Presentation is loading. Please wait.

Presentation is loading. Please wait.

(C) 2002 Daniel SorinWisconsin Multifacet Project SafetyNet: Improving the Availability of Shared Memory Multiprocessors with Global Checkpoint/Recovery.

Published byJalynn Hampshire Modified over 9 years ago

Similar presentations

Presentation on theme: "(C) 2002 Daniel SorinWisconsin Multifacet Project SafetyNet: Improving the Availability of Shared Memory Multiprocessors with Global Checkpoint/Recovery."— Presentation transcript:

1 (C) 2002 Daniel SorinWisconsin Multifacet Project SafetyNet: Improving the Availability of Shared Memory Multiprocessors with Global Checkpoint/Recovery Daniel J. Sorin, Milo M. K. Martin, Mark D. Hill, and David A. Wood Computer Sciences Department University of Wisconsin—Madison

2 SafetyNet – Daniel Sorin slide 2 Overview Hardware fault frequencies are increasing Hardware checkpoint/recovery for multiprocessors –Transparent to software SafetyNet Innovations –Efficient coordination of checkpoint creation –Optimized logging of checkpoint state –Checkpoint validation off critical path SafetyNet achieves 3 goals, existing systems get 2 –High availability –High performance –Low cost

3 SafetyNet – Daniel Sorin slide 3 Outline Availability –Motivation –Example targeted faults –Differences between SafetyNet and existing approaches SafetyNet: Key Features A SafetyNet Implementation Evaluation Conclusions

4 SafetyNet – Daniel Sorin slide 4 Availability Motivation Fault frequencies are increasing 1.Technological reasons –Smaller transistors –Denser wires 2.Architectural reasons –More components –More aggressive designs Marketing trends demand more availability Need architectural solution to improve availability

5 SafetyNet – Daniel Sorin slide 5 Which Faults Do We Target? Hardware faults in shared memory multiprocessors –Mostly transient, some permanent, not chipkill We focus on faults outside of processor cores –Why? Good techniques for processors (e.g., DIVA) Interconnection network –Example: dead switch –Detect with timeout Cache coherence protocols –Example: lost coherence message –Detect with timeout CPU Interconnectio n Network Interconnectio n Network

6 SafetyNet – Daniel Sorin slide 6 System Hardware Design Space Backward Error Recovery (Tandem NonStop) Forward Error Recovery (IBM mainframes) Servers and PCs Existing systems get only 2 out of 3 features

7 SafetyNet – Daniel Sorin slide 7 Outline Availability SafetyNet: Key Features –System abstraction –Innovations A SafetyNet Implementation Evaluation Conclusions

8 SafetyNet – Daniel Sorin slide 8 SafetyNet Abstraction Processor Current Memory Checkpoint Current Memory checkpoint Current Memory Version Active (Architectural) State of System Most Recently Validated Checkpoint Recovery Point Checkpoints Awaiting Validation

9 SafetyNet – Daniel Sorin slide 9 SafetyNet Execution Model CP1 time CP2 CP3 CP4 CP5 recovery pt validating active Create CP3 recovery pt validating active validating Validate CP2 recovery pt validating active Create CP4 active validating recovery pt Recovery recovery pt active

10 SafetyNet – Daniel Sorin slide 10 SafetyNet Goal and Innovations Goal: Recover to consistent checkpoint if fault Inefficient but correct solution –Periodically quiesce entire system to take checkpoint –Checkpoints include all system state –Stop system to validate checkpoints as fault free SafetyNet innovations: 1.Efficient coordination of checkpoint creation across system 2.Optimized checkpointing of system state 3.Pipelined validation of checkpoints in background

11 SafetyNet – Daniel Sorin slide 11 Checkpoints must reflect consistent system state –Nodes must agree on memory values and coherence Coordinate checkpoints in logical time –Logical time is time base that respects causality Each node maintains its own logical clock –Create checkpoint every K logical cycles We need logical time base that helps coordination Key #1 Coordinating Checkpoint Creation

12 SafetyNet – Daniel Sorin slide 12 Logical Time Base Many logical time bases exist –Depends on coherence protocol Broadcast snooping systems –Increment clock for every coherence request processed –Nodes can be at different logical times –All nodes can agree when coherence transaction happens Directory protocol systems –Based on loosely synchronized physical clock (10 kHz) –More complicated explanation  refer to paper for details

13 SafetyNet – Daniel Sorin slide 13 Key #2 Optimized Checkpointing of System State Checkpoint all state needed to resume execution –Processor registers –Memory state (including cache state) –Cache coherence state Processors save register state at each checkpoint –Copy registers into shadow registers Logically, cache/memory log old data every time: –Store overwrites an old checkpoint of block –Block’s coherence ownership is transferred How can we reduce the amount of logged state?

14 SafetyNet – Daniel Sorin slide 14 Optimized Logging Insight: only recover at checkpoint granularity Intervals between checkpoints group writes/transfers –E.g., checkpoint every 100,000 cycles (100 μsec at 1GHz) Only log first store/transfer per block per interval Optimization at cache: –Label cache blocks with checkpoint numbers (CNs) –If write/transfer is from same checkpoint, no logging needed Large benefit due to locality of references

15 SafetyNet – Daniel Sorin slide 15 Key #3 Checkpoint Validation in Background Only validate when all agree checkpoint is fault-free –Example: no outstanding coherence requests in checkpoint Nodes perform fault detection, then coordinate Can be in background and pipelined –Reason why we have checkpoints awaiting validation Can hide long fault detection latencies –Number of outstanding checkpoints x checkpoint length –Design tolerance to be longer than longest detection latency Don’t slow down execution to validate checkpoints

16 SafetyNet – Daniel Sorin slide 16 Outline Availability SafetyNet: Key Features A SafetyNet Implementation Evaluation Conclusions

17 SafetyNet – Daniel Sorin slide 17 System Model Checkpoint Log Buffer (CLB) at cache and memory Just FIFO log of block writes/transfers CPU cache(s) CLB memory network interface NS half switch EW half switch reg CPs I/O bridge

18 SafetyNet – Daniel Sorin slide 18 Example of SafetyNet Operation Recovery point is checkpoint 2. Most recent checkpoint is 3. Active checkpoint is 4. Processor 1 owns block B (validated). CLB Cache P1 BM2000 P2 Interconnection network Regs: CP2 Regs: CP3 Regs: CP2 Regs: CP3 Addr State CN data Addr State data Addr State CN data CLB Cache

19 SafetyNet – Daniel Sorin slide 19 Example of SafetyNet Operation P1 stores 3000 to block B between checkpoints 3 and 4. Logs old data. P1 BM43000 P2 BM2000 Addr State CN data Addr State data Regs: CP2 Regs: CP3 Regs: CP2 Regs: CP3 CLB Cache CLB Cache Interconnection network

20 SafetyNet – Daniel Sorin slide 20 Example of SafetyNet Operation P1 loads from block B. SafetyNet uninvolved. P1 BM43000 P2 BM2000 Addr State CN data Addr State data Regs: CP2 Regs: CP3 Regs: CP2 Regs: CP3 CLB Cache CLB Cache Interconnection network

21 SafetyNet – Daniel Sorin slide 21 Example of SafetyNet Operation Coordinated creation of checkpoint 4. Active checkpoint is 5. Save register state at beginning of checkpoint 4. P1 BM43000 P2 BM2000 Regs: CP2 Regs: CP3 Regs: CP4 Regs: CP2 Regs: CP3 Regs: CP4 Addr State CN data Addr State data CLB Cache CLB Cache Interconnection network

22 SafetyNet – Daniel Sorin slide 22 Example of SafetyNet Operation P2 requests ownership of block B. P1 logs old data and sends copy to P2. P1 invalidates cache entry. P1P2 BM53000 BM2000 BM3000 Addr State CN data Addr State data Regs: CP2 Regs: CP3 Regs: CP4 Regs: CP2 Regs: CP3 Regs: CP4 CLB Cache CLB Cache Interconnection network

23 SafetyNet – Daniel Sorin slide 23 Example of SafetyNet Operation Validation of checkpoint 3. Discard checkpoint 2 registers. Recovery point is now beginning of checkpoint 3. P1P2 BM53000 BM Regs: CP3 Regs: CP4 Regs: CP3 Regs: CP4 Addr State CN data Addr State data BM2000 CLB Cache CLB Cache Interconnection network

24 SafetyNet – Daniel Sorin slide 24 Example of SafetyNet Operation Recovery (to checkpoint 3). Restore CP3 registers. Restore ownership of B to P1. Invalidate B at P2. Now restart system! P1 BM P2 2000 Regs: CP3 Addr State CN data Addr State data CLB Cache CLB Cache Interconnection network

25 SafetyNet – Daniel Sorin slide 25 System Recovery and Restart Any component can trigger recovery –E.g., processor times out on coherence request All in-progress transactions are dropped –By definition, these transactions are not validated After recovery, resume execution –May have to reconfigure (e.g., route around dead link) –Must replay work that was lost

26 SafetyNet – Daniel Sorin slide 26 I/O and the Outside World Output commit problem – Can’t send uncommitted data beyond sphere of recoverability SafetyNet includes processors, memory, coherence Doesn’t include network, disks, printer, etc. Standard solution: wait to communicate with I/O Only send validated data to outside world Input commit problem – Input can’t be recovered –Standard solution: log input

27 SafetyNet – Daniel Sorin slide 27 Outline Availability SafetyNet: Key Features A SafetyNet Implementation Evaluation –Methodology –Runtime performance Conclusions

28 SafetyNet – Daniel Sorin slide 28 Methodology: Simulation & Workloads Simulation –Simics full-system simulation of 16-proc SPARC system –Detailed timing simulation of memory system MOSI directory cache coherence protocol –Simple, in-order processor model –128KB L1I/D, 4MB L2, 512KB CLB Workloads (commercial and scientific) –Online transaction processing (OLTP): IBM’s DB2 –Static web server: Apache driven by SURGE –Dynamic web server: Slashcode –Java server: SpecJBB –Scientific: barnes-hut from SPLASH2

29 SafetyNet – Daniel Sorin slide 29 Runtime Performance Normalize results to unprotected system

30 SafetyNet – Daniel Sorin slide 30 Runtime Performance Unprotected system crashes if fault occurs

31 SafetyNet – Daniel Sorin slide 31 Runtime Performance SafetyNet has same fault-free performance as unprotected Error bars = +/- one standard deviation

32 SafetyNet – Daniel Sorin slide 32 Runtime Performance SafetyNet avoids crashes in presence of lost messages

33 SafetyNet – Daniel Sorin slide 33 Runtime Performance SafetyNet avoids crashes in presence of dead half-switch

34 SafetyNet – Daniel Sorin slide 34 High-Level Comparison to ReVive ReViveSafetyNet Backward error recovery scheme Yes Fault modelTransient & permanent Transient & some permanent Processor modification NoYes Software modificationMinorNone Fault-free performance 6-10% lossNo loss Output commit latencyAt least 100 milliseconds No more than 0.4 milliseconds

35 SafetyNet – Daniel Sorin slide 35 Conclusions SafetyNet: global, consistent checkpointing –Low cost and high performance –Efficient logical time checkpoint coordination –Optimized checkpointing of state –Pipelined, in-background checkpoint validation Improved availability –Avoid crash in case of fault –Same fault-free performance

36 SafetyNet – Daniel Sorin slide 36 Performance vs. CLB Size Caveats Scaled workloads 100,000 cycle intervals

37 SafetyNet – Daniel Sorin slide 37 Traditional Availability Forward Error Recovery (FER) –Use redundant hardware to mask faults –E.g., triple modular redundancy with voter or pair&spare –Systems: IBM mainframes, Intel 432, Stratus –Sacrifices cost to achieve availability Backward Error Recovery (BER) –If fault detected, recover system to pre-fault state –Periodically stop system and save state or log changes –Fault? Restore pre-fault checkpoint or unroll log –Systems: Sequoia, Synapse N+1, Tandem NonStop –Sacrifices performance to achieve availability

Download ppt "(C) 2002 Daniel SorinWisconsin Multifacet Project SafetyNet: Improving the Availability of Shared Memory Multiprocessors with Global Checkpoint/Recovery."

Similar presentations

Remus: High Availability via Asynchronous Virtual Machine Replication

Remus: High Availability via Asynchronous Virtual Machine Replication
Full-System Timing-First Simulation Carl J. Mauer Mark D. Hill and David A. Wood Computer Sciences Department University of Wisconsin—Madison.

Full-System Timing-First Simulation Carl J. Mauer Mark D. Hill and David A. Wood Computer Sciences Department University of Wisconsin—Madison.
Coherence Ordering for Ring-based Chip Multiprocessors Mike Marty and Mark D. Hill University of Wisconsin-Madison.

Coherence Ordering for Ring-based Chip Multiprocessors Mike Marty and Mark D. Hill University of Wisconsin-Madison.
Managing Wire Delay in Large CMP Caches Bradford M. Beckmann David A. Wood Multifacet Project University of Wisconsin-Madison MICRO 2004 12/8/04.

Managing Wire Delay in Large CMP Caches Bradford M. Beckmann David A. Wood Multifacet Project University of Wisconsin-Madison MICRO /8/04.
1 CPS216: Data-intensive Computing Systems Failure Recovery Shivnath Babu.

1 CPS216: Data-intensive Computing Systems Failure Recovery Shivnath Babu.
CS 258 Parallel Computer Architecture Lecture 15.1 DASH: Directory Architecture for Shared memory Implementation, cost, performance Daniel Lenoski, et.

CS 258 Parallel Computer Architecture Lecture 15.1 DASH: Directory Architecture for Shared memory Implementation, cost, performance Daniel Lenoski, et.
Cache Coherent Distributed Shared Memory. Motivations Small processor count –SMP machines –Single shared memory with multiple processors interconnected.

Cache Coherent Distributed Shared Memory. Motivations Small processor count –SMP machines –Single shared memory with multiple processors interconnected.
ReVive: Cost-Effective Architectural Support for Rollback Recovery in Shared-Memory Multiprocessors Milos Prvulovic, Zheng Zhang, Josep Torrellas University.

ReVive: Cost-Effective Architectural Support for Rollback Recovery in Shared-Memory Multiprocessors Milos Prvulovic, Zheng Zhang, Josep Torrellas University.
Thread-Level Transactional Memory Decoupling Interface and Implementation UW Computer Architecture Affiliates Conference Kevin Moore October 21, 2004.

Thread-Level Transactional Memory Decoupling Interface and Implementation UW Computer Architecture Affiliates Conference Kevin Moore October 21, 2004.
(C) 2003 Milo Martin Token Coherence: Decoupling Performance and Correctness Milo Martin, Mark Hill, and David Wood Wisconsin Multifacet Project

(C) 2003 Milo Martin Token Coherence: Decoupling Performance and Correctness Milo Martin, Mark Hill, and David Wood Wisconsin Multifacet Project
Variability in Architectural Simulations of Multi-threaded Workloads Alaa R. Alameldeen and David A. Wood University of Wisconsin-Madison

Variability in Architectural Simulations of Multi-threaded Workloads Alaa R. Alameldeen and David A. Wood University of Wisconsin-Madison
Making Services Fault Tolerant

Making Services Fault Tolerant
Continuously Recording Program Execution for Deterministic Replay Debugging.

Continuously Recording Program Execution for Deterministic Replay Debugging.
1 Lecture 22: Fault Tolerance Papers: Token Coherence: Decoupling Performance and Correctness, ISCA’03, Wisconsin A Low Overhead Fault Tolerant Coherence.

1 Lecture 22: Fault Tolerance Papers: Token Coherence: Decoupling Performance and Correctness, ISCA’03, Wisconsin A Low Overhead Fault Tolerant Coherence.
(C) 2002 Milo MartinHPCA, Feb. 2002 Bandwidth Adaptive Snooping Milo M.K. Martin, Daniel J. Sorin Mark D. Hill, and David A. Wood Wisconsin Multifacet.

(C) 2002 Milo MartinHPCA, Feb Bandwidth Adaptive Snooping Milo M.K. Martin, Daniel J. Sorin Mark D. Hill, and David A. Wood Wisconsin Multifacet.
CS-550 (M.Soneru): Recovery [SaS] 1 Recovery. CS-550 (M.Soneru): Recovery [SaS] 2 Recovery Computer system recovery: –Restore the system to a normal operational.

CS-550 (M.Soneru): Recovery [SaS] 1 Recovery. CS-550 (M.Soneru): Recovery [SaS] 2 Recovery Computer system recovery: –Restore the system to a normal operational.
(C) 2003 Milo Martin Using Destination-Set Prediction to Improve the Latency/Bandwidth Tradeoff in Shared-Memory Multiprocessors Milo Martin, Pacia Harper,

(C) 2003 Milo Martin Using Destination-Set Prediction to Improve the Latency/Bandwidth Tradeoff in Shared-Memory Multiprocessors Milo Martin, Pacia Harper,
Evaluating Non-deterministic Multi-threaded Commercial Workloads Computer Sciences Department University of Wisconsin—Madison

Evaluating Non-deterministic Multi-threaded Commercial Workloads Computer Sciences Department University of Wisconsin—Madison
(C) 2004 Daniel SorinDuke Architecture Using Speculation to Simplify Multiprocessor Design Daniel J. Sorin 1, Milo M. K. Martin 2, Mark D. Hill 3, David.

(C) 2004 Daniel SorinDuke Architecture Using Speculation to Simplify Multiprocessor Design Daniel J. Sorin 1, Milo M. K. Martin 2, Mark D. Hill 3, David.
Checkpoint Based Recovery from Power Failures Christopher Sutardja Emil Stefanov.

Checkpoint Based Recovery from Power Failures Christopher Sutardja Emil Stefanov.

Similar presentations

Ads by Google