All File Systems Are Non Created Equal: On The Complexity Of Crafting Crash-Consistent Applications
This newspaper appeared inward OSDI'14 and is authored past times Thanumalayan Sankaranarayana Pillai, Vijay Chidambaram, Ramnatthan Alagappan, Samer Al-Kiswany, Andrea C. Arpaci-Dusseau, in addition to Remzi H. Arpaci-Dusseau at University of Wisconsin–Madison.
A previous OSDI'14 newspaper nosotros discussed had said most every failure is due to bad exception/error-handling. But this newspaper shows that fifty-fifty when yous divine the right error-handling/recovery code, it may all the same non work. The layering abstraction leaks, in addition to the filesystem underneath may produce funny things inward a crash.
The newspaper considers an of import in addition to timely problem, because many of import applications, including databases such every bit SQLite in addition to key-value stores such every bit LevelDB, are currently implemented on plough over of file systems instead of straight on raw disks. Such data-management applications must last crash consistent, but achieving this finish atop modern file systems is challenging because the exact guarantees provided past times file systems are unclear in addition to underspecified.
The newspaper defines persistence (a amend term would last consistent-persistence) every bit a combination of 2 properties: atomicity in addition to ordering (external linearizability). Figure 2 gives an trial of how persistence tin last violated past times a crash.
From Table 1, nosotros honour that persistence properties vary widely with file systems, in addition to fifty-fifty with dissimilar configurations of the same file system. The enterprise of persistence of organization calls depends upon modest details similar whether the calls are to the same file or whether the file was renamed. The datajournal configuration of the filesystems are pretty solid, but they incur an overhead inward price of functioning every bit well.
In enterprise to analyze application-level protocols in addition to uncovering crash vulnerabilities, the authors laid upward ALICE framework. (ALICE is available every bit opensource here.) ALICE detects lx vulnerabilities inward sum for the eleven applications analyzed, with v resulting inward soundless failures, 12 inward loss of durability, 25 leading to inaccessible applications, in addition to 17 returning errors spell accessing sure enough data. ALICE is also able to uncovering previously known vulnerabilities.
The newspaper is slowly to read in addition to follow. And the conference presentation does a adept undertaking of explaining the newspaper inward an accessible manner.
But if nosotros operate a journaling approach (e.g., an append-only log approach) to writing the critical recovery states, this employment tin last avoided. I approximate a write-once trend storage for critical nation tin last implemented fifty-fifty at the application-level. But ane time to a greater extent than nosotros pay a toll for fault-tolerance. If yous accept this to an extreme (to last able to recover everything), yous implement the datajournal configuration of the filesystem at the application level.
This newspaper provides roughly motivation for the self-stabilization approach. If it is difficult to enforce consistency, in addition to then e'er last converging to the consistent states. That is what the stabilization approach prescribes.
A previous OSDI'14 newspaper nosotros discussed had said most every failure is due to bad exception/error-handling. But this newspaper shows that fifty-fifty when yous divine the right error-handling/recovery code, it may all the same non work. The layering abstraction leaks, in addition to the filesystem underneath may produce funny things inward a crash.
The newspaper considers an of import in addition to timely problem, because many of import applications, including databases such every bit SQLite in addition to key-value stores such every bit LevelDB, are currently implemented on plough over of file systems instead of straight on raw disks. Such data-management applications must last crash consistent, but achieving this finish atop modern file systems is challenging because the exact guarantees provided past times file systems are unclear in addition to underspecified.
The newspaper defines persistence (a amend term would last consistent-persistence) every bit a combination of 2 properties: atomicity in addition to ordering (external linearizability). Figure 2 gives an trial of how persistence tin last violated past times a crash.
From Table 1, nosotros honour that persistence properties vary widely with file systems, in addition to fifty-fifty with dissimilar configurations of the same file system. The enterprise of persistence of organization calls depends upon modest details similar whether the calls are to the same file or whether the file was renamed. The datajournal configuration of the filesystems are pretty solid, but they incur an overhead inward price of functioning every bit well.
In enterprise to analyze application-level protocols in addition to uncovering crash vulnerabilities, the authors laid upward ALICE framework. (ALICE is available every bit opensource here.) ALICE detects lx vulnerabilities inward sum for the eleven applications analyzed, with v resulting inward soundless failures, 12 inward loss of durability, 25 leading to inaccessible applications, in addition to 17 returning errors spell accessing sure enough data. ALICE is also able to uncovering previously known vulnerabilities.
The newspaper is slowly to read in addition to follow. And the conference presentation does a adept undertaking of explaining the newspaper inward an accessible manner.
Discussion
Is this newspaper beingness also alarmist? If nosotros permit our organization to recover to an before nation instead of the most recent nation at crash time, would that enable us to circumvent these crash-consistency problems? (Let's say nosotros define "earlier state" every bit occuring inward the past times plenty to last successfully flashed to the filesystem state.) Even that approach may neglect if the most recent nation at the minute of crash overwrites it inconsistently, which would corrupt it. So at that spot is a argue to last alarmed!But if nosotros operate a journaling approach (e.g., an append-only log approach) to writing the critical recovery states, this employment tin last avoided. I approximate a write-once trend storage for critical nation tin last implemented fifty-fifty at the application-level. But ane time to a greater extent than nosotros pay a toll for fault-tolerance. If yous accept this to an extreme (to last able to recover everything), yous implement the datajournal configuration of the filesystem at the application level.
This newspaper provides roughly motivation for the self-stabilization approach. If it is difficult to enforce consistency, in addition to then e'er last converging to the consistent states. That is what the stabilization approach prescribes.
0 Response to "All File Systems Are Non Created Equal: On The Complexity Of Crafting Crash-Consistent Applications"
Post a Comment