16250","DOIUrl":"https://doi.org/arxiv-2406.16250","url":null,"abstract":"End-users can get functions-as-a-service from serverless platforms, which\u0000promise lower hosting costs, high availability, fault tolerance, and dynamic\u0000flexibility for hosting individual functions known as microservices. Machine\u0000learning tools are seen to be reliably useful, and the services created using\u0000these tools are in increasing demand on a large scale. The serverless platforms\u0000are uniquely suited for hosting these machine learning services to be used for\u0000large-scale applications. These platforms are well known for their cost\u0000efficiency, fault tolerance, resource scaling, robust APIs for communication,\u0000and global reach. However, machine learning services are different from the\u0000web-services in that these serverless platforms were originally designed to\u0000host web services. We aimed to understand how these serverless platforms handle\u0000machine learning workloads with our study. We examine machine learning\u0000performance on one of the serverless platforms - Google Cloud Run, which is a\u0000GPU-less infrastructure that is not designed for machine learning application\u0000deployment.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141506628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
José L. Risco-Martín, J. Manuel Colmenar, David Atienza, J. Ignacio Hidalgo
For the last thirty years, a large variety of memory allocators have been proposed. Since performance, memory usage and energy consumption of each memory allocator differs, software engineers often face difficult choices in selecting the most suitable approach for their applications. To this end, custom allocators are developed from scratch, which is a difficult and error-prone process. This issue has special impact in the field of portable consumer embedded systems, that must execute a limited amount of multimedia applications, demanding high performance and extensive memory usage at a low energy consumption. This paper presents a flexible and efficient simulator to study Dynamic Memory Managers (DMMs), a composition of one or more memory allocators. This novel approach allows programmers to simulate custom and general DMMs, which can be composed without incurring any additional runtime overhead or additional programming cost. We show that this infrastructure simplifies DMM construction, mainly because the target application does not need to be compiled every time a new DMM must be evaluated and because we propose a structured method to search and build DMMs in an object-oriented fashion. Within a search procedure, the system designer can choose the "best" allocator by simulation for a particular target application and embedded system. In our evaluation, we show that our scheme delivers better performance, less memory usage and less energy consumption than single memory allocators.
{"title":"Simulation of high-performance memory allocators","authors":"José L. Risco-Martín, J. Manuel Colmenar, David Atienza, J. Ignacio Hidalgo","doi":"arxiv-2406.15776","DOIUrl":"https://doi.org/arxiv-2406.15776","url":null,"abstract":"For the last thirty years, a large variety of memory allocators have been\u0000proposed. Since performance, memory usage and energy consumption of each memory\u0000allocator differs, software engineers often face difficult choices in selecting\u0000the most suitable approach for their applications. To this end, custom\u0000allocators are developed from scratch, which is a difficult and error-prone\u0000process. This issue has special impact in the field of portable consumer\u0000embedded systems, that must execute a limited amount of multimedia\u0000applications, demanding high performance and extensive memory usage at a low\u0000energy consumption. This paper presents a flexible and efficient simulator to\u0000study Dynamic Memory Managers (DMMs), a composition of one or more memory\u0000allocators. This novel approach allows programmers to simulate custom and\u0000general DMMs, which can be composed without incurring any additional runtime\u0000overhead or additional programming cost. We show that this infrastructure\u0000simplifies DMM construction, mainly because the target application does not\u0000need to be compiled every time a new DMM must be evaluated and because we\u0000propose a structured method to search and build DMMs in an object-oriented\u0000fashion. Within a search procedure, the system designer can choose the \"best\"\u0000allocator by simulation for a particular target application and embedded\u0000system. In our evaluation, we show that our scheme delivers better performance,\u0000less memory usage and less energy consumption than single memory allocators.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141506626","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hayley LeBlanc, Nathan Taylor, James Bornholt, Vijay Chidambaram
This work introduces a new approach to building crash-safe file systems for persistent memory. We exploit the fact that Rust's typestate pattern allows compile-time enforcement of a specific order of operations. We introduce a novel crash-consistency mechanism, Synchronous Soft Updates, that boils down crash safety to enforcing ordering among updates to file-system metadata. We employ this approach to build SquirrelFS, a new file system with crash-consistency guarantees that are checked at compile time. SquirrelFS avoids the need for separate proofs, instead incorporating correctness guarantees into the typestate itself. Compiling SquirrelFS only takes tens of seconds; successful compilation indicates crash consistency, while an error provides a starting point for fixing the bug. We evaluate SquirrelFS against state of the art file systems such as NOVA and WineFS, and find that SquirrelFS achieves similar or better performance on a wide range of benchmarks and applications.
{"title":"SquirrelFS: using the Rust compiler to check file-system crash consistency","authors":"Hayley LeBlanc, Nathan Taylor, James Bornholt, Vijay Chidambaram","doi":"arxiv-2406.09649","DOIUrl":"https://doi.org/arxiv-2406.09649","url":null,"abstract":"This work introduces a new approach to building crash-safe file systems for\u0000persistent memory. We exploit the fact that Rust's typestate pattern allows\u0000compile-time enforcement of a specific order of operations. We introduce a\u0000novel crash-consistency mechanism, Synchronous Soft Updates, that boils down\u0000crash safety to enforcing ordering among updates to file-system metadata. We\u0000employ this approach to build SquirrelFS, a new file system with\u0000crash-consistency guarantees that are checked at compile time. SquirrelFS\u0000avoids the need for separate proofs, instead incorporating correctness\u0000guarantees into the typestate itself. Compiling SquirrelFS only takes tens of\u0000seconds; successful compilation indicates crash consistency, while an error\u0000provides a starting point for fixing the bug. We evaluate SquirrelFS against\u0000state of the art file systems such as NOVA and WineFS, and find that SquirrelFS\u0000achieves similar or better performance on a wide range of benchmarks and\u0000applications.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"175 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141506630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Alex WollmanDakota State University, John HastingsDakota State University
Unikernels, an evolution of LibOSs, are emerging as a virtualization technology to rival those currently used by cloud providers. Unikernels combine the user and kernel space into one "uni"fied memory space and omit functionality that is not necessary for its application to run, thus drastically reducing the required resources. The removed functionality however is far-reaching and includes components that have become common security technologies such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Non-executable bits (NX bits). This raises questions about the real-world security of unikernels. This research presents a quantitative methodology using TF-IDF to analyze the focus of security discussions within unikernel research literature. Based on a corpus of 33 unikernel-related papers spanning 2013-2023, our analysis found that Memory Protection Extensions and Data Execution Prevention were the least frequently occurring topics, while SGX was the most frequent topic. The findings quantify priorities and assumptions in unikernel security research, bringing to light potential risks from underexplored attack surfaces. The quantitative approach is broadly applicable for revealing trends and gaps in niche security domains.
{"title":"A Survey of Unikernel Security: Insights and Trends from a Quantitative Analysis","authors":"Alex WollmanDakota State University, John HastingsDakota State University","doi":"arxiv-2406.01872","DOIUrl":"https://doi.org/arxiv-2406.01872","url":null,"abstract":"Unikernels, an evolution of LibOSs, are emerging as a virtualization\u0000technology to rival those currently used by cloud providers. Unikernels combine\u0000the user and kernel space into one \"uni\"fied memory space and omit\u0000functionality that is not necessary for its application to run, thus\u0000drastically reducing the required resources. The removed functionality however\u0000is far-reaching and includes components that have become common security\u0000technologies such as Address Space Layout Randomization (ASLR), Data Execution\u0000Prevention (DEP), and Non-executable bits (NX bits). This raises questions\u0000about the real-world security of unikernels. This research presents a\u0000quantitative methodology using TF-IDF to analyze the focus of security\u0000discussions within unikernel research literature. Based on a corpus of 33\u0000unikernel-related papers spanning 2013-2023, our analysis found that Memory\u0000Protection Extensions and Data Execution Prevention were the least frequently\u0000occurring topics, while SGX was the most frequent topic. The findings quantify\u0000priorities and assumptions in unikernel security research, bringing to light\u0000potential risks from underexplored attack surfaces. The quantitative approach\u0000is broadly applicable for revealing trends and gaps in niche security domains.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"33 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141257918","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
FPGA accelerator devices have emerged as a powerful platform for implementing high-performance and scalable solutions in a wide range of industries, leveraging their reconfigurability and virtualization capabilities. Virtualization, in particular, offers several benefits including improved security by resource isolation and sharing, and SR-IOV is the main solution for enabling it on FPGAs. This paper introduces the SR-IOV Virtual Function Framework (SVFF), a solution that aims to simplify and enhance the management of Virtual Functions (VFs) on PCIe-attached FPGA devices in Linux and QEMU/KVM environments, solving the lack of SR-IOV re-configuration support on guests. The framework leverages the SR-IOV support in the Xilinx Queue-based Direct Memory Access (QDMA) to automate the creation, attachment, detachment, and reconfiguration of VFs to different Virtual Machines (VMs). A novel pause functionality for the VFIO device has been implemented in QEMU to enable the detachment of VFs from the host without detaching them from the guest, making reconfiguration of VFs transparent for guests that already have a VF attached to them without any performance loss. The proposed solution offers the ability to automatically and seamlessly assign a set of VFs to different VMs and adjust the configuration on the fly. Thanks to the pause functionality, it also offers the ability to attach additional VFs to new VMs without affecting devices already attached to other VMs.
{"title":"SVFF: An Automated Framework for SR-IOV Virtual Function Management in FPGA Accelerated Virtualized Environments","authors":"Stefano Cirici, Michele Paolino, Daniel Raho","doi":"arxiv-2406.01225","DOIUrl":"https://doi.org/arxiv-2406.01225","url":null,"abstract":"FPGA accelerator devices have emerged as a powerful platform for implementing\u0000high-performance and scalable solutions in a wide range of industries,\u0000leveraging their reconfigurability and virtualization capabilities.\u0000Virtualization, in particular, offers several benefits including improved\u0000security by resource isolation and sharing, and SR-IOV is the main solution for\u0000enabling it on FPGAs. This paper introduces the SR-IOV Virtual Function Framework (SVFF), a\u0000solution that aims to simplify and enhance the management of Virtual Functions\u0000(VFs) on PCIe-attached FPGA devices in Linux and QEMU/KVM environments, solving\u0000the lack of SR-IOV re-configuration support on guests. The framework leverages\u0000the SR-IOV support in the Xilinx Queue-based Direct Memory Access (QDMA) to\u0000automate the creation, attachment, detachment, and reconfiguration of VFs to\u0000different Virtual Machines (VMs). A novel pause functionality for the VFIO\u0000device has been implemented in QEMU to enable the detachment of VFs from the\u0000host without detaching them from the guest, making reconfiguration of VFs\u0000transparent for guests that already have a VF attached to them without any\u0000performance loss. The proposed solution offers the ability to automatically and\u0000seamlessly assign a set of VFs to different VMs and adjust the configuration on\u0000the fly. Thanks to the pause functionality, it also offers the ability to\u0000attach additional VFs to new VMs without affecting devices already attached to\u0000other VMs.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"28 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141257833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}