Specifying and Checking File System Crash-Consistency Models

Bornholt, James; Kaufmann, Antoine; Li, Jialin; Torlak, Emina; Wang, Xi

doi:10.1145/2980024.2872406

Cited by 21 publications

(32 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Within modern storage systems, this same tension arises. A file system, for example, could commit all updates in order, adding constraints to ease the construction of applications (and their crash-recovery protocols) atop them [4,38]. Many file system developers have determined that such ordering is performance prohibitive; as a result, most modern file systems reduce internal ordering constraints.…”

Section: Introductionmentioning

confidence: 99%

Application Crash Consistency and Performance with CCFS

Pillai

Alagappan

et al. 2017

ACM Trans. Storage

View full text Add to dashboard Cite

Recent research has shown that applications often incorrectly implement crash consistency. We present the Crash-Consistent File System (ccfs), a file system that improves the correctness of application-level crash consistency protocols while maintaining high performance. A key idea in ccfs is the abstraction of a stream. Within a stream, updates are committed in program order, improving correctness; across streams, there are no ordering restrictions, enabling scheduling flexibility and high performance. We empirically demonstrate that applications running atop ccfs achieve high levels of crash consistency. Further, we show that ccfs performance under standard file-system benchmarks is excellent, in the worst case on par with the highest performing modes of Linux ext4, and in some cases notably better. Overall, we demonstrate that both application correctness and high performance can be realized in a modern file system.

show abstract

Section: Introductionmentioning

confidence: 99%

Application Crash Consistency and Performance with CCFS

Pillai

Alagappan

et al. 2017

ACM Trans. Storage

View full text Add to dashboard Cite

show abstract

“…Litmus testing for memory consistency models is well established [Alglave et al 2015[Alglave et al , 2011Chong et al 2018], but it remains unclear how best to insert the crashes that would be needed to test memory persistency models. One option would be to use a simulator (which is how Bornholt et al [2016] validated their crash-consistency models for filesystems) but this would not necessary reveal all the concurrency behaviours that real processors can exhibit. Another option, applicable when the processor-under-test is a component of a system-on-chip (SoC) FPGA [Jain et al 2018], is to build custom hardware to monitor the traffic to persistent memory, and thus to detect nvo violations without the need for crashes.…”

Section: Discussionmentioning

confidence: 99%

Weak persistency semantics from the ground up: formalising the persistency semantics of ARMv8 and transactional models

Raad

Wickerson

Vafeiadis

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Emerging non-volatile memory (NVM) technologies promise the durability of disks with the performance of volatile memory (RAM). To describe the persistency guarantees of NVM, several memory persistency models have been proposed in the literature. However, the formal persistency semantics of mainstream hardware is unexplored to date. To close this gap, we present a formal declarative framework for describing concurrency models in the NVM context, and then develop the PARMv8 persistency model as an instance of our framework, formalising the persistency semantics of the ARMv8 architecture for the first time. To facilitate correct persistent programming, we study transactions as a simple abstraction for concurrency and persistency control. We thus develop the PSER (persistent serialisability) persistency model, formalising transactional semantics in the NVM context for the first time, and demonstrate that PSER correctly compiles to PARMv8. This then enables programmers to write correct, concurrent and persistent programs, without having to understand the low-level architecture-specific persistency semantics of the underlying hardware. CCS Concepts: • Theory of computation → Concurrency; Semantics and reasoning; • Software and its engineering → General programming languages.

show abstract

“…Ferrite [Bornholt et al 2016] is a tool for reasoning about crash safety of programs running on modern file systems, which offer only weak consistency semantics. It consists of a verifier and a synthesizer.…”

Section: File System Crash-consistencymentioning

confidence: 99%

Finding code that explodes under symbolic evaluation

Bornholt

Torlak

2018

Proc. ACM Program. Lang.

Self Cite

View full text Add to dashboard Cite

Solver-aided tools rely on symbolic evaluation to reduce programming tasks, such as verification and synthesis, to satisfiability queries. Many reusable symbolic evaluation engines are now available as part of solver-aided languages and frameworks, which have made it possible for a broad population of programmers to create and apply solver-aided tools to new domains. But to achieve results for real-world problems, programmers still need to write code that makes effective use of the underlying engine, and understand where their code needs careful design to elicit the best performance. This task is made difficult by the all-paths execution model of symbolic evaluators, which defies both human intuition and standard profiling techniques. This paper presents symbolic profiling, a new approach to identifying and diagnosing performance bottlenecks in programs under symbolic evaluation. To help with diagnosis, we develop a catalog of common performance anti-patterns in solver-aided code. To locate these bottlenecks, we develop SymPro, a new profiling technique for symbolic evaluation. SymPro identifies bottlenecks by analyzing two implicit resources at the core of every symbolic evaluation engine: the symbolic heap and symbolic evaluation graph. These resources form a novel performance model of symbolic evaluation that is general (encompassing all forms of symbolic evaluation), explainable (providing programmers with a conceptual framework for understanding symbolic evaluation), and actionable (enabling precise localization of bottlenecks). Performant solver-aided code carefully manages the shape of these implicit structures; SymPro makes their evolution explicit to the programmer. To evaluate SymPro, we implement profilers for the Rosette solver-aided language and the Jalangi program analysis framework. Applying SymPro to 15 published solver-aided tools, we discover 8 previously undiagnosed performance issues. Repairing these issues improves performance by orders of magnitude, and our patches were accepted by the tools' developers. We also conduct a small user study with Rosette programmers, finding that SymPro helps them both understand what the symbolic evaluator is doing and identify performance issues they could not otherwise locate.

show abstract

Specifying and Checking File System Crash-Consistency Models

Cited by 21 publications

References 52 publications

Application Crash Consistency and Performance with CCFS

Application Crash Consistency and Performance with CCFS

Weak persistency semantics from the ground up: formalising the persistency semantics of ARMv8 and transactional models

Finding code that explodes under symbolic evaluation

Contact Info

Product

Resources

About