2nd USENIX Windows NT Symposium
SEATTLE, WASHINGTON
August 3-5, 1998
CONFERENCE OVERVIEW
NTnix . . . You Are There
by George M. Jones
KEYNOTE ADDRESS
The New Power Behind Windows NT
Justin Rattner, Intel Corporation
Summary by Hui Qin Luo
Justin Rattner, fellow and director at Intel's Server Architecture Lab,
gave an excellent and informative talk on the technology of Intel's
Pentium II Xeon processor.
Rattner highlighted the Xeon's 400 MHz processor speed, support for a
100 MHz system bus, and support for 512KB or 1MB full speed Level 2
Cache. He continued with a description of Xeon's architecture and
Intel's market strategy for its processors in 1998 with one core
technology, the Micron P6 Architecture. He mentioned the
cost-effectiveness of Xeon architecture relative to other architectures
in the market such as the Alpha, using CAD performance as an indicator.
Other features he highlighted, such as the die size and its 0.25 micron
CMOS, served as eye-candy more for electrical engineers than for
computer scientists.
The rest of the talk was about the VI (Virtual Interface) architecture
developed jointly by Microsoft, Compaq, and Intel. Based on VI
latency-frame size measurements, the performance of a VI-enabled switch
appeared to be close to the theoretical maximum. This was a very good
driver for VI-enabled products in the market, especially distributed
database environments. Many companies -- including Compaq, GigaNet,
and Dolphin -- already had products with VI support, with other
companies' products still pending. Already, Intel was leading the pack,
by promising native VI support in its future chipsets.
Certainly, the Xeon processor is powerful in comparison to its
predecessors. I believe it will be a major power behind PC-compatible
operating systems; even so, Rattner did not specifically mention how
Windows NT takes advantage of such power.
Session: Performance
Summary by Dan Mihai Dumitriu
A Performance Study of Sequential I/O on Windows NT 4
Erik Riedel, Carnegie Mellon University; Catherine van Ingen and Jim
Gray, Microsoft Research
Erik Riedel presented a very realistic analysis of the sequential I/O
performance of Windows NT 4. The motivation for this study was the
large number of applications -- such as databases, data mining, and
multimedia -- that require high bandwidth for sequential I/O. In a
typical system, the bottleneck in bandwidth is the storage subsystem;
that is the main focus of this study. Two factors to consider are PAP
(Peak Advertised Performance) and RAP (Real Application Performance).
The goal should be RAP = PAP/2, the so called "half power point." The
experimental setup in this study consisted of modest 1997 technology:
P6-200 with 64 MB DRAM and Adaptec Ultra Wide SCSI adapters running NT
4.0 build 1381.
Riedel's study showed that out of the box, the performance of NTFS is
quite good; however, it has very large overhead for small requests.
Performance is good for reads but horrible for writes. The options for
improving performance are (1) read ahead, (2) WCE (Write Cache Enable),
(3) write coalescing, (4) disk striping.
The study suggests a number of ways to improve sequential file access.
If small requests are absolutely necessary, deep parallelism makes a
tremendous speed improvement; WCE provides large benefits for small
requests; three disks can saturate a SCSI bus; file system buffering
coalesces small requests into 64KB disk requests, significantly
improving performance smaller than 64KB; for requests larger than 64KB
file system buffering degrades performance; when possible, files should
be allocated to their maximum size, because extending a file while
writing forces synchronization of the requests and significantly
degrades performance.
<www.pdl.cs.cmu.edu/nasd> (Riedel's research group)
<www.pdl.cs.cmu.edu/active> (Riedel's thesis)
Scalability of the
Microsoft Cluster Service
Werner Vogels, Dan Dumitriu, Ashuosh Agrawal, Teck Chia, and
Katherine Guo, Cornell University
Although he gave an overview of MSCS (Microsoft Cluster Service),
Werner Vogels did not talk much about the numbers in the paper.
Instead, he used the presentation as an opportunity to showcase his
vision of what cluster design and programming should be. He highly
recommended reading Gregory Pfister's "In Search of Clusters" as a
realistic presentation of cluster technology.
Vogels presented his research goals as (1) efficient distributed
management, (2) low-overhead scalability, (3) cluster collections, and
(4) cluster-aware programming tools, on which there is a research
project at Cornell called Quintet.
Vogels gave a brief introduction to MSCS. MSCS makes a group of
machines appear to the client as a single system and also allows the
group to be managed as such. Its design goals were to extend NT to
support high availability without requiring application modifications.
It is shared-nothing, not scalable, cannot run in lockstep, cannot move
running apps, and in its first release only supports clusters of two
nodes. With some modifications, however, it is possible to scale MSCS.
Some traditional methods are reducing the algorithmic dependence on the
number of nodes and reducing the overall system complexity. More
radical methods include epidemic data dissemination techniques such as
gossip and probabilistic multicast.
Although MSCS does not scale out of the box, the algorithms that it is
based on are intrinsically scalable. It is only their implementation
and the supporting code that make the system not scale well. For
example, MSCS uses only point-to-point messages for communication
between nodes. This makes join and regroup operations scale very poorly
because of the dependency between the number
of nodes and the number of messages generated.
Vogels presented a huge discrepancy between the worlds of parallel
computing and high-availability computing. Parallel computing runs on
the order of 512+ nodes, and high-availability computing only runs on
the order of 16+ nodes. He cited a lack of good cluster programming
tools as one of the main culprits, and he mentioned the Quintet project
at Cornell.
Evaluating the Importance of
User-Specific Profiling
Zheng Wang, Harvard University; Norm Rubin, Digital Equipment
Corporation
Zheng Wang presented an alternative to profiling applications that have
a "generic" user in mind. His research, based on the assumption that
individual users use programs differently, focuses on analyzing the
benefits of profiling for individual users or groups of users. The
target applications for this study are interactive applications on
Windows NT. The experimental setup used Windows NT 4 running on DEC
Alpha hardware using Digital's FX!32 emulation/binary translation
software.
FX!32 generates a profile for each x86 WIN32 module (executable, DLL,
etc.) that it runs on the Alpha platform. The only aspects of the
profiles that were analyzed were the procedures used, although the
FX!32-generated profiles contain more information.
The procedure analysis consisted of analyzing the unique procedures,
common procedures, and subgroup procedures used by various users during
normal application use. Also analyzed were pairwise similarities
between users.
Session:
From NT to UNIX to NT
Summary by Jason Pettiss
Cygwin32: A Free Win32 Porting Layer for UNIX Applications
Geoffrey J. Noer, Cygnus Solutions
Geoffrey Noer gave an in-depth presentation of Cygwin32, a library that
facilitates the porting of most UNIX applications to Windows 95/98/NT.
Cygwin32 and source code are freely available from Cygnus Solutions
under GNU General Public License; a commercial license is also
available.
Noer explained that Cygwin32 is a DLL that exports most common UNIX
calls. You use the Cygwin32 version of GCC to compile your UNIX code on
a Windows machine, and the resulting Windows program runs as you would
expect under UNIX. A "mixed flavors" Cygwin32 application can also make
Win32 API calls if desired.
Noer sidetracked briefly to provide some background information on
Cygnus Solutions. It provides support and contracting services for the
GNUPro Toolkit and sells Source-Navigator, "a powerful source code
comprehension tool." 150 host/target combinations of the toolkit are
available, including Win32-hosted native and cross-platform development
tools. Cygnus engineers make over three-quarters of all changes to the
GNU compiler tools, maintained Noer.
Cygnus Solutions is conducting Internet beta testing, and source code
is freely available. The mailing list to subscribe to is:
<gnu-win32@cygnus.com>. "GNU-Win32" beta releases include native
Win32 development tools and all GNU utilities needed to run GNU
configure scripts, including UNIX shell, file, and text utilities.
Noer dived into the details of Cygwin32. Cygnus Solutions wanted to be
able to offer Win32-hosted version of the GNUPro Toolkit, keeping the
source code as simple as possible and development time fast. Also,
rebuilding tools on Win32 platforms required the GNU configure
mechanism. With that in mind Cygwin32 seemed like a good solution.
Development started in January, 1995 and passed the Plum Hall Positive
C Conformance test suite in July, 1996.
The architecture uses shared memory to store information needed by
multiple Cygwin32 processes, such as open file descriptors, and data
needed to assist fork and exec operations. Every process also gets a
structure containing pid, userid, and signal masks.
Cygwin32 applications see a POSIX view of the Win32 file system. The
provided "mount" utility may be used to select the Win32 path
interpreted as the root ('/') of this view and mount additional
arbitrary Win32 paths under it (such as different drive letters). UNIX
permissions are emulated from Win32 ones.
Filenames are case-preserving but case-insensitive. Difficulties
included handling the distinction between text and binary mode file
I/O, symbolic and hard links, and Win32 and POSIX path translation
issues. Some other implementation details include a Cygnus ANSI C
library ("newlib") process creation (fork, exec, and spawn), signal
handling, sockets on top of Winsock, and select using sub-threads.
Much software has been ported using Cygwin32, including: X11R6 Clients
--
x-emacs, ghostview, xfig, xconq; GNU inet utils -- remote logins
possible to Win95/98/NT; KerbNet -- Cygnus' Kerberos security
implementation; CVS (Concurrent Versions System); Perl 5 scripting
language; shells -- bash, tcsh, ash, zsh; Apache Web Server; Tcl/Tk
8.
Future goals are to make Cygwin32 multiple-thread safe, improve runtime
performance, conform to the POSIX.1/90 standard (for example, setuid
support is missing), and to produce a true native Win32 compiler (where
the use of Cygwin32 would be optional).
A few technical questions were asked. Noer explained that under NT,
POSIX file attributes were originally stored in the flat NT Extended
Attributes file. On FAT partitions with thousands of files, that file
could grow beyond 200 megabytes, slowing file accesses down enormously.
As a result, this method is no longer being used by default. Instead,
only the standard Windows permissions are used. When asked about user
impersonation capabilities like "su", Noer gave a workaround --
using the inetd utilities to log in to the local machine as a different
user (which works because inetd runs as a privileged process). Noer
thinks conforming to the POSIX standard will not be difficult.
Win32 API Emulation on UNIX for Software DSM
Sven M. Paas, Thomas Bemmerl, and Karsten Scholtyssik, RWTH Aachen,
Lehrstuhl für Betriebssysteme
Sven Paas described a new Win32 API emulation layer called nt2unix that
runs on UNIX. This is a pure library solution that doesn't require a
change to compilers or target systems. His organization has been trying
to emulate a "reasonable subset" of the Win32 API to demonstrate that
emulation is possible under UNIX, and they have been able to implement
most low-level constructs of Win32.
The problem they originally set out to solve was: Given a console
application for Win32 written in Visual C++ 5.0 with use of the
Standard Template Libraries (STL) and running under Windows 95 or NT,
compile and execute the same code on UNIX, with gcc 2.8.1 and STL, for
Solaris 2.6 (sparc/x86) or Linux 2.0 (x86).
By "a reasonable subset," Paas means implementation of a couple key
areas. The first is support for NT multithreading (i.e., the ability to
create, destroy, suspend, and resume preemptive threads) and for most
synchronization and thread-local storage (TLS) functions. To
demonstrate memory management abilities, they wanted to be able to
allocate, commit, and protect virtual memory on the page level, as well
as support memory mapping I/O and files. They wanted to provide user
level page fault handling with structured exception handling (SEH) to
emulate NT SEH. Finally (and ambitiously), they wanted to provide use
of the Winsock API for TCP/IP under the emulator.
Paas then went into the implementation details of nt2unix, comparing
code to accomplish common tasks such as creating a thread in NT versus
POSIX versus Solaris. Creating a thread is in itself very simple, but
the differences between operating systems meant they had to ignore
LPSEC attributes like Windows 95 does.
One major problem with thread synchronization is that suspending and
resuming threads is not possible under the POSIX thread API.
Additionally, some Win32 thread concepts are hard to implement
efficiently within POSIX. The NT kernel usually handles this, but in
UNIX it must be done manually, which implies some performance hits.
Memory management turned out to be fairly easy. Structured exception
handling wasn't as easy and couldn't be supported directly, since
supporting the keywords try and except would require a change in the
compiler. They decided to implement SetUnhandledExceptionFilter(),
which creates a global signal handler. Mapping NT exception codes to
UNIX signals, where there isn't always a good match, made this
difficult.
To enable TCP/IP networking using Winsock, they decided to restrict
Winsock 2.0 to the BSD Sockets API. The bulk of the task was
translating data types, definitions, and error codes. Paas notes that
the pitfalls in this are that some types are hard to map, like fd_set:
Winsock's select() function is most definitely not BSD's select().
To test their solutions, they emulated a 15,000-line native Win32
Visual C++ code module, SVMlib. This shared virtual-memory library is
all-software, user-level, and page-based. They ran this with nt2unix
with no source code changes. Initial time comparisons show satisfactory
behavior, the major reason for slightly slower performance than on a
Win32 platform being that UNIX signal handling is significantly more
expensive than Win32 event handling.
Paas's team concluded that Win32 API emulation under UNIX is very
possible, and that if the emulator is application-driven, it can be
implemented within finite time (three man-months). Paas says "nt2unix
is a reasonable first step to develop portable low level applications."
In the future they would like to implement a more complete set of Win32
base services, allowing more applications to be run under UNIX (NT
services could be run as UNIX daemons, for example).
nt2unix: <https://www.lfbs.rwth-aachen.de/~karsten/projects/nt2unix>
SVMlib: <https://www.lfbs.rwth-aachen.de/~karsten/projects/SVMlib>
NT-SwiFT: Software Implemented Fault Tolerance on Windows NT
Yennun Huang, P. Emerald Chung, and Chandra Kintala, Bell Labs,
Lucent Technologies; Chung-Yih Wang and De-Ron Liang, Institute of
Information Science, Academia Sinica
Yennun Huang presented NT-SwiFT, a group of software components
implemented to provide fault tolerance on Windows NT. These were
originally developed for UNIX and have been ported to NT with new
features added.
The problem is to make distributed applications highly available and
fault tolerant. Huang outlined three possible solutions: (1)
transaction processing as in Microsoft Transaction Server; (2) active
replication / virtual synchrony as in ISIS, HORUS, and Ensemble;
(3)checkpointing and rollback recovery, which is the approach SwiFT
takes.
SwiFT supports three types of process replication for rollback
recovery: cold, warm, and hot. Cold is fail-over with or without
checkpointing. Warm is primary backup with state transfer. Hot uses an
active process group with no shared memory. Regardless, the overall
philosophy was to keep the error recovery mechanism transparent from
client programs, and to enhance fault-tolerant server programs with
fault tolerant APIs.
After an extremely detailed catalog of the many components of SwiFT and
what they can be used for, Huang provided some general information
about SwiFT in general. UNIX SwiFT has been used in Bell Labs for more
than five years and is used in more than 20 products and services. Its
technologies have been licensed to a few companies. A few projects in
Lucent are trying NT-SwiFT.
SwiFT was originally ported to NT on UWIN but was re-implemented with
many new features. UWIN 1.33 works, but not quite. By writing new
driver code, they obtain less software dependency, a new GUI, new
features, and a much needed understanding of NT internals.
The basic procedure is that when a process is initially created,
important system calls and events are intercepted and recorded. This is
a sneaky and very transparent solution: a whole process space can be
set up (using NT calls VirtualQuery() and Virtual Protect()). Handles
can be restored with library injection techniques and modification of
import address tables. For client-server applications, they use an
intermediate NDIS driver, which allows them to set up a dispatcher and
server node with the same IP address. The dispatcher node can be failed
over.
Huang gave a very interesting demo of the checkpoint and process-space
recovery features using the beloved minesweeper application. This was
both humorous and very effective: after placing a few mines, he took a
checkpoint, placed a few more, and, naturally, "blew up" when he
clicked a bad square. Then he restored from the last checkpoint, which,
he explained, actually launched the process, restored its process
space, and replayed a sequence of events. This allowed him to "try
again" and checkpoint again when he clicked a few good squares. While
trivial, it clearly demonstrated the possibilities of the system.
Huang expressed a few opinions about NT, namely that it has too many
APIs and libraries (really?), but that it is very powerful and that
"everything is possible in NT." It has many useful facilities, and
although the OS can be an esoteric maze at times, a good point is that
if you have a problem, someone somewhere has probably written some code
to solve it, and it's fairly easy to find free code samples.
Huang stated a few future goals for SwiFT. They'd like to bring it to
Windows 98. They are planning to add a few components (CosMic,
addrejuv), more NT system calls trapping, and more dispatching
algorithms for ONE-IP. They'd also like to see SwiFT for distributed
objects (CORBA, DCOM, and JAVA). Finally, they'd like to integrate
SwiFT with other tools (MSCS) and NT5.
In the Q/A session, someone wanted to know about availability. The
answer
wasn't very clear, but it's under license and at this point is not very
available (still in progress). People had many questions about the
Winmine demo. Huang made it clear that GDI objects like brushes can not
be captured: there's no way to understand them outside of a process
space. For the demo, they use window handles only. Someone wanted to
know if it was possible to save on one machine and recover on another,
as this would be a very useful feature for load balancing. The answer
is yes, but it has to be exactly the same type machine with the same
configuration because of memory internals. Someone wanted to know if
this would be able to run more than one process per server (for
example, could you run thousands of SwiFT-backed objects on a server?),
and could SwiFT run for days without crashing? The answer: "We're
working on it."
Session: Threads
Summary by Kevin Chipalowsky
A Thread Performance Comparison: Windows NT and Solaris on a
Symmetric Multiprocessor
Fabian Zabatta and Kevin Ying, Brooklyn College and CUNY Graduate
School
Kevin Ying began by observing that the cost of multiprocessing
equipment has dropped drastically over the past few years. A
dual-processor IBM SP2 sold for $130,000 in 1995, and a more powerful
system built with Pentium II processors costs around $13,000 today.
With this much computing power readily available, mainstream operating
systems need to support multithreading.
Both Windows NT and Solaris support kernel-level and user-level
subprocess objects of execution. Windows NT calls its kernel objects
"threads" and its user objects "fibers." The application programmer has
complete control over the scheduling of fibers. Solaris calls its
kernel objects "Light Weight Processes" (LWP) and its user objects
"threads." Unlike NT, Solaris provides a user level library to schedule
threads to run on LWPs.
In their research, Zabatta and Ying performed seven experiments to test
the relative multiprocessing performance of the two operating systems.
They tested kernel execution objects in Windows NT only, but tested
bound, unbound, and restricted concurrency level threading in Solaris.
A bound thread in Solaris's user level library is a single thread that
is always scheduled on a single LWP. An unbound thread is dynamically
scheduled on a dynamically chosen number of LWPs, but the concurrency
level can be restricted to a fixed number. In their concurrency
restricted case, Zabatta and Ying limited the library to four LWPs
(CL=4), because their experimental system had four processors.
Ying explained that neither operating system documented a limit on the
number of kernel execution objects it could create. Their first
experiment was to discover this limit. They found the Windows NT limit
to be around 9800, and the Solaris limit to be around 2200. The second
experiment tested normal thread creation speed. They wrote a simple
program to create threads in a loop. Performance of NT and Solaris
bound threads were very comparable. However, unbound Solaris threads
could be created much faster. They also tested thread creation speed
while the system was under a heavy load. In this situation, the
creation of all types of Solaris threads was drastically faster than
creation of Windows NT threads. Ying informed us that this could be
expected, because NT gives a higher priority to threads that have been
running for a long time, while Solaris gives a higher priority to newly
created threads.
In the fourth experiment, performance was measured for an application
requiring no synchronization. They found no major differences in
running times by any of the threading models. This led them to conclude
that the Solaris threading library does not significantly affect
performance. Next, they tested performance in an application making
heavy use of synchronization. Windows NT has two different types of
synchronization objects. A critical section has local scope, and a
mutex has global scope. Solaris only has critical sections, but it has
a creation flag, which determines scope. Zabatta and Ying found that
Windows NT critical sections drastically outperform local Solaris ones.
However, global synchronization objects in Solaris outperform the
global ones in NT. In the sixth experiment, they tested performance
using the classic symmetric traveling salesman problem. The significant
result was an almost linear speedup with parallelism. All threading
models had very similar performance. The final experiment attempted to
mimic real world applications with CPU bursts. They tested each
threading model with drastic CPU bursts and found the restricted
concurrency Solaris threads slightly outperform the others. Ying
attributed this to Solaris' two-tier system.
Ying concluded by reiterating the scalability of each model, the
flexibility of Solaris's design, and the performance advantages of NT's
critical sections.
A System for Structured High-Performance Multithreaded Programming
in Windows NT
John Thornley, K. Mani Chandy, and Hiroshi Ishii, California
Institute of Technology
John Thornley opened by reminding us of a time-honored idea:
multithread programs on multiprocessor computers to make them run
faster. However, the idea of multithreaded programming has still had
very little impact on mainstream computing. Thornley asks and tries to
explain why this is so.
In his explanation, there are three types of obstacles to the
widespread adoption of multithreaded systems: the availability of
symmetric multiprocessing (SMP) computers, the lack of programming
systems, and the difficulty of software development. Until recently,
SMP technology was been very expensive and rare. Software tools were
always limited. Most were primitive and the product of academic
research. They have always been unreliable, nonportable, and difficult
to program. Things are changing. SMP computers are finally becoming
cheap enough for their use to spread beyond expensive research labs.
Commodity operating systems, notably Windows NT, support threaded
software. Multithreaded programming, however, remains difficult. This
is the focus of the research Thornley presented.
Why is programming so tough? Thornley argues that the problem is a lack
of structure. Current tools are designed for systems programming, which
is small subset of all programming that could benefit from SMP
computers. Current synchronization operations are also very error-prone
because of their nondeterminism. These tools are at the level of "goto"
sequential programming. We need structured design techniques, modeled
after tried-and-true sequential techniques. We need direct control of
threads and synchronization. We need determinacy unless explicit
nondeterminacy is required. And we need performance that is portable
across different hardware and with different background loads.
The authors developed Sthreads, a new package of tools to deliver this
functionality. The programming model is "multithreaded program =
sequential program + pragmas + library calls." They claim that if a
programmer follows the rules of the model, multithreaded execution is
equivalent to sequential execution. This determinacy has many important
consequences simplifying software development. For example, a program
designed for multithreading can be run sequentially for debugging.
Sthreads is not a parallelizing compiler. Their pragmas are not hints;
they are specific directives. They are used around blocks and "for"
loops and indicate the section of code that should be explicitly
multithreaded. The Sthreads library provides counters to guarantee
correct order of execution, but also provides access to traditional
locks for nondeterministic programming.
Thornley presented a trivial code example that multiplies matrices. A
pragma indicating that it should be multithreaded precedes the outer
"for" loop. His second example was a little more complicated. It sums
up arrays of floating point numbers. Since floating point arithmetic is
not associative, the order of execution matters. To ensure equivalency
to sequential execution, Thornley's example uses a counter. It
guarantees sequential ordering and mutual exclusion in a section of
code. The use of Sthreads for this example is far simpler than using
the Win32 thread API.
The researchers theorize that this is all you need to make programs run
fast. They think that hardware and operating system software are ready
for multithreading of commodity software. Thornley made the very strong
statement that if multithreaded programming is not this simple, then it
will never become mainstream. He ended with the following testimonial.
They took a difficult aircraft route optimization problem and
implemented a solution using the Sthreads tools. In the end, their
solution running on an SMP system with four Intel processors
outperformed a Cray supercomputer solving the same problem using an
implementation designed with traditional programming techniques.
A Transparent Checkpoint Facility On NT
Johny Srouji, Paul Schuster, Maury Bach, and Yulik Kuzmin, Intel
Corporation
Paul Schuster and Johny Srouji presented their research and resulting
checkpoint tool. Checkpointing is the act of capturing the complete
state of a running process. Once captured, it can later be used to
resume the process either on the same machine or be migrated to
another.
In the past, many checkpointing tools have been built for UNIX systems,
but this group began the development of their tool not knowing of any
others for Windows NT. Given NT's increased usage over the past few
years, they believed that such a tool was definitely needed.
The motivation for checkpointing is strong. It is a good way to prevent
the loss of data that is due to the failure of a long-running process.
It can also be used for debugging, to determine why that long-running
process failed and resulted in data loss. Most significantly,
checkpointing can be used to migrate a process from one machine to
another in a distributed environment, possibly to improve resource
utilization.
There were a number of design goals in the project. Foremost, it needed
to be transparent to the running application, so no source code changes
could be required. Obviously, it needed to be correct, but with a
minimal performance impact. It also had to be application-independent
and support multithreaded processes. The designers tried to make their
implementation as portable as possible, although they discussed only
the NT implementation.
For a checkpoint facility to be correct, it needs to capture the
complete state of a process. Schuster and Srouji illustrated a layering
of process state components. User objects, such as memory and thread
contexts, were on the bottom. System state objects were above those,
and GUI and external state objects were at the very top. Moving up the
layers, the complexity of capturing state increased. Schuster and
Srouji said they did not even attempt to capture state for the highest
layers. Their tool is limited to console applications.
It has both a user interface and a developer interface. The user runs
an application using an alternate loader, which configures the app to
run with automatic checkpointing. Alternatively, the application
developer can explicitly control when checkpointing occurs by using a
provided API.
Schuster and Srouji described the architecture of the checkpoint tool.
Their checkpoint DLL is loaded into the user memory space by the
loader. Its DllMain is called first, which rewrites the Import Address
Table (IAT). In doing so, it forces all Win32 API calls to be
redirected to checkpoint DLL functions.
When it is time to perform a checkpoint, the tool has access to all
needed states. User state is in user memory, and since the tool is
implemented as a DLL running in user memory space, it can directly
access it. State associated with system calls is stored in system
memory. The checkpoint DLL does not have access to that memory, but it
can infer the system's internal state because it had a chance to see
all system calls.
To resume a process, the checkpoint tool loads the application
suspended. It rebuilds the state in the reverse order it captured it.
Finally, it releases the application threads and they runs as if they
were never stopped.
As implemented, Schuster and Srouji's work has a few limitations. Most
relate to external state, which they cannot control. If a process
creates any temporary files, they must still exist in their
checkpointed states during resume. Any applications that bypass the IAT
(by using GetProcAddress, for example) might not resume correctly. And
their tool does not even attempt to deal with simultaneously
checkpointing multiple processes that interact. In the future, they
plan to continue their research with more optimizations and more
comprehensive API support. They hope to improve performance with
incremental memory dumps. Eventually, they hope to use their
checkpointing tool for process migration.
Poster and Demo Session
Summary by Michael Panitz
The Poster and Demo session was a popular, well-attended event
featuring many research projects in a wide range of areas, from dynamic
optimization to process migration to NT-UNIX connectivity. The session
began with the session chair, John Bennett, inviting project presenters
to give a one-minute summary of their projects. After the summaries,
the audience was free to roam about, conversing both with the project
presenters and among themselves.
Many of the projects focused on network-related advances. A Bell
Labs/
Microsoft team collaborated on a project that exploited COM's custom
marshalling ability to run DCOM on RMTP, a multicast network protocol.
A group from Harvard presented a cluster-based Web server in which page
requests are preferentially forwarded to specific nodes, thus
significantly increasing performance by decreasing the total number of
pages each node is expected to serve. The Milan/Chime project
demonstrated a distributed shared memory system which was used to
support distributed preemptive scheduling (and task migration). Martin
Schulz, from the SMiLE group at TU-Munich, presented a system for
building a shared memory system, which supports transparent,
cluster-wide memory by exploiting SCI's hardware DSM support. Finally,
the Brazos parallel programming environment was presented, which
facilitates parallel programming by offering features such as being
able to run a Brazos program on uniprocessor, SMP, or clustered
computers without recompilation.
Two posters dealt with connecting NT to other systems. Motohiro Kanda
presented a mainframe file system browser, which allows one to access
to file system of a Hitachi 7700 mainframe from Windows NT. Network
Appliance demonstrated a specialized, multiprotocol file server that
utilizes the SecureShare technology that was described in the Mixing
UNIX and NT technical session. The main feature of the NetApp file
server was that it supports both UNIX and NT file sharing. It allows NT
clients to access UNIX files and vice versa, in addition to NT to NT/
UNIX to UNIX access, all without client modification.
In a class by itself was SWiFT (not to be confused with the
checkpointing project NT-Swift), a toolkit to build adaptive systems.
The system is based on feedback control theory, and seeks to apply
hardware control theory to software problems. In doing so, it
facilitates the use of modular control components, explicitly specified
performance parameters, and from there, the automatic, dynamic
reconfiguration of software modules for good performance despite a
changing environment.
KEYNOTE ADDRESS
Buying Computing and Storage
by the Slice
Gary Campbell, Tandem Computers Inc.
Summary by Dan Mihai Dumitriu
Gary Campbell gave a compelling argument for cluster technology as a
more scalable and cost-effective replacement for SMPs, MPPs, and
Supercomputers. He argues that in today's computing world, SAN (System
Area Network) technology has matured to the point where it is a
feasible interconnect for clusters.
Key technologies that must exist in order for "computing by the slice"
to succeed are: x86 SMP systems, which are very inexpensive today;
balanced PCI; SAN interconnects such as VI (Virtual Interface)-based
solutions; and parallel programming standards.
Alternative technologies to clustering are SMPs, which do not scale
indefinitely and do not have the best price-performance curve, and
CC-nUMA (Cache Coherent Non-Uniform Memory Access). When applications
start to get broken up on a nUMA machine, it starts to look more and
more like a cluster. In addition, both of these technologies have
single points of failure, whereas clusters are architecturally ready
for fault-tolerant features.
The hardware necessary for computing by the slice is available, but the
software side still needs work. "Legacy" cluster systems -- such as
Tandem NSK, IBM SP2, and Digital UNIX -- are too difficult to
replicate. More recent products such as Microsoft's cluster service,
affectionately (?) called "Wolf Pair," do not scale well. Much work is
needed in the software and the distributed APIs.
Some case studies of "computing by the slice": The IBM DB2 database
running on 2 P6-200MHz machines interconnected with ServerNet gets 91%
scaling. The Inktomi Web search engine, which is a Berkeley NOW
derivative, is built out of 150 dual-processor UltraSparc II machines
connected with Myrinet. This highly parallel search engine can index
110 million documents and is highly economical. The Sandia Allegra
Model was originally built on Cray, later on Paragon. Now it is running
on DEC Alpha's interconnected with Myrinet.
The conclusion was that computing by the slice offers superior
price/performance, is architecturally ready, has lower time and cost to
market, and is even gaining ground in traditionally supercomputer
applications like sparse matrix computations, and also in commercial
parallel databases. The architecture is
primarily limited by the software. In
the future look for COM+, Java EJB,
and other perhaps more dramatic
developments.
KEYNOTE ADDRESS
Here Comes nUMA:
The Revolution in Computer Architecture and its OS Implications
Forrest Basket, Silicon Graphics Inc.
Summary by Dan Mihai Dumitriu
Forrest Basket presented an argument for CC-nUMA (Cache Coherent
Non-Uniform Memory Access). He asserted that the nUMA architecture is
inevitable in today's computing world, and he presented a successful
implementation of the hardware and software.
Basket pointed out some problems that arise in modern systems: faster
buses must be shorter and run hotter, and faster CPUs run hotter and so
need more volume for cooling. Using point-to point wires rather than
buses allows you to run them faster and cooler.
The SGI Origin 2000 is a successful implementation of CC-nUMA. It has
an integrated nUMA crossbar and a fat-hypercube interconnect. It has a
coherence and locality protocol, 64-bit PCI, and some fault-tolerant
features. Each node in the Origin 2000 has two MIPS R10000 CPUs.
The operating system is Irix 6.5. The computational and IO semantics of
the system are the same as for an SMP. For a small nUMA system an SMP
OS will work, as will SMP applications. Some disadvantages are
additional levels in memory and IO hierarchy. Even though the system
has a high-performance interconnect, latency in memory access is an
issue, as is the contention for resources between nodes.
According to Basket, in order to optimize performance of parallel
applications, we want to be able to specify the topology of the system
as well as affinities for devices, and to be able to do this without
modifying binaries. Other issues that arise are page migration between
nodes and memory placement policies. Modifications to the OS kernel are
necessary to support being able to specify the initial placement of
applications consistent with the user-specified system topology,
replication of the kernel at boot time, a reverse page table, and a
page locking scheme. System management is also an issue with nUMAs. The
ability to partition systems so we can perform administrative shutdown
of parts of the system is desirable, as is a sophisticated batch system
that would enable users to see consistent running times.
SMP and DSM (Distributed Shared Memory) (cc-nUMA is a variant of DSM)
are displacing vector supercomputers and MPPs.
Session: Mixing UNIX and NT
Summary by Michael Panitz
Merging NT and UNIX Filesystem Permissions
Dave Hitz, Bridget Allison, Andrea Borr, Rob Hawley, and Mark
Muhlestein, Network Appliance
Dave Hitz presented a fast and witty overview of the WAFL file system,
which enables network-based file sharing with both UNIX and NT clients.
Network Appliance has created a specialized file-sharing device that
uses WAFL to ease file sharing in a mixed NT/UNIX environment. The
three design goals of WAFL are: to make WinNT/95 users happy by
providing a security model that mimics NTFS; to keep UNIX users happy
by providing a security model that mimics NFS; and to allow Windows and
UNIX users to share files with each other.
Difficulties arise because UNIX (and its Network File System, NFS) and
NT (and its Common Internet File System, CIFS) are fundamentally
different, both in security models and in such aspects as case
sensitivity (NTFS is case-insensitive, NFS is case-sensitive). NFS uses
divides permissions into (user, group, world), while CIFS uses Access
Control Lists (ACLs). CIFS uses a connection-based authentication
scheme, while NFS is stateless. WAFL was primarily designed to bridge
these two filesystems in the most secure manner possible, while
secondarily providing as intuitive an interaction as possible.
In addition to moderating access to files based on permissions, a
filesystem is expected to display permissions, to allow them to modify
these permissions when appropriate, and to be able to specify the
default permissions to assign to a newly created file. WAFL uses both
permission mapping and user mapping to accomplish these goals. When a
UNIX client accesses an NT file, access is determined by UNIX-style
permissions that are generated from the ACL via a process called
"permission mapping." These "faked-up" permissions are guaranteed to be
at least as restrictive as the NT ACL. When an NT client requests
access to a UNIX file, access is determined by mapping the NT user to a
UNIX account, via a process called "user mapping." The presentation
argued that this was an effective, direct way to allow access in a
secure, reasonably intuitive manner.
The presentation finished by touching on some of the issues surrounding
WAFL, such as how to store NT ACLs, and on the administrative protocols
used by NT.
Pluggable Authentication Modules
for Windows NT
Naomaru Itoi and Peter Honeyman, University of Michigan
Naomaru Itoi began the presentation with an anecdote about the
motivation for creating a Pluggable Authentication Module (PAM) on NT.
At the University of Michigan there existed authentication modules for
both Kerberos and NetWare. This was great, but the authors wanted a
module that provided authentication for both Kerberos and NetWare
together; the only way to accomplish this was to create a third module.
To create this under NT would have been difficult and time-consuming.
They wanted an authentication system would allow the user to log on
once, yet use many services ("single sign-on"), a system that would be
easy to administer, and a system that would be relatively easy to
develop new authentication modules for. What was wanted was a dynamic
security system for NT, much like the PAM system that provides dynamic
security for Linux and Solaris.
After explaining why such a system would be useful, the speaker gave an
overview of PAM, which is a de facto standard for administration, being
part of Linux, Solaris, and the Common Desktop Environment (CDE), and
also being standardized by the IETF. PAM allows for security
(re)configuration via a simple text file, which allows the
administrator to specify such things as which services (Kerberos,
NetWare, etc.) are required for, say, a logon attempt, or ftp session;
which are optional; which services should be logged on to using the
login password the user provides; which should be logged in to using a
password stored in a password file, etc. PAM also provides a high-level
API for authentication, so that different services can be wrapped and
then configured without a recompilation.
Itoi outlined a plan of attack by next explaining GINA, the
administrator-replaceable "Graphical Identification and Authentication"
user authentication component. GINA enables the administrator to
replace the default user authentication module with another, but still
suffers from the problem of having to write one module for the Kerberos
service, one for the NetWare service, and a third for Kerberos and
NetWare. Further, each module would have to be configured in its own
way, thus making administration of any significant number of NT
machines nearly impossible. Last, custom GINA modules require special
debugging tools and the use of difficult techniques, since GINA is run
before anyone logs in. The plan was to build a custom GINA that
implemented a subset of PAM, so that NT could be used, administered,
and developed for as easily as the UNIX PAM systems.
The design and implementation of PAM, named NI_PAM, was presented,
including the API supported by NI_PAM; a diagram that showed which DLLs
replaced the GINA.dll and their interaction was explained.
Itoi reported that much of PAM has been successfully implemented,
though more features need to be implemented, and more testing needs to
be done, before a large-scale rollout can take place. The presentation
concluded with some thoughts on alternate means of implementing PAM on
NT, and possible future directions of the work, such as use of
smartcards and screen saver locks.
Montage - An ActiveX Container for Dynamic Interfaces
Gordon Woodhull and Steven C. North, AT&T Laboratories --
Research
Montage grew out of an effort to create a Windows-friendly port of an
abstract graph/network editor from UNIX. The Windows graph editor would
integrate with Windows applications using ActiveX (also known as OLE -
Object Linking and Embedding), a runtime, object-oriented technology.
The edges and nodes of the graph would be embedded objects, and the
application itself would be an embeddable ActiveX container, which
sounded easy enough.
Unlike previously available containers, Montage separates both the
layout and control of the contained objects and the interface used to
control them from the container. Thus, Montage is actually an
externally controllable object container that is being used to create a
graph application, Dynagraph. Montage is itself an embeddable,
customizable ActiveX object, and allows dynamic changes to the layout
of contained objects. Thus, Montage could be used to display the
current state of a computer network, unlike something like dotty, which
is used to generate static graphs. All policy decisions (i.e., which
objects should be placed where, what size should they be, etc.) are
implemented objects independent of the Montage objects, thus allowing
one to change the style of layout without recompiling Montage (unlike
an VB MFC application).
Montage exploits the OCX96 technology of "transparent controls" to
provide for different modes of interaction with the objects. This
allows Montage to provide a "Viewing Mode," in which the user can view
but not change the graph, and an "Editing Mode," in which the user can
both view and edit the graph. At the same time, the contained objects
themselves are allowed to request that their properties be set to a
certain value. A contained object could, for example, request to be
moved to point (x, y), and its foreground color set to blue, or to be
brought to the front. Montage then forwards this request to the layout
control engine, which then has the option of ignoring the request or
interpreting it if it so chooses. Montage exploits the new technology
of "windowless controls" to provide for different modes of interaction
with the objects. This allows Montage to provide a "Viewing Mode" in
which the user can view but not change the graph, and an "Editing
Mode," in which the user can both view and edit the graph.
The presentation included an impressive live demo, which showed
embedding a Word snippet into Montage, and then embedding a Montage
graph into Word.
Session: Networking and Distributed Systems
Summary by Hui Qin Luo
SecureShare: Safe UNIX/Windows File Sharing through Multiprotocol
Locking
Andrea J. Borr, Network Appliance, Inc.
Dennis Chapman, who made the presentation for author Andrea Borr,
employed illustrative examples to demonstrate the capabilities of
SecureShare. SecureShare is Network Appliance's solution to
multiprotocol file sharing between two different file systems, UNIX's
Network File System (NFS) and the Windows Common Internet File System
(CIFS) or "(PC)NFS."
SecureShare is a Multiprotocol Lock Manager providing file-sharing
capabilities between UNIX clients using NFS and Windows clients using
CIFS without violating data integrity. CIFS has hierarchical locking
and mandatory locking functionality that requires file-open and lock
retrieval before performing any operations such as reading, writing, or
byte range locks. Unlike CIFS, UNIX's NFS has a nonhierarchical,
file-open deficient and advisory locking mechanism. Its has no
predeclarative functionality that specifies the kind of access mode it
needs to a file. Therefore, these differences make file sharing between
the mixed network environment difficult, if not impossible.
SecureShare's main selling point is the preservation of multiprotocol
data integrity by reconciling the locking mechanisms and file-open
semantics between the two different file systems, and multiprotocol
oplock ("opportunistic locks") management involving oplock requests
from NFS to CIFS oplock break.
CIFS opportunistic locks (with the exception of level II oplocks)
represent the equivalent of a file open with Read-Write/Deny-All access
mode. However, access attempts by other clients (using either CIFS or
NFS) to the oplocked file can cause the server to revoke the oplock
through an oplock break protocol. The client who obtained the oplock
gains the advantages of read-ahead on the open file, cache write
operations to files, and cache lock requests. In this way, the network
traffic to the file server is minimized. Chapman discussed the oplock
break protocol in a mixed CIFS and NFS environment. When another client
wishes to access the file, the client's request is suspended.
Afterwards, an oplock break message is sent to the operating system of
the CIFS client holding the oplock. The client operating system can
close the file and pipe all the changes of the file stored in the cache
to the file server. It can also pipe all the cached changes and remove
all the read-ahead data. It then transmits a reply to the fileserver
acknowledging the break.
One of the concerns brought up in the Q/A session was the handling of a
situation in which a client fails to respond to the oplock bread
request sent by the server due to attempted access to the oplocked file
by NFS. Chapman claimed that there is an automatic session timeout on
the oplock held by the client's operating system, which, if triggered,
automatically relinquishes the stale batch oplock.
Session: Networking and Distributed Systems
Summary by: Hui Qin Luo
Harnessing User-Level Networking Architectures for Distributed
Object Computing over High Speed Networks
Rajesh S. Madukkarumukumana, Intel Corp.; Calton Pu, Oregon Graduate
Institute of Science and Technology; Hemal V. Shah, Intel Corp.
The introduction of high-performance user-level networking
architectures such as Virtual Interface (VI) lays the ground work for
improving the performance of distributed object systems. This
presentation by Rajesh Madukkarumukumana examined the potential of
custom object marshalling using VI, along with issues involved in the
overall integration of user-level networking into high-level
applications.
Component-based software like Distributed Component Object Model (DCOM)
uses remote procedure call (RPC) mechanisms to facilitate distributed
computing. Although distributed computing has matured over time, the
protocols that are relied on to transport data have remained virtually
unchanged, hindering the overall performance of networks such as SANs
(System Area Networks). The low-latency of user-level architectures
provides an attractive solution to the problem in SAN environments.
Madukkarumukumana chose to use DCOM and VI as the subjects of his
research. He presents his methodology in integrating the VI based
transport and a preliminary analysis of the performance results.
The VI architecture provides the illusion that each process owns the
network; many performance bottlenecks are bypassed, including the
operating system, to achieve this low latency, high bandwidth
connection. At the heart of the standard lies two queues for each
process, one for sending data, the other for receiving it; the queues
contain descriptors that state the work that needs to be done. Prior to
data transfer operations, a process called memory registration is
performed, allowing the user process to attach physical addresses to
virtual ones. Unique memory regions are referenced by these address
pairs, eliminating any further bookkeeping. Two data transfer
operations are accounted for -- the
standard send/receive operations, and Remote DMA (RDMA) read/write
operations.
DCOM is a network version of COM, used for the development of component
software. The network extensions in DCOM allow for all objects to be
addressed the same way, hiding their location. Encoding and decoding
data for transfer is called marshalling and unmarshalling,
respectively; the process of marshalling and unmarshalling creates a
stub object in the server process, and a proxy object in the client
process. Basically, three types of marshalling are used, but the one
that Madukkarumukumana discussed is custom marshalling: it allows for
the object to dynamically choose how its interface pointers are
marshalled.
In order for VI to do its job, the interface that DCOM uses to generate
the stub and proxy, referred to as IMarshal, has to be exposed.
Specialization in the object implementation is used to expose the
IMarshal interface. By exposing the parameters of the IMarshal
interface, new methods can be written to make use
of the VI send and receive queues. Information can therefore be sent
using the VI standard, instead of the old UDP protocol. Since VI
guarantees a certain quality of the signal transferred over a line,
much of the overhead and interrupts involved in UDP is eliminated.
In discussing the results of his research, Madukkarumukumana stated
that latency in the signal (for one-way transfer) dropped by about 30%
to 60% in some cases, even only under VI emulation. The existence of
core VI hardware provides a further dramatic increase in performance,
and an even greater performance boost may be expected if new procedures
catering to distributed computing systems are implemented within VI
(results forthcoming).
Implementing IPv6 for Windows NT
Richard P. Draves, Microsoft Research; Allison Mankin, University of
Southern California; Brain D. Zill, Microsoft Research
This presentation focused on the implementation and design details of
IPv6 for Windows NT as well as the common pitfalls/challenges
encountered in the process. IPv6 is the next generation Internet
Protocol (IP) worked by the IETF. The major driver behind it and some
of its key features were briefly mentioned in the paper; however,
anyone new to IPv6 who wishes to know more about its history and the
IPv6 specification should consult the relevant RFC documents referenced
in the paper.
The presentation started with an excellent overview of the Windows NT
networking architecture and how the IPv6 protocol stack can be/is
integrated into it. This was followed by a high-level overview of the
presenters' IPv6 implementation and some discussions of four
challenges/issues encountered and the specific solution used. The
presentation ended with some notes on the implementation's performance.
The segment on NT networking internals was very informative, especially
for novices. The details on the interfaces (documented or undocumented)
and protocols presented, along with the helpful references mentioned in
the paper, will prove useful for anyone trying to implement a different
network protocol stack for NT and even for Windows 95 (due to similar
network architectures). The integration of IPv6 into this networking
architecture was also highlighted. Mainly, a Winsock DLL module was
added to provide user-level socket functionality for IPv6 addresses,
and a new TCPIP protocol driver to replace the IPv4. The implementation
was "single stack," supporting only IPv6, and though not efficient was
useful in isolating problems in the IPv6 stack during testing. The
logical layout of the implementation was divided into three layers
similar to IPv4 -- the link layer, the network layer (IP), and the
transport or upper layer which includes protocols such as TCP, UDP, and
ICMP.
Four noteworthy problems and their implemented solutions were
discussed. They range from inefficiencies in lower-level network device
handlers during a receive cycle to deadlock avoidance issues.
Performance measurements for the implementation were taken using TCP
throughput as the indicator metric and compared to the IPv4 stack.
Results presented showed marginal performance degradation with the IPv6
stack (2.5% over 10Mb/s LAN), and somewhat higher than expectations
(1.4% based on increased IPv6 header length). This is to be expected,
as the developers never intended this to be an optimized
implementation, but rather as a base for further research and to give
Microsoft the push for a product release in the future. Whether we will
see better performance results in Microsoft's official product
implementation of IPv6 is still to be determined. Comparative
performance measurements against other IPv6 implementations (Solaris,
Digital Unix, BSD variants etc.) were left out. The metric of comparing
each implementation's relative performance to its IPv4 counterparts can
be used as an indicator. Direct IPv6 TCP throughput comparisons might
not be fruitful because of differences in the O/S architecture each
implementation was targeted for, unless IPv4 performance was similar
across these platforms. Source code size comparisons were done against
another publicly available IPv6 implementation (INRIA IPv6).
"Great sample code" is available at
<https://research.microsoft.com/msripv6> for anyone who wishes to
dabble in Windows NT network protocol development or have a starting
code base for further IPv6 research and experimentation. A more
full-fledged release with security, authentication, and mobility
support is expected to be available in the future.
Session: Real-time Scheduling
Summary by Jason Pettiss
A Soft Real-time Scheduling Server on Windows NT
Chih-han Lin, Hao-hua Chu, and Klara Nahrstedt, University of
Illinois
Hao-hua Chu spoke about his group's implementation of a software
realtime CPU scheduler for Windows NT. NT schedules applications
indiscriminately based on multi-user time-sharing. Multimedia performs
poorly under these conditions, especially if
non-time-sensitive-conscious but CPU-hungry tasks like compilation are
occurring in the background. The scheduling server is a daemon from
which applications can request and acquire periodic processing time.
The scheduler requires no kernel modifications, uses the rate monotonic
algorithm, supports multiple processors (SMP model), and provides
guarantees for timeshare processes so that they aren't starved by
realtime tasks. Chu says there is "reasonable" performance at this
point, the main problem being limited overrun protection due to the
fact that the scheduler itself is a process and sometimes isn't woken
up on time by NT.
The architecture consists of a broker, which handles reservation
requests, builds a dispatch table, and fills the available slots of the
table. The dispatcher is in charge of reading the table and responding
appropriately. The dispatch table is configurable for the number of
processors, the number of available slots, and the time-slice of slots.
Dispatching occurs by changing the thread and process priority of
participating applications between idle and highest priority realtime
(1-31).
To test, Chu's team used a dual Pentium 200 with 96 MB RAM (an HP
Vectra XU). Time-slice was set to 20ms. They ran two processes running
MPEG decoders at FPS, one Visual C++ compilation of the MPEG decoder,
and four processes running computations of sine and cosine tables.
Dispatch latency worked out to be about 640 microseconds, which was
longer than they would have liked, but not too large to disrupt
scheduling. Performance of the two time-sensitive processes was
improved, Chu noted.
The main problem, reiterated Chu, was that NT sometimes did not wake up
the dispatcher on time. Also, the dispatcher, being an NT process
itself, cannot preempt real-time processes. This means there is weak
overrun protection. The provided NT timers weren't accurate enough, so
they are using a Realtime Extension (RTX) by Venturcom to get under 1ms
resolution.
They have much future work planned. Support is planned for varying
processing time per period and for a process service class, similar to
ATM traffic classes. They hope to run conformance tests. Also, they
would like to adapt a multimedia decoder to increase reservation or
decrease quality as necessary. An additional feature, probing and
profiling, could be added to figure out how much processing time to
reserve on a per-application basis.
Vassal: Loadable Scheduler Support for Multi-Policy Scheduling
George M. Candea, Oracle Corporation; Michael B. Jones, Microsoft
Research
George Candea presented Vassal, a system that utilizes loadable
schedulers to enable multi-policy, application-specific scheduling on
Windows NT. He led off with the example of a speaker late for a
presentation (an application) that knows where it needs to be and when,
and a cab driver (the OS) that can get him there on time if he can
communicate with him. Windows NT is more like a cab driver who hasn't
learned English yet -- the operating system multiplexes the CPU
among tasks, unaware of their individual scheduling needs.
Since no single algorithm is good enough for all task mixes, explained
Candea, a compromise would be to hardcode more than one scheduling
policy into the kernel. But even better would be a dynamically
extensible set of policies, made possible by separating policy
(scheduling) from mechanism (dispatching). This lets a developer
concentrate on coding policy. It also would allow different
applications to communicate with their preferred policy to bargain for
scheduling time. Custom schedulers are special Windows NT drivers that
coexist with the default NT scheduler, and which should have negligible
impact on global performance.
Candea then reviewed the current state of Windows NT scheduling. The
basic schedulable unit is the thread, which acquires CPU time based on
priority levels of two classes: variable, which uses a dynamic priority
round-robin, and realtime, which uses a fixed priority round-robin.
Interrupts and deferred procedure calls (DPCs) have precedence over
threads, so scheduling predictability is limited. Scheduling events are
triggered by: the end of a thread quantum, priority or affinity
changes, transition to wait state, or a thread waking up.
NT timers use the hardware abstraction layer (HAL), which provides the
kernel with a periodic timer of variable resolution. Candea noted that
most HALs have resolution between 1 and 15 ms, but some HALs are worse
than others -- some can be set to only powers of two, while others
are fixed at 10 ms. This is certainly another limitation to scheduling
with any policy under NT.
Vassal separates policy from mechanism. While the NT scheduler consists
of thread dispatch and a default scheduler, Vassal consists of many
schedulers (policy modules) arranged hierarchically and a separate
dispatch module in charge of preempting and awakening threads. Standard
NT policies remain in the kernel so that applications with no special
needs are handled as usual.
The schedulers register decision making routines with the dispatcher.
The dispatcher invokes these when scheduling events occur. Threads can
communicate with schedulers to request services. These new features
require some interface modifications, with the addition of three system
calls.
As proof-of-concept, the Vassal team implemented a sample scheduler
that can be loaded in addition to the default NT policy. The sample
allows threads to get scheduled at application-specified time
instances, which is simplistic, Candea admitted, but demonstrates
potential for more interesting time-based policies.
Minimal NT kernel changes were required: they added 188 lines of C
code, added 61 assembly instructions, and replaced 6 assembly
instructions. The scheduler itself was only 116 lines of C code,
required no assembly language, and they only needed to code policy.
Performance results showed that it was no slower if no specialized
scheduler was loaded, and there was only 8% overhead with their untuned
prototype. Results showed that with the special scheduler, the
predictability of periodic wakeup times significantly improved, and
there were no longer early wakeups. There were a few slightly late
wakeups (still less late than without the prototype loaded), and these
were caused by unscheduled events such as interrupts and DPCs.
Candea emphasized the Vassal take-homes are that it demonstrates the
viability and positive impact of loadable schedulers, and that it frees
the OS from anticipating all possible application scheduling
requirements. It also encourages interesting research in this area by
making it easy to develop and test new policies, and doesn't adversely
affect the OS.
Some related work is Solaris, which maps scheduling decisions onto a
global priority space; extensible OS work like Spin, Exokernal, or
Vino, and hierarchical schedulers like UTAH CPU or UIUC Windows NT Soft
Real-Time scheduler.
Many questions followed. Someone suggested that two different
schedulers must be compatible or there will be trouble. Candea agreed
that this was an interesting problem that could be solved by allowing
schedulers to talk to each other and "negotiate" or to use their
descriptions and decide if a conflict will occur. Another question was
that a driver has limited visibility into the NT kernel, and does this
affect the power of a scheduler? The answer is yes, ideally these
special drivers would be able to see into the kernel data structures
for real power. The moderator asked what can be done about predicting
DPCs and interrupts. Candea didn't think that was necessary, noting
that these are best left to perform their crucially important tasks
when they
need to.
<https://pdos.lcs.mit.edu/~candea/research.html>
<https://research.microsoft.com/~mbj>
Session: NT Futures
Tom Phillips and Felipe Cabrera, Microsoft Corporation
Summary by Kevin Chipalowsky
Felipe Cabrera and Tom Phillips demonstrated the upcoming Windows NT
5.0 operating system and the NT Services
for UNIX add-on. The two-hour session was very open, informal, and at
times emotional for some in the audience. Microsoft gave a presentation
while
inviting just about any type of question regarding the future of their
flagship operating system. Cabrera and Phillips fielded very spirited
questions and
comments.
Phillips began his NT 5.0 presentation by describing its new support
for upgrading from Win 9x. The setup program first scans a system for
compatibility before installing anything. It will now migrate
applications as part of the upgrade process, using plug-ins to support
third-party software. The system configuration is also preserved during
the transition to NT.
Next, Cabrera talked about the new volume-management infrastructure.
The new version of Windows NT will have many new storage management
features. In most cases, hard-drive partitions can be manipulated
without requiring a reboot. For example, partition size can grow and
shrink dynamically. There are also new security features, such as a
reliable "change" journal and file encryption. In response to a
question about the type of encryption, Cabrera explained that it uses
public key cryptography and is designed to prevent thieves from
examining data on a stolen laptop.
Cabrera also talked about the new file-based services sported by NT
5.0. It provides a new content indexing tool, which can be used to
search for files based on their content instead of just their filename.
It tracks common types of embedded file links and updates them when a
data file is moved to a different volume or even a different machine.
There is also a new automated recovery system to revive a computer that
otherwise will
not boot.
The speakers then presented NT Services for UNIX. Microsoft developed
it in response to the growing adoption of NT by previous UNIX users. It
will be available for Windows NT 4.0 with Service Pack 3 for $149 per
client. It is in beta, and anyone interested in being a beta tester
should email <gregsu@microsoft.com> with "sfubeta" as the
subject.
NT Services for UNIX will make an NT machine feel more like a UNIX one.
It allows users to access NFS partitions like any NTFS of FAT
partition. A new Telnet client and server are also included, so
administrators can remotely Telnet into a Windows NT system and run
console-based applications. Microsoft has licensed a Korn shell
implementation and a few dozen familiar UNIX tools from MKS. The
audience loudly applauded this part of the presentation.
Next, Cabrera and Phillips revealed storage features; the new Microsoft
Management Console (MMC) was the center of attention. It is a
management container that provides Microsoft and third-party developers
the opportunity to plug in software to manage just about anything.
The first demonstration was of RAID 5.0 support. One hard drive of a
stripe volume was removed and later plugged back into the system.
Although the underlying file system seemed to handle the intentional
fault, MMC simply crashed and the computer needed a reboot. After this
small setback, the demo moved on.
Hierarchical Storage Management (HSM) is another feature new to NT 5.0.
It makes use of the observation that the most commonly used files are
usually the most recently used files. When a hard-drive partition
becomes full, the filesystem offloads older files to a tape backup
system to make free hard-drive space available. Although Microsoft is
not the first to attempt to build HSM support onto NT, they believe
they will be the most successful. They have complete control over the
operating system and can fix all of the related utilities that would
otherwise have difficulty with the extremely long latency that results
from trying to open certain files.
Networking in NT 5.0 has also received an overhaul. As with volume
management, most network configuration changes can now be made without
rebooting the system. Microsoft also claims an improved programmable
network infrastructure. The TCP/IP stack is also enhanced; it runs
faster and supports security and QoS protocols.
| 
Need help? Use our Contacts page.
Conference index