On the other hand, computer users tend to think at a higher level. Typically, when they are working with a computer, they issue a series of commands to it. Since human beings type relatively slowly, the commands must be compact; hence, we focus on this level for operation shipping. When we speak of user operations, we mean the high level commands of computer users that can be intercepted, logged, and replayed later.
There must be an entity that intercepts the user operations and supplies the relevant information to the file system. This entity can be an interactive shell, or it can be the application itself. We refer to the two cases as application-transparent and application-aware logging.
Application-transparent logging is possible if the application is non-interactive. In this case, an interactive shell can intercept the information related to the user operation. For example, operation logging can be transparent to the following types of applications (examples are listed in parentheses): compiler and linkers (gcc, yacc, and ld), text processors (latex and troff), file-format converters (dvips and sgml2latex), software-project management tools (make), and file packagers (tar).
For application-transparent operation shipping, we need not modify the applications, we simply need to modify some interactive shells - the meta-applications - such as bash and tcsh. Fortunately, there are much fewer meta-applications than applications. We assume, of course, that the users are willing to use a modified shell to take advantage of operation shipping.
We extend the file-system API (application-programmer interface) with two new commands for the ioctl system call: VIOC_BEGIN_OP and VIOC_END_OP. They delineate the beginning and the end of a user operation. The user operation is tagged with the process group , so forked children in the same group are considered part of the same user operation. When the file system receives a file-system call, it can determine whether the call comes from a tagged user operation by examining the process-group information of the caller. The information necessary for re-execution, including the name of the user command, the command-line arguments, current working directory, and so on, is passed to the file system with the VIOC_BEGIN_OP command.
Our file system provides the logging mechanism, but the logging entities can choose the appropriate logging policies. For example, an interactive shell may allow users to specifically enable or disable operation logging based on certain criteria.
We have experimented with the bash shell, a common Unix shell. We added a few lines of code so that the modified shell issues the VIOC_BEGIN_OP and VIOC_END_OP commands appropriately. Currently, we implement the most straightforward policy: the shell logs every user operation. In the future, we may implement a more flexible policy.
Application-aware logging is needed when the application is interactive. In this case, the application is involved in capturing the user operations. The following types of applications fall into this category (examples are listed in parentheses): text editors and word processors (emacs, vi, Applix Word and Microsoft Word), drawing tools (xfig and Corel Draw), presentation software (Applix Present and Microsoft PowerPoint), computer-aided-design tools (AutoCAD and magic), and image manipulators (xv and GNU Image Manipulation Program).
In this paper, we focus on application-transparent operation shipping. The mechanism that we have designed, and the evaluation that we have performed, is limited to non-interactive applications. We plan to study application-aware operation shipping next, and we will report our findings in the future.