{"created":"2025-01-18T23:38:12.362219+00:00","updated":"2025-01-21T17:09:09.438453+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00087525","sets":["6164:6165:6617:6936"]},"path":["6936"],"owner":"11","recid":"87525","title":["Using Fault Injection to Analyze the Scope of Error Propagation in Linux"],"pubdate":{"attribute_name":"公開日","attribute_value":"2012-11-29"},"_buckets":{"deposit":"216950c1-35aa-4950-af39-35f47d322717"},"_deposit":{"id":"87525","pid":{"type":"depid","value":"87525","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"Using Fault Injection to Analyze the Scope of Error Propagation in Linux","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Using Fault Injection to Analyze the Scope of Error Propagation in Linux"},{"subitem_title":"Using Fault Injection to Analyze the Scope of Error Propagation in Linux","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"仮想マシン・カーネル","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2012-11-29","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Keio University"},{"subitem_text_value":"Tokyo University of Agriculture and Technology／JST CREST"},{"subitem_text_value":"Keio University／JST CREST"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Keio University","subitem_text_language":"en"},{"subitem_text_value":"Tokyo University of Agriculture and Technology / JST CREST","subitem_text_language":"en"},{"subitem_text_value":"Keio University / JST CREST","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/87525/files/IPSJ-ComSys2012003.pdf"},"date":[{"dateType":"Available","dateValue":"2014-11-29"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-ComSys2012003.pdf","filesize":[{"value":"751.4 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"11"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"6239eb17-fde5-43de-9f7e-0b362ee567c4","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2012 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takeshi, Yoshimura"},{"creatorName":"Hiroshi, Yamada"},{"creatorName":"Kenji, Kono"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takeshi, Yoshimura","creatorNameLang":"en"},{"creatorName":"Hiroshi, Yamada","creatorNameLang":"en"},{"creatorName":"Kenji, Kono","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Operating systems (OSes) are crucial for achieving high availability of computer systems. Even if applications running on an operating system are highly available, a bug inside the kernel may result in a failure of the entire software stack. The objective of this study is to gain some insight into the development of the Linux kernel that is more resilient against software faults. In particular, this paper investigates the scope of error propagation. The propagation scope is process-local if the error is confined in the process context that activated it. The scope is kernel-global if the error propagates to other processes' contexts or global data structures. The investigation of the scope of error propagation gives us some insight into 1) defensive coding style, 2) reboot-less rejuvenation, and 3) general recovery mechanisms of the Linux kernel. For example, if most errors are process-local, we can rejuvenate the kernel without reboots because the kernel can be recovered simply by killing faulty processes. To investigate the scope of error propagation, we conduct an experimental campaign of fault injection on Linux 2.6.18, using a kernel-level fault injector widely used in the OS community. Our findings are (1) our target kernel (Linux 2.6.18) is coded defensively. This defensive coding style contributes to lower rates of error manifestation and kernel-global errors, (2) the scope of error propagation is mostly process-local in Linux, and (3) global propagation occurs with low probability. Even if an error corrupts a global data structure, other processes merely access to them.","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Operating systems (OSes) are crucial for achieving high availability of computer systems. Even if applications running on an operating system are highly available, a bug inside the kernel may result in a failure of the entire software stack. The objective of this study is to gain some insight into the development of the Linux kernel that is more resilient against software faults. In particular, this paper investigates the scope of error propagation. The propagation scope is process-local if the error is confined in the process context that activated it. The scope is kernel-global if the error propagates to other processes' contexts or global data structures. The investigation of the scope of error propagation gives us some insight into 1) defensive coding style, 2) reboot-less rejuvenation, and 3) general recovery mechanisms of the Linux kernel. For example, if most errors are process-local, we can rejuvenate the kernel without reboots because the kernel can be recovered simply by killing faulty processes. To investigate the scope of error propagation, we conduct an experimental campaign of fault injection on Linux 2.6.18, using a kernel-level fault injector widely used in the OS community. Our findings are (1) our target kernel (Linux 2.6.18) is coded defensively. This defensive coding style contributes to lower rates of error manifestation and kernel-global errors, (2) the scope of error propagation is mostly process-local in Linux, and (3) global propagation occurs with low probability. Even if an error corrupts a global data structure, other processes merely access to them.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"24","bibliographic_titles":[{"bibliographic_title":"コンピュータシステム・シンポジウム論文集"}],"bibliographicPageStart":"13","bibliographicIssueDates":{"bibliographicIssueDate":"2012-11-29","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2012"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":87525,"links":{}}