Date

Topic and Speaker

Monday
September 18th

4:00 PM
2310 CS&S

Random Testing

In 1990, we published the results of a study of the reliability of standard UNIX application/utility programs. This study showed that by using simple (almost simplistic) random testing techniques, we could crash or hang 25-33% of the these utility programs. In 1995, we repeated and significantly extended this study using the same basic techniques: subjecting programs to random input streams. This study also included X-Window applications and servers. A distressingly large number of UNIX applications still crashed with our tests. X-window applications were at least as unreliable as command-line applications. The commercial versions of UNIX fared slightly better than in 1990, but the biggest surprise was that Linux and GNU applications were significantly more reliable than the commercial versions. In 2000, we took another stab at random testing, this time testing applications running on Microsoft Windows . Given valid random mouse and keyboard input streams, we could crash or hang 45% (NT) to 64% (Win2K) of these applications. This year, we continued the study, looking at both command-line and GUI-based applications on the relatively new Mac OS X operating system. While the command-line tests had a reasonable 7% failure rate, the GUI-based applications, from a variety of vendors, had a 73% failure rate. In this talk, I will discuss our simple testing procedure as it applies to UNIX, Windows, and Mac OS. I will then present the various test results in more details. These results include, in many cases, identification of the bugs and the coding practices that caused the bugs. In several cases, these bugs introduce issues relating to system security. The talk will conclude with some philosophical musings on the current state of software development. Note that all fuzz research is a result of CS736 student projects. Papers on the four studies (1990, 1995, 2000, and 2006), the software and the bug reports can be found at the UW fuzz home page: http://www.cs.wisc.edu/~bart/fuzz/

Monday
September 25th

4:00 PM
2310 CS&S

A COMPARISON OF SOFTWARE AND HARDWARE TECHNIQUES FOR X86 VIRTUALIZATION by Keith Adams and Ole Agesen, VMWare

Mike Marty

Slides from discussion

Available from VMware

Until recently, the x86 architecture has not permitted classical trap-and-emulate virtualization. Virtual Machine Monitors for x86, such as VMwar Workstation and Virtual PC, have instead used binary translation of the guest kernel code. However, both Intel and AMD have now introduced architectural extensions to support classical virtualization.

We compare an existing software VMM with a new VMM designed for the emerging hardware support. Surprisingly, the hardware VMM often suffers lower performance than the pure software VMM. To determine why, we study architecture-level events such as page table updates, context switches and I/O, and find their costs vastly different among native, software VMM and hardware VMM execution.

We find that the hardware support fails to provide an unambiguous performance advantage for two primary reasons: first, it offers no support for MMU virtualization; second, it fails to co-exist with existing software techniques for MMU virtualization. We look ahead to emerging techniques for addressing this MMU virtualization problem in the context of hardware-assisted virtualization.

Monday
October 2nd

4:00 PM
2310 CS&S

Bigtable: A Distributed Storage System for Structured Data by Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber, Google, Inc

Erik Paulson

Slides from discussion

From OSDI2006, available from Google Labs

Bigtable is a distributed storage system for managing structured data that is designed to scale to a very large size: petabytes of data across thousands of commodity servers. Many projects at Google store data in Bigtable, including web indexing, Google Earth, and Google Finance. These applications place very different demands on Bigtable, both in terms of data size (from URLs to web pages to satellite imagery) and latency requirements (from backend bulk processing to real-time data serving). Despite these varied demands, Bigtable has successfully provided a flexible, high-performance solution for all of these Google products. In this paper we describe the simple data model provided by Bigtable, which gives clients dynamic control over data layout and format, and we describe the design and implementation of Bigtable.

Jeff Dean, one of the authors, presented at the University of Washington in September of 2005. A recording of his talk is available from Google Video

Monday
October 16th

4:00 PM
2310 CS&S

Ceph: A Scalable, High-Performance Distributed File System, by Sage A. Weil, Scott A. Brandt, Ethan L. Miller, Darrell D. E. Long, and Carlos Maltzahn, University of California, Santa Cruz

Swetha Krishnan and Matthew Renzelmann

Slides from discussion

From OSDI2006. The Ceph project homepage

Monday
November 6th

4:00 PM
2310 CS&S

Experiences Building PlanetLab by Larry Peterson, Andy Bavier, Marc E. Fiuczynski, and Steve Muir, Princeton University

Andy Pavlo

Slides from discussion

This paper reports our experiences building PlanetLab over the last four years. It identifies the requirements that shaped PlanetLab, explains the design decisions that resulted from resolving conflicts among these requirements, and reports our experience implementing and supporting the system. Due in large part to the nature of the "PlanetLab experiment", the discussion focuses on synthesis rather than new techniques, balancing system-wide considerations rather than improving performance along a single dimension, and learning from feedback from a live system rather than controlled experiments using synthetic workloads.

http://www.cs.princeton.edu/nsg/papers/experiences_osdi_06/

Monday
November 20th

4:00 PM
2310 CS&S

Deconstructing Process Isolation by Mark Aiken, Manuel Fahndrich, Chris Hawblitzel Galen C. Hunt, and James R. Larus, Microsoft Research

Haris Volos

New Version! (as of November 9th, 2006) We are reading the final MSPC version, and it is available here.

An older version was published as Microsoft Research Technical Report MSR-TR-2006-43, Microsoft Corporation, Redmond, WA, April 2006.

Most operating systems enforce process isolation through hardware protection mechanisms such as memory segmentation, page mapping, and differentiated user and kernel instructions. Singularity is a new operating system that uses software mechanisms to enforce process isolation. A software isolated process (SIP) is a process whose boundaries are established by language safety rules and enforced by static type checking. With proper system support, SIPs can provide a low cost isolation mechanism that provides failure isolation and fast inter-process communication.

To compare the performance of Singularity's approach against more conventional systems, we implemented an optional hardware isolation mechanism. Protection domains are hardware-enforced address spaces, which can contain one or more SIPs. Domains can either run at the kernel's privilege levels and share an exchange heap or be fully isolated from the kernel and run at the normal application privilege level. These domains can construct Singularity configurations that are similar to micro-kernel and monolithic kernel systems. Hardware-based isolation incurs non-trivial performance costs (up to 25-33%) and complicates system implementation. Software isolation has less than 5% overhead on these benchmarks.

The lower cost of SIPs permits them to provide protection and failure isolation at a finer granularity than conventional processes. Singularity's ability to employ hardware isolation selectively, rather than at every process boundary, supports the construction of more resilient system architectures.

Date	Topic and Speaker
Monday September 18th 4:00 PM 2310 CS&S	Random Testing Bart Miller In 1990, we published the results of a study of the reliability of standard UNIX application/utility programs. This study showed that by using simple (almost simplistic) random testing techniques, we could crash or hang 25-33% of the these utility programs. In 1995, we repeated and significantly extended this study using the same basic techniques: subjecting programs to random input streams. This study also included X-Window applications and servers. A distressingly large number of UNIX applications still crashed with our tests. X-window applications were at least as unreliable as command-line applications. The commercial versions of UNIX fared slightly better than in 1990, but the biggest surprise was that Linux and GNU applications were significantly more reliable than the commercial versions. In 2000, we took another stab at random testing, this time testing applications running on Microsoft Windows . Given valid random mouse and keyboard input streams, we could crash or hang 45% (NT) to 64% (Win2K) of these applications. This year, we continued the study, looking at both command-line and GUI-based applications on the relatively new Mac OS X operating system. While the command-line tests had a reasonable 7% failure rate, the GUI-based applications, from a variety of vendors, had a 73% failure rate. In this talk, I will discuss our simple testing procedure as it applies to UNIX, Windows, and Mac OS. I will then present the various test results in more details. These results include, in many cases, identification of the bugs and the coding practices that caused the bugs. In several cases, these bugs introduce issues relating to system security. The talk will conclude with some philosophical musings on the current state of software development. Note that all fuzz research is a result of CS736 student projects. Papers on the four studies (1990, 1995, 2000, and 2006), the software and the bug reports can be found at the UW fuzz home page: http://www.cs.wisc.edu/~bart/fuzz/
Monday September 25th 4:00 PM 2310 CS&S	A COMPARISON OF SOFTWARE AND HARDWARE TECHNIQUES FOR X86 VIRTUALIZATION by Keith Adams and Ole Agesen, VMWare Mike Marty Slides from discussion Available from VMware Until recently, the x86 architecture has not permitted classical trap-and-emulate virtualization. Virtual Machine Monitors for x86, such as VMwar Workstation and Virtual PC, have instead used binary translation of the guest kernel code. However, both Intel and AMD have now introduced architectural extensions to support classical virtualization. We compare an existing software VMM with a new VMM designed for the emerging hardware support. Surprisingly, the hardware VMM often suffers lower performance than the pure software VMM. To determine why, we study architecture-level events such as page table updates, context switches and I/O, and find their costs vastly different among native, software VMM and hardware VMM execution. We find that the hardware support fails to provide an unambiguous performance advantage for two primary reasons: first, it offers no support for MMU virtualization; second, it fails to co-exist with existing software techniques for MMU virtualization. We look ahead to emerging techniques for addressing this MMU virtualization problem in the context of hardware-assisted virtualization.
Monday October 2nd 4:00 PM 2310 CS&S	Bigtable: A Distributed Storage System for Structured Data by Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber, Google, Inc Erik Paulson Slides from discussion From OSDI2006, available from Google Labs Bigtable is a distributed storage system for managing structured data that is designed to scale to a very large size: petabytes of data across thousands of commodity servers. Many projects at Google store data in Bigtable, including web indexing, Google Earth, and Google Finance. These applications place very different demands on Bigtable, both in terms of data size (from URLs to web pages to satellite imagery) and latency requirements (from backend bulk processing to real-time data serving). Despite these varied demands, Bigtable has successfully provided a flexible, high-performance solution for all of these Google products. In this paper we describe the simple data model provided by Bigtable, which gives clients dynamic control over data layout and format, and we describe the design and implementation of Bigtable. Jeff Dean, one of the authors, presented at the University of Washington in September of 2005. A recording of his talk is available from Google Video
Monday October 16th 4:00 PM 2310 CS&S	Ceph: A Scalable, High-Performance Distributed File System, by Sage A. Weil, Scott A. Brandt, Ethan L. Miller, Darrell D. E. Long, and Carlos Maltzahn, University of California, Santa Cruz Swetha Krishnan and Matthew Renzelmann Slides from discussion From OSDI2006. The Ceph project homepage
Monday November 6th 4:00 PM 2310 CS&S	Experiences Building PlanetLab by Larry Peterson, Andy Bavier, Marc E. Fiuczynski, and Steve Muir, Princeton University Andy Pavlo Slides from discussion This paper reports our experiences building PlanetLab over the last four years. It identifies the requirements that shaped PlanetLab, explains the design decisions that resulted from resolving conflicts among these requirements, and reports our experience implementing and supporting the system. Due in large part to the nature of the "PlanetLab experiment", the discussion focuses on synthesis rather than new techniques, balancing system-wide considerations rather than improving performance along a single dimension, and learning from feedback from a live system rather than controlled experiments using synthetic workloads. http://www.cs.princeton.edu/nsg/papers/experiences_osdi_06/
Monday November 20th 4:00 PM 2310 CS&S	Deconstructing Process Isolation by Mark Aiken, Manuel Fahndrich, Chris Hawblitzel Galen C. Hunt, and James R. Larus, Microsoft Research Haris Volos New Version! (as of November 9th, 2006) We are reading the final MSPC version, and it is available here. An older version was published as Microsoft Research Technical Report MSR-TR-2006-43, Microsoft Corporation, Redmond, WA, April 2006. Most operating systems enforce process isolation through hardware protection mechanisms such as memory segmentation, page mapping, and differentiated user and kernel instructions. Singularity is a new operating system that uses software mechanisms to enforce process isolation. A software isolated process (SIP) is a process whose boundaries are established by language safety rules and enforced by static type checking. With proper system support, SIPs can provide a low cost isolation mechanism that provides failure isolation and fast inter-process communication. To compare the performance of Singularity's approach against more conventional systems, we implemented an optional hardware isolation mechanism. Protection domains are hardware-enforced address spaces, which can contain one or more SIPs. Domains can either run at the kernel's privilege levels and share an exchange heap or be fully isolated from the kernel and run at the normal application privilege level. These domains can construct Singularity configurations that are similar to micro-kernel and monolithic kernel systems. Hardware-based isolation incurs non-trivial performance costs (up to 25-33%) and complicates system implementation. Software isolation has less than 5% overhead on these benchmarks. The lower cost of SIPs permits them to provide protection and failure isolation at a finer granularity than conventional processes. Singularity's ability to employ hardware isolation selectively, rather than at every process boundary, supports the construction of more resilient system architectures.