results.tex

As part of evaluation, we used rcu torture test. It provides support for testing all rcu implementations and gets enabled by config option CONFIG\_RCU\_TORTURE\_TEST. It creates an rcutorture kernel module that can be loaded to run torture test.  The test periodically outputs status messages via printk(), which can be examined via dmesg. The test gets started when the module is loaded, and stops when the module is unloaded. We veriﬁed our system by running it in a Guest virtual machine hosted by system equipped with an Intel(R) Core(TM) i7-860X 2.80 GHz CPUprocessor. In the course of evaluation all system was running Linux 2.6.32 kernel.

\subsection{Hypothesis}
Our evaluation strategy aims to  the following hypotheses:
\begin{itemize}
	\item Dynamic Binary Instrumentation (DBI) can be used to debug the incorrect usage of RCU primitives.
	\item The performance overhead of Granary and Watchpoint used for debugging incorrect usage of RCU primitives.
	\item The space overhead of shadow memory used for storing meta-information.
\end{itemize}

\subsection {RCU debugger}
To evaluate our system for rcu debugging, we introduced few rcu bugs violating Rule 1 and Rule 2, as discussed in section ~\ref{sec:back}. The details of the introduced bugs is provided in figure. The first bug voilate Rule 0 where the alias \emph{p} of rcu protected data \emph{q} is getting referenced outside read critical section. Our system identified it by comparing the thread \emph{Generation number} and watchpoint \emph{Generation number}. Our system found the thread \emph{Generation number} is odd and not equal to watchpoint \emph{Generation number} at the point of memory reference. The second bug we introduced voilates Rule 1, where the rcu protected data \emph{q} is directly getting accessed without using \emph{rcu\_dereference()}. Our system noticed that when the memory gets accessed, the pointer is a source and not one of  alias generated by \emph{rcu\_dereference()} by checking \emph{meta\_info$\rightarrow$source}. Our system also noticed that at this point the thread \emph{Generation number} and watchpoint \emph{Generation number} is not same. We also tested the Rule 3 violation by dereferncing rcu pointer in read critical section other than the one where it gets alias using \emph{rcu\_dereference()}. We tested this for simple case where there is no recursive use of read critical section. Out system identifies this by checking both thread \emph{Generation number} and watchpoint \emph{Generation number}. 

We currently evaluated our system by introducing simple bugs in rcutorture module and found that it catches the violation of three rules mentioned in section~\ref{sec:back}. There is need to test the system with complex rcu bugs which includes the voilation of more than one rule. We are hopeful that our system will be able to catch such bugs also.

\subsection{Performance Overhead}
To evaluate the performance overhead incurred by the Granary and watchpoint we used rcutorture module running with 100 readers thread and 8 writer thread. As experimental setup, we run our system in Guest Virtual machine (QEMU) powered with Linux 2.6.32 kernel on a Host system equipped with an Intel(R) Core(TM) i7-860, 2.80 GHz CPU.

\subsection{Space Overhead}
The size of shadow memory depends on the number of watchpoints added and currently active. Shadow memory is used to store the meta-information, the size of which is proportional to the number of threads running. This increases the space overhead and makes it \emph{M x N} for the system running \emph{N} threads and having \emph{M} active watchpoint. The point to be noted that these are the virtual memory overhead. We do not expect the space overhead to be serious concern on a 64 bit architecture.    