loom: bypassing races in live applications with execution filters jingyue wu, heming cui, junfeng...
TRANSCRIPT
![Page 1: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/1.jpg)
1
LOOM: Bypassing Races in Live Applications with Execution Filters
Jingyue Wu, Heming Cui, Junfeng YangColumbia University
![Page 2: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/2.jpg)
2
Mozilla Bug #133773
void js_DestroyContext( JSContext *cx) { JS_LOCK_GC(cx->runtime); MarkAtomState(cx); if (last) { // last thread? ... FreeAtomState(cx); ... } JS_UNLOCK_GC(cx->runtime);}
if (last) // return true
FreeAtomState
MarkAtomState
A buggy interleaving
Non-last Thread Last Thread
bug
![Page 3: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/3.jpg)
3
Complex Fixvoid js_DestroyContext() { if (last) { state = LANDING; if (requestDepth == 0) js_BeginRequest(); while (gcLevel > 0) JS_AWAIT_GC_DONE(); js_ForceGC(true); while (gcPoke) js_GC(true); FreeAtomState(); } else { gcPoke = true; js_GC(false); }}void js_BeginRequest() { while (gcLevel > 0) JS_AWAIT_GC_DONE();}void js_ForceGC(bool last)
{ gcPoke = true; js_GC(last);}void js_GC(bool last) { if (state == LANDING && !last) return; gcLock.acquire(); if (!gcPoke) { gcLock.release(); return; } if (gcLevel > 0) { gcLevel++; while (gcLevel > 0) JS_AWAIT_GC_DONE(); gcLock.release(); return; } gcLevel = 1;
gcLock.release();restart: MarkAtomState(); gcLock.acquire(); if (gcLevel > 1) { gcLevel = 1; gcLock.release(); goto restart; } gcLevel = 0; gcPoke = false; gcLock.release();}
• 4 functions; 3 integer flags• Nearly a month• Not the only example
![Page 4: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/4.jpg)
4
LOOM: Live-workaround Races
• Execution filters: temporarily filter out buggy thread interleavingsvoid js_DestroyContext(JSContext *cx) { MarkAtomState(cx); if (last thread) { ... FreeAtomState(cx); ... }}
js_DestroyContext <> self
• Declarative, easy to write
A mutual-exclusion execution filter to bypass the race on the left
![Page 5: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/5.jpg)
5
LOOM: Live-workaround Races
• Execution filters: temporarily filter out buggy thread interleavings
• Installs execution filters to live applications– Improve server availability– STUMP [PLDI ‘09], Ginseng [PLDI ‘06], KSplice
[EUROSYS ‘09]• Installs execution filters safely
– Avoid introducing errors• Incurs little overhead during normal execution
![Page 6: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/6.jpg)
6
Summary of Results
• We evaluated LOOM on nine real races. – Bypasses all the evaluated races safely– Applies execution filters immediately– Little performance overhead (< 5%)– Scales well with the number of application threads
(< 10% with 32 threads)– Easy to use (< 5 lines)
![Page 7: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/7.jpg)
7
Outline
• Architecture– Combines static preparation and live update
• Safely updating live applications• Reducing performance overhead• Evaluation• Conclusion
![Page 8: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/8.jpg)
8
Architecture
LLVM Compiler
LOOM Compiler Plugin
Application Source
LOOM Update Engine
Application Binary
LOOM Update Engine
Buggy Application
LOOM Update Engine
Patched Application
Execution Filter
LOOM Controller
Static Preparation Live Update
$ llvm-gcc$ opt –load$ llc$ gcc
js_DestroyContext<> self
$ loomctl add <pid> <filter file>
![Page 9: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/9.jpg)
9
Outline
• Architecture– Combines static preparation and live update
• Safely updating live applications• Reducing performance overhead• Evaluation• Conclusion
![Page 10: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/10.jpg)
10
Safety: Not Introducing New Errors
PC
Mutual Exclusion
Lock
Unlock
Order Constraints
PC
PCUp
Down
PC
PC
Up
Down
![Page 11: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/11.jpg)
11
Evacuation Algorithm
LOOM Update Engine
PC
Unsafe to update
1. Identify the dangerous region using static analysis2. Evacuate threads that are in the dangerous region3. Install the execution filter
LOOM
Update Engine
“Evacuate”
Safe to update
LOOM
Update Engine
Install Filter
Updated
![Page 12: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/12.jpg)
12
Control Application Threads
1 : // database worker thread2 : void handle_client(int fd) {3 : for(;;) {4 : struct client_req req;5 : int ret = recv(fd, &req, ...);6 : if(ret <= 0) break;7 : open_table(req.table_id);8 : ... // do real work9 : close_table(req.table_id);10: }11: }
3: entry of handle_client
6: ret<=0
7: call open_table
… // do real work
9: call close_table
11: exit of handle_client
Y
N
![Page 13: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/13.jpg)
13
Control Application Threads (cont’d)3: entry of
handle_client
6: ret<=0
7: call open_table
… // do real work
9: call close_table
11: exit of handle_client
Y
N
3: entry of handle_client
6: ret<=0
7: call open_table
… // do real work
9: call close_table
11: exit of handle_client
Y
Ncond_break()
// not the final versionvoid cond_break() { read_unlock(&update);
read_lock(&update);}
// not the final versionvoid loom_update() { write_lock(&update);
install_filter(); write_unlock(&update);}
![Page 14: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/14.jpg)
14
Pausing Threads at Safe Locations
void cond_break() { if (wait[backedge_id]) { read_unlock(&update); while (wait[backedge_id]); read_lock(&update); }}
void loom_update() { identify_safe_locations(); for each safe backedge E wait[E] = true; write_lock(&update); install_filter(); for each safe backedge E wait[E] = false; write_unlock(&update);}
3: entry of handle_client
6: ret<=0
7: call open_table
… // do real work
9: call close_table
11: exit of handle_client
Y
Ncond_break()
cmpl 0x0, 0x845208cje 0x804b56d
![Page 15: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/15.jpg)
15
Outline
• Architecture– Combines static preparation and live update
• Safely updating live applications• Reducing performance overhead• Evaluation• Conclusion
![Page 16: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/16.jpg)
16
Hybrid Instrumentation3: entry of
handle_client
6: ret<=0
7: call open_table
… // do real work
9: call close_table
11: exit of handle_client
Y
Nslot();
7: call open_table
slot();… // do real work
slot();9: call close_table
slot();
switch?
switch?
6: ret<=0 Y
Ncond_break()
3: entry of handle_client
6: ret<=0
7: call open_table
… // do real work
9: call close_table
11: exit of handle_client
Y
N
cond_break()
void slot(int stmt_id) { op_list = operations[stmt_id]; foreach op in op_list do op;}
![Page 17: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/17.jpg)
17
Bare Instrumentation Overhead
Performance overhead < 5%
![Page 18: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/18.jpg)
18
Bare Instrumentation Overhead
Performance overhead < 5%
![Page 19: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/19.jpg)
19
Scalability• 48-core machine with 4 CPUs; Each CPU has 12 cores. • Pin the server to CPU 0, 1, 2, and the client to CPU 3.
1 2 4 8 16 32-6%-4%-2%0%2%4%6%8%
10%12%14%
Scalability on MySQL
RESPTPUT
Number of threads
Ove
rhea
d (%
)
Performance overhead does not increase
![Page 20: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/20.jpg)
20
Conclusion
• LOOM: A live-workaround system designed to quickly and safely bypass races– Execution filters: easy to use and flexible (< 5 lines)– Evacuation algorithm: safe– Hybrid instrumentation: fast (overhead < 5%) and
scalable (overhead < 10% with 32 threads)• Future work
– Generic hybrid instrumentation framework– Extend the idea to other classes of errors
![Page 21: LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1](https://reader035.vdocument.in/reader035/viewer/2022062500/56649ea35503460f94ba82a7/html5/thumbnails/21.jpg)
21
Questions?