Implementing Remote Procedure Call Landon Cox February 12, 2016 Modularity so far • Procedures as modules • What is private and what is shared between procedures? • Local variables are private • Stack, heap, global variables are shared Module 1 Module 2 Code Code Private state Shared state Private state Modularity so far • Procedures as modules • How is control transferred between procedures? • Caller adds arguments and RA to stack, jumps into callee code • Callee sets up local variables, runs code, jumps to RA Module 1 Module 2 Code Code Private state Shared state Private state Modularity so far • Procedures as modules • Is modularity between procedures enforced? • No, either module can corrupt the other • No guarantee that callee will return to caller either Module 1 Module 2 Code Code Private state Shared state Private state Modularity so far • MULTICS processes as modules • What is private, shared btw MULTICS processes? • Address spaces are private • Segments can be shared Module 1 Module 2 Code Code Private state Shared state Private state Modularity so far • MULTICS processes as modules • How is control transferred between MULTICS processes? • Use synchronization primitives from supervisor • Lock/unlock, wait/notify Module 1 Module 2 Code Code Private state Shared state Private state Modularity so far • MULTICS processes as modules • Is modularity btw MULTICS processes enforced? • Yes, modules cannot corrupt private state of the other • Isolate shared state inside common segments Module 1 Module 2 Code Code Private state Shared state Private state Modularity so far • UNIX processes as modules • What is private and what is shared btw UNIX processes? • Address spaces are private • File system and pipes are shared Module 1 Module 2 Code Code Private state Shared state Private state Modularity so far • UNIX processes as modules • How is control transferred between UNIX processes? • Use synchronization primitives from supervisor • Block by reading from pipe, notify by writing to pipe Module 1 Module 2 Code Code Private state Shared state Private state Modularity so far • UNIX processes as modules • Is modularity between UNIX processes enforced? • Yes, modules cannot corrupt private state of the other • Protect shared state using pipe buffer and FS access control Module 1 Module 2 Code Code Private state Shared state Private state Network programming • Now say two modules are on different machines • What is the standard abstraction for communication? • Sockets • Each end of socket is bound to an <address, port > pair Module 1 Module 2 Code Code Private state Shared state Private state Network programming • Now say two modules are on different machines • Which approach to comm. are sockets most like? • Most like pipes • Use read/write primitives for synchronized access to buffer • What are the downsides of socket programming? • • • • Adds complexity to a program Blocking conditions depend on data received Data structures copied into and out of messages or streams All of this work can be tedious and error-prone • Idea: programmers are used to local procedures • Try to make network programming as easy as procedure calls Remote procedure call (RPC) • RPC makes request/response look local • Provides the illusion of a function call • RPC isn’t a really a function call • In a normal call, the PC jumps to the function • Function then jumps back to caller • This is similar to request/response though • Stream of control goes from client to server • And then returns back to the client The RPC illusion • How to make send/recv look like a function call? • Client wants • Send to server to look like calling a function • Reply from server to look like function returning • Server wants • Receive from client to look like a function being called • Wants to send response like returning from function Implementing RPC • Primary challenges • How to name, locate the remote code to invoke? • How to handle arguments containing pointers? • How to handle failures? RPC architecture Import Client Server Client code Server code Interface Export Interface Client stub RPC runtime Export Server stub Network Who imports and who exports the interface? RPC runtime Import RPC architecture Import Client Server Client code Server code Interface Export Interface Client stub RPC runtime Export Server stub Network Who defines the interface? The programmer RPC runtime Import RPC architecture Import Client Server Client code Server code Interface Export Interface Client stub RPC runtime Export Server stub Network RPC runtime Who writes the client and server code? The programmer Import RPC architecture Import Client Server Client code Server code Interface Export Interface Client stub RPC runtime Export Server stub Network Import RPC runtime Who writes the stub code? An automated stub generator (rmic in Java) RPC architecture Import Client Server Client code Server code Interface Export Interface Client stub RPC runtime Export Server stub Network Import RPC runtime Why can stub code be generated automatically? Interface precisely defines behavior What data comes in, what is returned RPC architecture Import Client Server Client code Server code Interface Export Interface Client stub RPC runtime Export Server stub Network Import RPC runtime Where else have we seen automated control transfer? Compilers + procedure calls RPC stub functions call return return call Client stub Serve r stub send recv send recv RPC stub functions • Client stub 1) Builds request message with server function name and parameters 2) Sends request message to server stub • Transfer control to server stub: clients-side code is paused 8) Receives response message from server stub 9) Returns response value to client • Server stub 3) Receives request message 4) Calls the right server function with the specified parameters 5) Waits for the server function to return 6) Builds a response message with the return value 7) Sends response message to client stub Binding • What is binding? • Establishing map from symbolic name object • In an RPC system what needs to be bound? • Client code uses interface as a symbolic name • RPC system must bind those names to real code instances • In Cedar what managed this mapping? • The Grapevine distributed database • Types are listed as symbolic names • Instances are listed as machine addresses Binding • Is anyone allowed to export any interface? • No, this is regulated through Grapevine access controls • Users allowed to export an interface are explicit in group • Only group owner can allow someone to export • Is anyone allowed to import an interface? • Yes, authentication of clients at higher level • What other distributed database is Grapevine like? • Domain name service (DNS) • Contains mapping from symbolic names to IP addrs Grapevine Group map: interfaces user ids Individual map: user id network address Binding • Is anyone allowed to export any interface? • No, this is regulated through Grapevine access controls • Users allowed to export an interface are explicit in group • Only group owner can allow someone to export • Is anyone allowed to import an interface? • Yes, authentication of clients at higher level • Are permissions same or different than DNS? • Basically the same • DNS updates are controlled • DNS retrievals are not Grapevine Group map: interfaces user ids Individual map: user id network address Shared state • What is the shared state of the RPC abstraction? • Arguments passed through function call • What is the actual shared state in RPC? • The underlying messages between client and server Client Server Code Code Private state Shared state Private state Shared state • Why is translating arguments into messages tricky? • Data structures have pointers • Client and server run in different address spaces • Need to ensure that pointer on client = pointer on server Client Server Code Code Private state Shared state Private state Shared state • How do we ensure that a data structure is safely transferred? • • • • Must know the semantics of data structure (typed object references) Must then replace pointers on client with valid pointers on server Requires explicit help of programmer to get right Cannot just pass arbitrary C-style structs and hope to work correctly Client Server Code Code Private state Shared state Private state Shared state • What about after server code completes? • Must synchronize updates to arguments • Changes by server must be reflected in client before returning Client Server Code Code Private state Shared state Private state Shared state • What about multi-threaded client code? • • • • Must be handled carefully in RPC systems Client and server cannot synchronize at fine-grain Client threads must not update state accessible to remote server code Have to either partition data or properly lock around RPC call Client Server Code Code Private state Shared state Private state Faults • With procedures, what happens if a module faults? • No isolation, program crashes • Result of sharing the same address space • With pipes, what happens if a module faults? • Faulting module (process) crashes • OS makes pipe unreadable and unwritable • Cannot just return an error code through client stub • Bad idea to overload errors • Want to distinguish network failures from incorrectness Faults • How are RPC faults handled in practice? • • Usually through a software exception Often supported by language • So how “pure” is the RPC abstraction? • Not totally pure • Programmer still knows which calls are local vs remote • Have to write code for handling failures • So is RPC a good abstraction? • In some cases yes, hides a lot of the complexity • However, it often comes at a steep performance penalty • What part of RPC is slowest? • Argument packing and unpacking • Java class introspection for shipping data structures is particularly painful Structuring a concurrent system • Talked about two ways to build a system Alternative structure • Can also give cooperating threads own address spaces • Each thread is basically a separate process • Use messages instead of shared data to communicate • Why would you want to do this? • Protection • Each module runs in its own address space • Reasoning behind micro-kernels • Each service runs as a separate process • Mach from CMU (influenced parts Mac OS X) • Vista/Win7’s handling of device drivers Course administration • Project 2 • Write a shell • Was released yesterday • Due in two weeks • Questions?