An Evolutionary Study of Linux Memory Management for Fun and Profit

Similar documents
An Evolutionary Study of Linux Memory Management for Fun and Profit

Multi-level Translation. CS 537 Lecture 9 Paging. Example two-level page table. Multi-level Translation Analysis

Lecture 2: Architectural Support for OSes

Flavors of Memory supported by Linux, their use and benefit. Christoph Lameter, Ph.D,

CS5460: Operating Systems

Block Device Scheduling. Don Porter CSE 506

CSE 120 Principles of Operating Systems

Application Fault Tolerance Using Continuous Checkpoint/Restart

The Exascale Architecture

CS533 Concepts of Operating Systems. Jonathan Walpole

OPERATING SYSTEM. Chapter 9: Virtual Memory

CSE 120 Principles of Operating Systems

Block Device Scheduling. Don Porter CSE 506

Block Device Scheduling

ECE 598-MS: Advanced Memory and Storage Systems Lecture 7: Unified Address Translation with FlashMap

Linux Memory Management

The C4 Collector. Or: the Application memory wall will remain until compaction is solved. Gil Tene Balaji Iyengar Michael Wolf

[537] Locks. Tyler Harter

Caching and reliability

Last 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture

The memory of a program. Paging and Virtual Memory. Swapping. Paging. Physical to logical address mapping. Memory management: Review

CS5460: Operating Systems Lecture 20: File System Reliability

CS 318 Principles of Operating Systems

Memory Mapping. Sarah Diesburg COP5641

Reducing Hit Times. Critical Influence on cycle-time or CPI. small is always faster and can be put on chip

G Disco. Robert Grimm New York University

Computer Systems A Programmer s Perspective 1 (Beta Draft)

The Art and Science of Memory Allocation

Memory Hierarchy. Goal: Fast, unlimited storage at a reasonable cost per bit.

Improve Linux User-Space Core Libraries with Restartable Sequences

Lecture 21: Virtual Memory. Spring 2018 Jason Tang

CS370 Operating Systems

OS-caused Long JVM Pauses - Deep Dive and Solutions

Locking: A necessary evil? Lecture 10: Avoiding Locks. Priority Inversion. Deadlock

RCU in the Linux Kernel: One Decade Later

Memory Management. Fundamentally two related, but distinct, issues. Management of logical address space resource

NPTEL Course Jan K. Gopinath Indian Institute of Science

Operating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst

Lecture 10: Avoiding Locks

Virtual or Logical. Logical Addr. MMU (Memory Mgt. Unit) Physical. Addr. 1. (50 ns access)

Virtual Memory COMPSCI 386

Page Which had internal designation P5

Linked Lists: The Role of Locking. Erez Petrank Technion

CS140 Project 3: Virtual Memory. TA: Diveesh Singh

Memory Management. To improve CPU utilization in a multiprogramming environment we need multiple programs in main memory at the same time.

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

New types of Memory, their support in Linux and how to use them with RDMA

Blurred Persistence in Transactional Persistent Memory

Last class: Today: Course administration OS definition, some history. Background on Computer Architecture

Virtual Memory. Patterson & Hennessey Chapter 5 ELEC 5200/6200 1

Conoscere e ottimizzare l'i/o su Linux. Andrea Righi -

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

Linux Memory Management

Deukyeon Hwang UNIST. Wook-Hee Kim UNIST. Beomseok Nam UNIST. Hanyang Univ.

Engineering Goals. Scalability Availability. Transactional behavior Security EAI... CS530 S05

CSE502: Computer Architecture CSE 502: Computer Architecture

CSE 120 Principles of Operating Systems

Administrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.

NUMA replicated pagecache for Linux

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

[537] Journaling. Tyler Harter

Today. Adding Memory Does adding memory always reduce the number of page faults? FIFO: Adding Memory with LRU. Last Class: Demand Paged Virtual Memory

Virtual Memory: From Address Translation to Demand Paging

Page Replacement Algorithms

Architectural Support for Operating Systems

Review: Hardware user/kernel boundary

File Systems: Consistency Issues

Virtual memory. Virtual memory - Swapping. Large virtual memory. Processes

Virtual Memory. Daniel Sanchez Computer Science & Artificial Intelligence Lab M.I.T. April 12, 2018 L16-1

PROCESS VIRTUAL MEMORY PART 2. CS124 Operating Systems Winter , Lecture 19

CS 153 Design of Operating Systems Winter 2016

CIS Operating Systems Memory Management Cache and Demand Paging. Professor Qiang Zeng Spring 2018

Modeling Page Replacement: Stack Algorithms. Design Issues for Paging Systems

Embedded Systems Programming

Chapter 9: Virtual Memory

Implementing Transactional Memory in Kernel space

Hierarchical PLABs, CLABs, TLABs in Hotspot

CS 261 Fall Mike Lam, Professor. Virtual Memory

Bill Bridge. Oracle Software Architect NVM support for C Applications

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 23

CSE 120 Principles of Operating Systems

Chapter 10: Virtual Memory

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

CIS Operating Systems Memory Management Cache. Professor Qiang Zeng Fall 2017

Architectural Support for OS

Quiz II Solutions MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Department of Electrical Engineering and Computer Science

CSE 560 Computer Systems Architecture

Contents. Memory System Overview Cache Memory. Internal Memory. Virtual Memory. Memory Hierarchy. Registers In CPU Internal or Main memory

CS370 Operating Systems

Initial Evaluation of a User-Level Device Driver Framework

CS399 New Beginnings. Jonathan Walpole

HMM: GUP NO MORE! XDC Jérôme Glisse

Exception-Less System Calls for Event-Driven Servers

CHAPTER 4 MEMORY HIERARCHIES TYPICAL MEMORY HIERARCHY TYPICAL MEMORY HIERARCHY: THE PYRAMID CACHE PERFORMANCE MEMORY HIERARCHIES CACHE DESIGN

Computer Architecture. Lecture 8: Virtual Memory

Memory System Case Studies Oct. 13, 2008

CS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2015 Lecture 23

To Everyone... iii To Educators... v To Students... vi Acknowledgments... vii Final Words... ix References... x. 1 ADialogueontheBook 1

The benefits and costs of writing a POSIX kernel in a high-level language

Virtual Memory Paging

Transcription:

An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang Moinuddin K. Qureshi Karsten Schwan

Virtual Memory: A Long History Physical Hardware DRAM Disk 2

Virtual Memory: A Long History Virtual Memory (per process) Physical Hardware DRAM Disk 2

Virtual Memory: A Long History Virtual Memory (per process) Physical Hardware DRAM Disk 2

Virtual Memory: A Long History Virtual Memory (per process) Physical Hardware DRAM Disk + OS Core Component Development 2

Virtual Memory: A Long History Virtual Memory (per process) Physical Hardware DRAM Disk + OS Core Component Development Pervasively Used 2

Why Memory Manager Study Matters? Features & Functions 3

Why Memory Manager Study Matters? Features & Functions Hardware Support 3

Why Memory Manager Study Matters? Features & Functions Hardware Support System Reliability 3

Why Memory Manager Study Matters? Features & Functions Hardware Support System Reliability Study on Memory Manager 3

Why Memory Manager Study Matters? Features & Functions Hardware Support System Reliability Study on Memory Manager Building Better Memory Manager 3

On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] 4

On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] Approach: Source code analysis, Linux 2.4, 2.6 4

On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] Approach: Source code analysis, Linux 2.4, 2.6 Milestone 4

On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] Approach: Source code analysis, Linux 2.4, 2.6 Milestone Our Focus: Patch study, Linux 2.6 4.0 4

On the Study of Memory Management Understanding the Linux Virtual Memory Manager [Mel Gorman, July 9, 2007] Approach: Source code analysis, Linux 2.4, 2.6 Milestone Our Focus: Patch study, Linux 2.6 4.0 + + + Pattern Memory Bug Optimization Semantic 4

Preview of Our Findings Code changes are highly concentrated around the key functions 80% of patches 25% of its source code... 5

Preview of Our Findings Code changes are highly concentrated around the key functions 80% of patches 25% of its source code... Memory error Checking Concurrency Logic Programming Memory errors: Null pointer & page alignment Complex page states Checking & logic bugs... 5

Preview of Our Findings Code changes are highly concentrated around the key functions 80% of patches 25% of its source code... Memory error Checking Concurrency Logic Programming Memory errors: Null pointer & page alignment Complex page states Checking & logic bugs... Data structures -- Policy trade-off -- Fast path 4 data structures, 5 design trade-offs, 8 types of fast paths... 5

Preview of Our Findings Code changes are highly concentrated around the key functions 80% of patches 25% of its source code... Memory error Checking Concurrency Logic Programming Memory errors: Null pointer & page alignment Complex page states Checking & logic bugs... Data structures -- Policy trade-off -- Fast path 4 data structures, 5 design trade-offs, 8 types of fast paths... 35 key functionalities in 13 hot files The well-developed memory allocators still have many checking & lock bugs... 5

Methodology Used in Our Study Memory Allocation Resource Controller Garbage Collection Page Cache & Write-back Virtual Memory Management Swapping Exception Handling Misc (e.g., data structure) 8 components 6

Methodology Used in Our Study Memory Allocation Resource Controller Garbage Collection Page Cache & Write-back Virtual Memory Management Swapping Exception Handling Misc (e.g., data structure) 8 components 4587 patches in 5 years 6

Methodology Used in Our Study Patches Description Follow-up Discussions Source Code Analysis 6

Methodology Used in Our Study Patches Description Follow-up Discussions Source Code Analysis Labeling & MChecker BugID Component Type Causes Commit Time Involved Functions MPatch 6

Lines of Code (x1000) How Is the Memory Manager Changed? 80 70 60 50 40 30 20 10 0 2.6.32 (2009) 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 7

Lines of Code (x1000) How Is the Memory Manager Changed? 80 70 60 50 40 30 20 10 0 The LoC has increased by 60% since Linux 2.6.32. 2.6.32 (2009) 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 7

Where Is the Memory Manager Changing? 8

Where Is the Memory Manager Changing? Memory Manager Components 8

Where Is the Memory Manager Changing? Linux Version 8

Where Is the Memory Manager Changing? Number of Committed Patches 8

Where Is the Memory Manager Changing? 8

Where Is the Memory Manager Changing? 80% of the code changes 25% of the source code 8

Where Is the Memory Manager Changing? 8

Where Is the Memory Manager Changing? 8

Where Is the Memory Manager Changing? 8

Where Is the Memory Manager Changing? 8

Where Is the Memory Manager Changing? 13 hot files from 90 files recent development focus 8

Percentage (%) Why Is the Memory Manager Changed? 60 50 Bug Code Maintenance Optimization New Feature 40 30 20 10 0 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 9

Percentage (%) Why Is the Memory Manager Changed? Code Maintenance New Feature 60 50 40 30 20 10 0 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 9

Percentage (%) Why Is the Memory Manager Changed? Bug Optimization 60 50 40 30 20 10 0 70% more bugs in well-developed memory manager! 2.6.33 (2010) 2.6.38 (2011) 3.2 (2012) 3.10 (2013) 3.14 (2014) 4.0-rc4 (2015) Linux version (released year) 9

On the Bugs in Memory Manager 10

On the Bugs in Memory Manager Types of Memory Bugs 10

On the Bugs in Memory Manager Memory Manager Component 10

On the Bugs in Memory Manager Memory Allocation: 26%, Virtual Memory Management: 22%, GC: 14% 10

On the Bugs in Memory Manager 10

On the Bugs in Memory Manager Page alignment Null pointer 10

On the Bugs in Memory Manager Page alignment Null pointer Inappropriate check Missing check Wrong check 10

On the Bugs in Memory Manager Page alignment Null pointer Lock contention Missing lock Inappropriate check Missing check Wrong check 10

On the Bugs in Memory Manager Page alignment Null pointer Lock contention Missing lock Inappropriate check Missing check Wrong check Fault handler State update Case-by-case 10

On the Bugs in Memory Manager Page alignment Null pointer Lock contention Missing lock API Misc Inappropriate check Missing check Wrong check Fault handler State update Case-by-case 10

Memory Bugs: Case Studies Page Alignment mm/nommu.c @@ -1762,6 +1765,8 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; /* insanity checks first */ if (old_len == 0 new_len == 0) return (unsigned long) -EINVAL; 11

Memory Bugs: Case Studies Page Alignment mm/nommu.c @@ -1762,6 +1765,8 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; /* insanity checks first */ if (old_len == 0 new_len == 0) return (unsigned long) -EINVAL; Bug: device drivers mmap() failed. Cause: NOMMU does not do page_align(), which is inconsistent with MMU arch. 11

Memory Bugs: Case Studies Page Alignment mm/nommu.c @@ -1762,6 +1765,8 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; /* insanity checks first */ + old_len = PAGE_ALIGN(old_len); + new_len = PAGE_ALIGN(new_len); if (old_len == 0 new_len == 0) return (unsigned long) -EINVAL; Bug: device drivers mmap() failed. Cause: NOMMU does not do page_align(), which is inconsistent with MMU arch. 11

Memory Bugs: Case Studies Checking mm/bootmem.c @@ -156,21 +157,31 @@ static void init free_bootmem_core(bootmem_data_t *bdata, unsigned long addr, 12

Memory Bugs: Case Studies Checking mm/bootmem.c @@ -156,21 +157,31 @@ static void init free_bootmem_core(bootmem_data_t *bdata, unsigned long addr, Bug: free pages wrongly. Cause: miss boundary checking. 12

Memory Bugs: Case Studies Checking mm/bootmem.c @@ -156,21 +157,31 @@ static void init free_bootmem_core(bootmem_data_t *bdata, unsigned long addr, + BUG_ON(!size); + + /* out range */ + if (addr + size < bdata->node_boot_start + PFN_DOWN(addr) > bdata->node_low_pfn) + return; Bug: free pages wrongly. Cause: miss boundary checking. 12

Memory Optimizations 4Data Structures Radix Tree Red-black Tree Bitmap List 13

Memory Optimizations 4Data Structures Radix Tree Red-black Tree Bitmap List Decentralize data structures: per-core/per-node/per-device approaches. 13

Memory Optimizations 4Data Structures Radix Tree Red-black Tree Bitmap List 5Policy Trade-offs Latency Vs. Throughput Synchronous Vs. Asynchronous Lazy Vs. Non-lazy Local Vs. Global Fairness Vs. Performance 13

Memory Optimizations 4Data Structures Radix Tree Red-black Tree Bitmap List 5Policy Trade-offs Latency Vs. Throughput Synchronous Vs. Asynchronous Lazy Vs. Non-lazy Local Vs. Global Fairness Vs. Performance 8Fast Paths Code Reduction Lockless Optimization New Function Inline State Caching Code Shifting Group Execution Optimistic Barrier 13

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance 11% 16% 18% Synchronous Vs. Asynchronous 22% Local Vs. Global 33% 14

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance 11% 16% 18% 137 patches committed especially for reducing the latencies of memory operations. Synchronous Vs. Asynchronous 22% Local Vs. Global 33% 14

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance 11% 16% 18% Lazy policy: delay expensive operations. May change the execution order of functions. Synchronous Vs. Asynchronous 22% Local Vs. Global 33% 14

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance Synchronous Vs. Asynchronous 11% 16% 18% 22% Lazy policy: delay expensive operations. May change the execution order of functions. vmalloc mempolicy huge_memory Lazy TLB flush, lazy unmapping Lazy page migration between nodes Lazy huge zero page allocation Local Vs. Global 33% 14

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance Synchronous Vs. Asynchronous 11% 16% 18% 22% Mostly considered in memory allocation & GC Local Vs. Global 33% 14

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance 11% 16% 18% Synchronous Vs. Asynchronous 22% Async is popular, but be careful to its fault handlers! Local Vs. Global 33% 14

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance 11% 16% 18% Synchronous Vs. Asynchronous Local Vs. Global 22% 33% Async is popular, but be careful to its fault handlers! E.g., early termination 14

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance 11% 16% 18% Synchronous Vs. Asynchronous 22% Local Vs. Global 33% Decentralizing global structures for better scalability 14

Memory Optimizations: Policy Trade-offs Latency Vs. Throughput Lazy Vs. Non-lazy Fairness Vs. Performance 11% 16% 18% Synchronous Vs. Asynchronous 22% Local Vs. Global 33% Decentralizing global structures for better scalability E.g., dynamic per-cpu allocator. 14

Memory Optimizations: Fast Path Code Reduction 34% Lockless Optimization 27% New Function State Caching Inline Code Shifting Group Execution Optimistic Barrier 12% 8% 6% 5% 4% 4% 15

Memory Optimizations: Fast Path Code Reduction 34% Simplify the slow path logic Lockless Optimization 27% New Function 12% State Caching Inline Code Shifting Group Execution Optimistic Barrier 8% 6% 5% 4% 4% 15

Memory Optimizations: Fast Path Code Reduction Lockless Optimization New Function State Caching Inline Code Shifting Group Execution Optimistic Barrier 34% 27% 12% 8% 6% 5% 4% 4% Simplify the slow path logic E.g., Avoid redundant get/put_page in munlock_vma_range as pages will not be referred anymore. mm/memory.c @@ -303,8 +303,10 @@ static void munlock_pagevec( if (PageLRU(page)) { lruvec = mem_cgroup_page_lruvec(page, zone); lru = page_lru(page); - - get_page(page); + /* + * We already have pin from follow_page_mask() + * so we can spare the get_page() here. + */ 15

Memory Optimizations: Fast Path Code Reduction 34% Lockless Optimization 27% Reduce the usage of lock and atomic operations New Function State Caching Inline Code Shifting Group Execution Optimistic Barrier 12% 8% 6% 5% 4% 4% 15

Memory Optimizations: Fast Path Code Reduction 34% Lockless Optimization 27% Reduce the usage of lock and atomic operations E.g., lockless memory allocator in SLUB New Function State Caching Inline Code Shifting Group Execution Optimistic Barrier 12% 8% 6% 5% 4% 4% 15

Memory Optimizations: Fast Path Code Reduction 34% Lockless Optimization 27% New Function State Caching Inline Code Shifting Group Execution Optimistic Barrier 12% 8% 6% 5% 4% 4% Cache states to avoid expensive operations 15

Memory Optimizations: Fast Path Code Reduction 34% Lockless Optimization 27% New Function State Caching Inline Code Shifting Group Execution Optimistic Barrier 12% 8% 6% 5% 4% 4% Cache states to avoid expensive operations E.g., pre-calculate the number of online nodes vs. always calling expensive num_online_nodes 15

Memory Optimizations: Fast Path Code Reduction 34% Lockless Optimization 27% New Function State Caching Inline Code Shifting Group Execution Optimistic Barrier 12% 8% 6% 5% 4% 4% Move infrequently executed code from fast path to slow path 15

Memory Optimizations: Fast Path Code Reduction 34% Lockless Optimization 27% New Function State Caching Inline Code Shifting Group Execution Optimistic Barrier 12% 8% 6% 5% 4% 4% Move infrequently executed code from fast path to slow path E.g., in SLUB allocator, slow path executes the interrupt enable/disable handlers, fast path executes them only at fallback 15

Memory Semantics Memory Resource Controller memory cgroup charge/uncharge cgroup management memcontrol.c 16

Memory Semantics Memory Resource Controller memory cgroup charge/uncharge Bug: Concurrency issues cgroup management memcontrol.c 16

Memory Semantics Memory Resource Controller memory cgroup charge/uncharge cgroup management memcontrol.c Bug: Concurrency issues Cause: missing locks in charging & uncharging pages (truncation, reclaim, swapout and migration) 16

Memory Semantics Virtual Memory Management memory policy 17

Memory Semantics Virtual Memory Management memory policy policy definition policy enforcement mempolicy.c 17

Memory Semantics Virtual Memory Management memory policy policy definition Bug: policy enforcement failure policy enforcement mempolicy.c 17

Memory Semantics Virtual Memory Management memory policy policy definition policy enforcement mempolicy.c Bug: policy enforcement failure Cause: missing check on page states & statistics, e.g., whether a page is dirty, cache hit/miss rate 17

Conclusion + + + Pattern Memory Bug Optimization Semantic 18

Conclusion + + + Pattern Memory Bug Optimization Semantic Complex page states Concurrency bugs Simplified page management Fast path Introduce new errors Fast path verification Bugs in checking Model checking for memory manager... 18

Thanks! Jian Huang jian.huang@gatech.edu Moinuddin K. Qureshi Karsten Schwan Q&A 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback