Efficient software-based fault isolation

One way to provide fault isolation among cooperating software modules is to place each in its own address space. However, for tightly-coupled modules, this solution incurs prohibitive context switch overhead. In this paper, we present a software approach to implementing fault isolation within a single address space.Our approach has two parts. First, we load the code and data for a distrusted module into its own fault do main, a logically separate portion of the application's address space. Second, we modify the object code of a distrusted module to prevent it from writing or jumping to an address outside its fault domain. Both these software operations are portable and programming language independent.Our approach poses a tradeoff relative to hardware fault isolation: substantially faster communication between fault domains, at a cost of slightly increased execution time for distrusted modules. We demonstrate that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance.

[1]  Peter Deutsch,et al.  A Flexible Measurement Tool for Software Systems , 1971, IFIP Congress.

[2]  K. Mani Chandy,et al.  A comparison of list schedules for parallel processing systems , 1974, Commun. ACM.

[3]  Yogen K. Dalal,et al.  Pilot: an operating system for a personal computer , 1980, CACM.

[4]  Andrew Birrell,et al.  Implementing remote procedure calls , 1984, TOCS.

[5]  Michael B. Jones,et al.  Matchmaker: an interface specification language for distributed processing , 1985, POPL.

[6]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[7]  Michael Stonebraker,et al.  Inclusion of new types in relational data base systems , 1986, 1986 IEEE Second International Conference on Data Engineering.

[8]  Steve R. Kleiman,et al.  Vnodes: An Architecture for Multiple File System Types in Sun UNIX , 1986, USENIX Summer.

[9]  Jeffrey C. Mogul,et al.  The packer filter: an efficient mechanism for user-level network code , 1987, SOSP '87.

[10]  Paul N. Hilfinger,et al.  Code Reorginazation for Instruction Caches , 1988 .

[11]  Robbert van Renesse,et al.  Performance of the world's fastest distributed operating system , 1988, OPSR.

[12]  Mahadev Satyanarayanan,et al.  Scale and performance in a distributed file system , 1988, TOCS.

[13]  David P. Anderson,et al.  A Performance Evaluation of the Dash Message-Passing System , 1988 .

[14]  Michael Burrows,et al.  Performance of Firefly RPC , 1989, SOSP '89.

[15]  Scott McFarling,et al.  Program optimization for instruction caches , 1989, ASPLOS III.

[16]  Paul A. Karger Using registers to optimize cross-domain call performance , 1989, ASPLOS III.

[17]  Paul A. Karger Using registers to optimize cross-domain call performance , 1989, ASPLOS 1989.

[18]  Michael Burrows,et al.  Performance of Firefly RPC , 1990, ACM Trans. Comput. Syst..

[19]  David L. Black Scheduling support for concurrency and parallelism in the Mach operating system , 1990, Computer.

[20]  Brian N. Bershad,et al.  Lightweight remote procedure call , 1990 .

[21]  Brian N. Bershad,et al.  The interaction of architecture and operating system design , 1991, ASPLOS IV.

[22]  Brian N. Bershad,et al.  User-level interprocess communication for shared memory multiprocessors , 1991, TOCS.

[23]  Jeffrey D. Clark,et al.  Windows Programmer's Guide to OLE\DDE with Disk , 1992 .

[24]  Anoop Gupta,et al.  SPLASH: Stanford parallel applications for shared-memory , 1992, CARN.

[25]  D. Culler,et al.  Active Messages: A Mechanism for Integrated Communication and Computation , 1992, [1992] Proceedings the 19th Annual International Symposium on Computer Architecture.

[26]  James R. Larus,et al.  Optimally profiling and tracing programs , 1992, POPL '92.

[27]  David R. Cheriton,et al.  Application-controlled physical memory using external page-cache management , 1992, ASPLOS V.

[28]  Seth Copen Goldstein,et al.  Active Messages: A Mechanism for Integrated Communication and Computation , 1992, [1992] Proceedings the 19th Annual International Symposium on Computer Architecture.

[29]  Graham Hamilton,et al.  The Spring Nucleus: A Microkernel for Objects , 1993 .

[30]  Neil Webber,et al.  Operating System Support for Portable Filesystem Extensions , 1993, USENIX Winter.

[31]  Richard L. Sites,et al.  Binary translation , 1993, CACM.

[32]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[33]  Michael Stonebraker,et al.  The SEQUOIA 2000 storage benchmark , 1993, SIGMOD '93.

[34]  K. Gosmann,et al.  Code reorganization for instruction caches , 1993, [1993] Proceedings of the Twenty-sixth Hawaii International Conference on System Sciences.

[35]  R. Bukowski,et al.  Anonymous RPC: Low-Latency Protection in a 64-Bit Address Space , 1993, USENIX Summer.

[36]  M. Stonebraker,et al.  The Sequoia 2000 Benchmark , 1993, SIGMOD Conference.

[37]  James R. Larus,et al.  Optimally Profiling and Tracing , 1994 .

[38]  James R. Larus,et al.  Rewriting executable files to measure program behavior , 1994, Softw. Pract. Exp..