USCOPE: A SCALABLE UNIFIED TRACER FROM KERNEL TO USER SPACE

Similar documents
DELTAPATH: PRECISE AND SCALABLE CALLING CONTEXT ENCODING

ECE 574 Cluster Computing Lecture 8

SystemTap for Enterprise

Parallel architectures are enforcing the need of managing parallel software efficiently Sw design, programming, compiling, optimizing, running

CNIT 127: Exploit Development. Ch 3: Shellcode. Updated

Analyzing Kernel Behavior by SystemTap

Computer Systems A Programmer s Perspective 1 (Beta Draft)

Chapter 2: Operating-System Structures

CHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

Processes. Process Scheduling, Process Synchronization, and Deadlock will be discussed further in Chapters 5, 6, and 7, respectively.

A Multi-OS Cross-Layer Study of Bloating in User Programs, Kernel and Managed Execution Environments

Chapter 2: Operating-System Structures. Operating System Concepts 9 th Edition

CS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017

Processes. CS3026 Operating Systems Lecture 05

CLUE: System Trace Analytics for Cloud Service Performance Diagnosis

Optimizing MySQL on source code level. Vadim Tkachenko Peter Zaitsev MySQL AB

Chapter 4: Threads. Operating System Concepts. Silberschatz, Galvin and Gagne

OS lpr. www. nfsd gcc emacs ls 1/27/09. Process Management. CS 537 Lecture 3: Processes. Example OS in operation. Why Processes? Simplicity + Speed

CSCE Operating Systems Interrupts, Exceptions, and Signals. Qiang Zeng, Ph.D. Fall 2018

CROWDMARK. Examination Midterm. Spring 2017 CS 350. Closed Book. Page 1 of 30. University of Waterloo CS350 Midterm Examination.

Operating Systems. II. Processes

CS 475. Process = Address space + one thread of control Concurrent program = multiple threads of control

Static and Dynamic Analysis at. David Sklar - ZendCon 2008

Exception-Less System Calls for Event-Driven Servers

Concurrent Programming

FlexSC. Flexible System Call Scheduling with Exception-Less System Calls. Livio Soares and Michael Stumm. University of Toronto

4.8 Summary. Practice Exercises

A Scalable Event Dispatching Library for Linux Network Servers

W4118 Operating Systems. Junfeng Yang

Confinement (Running Untrusted Programs)

www nfsd emacs lpr Process Management CS 537 Lecture 4: Processes Example OS in operation Why Processes? Simplicity + Speed

csci3411: Operating Systems

Uni-Address Threads: Scalable Thread Management for RDMA-based Work Stealing

3.1 Introduction. Computers perform operations concurrently

Concurrent Programming

Reading Assignment 4. n Chapter 4 Threads, due 2/7. 1/31/13 CSE325 - Processes 1

PerfGuard: Binary-Centric Application Performance Monitoring in Production Environments

OS 1 st Exam Name Solution St # (Q1) (19 points) True/False. Circle the appropriate choice (there are no trick questions).

Overview. Administrative. * HW 2 Grades. * HW 3 Due. Topics: * What are Threads? * Motivating Example : Async. Read() * POSIX Threads

Concurrent Processing in Client-Server Software

Intel Threading Tools

Processes. Dr. Yingwu Zhu

ECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017

MASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions

PROCESS MANAGEMENT Operating Systems Design Euiseong Seo

From Processes to Threads

Processes. Process Concept

Processes. Operating System CS 217. Supports virtual machines. Provides services: User Process. User Process. OS Kernel. Hardware

CSCE 313: Intro to Computer Systems

Data Communication and Synchronization

Know your Unknowns. Techniques for analyzing unknown software. (and dynamic reversing in general)

From data center OS to Cloud architectures The future is Open Syed M Shaaf

Diagnosing Production-Run Concurrency-Bug Failures. Shan Lu University of Wisconsin, Madison

CSC 539: Operating Systems Structure and Design. Spring 2006

Eliminate Threading Errors to Improve Program Stability

Intel VTune Amplifier XE

Architectural Support for Operating Systems. Jinkyu Jeong ( Computer Systems Laboratory Sungkyunkwan University

Threads Implementation. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

CS 333 Introduction to Operating Systems. Class 3 Threads & Concurrency. Jonathan Walpole Computer Science Portland State University

2017 Pearson Educa2on, Inc., Hoboken, NJ. All rights reserved.

Overview of Layered Architectures

Problem System administration tasks on a VM from the outside, e.g., issue administrative commands such as hostname and rmmod. One step ahead tradition

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

Outline. CS4254 Computer Network Architecture and Programming. Introduction 2/4. Introduction 1/4. Dr. Ayman A. Abdel-Hamid.

Exceptions and Processes

SUPPORTING NATIVE PTHREADS IN SYSCALL EMULATION MODE BRANDON POTTER JUNE 14 TH, 2015

Prepared by Prof. Hui Jiang Process. Prof. Hui Jiang Dept of Electrical Engineering and Computer Science, York University

Message-Passing Shared Address Space

Chapter 3 Processes. Process Concept. Process Concept. Process Concept (Cont.) Process Concept (Cont.) Process Concept (Cont.)

Process. Prepared by Prof. Hui Jiang Dept. of EECS, York Univ. 1. Process in Memory (I) PROCESS. Process. How OS manages CPU usage? No.

Benchmark Study: A Performance Comparison Between RHEL 5 and RHEL 6 on System z

Path-based Macroanalysis for Large Distributed Systems

Announcement. Exercise #2 will be out today. Due date is next Monday

CS 261 Fall Mike Lam, Professor. Exceptional Control Flow and Processes

Process. Heechul Yun. Disclaimer: some slides are adopted from the book authors slides with permission

DBT Tool. DBT Framework

Self Learning Hard Disk Power Management for Mobile Devices

Chapter 2: Operating-System Structures. Operating System Concepts 9 th Edit9on

Chapter 4: Threads. Overview Multithreading Models Thread Libraries Threading Issues Operating System Examples Windows XP Threads Linux Threads

Processes & Threads. Today. Next Time. ! Process concept! Process model! Implementing processes! Multiprocessing once again. ! More of the same J

Go Deep: Fixing Architectural Overheads of the Go Scheduler

Structuring PLFS for Extensibility

Erlang-DTrace. Garry Bulmer. Team DTrace: Tim Becker

Concurrency. Stefan D. Bruda. Winter 2018

Improving I/O Bandwidth With Cray DVS Client-Side Caching

Motivation. Threads. Multithreaded Server Architecture. Thread of execution. Chapter 4

Chapter 2: System Structures. Operating System Concepts 9 th Edition

Userspace Application Tracing with Markers and Tracepoints

Chapter 2. Operating-System Structures

Workload Optimization on Hybrid Architectures

Red Hat Summit 2009 William Cohen

CFix. Automated Concurrency-Bug Fixing. Guoliang Jin, Wei Zhang, Dongdong Deng, Ben Liblit, and Shan Lu. University of Wisconsin Madison

Debug your build by (s)tracing and reversing

Operating System Virtualization: Practice and Experience

Physical memory vs. Logical memory Process address space Addresses assignment to processes Operating system tasks Hardware support CONCEPTS 3.

Operating System Structure

Pulse: A Dynamic Deadlock Detection Mechanism Using Speculative Execution

Verification & Validation of Open Source

Process Concepts. CSC400 - Operating Systems. 3. Process Concepts. J. Sumey

COP 4610: Introduction to Operating Systems (Spring 2016) Chapter 3: Process. Zhi Wang Florida State University

Transcription:

USCOPE: A SCALABLE UNIFIED TRACER FROM KERNEL TO USER SPACE Junghwan Rhee, Hui Zhang, Nipun Arora, Guofei Jiang, Kenji Yoshihira NEC Laboratories America www.nec-labs.com

Motivation Complex IT services face diverse functional and non-functional issues due to complexity of software and usage of underlying components. Errors Performance Security OS kernel event tracing is a convenient method to monitor and debug system operations without hard dependency on application layers (e.g., Libraries, program binaries). Example: System call trace However, OS events can be triggered by diverse programs and code. Therefore there is semantic gap to understand application program behavior from OS events. 2

Kernel User Space Unified Tracing Trace logs across the boundary of kernel and user space Examples: Dtrace, Windows ETW, System Tap Two types of Unified Tracing App A App B App A App B App C main main main main App f? C A,1 f B,1 f C,1 User?? Probe Library Library Library f B,P (a) Type 1 Unified Tracing (User space to Kernel) syscall (b) Type 2 Unified Tracing (Kernel to User space) Trigger Traced Target Type 1 User code Trace the execution of known user code Type 2 Kernel code Trace unknown user code triggering kernel code 3

Type 2 Unified Tracing Service problems can be caused from any program/layers. Type 2 unified tracers can cover such unknown cases. A typically used technique to collect user space code information is stack walking. Tracer finds the user process stack in the current context and scan stack frames from the stack pointer address. Examples Ustack of Dtrace, Stackwalking of Microsoft ETW These solutions have been generally used for debugging scenarios. How we can lower overhead? App A main f A,1? Library App B main f B,1 Library?? App C main f C,1 Library syscall Type 2 Unified Tracing (Kernel to User space) 4

Challenges : Tracing Focus Tracing all programs? Figure: A hierarchy of live processes in an idle desktop machine There are numerous processes in typical desktop and server systems at runtime for various purposes (e.g., multitasking, administration, accounting, updating software, users daemons). Unless the user does not know which program to diagnose, tracing all processes is not ideal. 5

Challenges : Tracing Focus Tracing an application software? Child of the Apache Controller becomes the Apache daemon. Apache Controller forks a child Apache daemon forks children on demand. Programs create and kill many sub processes dynamically. Some processes change their identity (execve system calls). How to systematically track all processes from their start? (instead of giving PIDs to tracers) 6

Challenges : Tracing Focus Tracing the whole stack? Programs may have deep stacks. ECLIPSE project reported that the collected stack trace ranged from 1 ~ 1024 stack frames. A stack includes function call information of multiple software layers (programs, libraries, middleware, and kernel etc.) Not every stack layer may be in users interest. LibC Libraries Program 7

Uscope: Systematic Unified Tracer Flexible and configurable tracing scopes Efficient per-application tracing Systematic tracking of dynamic processes A highly configurable focus within the call stack LibC Libraries Program 8

Uscope Architecture App B User Space App A Process App C 1 Unified Trace OS Kernel Flexible Stack Walking Per-App Tracing App B OS Kernel Kernel Tracing Target User Tracing Target Tracing Mode Input: 1. Kernel Tracing Target : the kernel events that generate log events 2. User Tracing Target : the application software to be traced 3. Tracing Mode : specification on the call stack focus to be traced Output: Unified Trace for the user tracing target 9

Per-Application Tracing Logic 3 PID Trace Map Kernel Event Name PTR 101 A PTR 102 A PTR 103 B OUT 104? (New) A Null PTR 1 Is it a Kernel Tracing Target? Add a new process fork 4 Set up CRLT/PTR Remove a process exit execve execve 2 Get the current PID Invalidate CRLT 6 8 Obtain CRLT via PTR Return 5 Dynamic Process Management Layer Flexible Stack Walking 7 This diagram shows the logic how Uscope performs per-application tracing and systematic tracking of dynamic processes. Trace map maintains the sets of processes in three states: (1) unknown, (2) to be traced, and (3) not to be traced. Kernel events making dynamic changes of processes (e.g., fork, exit, execve) trigger corresponding changes on the trace map. 10

Flexible Call Stack Scope Call stack during a Syscall Mode 1 (App) Mode 2 (App All) Mode 3 (Library) Mode 4 (All) Unrecorded call site C 1,1 C 1,1 C 1,1 C 1,1 C 1,1 C 1,2 R 1 C 1,n1 C 1,2 C 1,n1 C 1,2 C 1,n1 C 1,2 C 1,n1 C 1,2 C 1,n1 Recorded call site Stack walking C k,1 C k,1 C k,1 C k,1 C k,1 C k,2 R K C k,nk C k,2 C k,nk C k,2 C k,nk C k,2 C k,nk C k,2 C k,nk Syscall Recorded call sites during stack walking Uscope provides flexible call stack scopes in tracing. Maximum budge S. Further fine control is available. Binary config In-Binary config Mode 1 App binary The last stack frame Mode 2 App binary All stack frames Mode 3 All binaries, libraries Last stack frames Mode 4 All binaries, libraries All stack frames 11

Implementation Tracer Implemented by extending SystemTap. SystemTap hooks system calls to generate log events. Trace map and tracing logic is implemented as a kernel module. Redhat Enterprise Linux 5 is supported. Input: 1. Kernel Tracing Target : System call events 2. User Tracing Target : Apache webserver (Server workload), MySQL database (Server workload), Nbench (computation) Uscope can be dynamically attached and detached to the kernel at runtime. When it is detached, there is no overhead. 12

Runtime Overhead Workload Apache : Apache HTTP Benchmark tool (ab), 100 concurrency, 10^6 requests MySQL : MySQL Benchmark suite (alter-table, ATIS, big-tables, connect, create, insert, select, transactions, and wisconsin) Nbench : Linux/Unix of BYTE s Native Mode Benchmarks (verison 2.2.3). Memory Index, Integer Index, and FP Index are used. Tracing Modes : 1. Mode 1 : application call stack layer, the last stack frame 2. Mode 2 : application call stack layer, 3 or 5 last stack frames 3. Mode 3 : all layers, the last stack frames up to 5 Less than 6% overhead in three benchmarking cases 13

Case Study Application 1 Testbed Three tier PetStore system (Apache, Jboss, MySQL) Symptom Web requests failed. Tracing: Mode 2 (S=3) Dual Space Analysis X axis shows different types of system calls and Y axis shows application code (i.e., triggers). Unique events in normal case Read: my_read Accept: handle_connections_socket More.. Unique events in abnormal case Stat: archive_discover => Problem in accessing the database file 14

User code context Program Sys Calls Case Study Application 2 Testbed Apache Webserver Symptom Concurrency error that threads are in a deadlock condition (Case number: Apache #42031) Tracing: Mode 2 (S=5) Call Stack Analysis Call stacks on futex system calls are captured and analyzed. Worker Thread apr_thread_mutex_call (a wrapper of pthread_mutex_call) Listener Thread apr_thread_cond_wait (a wrapper of pthread_cond_wait) => Deadlock conditions are identified. Workers futex LOCK (timeout) UNLOCK(timeout) LOCK (idlers) SIGNAL (waits) UNLOCK(idlers) deadlock Listener futex? deadlock? LOCK (timeout) LOCK (idlers) COND_WAIT (waits, idlers) UNLOCK (idlers) UNLOCK(timeout) 15

Conclusion Uscope provides efficient type 2 unified tracing for kernel and unknown user code. Uscope provides per-application tracing, systematic tracking of dynamic processes, and flexible specification on call stack scopes to be traced. Our prototype has 6% overhead compared to native execution in several benchmarks. Also we showed two case studies illustrating how unified tracers can be used for diagnosing service systems. 16

Thank you www.nec-labs.com 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback