WEKO3
アイテム
Using Fault Injection to Analyze the Scope of Error Propagation in Linux
https://ipsj.ixsq.nii.ac.jp/records/87525
https://ipsj.ixsq.nii.ac.jp/records/875252cac247a-47c8-454a-930d-5f68e83b25dd
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-ComSys2012003.pdf (751.4 kB)
|
Copyright (c) 2012 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Symposium(1) | |||||||
|---|---|---|---|---|---|---|---|---|
| 公開日 | 2012-11-29 | |||||||
| タイトル | ||||||||
| タイトル | Using Fault Injection to Analyze the Scope of Error Propagation in Linux | |||||||
| タイトル | ||||||||
| 言語 | en | |||||||
| タイトル | Using Fault Injection to Analyze the Scope of Error Propagation in Linux | |||||||
| 言語 | ||||||||
| 言語 | eng | |||||||
| キーワード | ||||||||
| 主題Scheme | Other | |||||||
| 主題 | 仮想マシン・カーネル | |||||||
| 資源タイプ | ||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_5794 | |||||||
| 資源タイプ | conference paper | |||||||
| 著者所属 | ||||||||
| Keio University | ||||||||
| 著者所属 | ||||||||
| Tokyo University of Agriculture and Technology/JST CREST | ||||||||
| 著者所属 | ||||||||
| Keio University/JST CREST | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Keio University | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Tokyo University of Agriculture and Technology / JST CREST | ||||||||
| 著者所属(英) | ||||||||
| en | ||||||||
| Keio University / JST CREST | ||||||||
| 著者名 |
Takeshi, Yoshimura
Hiroshi, Yamada
Kenji, Kono
× Takeshi, Yoshimura Hiroshi, Yamada Kenji, Kono
|
|||||||
| 著者名(英) |
Takeshi, Yoshimura
Hiroshi, Yamada
Kenji, Kono
× Takeshi, Yoshimura Hiroshi, Yamada Kenji, Kono
|
|||||||
| 論文抄録 | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Operating systems (OSes) are crucial for achieving high availability of computer systems. Even if applications running on an operating system are highly available, a bug inside the kernel may result in a failure of the entire software stack. The objective of this study is to gain some insight into the development of the Linux kernel that is more resilient against software faults. In particular, this paper investigates the scope of error propagation. The propagation scope is process-local if the error is confined in the process context that activated it. The scope is kernel-global if the error propagates to other processes' contexts or global data structures. The investigation of the scope of error propagation gives us some insight into 1) defensive coding style, 2) reboot-less rejuvenation, and 3) general recovery mechanisms of the Linux kernel. For example, if most errors are process-local, we can rejuvenate the kernel without reboots because the kernel can be recovered simply by killing faulty processes. To investigate the scope of error propagation, we conduct an experimental campaign of fault injection on Linux 2.6.18, using a kernel-level fault injector widely used in the OS community. Our findings are (1) our target kernel (Linux 2.6.18) is coded defensively. This defensive coding style contributes to lower rates of error manifestation and kernel-global errors, (2) the scope of error propagation is mostly process-local in Linux, and (3) global propagation occurs with low probability. Even if an error corrupts a global data structure, other processes merely access to them. | |||||||
| 論文抄録(英) | ||||||||
| 内容記述タイプ | Other | |||||||
| 内容記述 | Operating systems (OSes) are crucial for achieving high availability of computer systems. Even if applications running on an operating system are highly available, a bug inside the kernel may result in a failure of the entire software stack. The objective of this study is to gain some insight into the development of the Linux kernel that is more resilient against software faults. In particular, this paper investigates the scope of error propagation. The propagation scope is process-local if the error is confined in the process context that activated it. The scope is kernel-global if the error propagates to other processes' contexts or global data structures. The investigation of the scope of error propagation gives us some insight into 1) defensive coding style, 2) reboot-less rejuvenation, and 3) general recovery mechanisms of the Linux kernel. For example, if most errors are process-local, we can rejuvenate the kernel without reboots because the kernel can be recovered simply by killing faulty processes. To investigate the scope of error propagation, we conduct an experimental campaign of fault injection on Linux 2.6.18, using a kernel-level fault injector widely used in the OS community. Our findings are (1) our target kernel (Linux 2.6.18) is coded defensively. This defensive coding style contributes to lower rates of error manifestation and kernel-global errors, (2) the scope of error propagation is mostly process-local in Linux, and (3) global propagation occurs with low probability. Even if an error corrupts a global data structure, other processes merely access to them. | |||||||
| 書誌情報 |
コンピュータシステム・シンポジウム論文集 巻 2012, p. 13-24, 発行日 2012-11-29 |
|||||||
| 出版者 | ||||||||
| 言語 | ja | |||||||
| 出版者 | 情報処理学会 | |||||||
