Download presentation
Presentation is loading. Please wait.
1
Free Transactions with Rio Vista
Landon Cox April 7, 2017
2
Basic assumptions On-disk data is durable and has integrity
But slow to access In-memory data is fast to access But not durable and may lack integrity What is the difference between durability and integrity? Durability: data survives faults (crashes and power loss) Integrity: data is correct in face of faults
3
Basic assumption Why does disk data have durability and integrity?
Disk content survives power loss Disk data has integrity because of software interfaces Interface to disk is “explicit and complex” Requires interacting with disk drivers Unlikely to randomly duplicate driver functionality Driver calls are checked for errors Is the interface to memory explicit and complex? No, any store instruction modifies the state of memory Any store instruction can modify any writable memory address
4
Enter: battery-backed memory
NVRAM: non-volatile RAM NVRAM is fast NVRAM makes memory durable NVRAM does not ensure data integrity Same simple interface as volatile RAM Random stores can corrupt in-memory data Question: how to ensure integrity of in-memory data? This becomes a protection question
5
Protection and NVRAM Previously in protection
Language-level guarantees (Java) Instrumented code (Speculative execution) Virtual memory (Micro-kernels, etc.) Disadvantages of languages and instrumentation? Languages constrain programmer choice Languages do not support existing code in other languages Instrumentation can be slow Instrumentation requires interposing on all accesses
6
Rio file cache A file system interface in front of NVRAM
Allows “warm reboot” Cache persists across reboots Inspect content, sync with disk No need to write synchronously No need to maintain dependencies May still want to maintain a journal Only flush when needed (no timers)
7
Rio file cache A file system interface in front of NVRAM
Can apps corrupt cache? Unlikely to randomly generate write Can randomly store to mmap region Do we care about bad mmap stores? No, apps can corrupt their own data Take that risk when using mmap What about kernel stores? Failing kernel can still corrupt cache How to protect cache? Mark pages read-only unless accessed by FS Corruption must occur while cache is writable
8
Kinds of kernel failures
Random bit flips in kernel address space To simulate, randomly flip memory bits Faulty instructions in kernel text To simulate, change src/dst registers of instructions Programming errors Delete initialization code Corrupt pointer variables Randomly free allocated data Overwrite data structures
9
Methodology Run benchmarks Randomly inject errors Wait for crash …
Check to see if data has been corrupted
10
Protections remove the risk.
Rio results Protections remove the risk. What we were afraid of.
11
Rio file cache How else can we use Rio? Transactions are great, but
What about transactions? Transactions are great, but Rarely used outside of databases Synchronous writes are slow Can be hard to reason about aborts Rio can help make transactions fast 2,000 times faster!
12
Recoverable memory RVM: CMU library for recoverable memory
Copy of updated memory region. Copy of initial memory region. In whose address space is the recoverable memory? In the application’s
13
Recoverable memory RVM: CMU library for recoverable memory
How many times is data copied? 3: to undo log, to redo log, to database
14
Recoverable memory RVM: CMU library for recoverable memory
What is the undo log used for? User-initiated aborts
15
Recoverable memory RVM: CMU library for recoverable memory
What action commits the transaction? Write commit record to redo log
16
Recoverable memory RVM: CMU library for recoverable memory
Which ACID properties does this provide? Durability and atomicity
17
Vista recoverable memory
Vista: library for recoverable memory on Rio Why don’t we need the redo log? Can just use persistent undo log to recover
18
Vista recoverable memory
Vista: library for recoverable memory on Rio Interface to Vista is a malloc-like heap manager
19
Vista recoverable memory
Vista: library for recoverable memory on Rio What needs to be protected? Heap management, undo log
20
Vista recoverable memory
Vista: library for recoverable memory on Rio Why aren’t Rio protections sufficient? Data lives in app address space Syscalls to alter protections slow
21
Vista recoverable memory
Vista: library for recoverable memory on Rio How is Vista protected? Create a moat around important data
22
Protecting Vista
23
Evaluation Why the drop off here?
RVM and Vista both begin thrashing once the database is larger than available memory (roughly 200 MB). Note that RVM-Rio begins thrashing at half the database size of RVM and Vista due to double buffering. Double buffering results from frequent writes to the database file, effectively copying the database into the file cache. The result is two copies of the database: one in the process’s address space and another in the Rio file cache.
24
Evaluation Why the drop off here?
RVM and Vista both begin thrashing once the database is larger than available memory (roughly 200 MB). Note that RVM-Rio begins thrashing at half the database size of RVM and Vista due to double buffering. Double buffering results from frequent writes to the database file, effectively copying the database into the file cache. The result is two copies of the database: one in the process’s address space and another in the Rio file cache.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.