Reducing Minor Page Fault Overheads through Enhanced Page Walker

User programs request memory using malloc system call or mmap. However, both of these calls do not allocate any memory for applications when called. Instead, they only create and validate a region of virtual address space for the calling process and return the start address of this region. Later, when applications access some address within this newly created region (if no page has been allocated for this address yet), an exception (page fault) would be triggered by hardware. The execution context is changed from userspace to the kernel, and the page fault handler of the kernel starts running on behalf of the faulting application. The handler allocates a page for the faulting address, updates the page-table entries, and updates the kernel book-keeping data structures. This kind of fault is called a minor page fault.

After the page fault exception handler completes its job, the faulting load/store instruction is re-executed. This mode changing (from user mode to kernel mode and then back to user mode) requires some “state,” such as local variables, hardware registers, program counter, etc.) of the user program to be stored (or pushed) on the stack. The last few operations of the exception handler are to pop that state from the stack back to the original place, so that the faulting instruction can continue to execute. In addition to the overhead of pushing onto and popping from the stack, context switch results in pollution of architectural resources like caches, TLB, branch predictors, and so forth.

In systems with NVM devices, memory can be accessed by applications through the file system read/write interface. This method does not incur page faults, but it needs to rely on system calls, which can also result in context switching. A large body of recent work has observed that systems software overhead incurred by file system APIs is high relative to NVM access times and tries to reduce this overhead through various methods [12, 21, 25, 32, 36].

Hardware page walker [8] is popularly employed in modern CPUs. On a TLB miss in x86_64 architecture, the hardware page walker assumes the job of reading the faulting address from the CR3 register and “walking” the multiple levels of the page table to find the appropriate page table entry (PTE). If the page walker can reach the lowest PTE of the faulting address and finds the present bit of PTE is set, meaning that a page has been allocated for this virtual address and its physical frame number is also stored at the PTE, then the page walker would simply update the corresponding TLB entry and re-execute the faulting instruction again. Otherwise, the page walker will trigger a page fault exception and let the kernel handle the page fault.

Enhancements to page walkers have been proposed [4, 16] previously to achieve different goals. Our work here can be viewed as an enhancement to the hardware page walker to carry out the entirety of page fault handling’s critical path.

The existing page fault handler obtains a physical page from the buddy system¹; this action may result in blocking the faulting program if no page is available and the kernel must try hard to reclaim pages either from the page cache or by writing some dirty pages to swap space as a last resort. The latter action would require issuing I/O requests to the backing storage. So it’s reasonable not to attempt to offload such operations to hardware. Nevertheless, physical page allocation can be done without the knowledge of the faulting virtual address, and hence can run beforehand in the background, i.e., pre-allocation. We consider a mechanism to provide pre-allocated pages; these pages are used by hardware when page fault handing is completely done by hardware or by critical path software when MFOE is employed only as a software solution.

When a page is allocated, usually a pointer of struct page (or the virtual address in the kernel of that page) is returned by the buddy system in the kernel. This pointer (of struct page) can be translated into the physical page frame number of that page easily by page_to_pfn macro. If those frame numbers of pre-allocated pages can be saved beforehand in a certain format and the hardware can access them easily when a page fault occurs, we will be able to use a free page frame to service the fault as well as remove page allocation out of the critical path.

This design choice has the following benefits:

The first and most important operation of the existing page fault handling routine is to determine if the faulting virtual address is legal. This check operation is implausible to be implemented in hardware. Also, the faulting virtual address can only be known at the moment of page fault occurrence, and there is no way the hardware can know if the faulting address is legal in advance. So, instead of trying to validate the faulting address in hardware, we let the software tell the hardware if the faulting address is a legal address or not.

To this end, we narrow down the scope of our page fault offloading mechanism. We limit ourselves to handling page faults happening in the user space; in particular, our new page fault mechanism currently only deals with minor page faults caused by accessing the virtual address space regions created by malloc and anonymous private mmap functions within user programs. The kernel keeps track of all the valid virtual memory areas of an application. The only missing piece is a mechanism to inform the hardware of this information. The correct avenue to enable this communication would be at the hardware page walker. The HW page walker will be the first to witness the faulting address in the HW. So, if the HW page walker is aware of the validity of the faulting address, it could revert to software handling of the fault quickly. To establish this understanding, we put an MFOEable (Minor Fault Offload Enable) bit in the page table walking path to tell the hardware whether the currently accessed address is legal. The lowest Page Table Entry (PTE) seems to be a reasonable candidate for accommodating this indicator. Hence, we re-purpose a bit in un-used (invalid) PTE to be used as a valid bit.

Therefore, our proposed flow is as follows. When applications call malloc or mmap, just before the system call is about to return, a short-lived background thread is spawned by the kernel. This background thread walks the page table path for all pages within this newly created virtual address region in the background, until all the lowest PTEs belonging to this newly created area have been reached. If the paths to PTE of some addresses have not been constructed yet, the kernel background thread will construct these paths as the exception handler does. This path construction process is also moved out of the page fault critical path. Meanwhile, this kernel background thread sets an MFOEable bit as a legal address indication for PTEs of all pages of this virtual address region. If the page table walker does not find this bit in PTE, then it does not offload the minor fault handling to MFOE; it raises an exception and defaults to fault handling in the kernel.

Our central idea is to move most of the minor page fault operations out of the page fault critical path and to execute them before and after a page fault by software; only the mandatory operations are tackled by hardware during a page fault. Thus, we propose to keep MFOE as simple as possible by implementing it as an addition to the hardware page walker, the TLB sub-system.

Realizing the design considerations discussed in Sections 3.1 and 3.2, MFOE is equipped with a pre-allocation page table whose entries contain page frame numbers of pre-allocated pages and MFOEable bits set at the leaf entries of the page table across its legal address space.

These two components make the design of MFOE straightforward: When a faulting address is accessed, there will always be a TLB miss because TLB only caches legal address translations. The hardware page walker starts to walk the multi-level page table until it reaches the lowest PTE. If the page table walker finds out that the MFOEable bit is set (meaning the faulting address is legal) but the present bit is not set yet (meaning that this address does not have an allocated page), then the page table walker offloads the fault handling to MFOE. MFOE picks an entry from the pre-allocation page table, updates the PTE with the page frame number of this entry and sets some flag bits into the PTE (as the software exception handler does), creates a TLB entry, and continues to execute the faulting instruction without the need for kernel software. For all the other cases, different from the above-mentioned scenario, the typical kernel page fault exception is triggered by the hardware page table walker to handle the fault.

Besides the page allocation, the address validation, and updating PTE entries, there are still some operations left to be executed by the page fault handling routine, such as increasing the counter of the mm object (by calling inc_mm_counter function), establishing the reverse map for physical page (through the page_add_new_anon_rmap function), putting the page into the LRU list for swapping later (through the lru_cache_add_active_or_unevictable function), and accounting for cgroup-based memory usage metering (by calling the mem_cgroup_commit_charge function). These operations can be delayed and executed later in the background if the program is not terminated. Additionally, due to pre-allocation of physical pages for future faults, in the event of program termination, there is a necessity to clean up the unused physical pages. This clean-up might not be needed in a real-world implementation if MFOE was used by default for page fault handling for all the programs.

Figure 3 details the design of MFOE and its key components.

To enable optimized page fault handling through MFOE, applications should use the MFOE_enable system call at the beginning of their source code.² MFOE is automatically disabled by the MFOE_disable() function called inside __mmput() by kernel when applications are about to be terminated. We have also implemented the MFOE_disable system call, which would directly call the MFOE_disable() function; this allows applications to disable MFOE in the middle of their runtime if they decide to do so. If MFOE is disabled in the middle of the program runtime, the PTEs that have been populated with the MFOEable bit set will stay intact, but the faults on such pages will be defaulted to kernel page fault handling.

MFOE-related software can be implemented as a kernel module, and operations of MFOE_enable and MFOE_disable system calls can be executed when the MFOE module is loaded and unloaded, respectively. By doing so, all user applications will automatically enable MFOE by default. However, we use a system call to simplify our evaluation of MFOE.

Our pre-allocation table adopts a lockless ring buffer architecture [2] with one producer (the kernel background thread, which produces/pre-allocates pages) and one consumer (the MFOE hardware, which consumes pages). Each entry of the pre-allocation table has 16 bytes, and the first entry (entry number 0) stands for the table header, which contains the head index (ranging from one to the number of entries), tail index (also ranging from one to the number of entries), number of table entries, and lock bits. The size of each field in the header is 4 bytes. Except for the table header, the entry’s format is delineated in Figure 4. As shown below, the fields of each pre-allocation entry are faulting virtual address, thread group id (TGID), page frame number, used bit, and valid bit.

The producer only looks at the head index, and the consumer only checks the tail index. When the kernel (producer) pre-allocates a page for the pre-allocation table, first it looks up the corresponding entry of the head index from the table header. If this entry is not valid (the valid bit is not set), meaning that this entry does not contain a valid pre-allocated page, then the kernel allocates a page and puts its page frame number into the corresponding field of the pre-allocation entry, increments the head index by one, and checks the next entry. The kernel would continue this page pre-allocation process until it reaches an entry whose valid bit has already been set or till it traverses the entire pre-allocation table for a particular core.

Since our implementation uses a per-core pre-allocation table, the kernel, when choosing pages for pre-allocation, can follow an allocation policy. For example, if a system has multiple non-uniform memory access (NUMA) nodes, then pages can be pre-allocated from the near memory node first. After the pages from the near memory node are exhausted, we can decide either to pre-allocate pages from the far memory node or not to pre-allocate pages at all. Effectively, with this policy, MFOE will trigger a typical page fault exception after it runs out of near memory node pages. In the current implementation we enforce a static policy where we prefer local node (to the given core) physical pages for all the pre-allocations. The kernel API used for pre-allocation (buddy allocator) automatically falls back to remote node pages if the local node pages are unavailable. Hence, after we run out of local node pages, we will use remote node physical pages for pre-allocation.

Every time a user-space application calls malloc or anonymous private mmap to allocate memory, the kernel will check if the mfoe member of the memory descriptor object (mm_struct) is set as true. If that’s the case, then the kernel will flag the virtual memory area as belonging to an MFOE-enabled process. To achieve this we add a new flag VM_MFOE to struct vm_area_struct.³ This flag will be set for the virtual memory areas belonging to the process, which are created after the process has enabled MFOE through the MFOE_enable system call.

At the end of the malloc or anonymous private mmap function, we account for the kernel’s responsibility to craft the leaf entry of the page table with MFOEable bit. Since we know the start and end address of the newly created virtual memory area, we walk through the page table of the calling process until it reaches all the corresponding lowest level page table entries and set the MFOEable bit (bit-position 2) to 1. If the walking path of the multi-level page table (non-leaf entries) has not been constructed yet, the kernel will construct it the same way as the page fault handler does. This is the realization of the design motivation provided in Section 3.2.

In addition to setting the MFOEable bit, the kernel also fills the RW bit (bit position 1, if the region is writable), PFN field of PTE with the TGID of the current process. Here we are re-purposing bits of an otherwise empty/invalid PTE to convey the MFOE hardware about the legality of the address, the RW permissions, and the TGID of the process that enabled MFOE. This use of PTE is safe and justified because these bits are not used for swap computation. In an MFOE-disabled process, these bits would have been all zeros; hence, their use is safe. Figure 5 shows the status of the lowest-level page table entry after the execution of pre-page fault operations.

The page table construction doesn’t add overhead to the program performance, as it has to be done sometime through its runtime. If not done now, the table will be constructed as part of the fault handling routine. We should also highlight that this page table entry creation could be done by the kernel background thread spawned through the kthread_run() function. In this implementation we have made a choice of using a background thread to minimize blocking time in user-space. Plus, using a background thread could be advantageous for large programs with high virtual memory footprint. With the background thread it is possible that MFOE reaches a PTE of a page that is MFOEable but its MFOEable bit has not been set by the asynchronous kernel thread. In this case, the MFOE will simply treat this page as “non-MFOEable” and trigger a typical page fault.

The MFOE is only activated after a TLB miss and after the hardware page table walker reaches the last level of PTE. If the hardware page table walker recognizes that the present bit is absent in PTE, it activates the MFOE to handle the page fault.

The operation of MFOE is as follows:

Figure 6 shows the operations of MFOE during a page fault.

We used the delayed work queue of the Linux kernel to periodically execute the post–page fault processing function. After the pages of all pre-allocation tables are filled by background thread (triggered by MFOE_enable system call), the post–page fault processing function is inserted into the work queue with a programmed delay. This programmed delay dictates how frequently the post–page fault processing should be done. For our implementation we have set it to 2 milli-seconds.

The following tasks are executed in order in the post–page fault processing function, for each per-core pre-allocation table.

Figure 7 illustrates the operations of the post–page fault processing function and how it updates the entries of the pre-allocation table.

Since we are performing post–page fault processing once for a programmed delay time (2 ms), it is possible that during this interval, the program might have exhausted all the allocated pages. In this case, the MFOE would raise an interrupt to the kernel and fall back to typical page fault handling. Plus, in our current implementation, the post–page fault processing is single threaded, but implementing a multi-threaded version is plausible.

The current implementation of the post–page fault processing does leave room for optimization. For example, instead of periodically triggering the post–page fault processing function, we could dynamically awaken the function based on pre-allocation pages available for the application. Also, based on the usage, one could dynamically increase/decrease the number of the pre-allocation pages for each core. As the post–page fault processing function is working to replenish the entries of the pre-allocation table of one core, the other core might be starving for pre-allocated pages, resulting in the latter core suffering longer latency in its minor faults. This effect can potentially lead to fairness issues in a multi-core system. To mitigate this to some extent in the current implementation, we use a round-robin policy to select the cores for pre-allocation.

Since the post–page fault processing function executes synchronously once every programmed delay period, there can be a situation where an application is terminated while some of its pages (allocated through MFOE handled page faults) are yet to be processed. This scenario becomes worse if some of the pre-allocated pages are still unused and need to be reclaimed by the kernel.

To handle such scenarios, we implement an error handling function that will be called when the application is getting terminated. This function will scan pre-allocation tables of all the cores to find the used entries (with used bit set) whose TGID is the same as the terminated application. If such entries exist, then the error handling function executes the same set of functions as the post–page fault processing function. Also, since the error handling function and the post–page fault processing function might execute at the same time, we need a lock bit to avoid race conditions between them. The bit 0 of the locks field in the pre-allocation table header is employed as a test_and_set lock bit here.

Because the error handling function needs to scan all pre-allocation tables, it should only scan when necessary. Therefore, the error handling function is only called by the function zap_pte_range() function, when the page’s page_mapcount() returns zero and when the vma’s VM_MFOE flag is set. It is also worth mentioning that if the parent thread (the thread whose PID is also the TGID) of a thread group is killed before its child threads, then the parent thread must be responsible for handling the unprocessed pages of the pre-allocation tables before the kernel selects a new thread group leader.

The MFOE_disable function sets the mfoe member of the calling process’s memory descriptor (mm_struct) object to false. Like MFOE_enable, the last caller disables MFOE hardware of each core by calling the schedule_on_each_cpu() function to clear the MFOE_ENABLE bit in the CR9 register for all cores, and it also frees/releases all valid pages (whose valid bit is set) from all the pre-allocation tables.

As discussed in Section 4.1, MFOE is implemented to be automatically disabled by the MFOE_disable() function from the __mmput() kernel function, which is called when the applications are terminated. So disabling MFOE within the source code of applications is unnecessary. Nevertheless, we implemented the MFOE_disable system call to give the applications the flexibility to disable MFOE when needed. Also, we implemented a protection code to ensure that calling the MFOE_disable() function twice accidentally will not be harmful. When called twice, the second MFOE_disable system call would directly return.

The critical path of minor page fault handling can also be implemented in software. Hence, we implement the software emulation of MFOE in the form of mfoe_se() system call. mfoe_se is called with the faulting virtual address as input in the microbenchmark used in the evaluation. Although this implementation needs the programmer to have explicit knowledge of the faulting address beforehand, the functionality of this system call could be easily integrated with a typical page fault handling routine (inside do_anonymous_page()) in future implementations. The software emulation of MFOE is made possible because of the kernel’s capability to track both the page tables and pre-allocation tables.

The implementation of mfoe_se() is as follows:

At this stage, when the virtual address is accessed through load/store, it won’t generate a page fault but will result in a TLB miss. The hardware page table walker performs the walking to the get the translation we create through the mfoe_se system call and caches it in TLB.

Resource Limitation: Each process in Linux can only allocate a limited amount of resources, such as CPU time, memory, and files. Although it is rare, it is still possible that the MFOE-enabled process would allocate pages more than its limitation because MFOE hardware cannot check during a page fault. To prevent this case, the periodic post–page fault background thread needs to check the allocated pages and the quota of pages for this process. If the total allocated pages of a process are over some threshold, say 80% of main memory, this background thread will call the MFOE_disable() function for this process and trigger another background thread to clear the MFOEable bit of PTEs of all unprocessed pages of this process.

Huge Page Support: MFOE can also support huge pages easily. The current architecture can be re-purposed to use huge (2MB) pages instead of base (4KB) pages easily. If the intention was to use both 4KB and 2MB pages for handling the faults, another pre-allocation table per core is needed to contain all pre-allocated huge pages for a core. The kernel background thread in Section 4.3 will set the MFOEable bit at PMD if a huge page can be allocated for certain virtual address regions. When MFOE reaches PMD and finds the MFOEable bit is set but the present bit is not set, MFOE will obtain a huge page from the pre-allocated table.

Our approach in this article provides some advantages similar to the use of huge (2MB) pages, while managing the memory with base (4KB) pages. For example, using huge pages would reduce the number of faults that the application has to endure, but the kernel would have to deal with promoting/demoting huge pages and also perform memory compaction to make sure that it doesn’t run out of huge pages. On the other hand, with MFOE, the application would have to endure more faults, but the latency of each page fault now would be reduced and subsequently the kernel has to do less amount of compaction.

Virtual Machine Support: Prior work shows that the memory translation in the virtual machine environment becomes two-dimensional [5, 8]; i.e., each physical address in the guest will be a virtual address in the host. TLB in a virtual system caches the guest virtual address to host physical address translations. A TLB miss would trigger the 2D hardware page table walker, which walks both the guest and host page tables. MFOE in a virtual system environment will be implemented as optimizations to the 2D page table walker.

We outline one possible way of implementing MFOE in hardware-assisted virtualization. The guest OS will have its software changes in the Linux kernel, as if it’s run on a real machine. The guest OS would construct the page table walking path and set the MFOEable bit in the leaf entry of the page table, as explained in Section 4.3. Since the virtual machine is like any process for the host, the host OS (hypervisor) also constructs the page table walking path and sets the MFOEable bit for the lowest PTE. Both guest OS and hypervisor would maintain their own pre-allocation tables, with MFOE being able to access both of them.

In the event of a TLB miss, the page table walker starts to walk the 2D path till it reaches the lowest PTE in the guest page table first. If the MFOEable bit is set, MFOE will be consulted to obtain a page from the guest pre-allocation table. But the walk won’t stop here; it continues till the walker reaches the lowest page table entry of the host. Again here, if the MFOEable bit is set, MFOE is consulted now to get the physical page number from the host pre-allocation table. Finally, the MFOE updates the corresponding TLB entry and re-executes the faulting instruction. We should mention that we should avoid breaking the translation path from pages in the guest pre-allocation tables to its physical address in the hypervisor. The ballooning driver and the hypervisor swapping mechanisms [34] adopted in current hypervisors might have to be disabled for the physical pages in hosts that support pre-allocated pages in guest OSs. We leave this virtual machine support as a future work.

Multi-thread Support: With multi-threaded applications, two or more threads might access the same page and therefore encounter the page fault (of the same page) at the same time. Furthermore, we should consider a more complicated race condition case between MFOE hardware and the kernel software page fault exception handler. In Section 4.3, a kernel background thread is used to set the MFOEable bit for all PTEs. Consider the following rare case: the MFOE hardware reaches a PTE before the background thread sets its MFOEable bit. Therefore, MFOE hardware will treat this page as “non-MFOEable” and trigger a page fault exception. Before the page fault exception handler executes, our kernel background thread could be scheduled and sets the MFOEable bit of this PTE. MFOE hardware from another core could reach this PTE (since its present bit is not set but the MFOEable bit is set) and execute the MFOE page fault handling. Meanwhile, the page fault exception handler triggered from the first core executes and starts to handle the page fault for the same faulting page. This hardware and software race condition might be a serious problem, so we have to avoid it.

To solve this problem, we employ a bit lock at the lowest PTE. That is, when the MFOE hardware and kernel page fault exception handler want to service a page fault,⁴ they both need to obtain a lock at the lowest PTE first. We re-purpose the avl bit of the empty PTE as the lock bit.⁵ In software, the test_and_set operation is used by the fault handling method to atomically set the lock. If the kernel sees that the lock bit is already set, this means that MFOE from some hardware context is handling the fault. It is justifiable for the kernel to busy wait on a bit lock, as the MFOE fault handling takes a very small amount of time.

The page fault handling flow mentioned in Section 4.4 becomes as follows. Once the MFOE is able to obtain a free page from the pre-allocation table, MFOE must do a read_modify_write atomic operation on the PTE to acquire the lock. This is accomplished in hardware using locked memory read and write operations. MFOE does a locked memory read on PTE, resulting in blocking of any other core trying to read the same PTE. If MFOE sees the lock bit is 0, it does a locked write to PTE, setting the lock bit set to 1. The other core that has been blocked trying to the read the same PTE will now read the PTE with lock bit as 1. If the theread_modify_write operation is successful, MFOE proceeds to the next step of page fault handling. After the page fault has been handled, MFOE will clear the lock bit to unlock the PTE. However, if the initial locked read returns 1 on the lock bit, this means that MFOE from another core or kernel page fault exception handler is handling a page fault for the same page, and then MFOE would need to busy wait here until the lock bit is clear and the present bit is set (this means that the page fault has been serviced), and then update TLB as well as re-execute the faulting instruction.

This architecture is more scalable compared to the existing kernel exception handler approach. MFOE only busy waits at the page level, and this busy waiting happens only when multiple MFOEs or the kernel exception handler tries to access the same page simultaneously. However, the existing kernel page fault exception handler uses a global page table lock to synchronize all page faults of the threads belonging to the same process. Therefore, in a typical system, all faulting threads of the same process must busy wait no matter if their faulting pages are the same or not.

We evaluate the full hardware/software MFOE technique against traditional minor fault handling in OS software baseline. To explore the benefits of the proposed MFOE-enhanced hardware page walker, we also examine a software emulation of MFOE, without the enhanced hardware page walker, implemented as a system call. These systems are evaluated under a combination of large memory footprint applications as well as a set of microbenchmarks used to aid in the analysis of the system. For full application workloads we select applications taken from several benchmark suites like GAPBS [7], Memcached as a database layer of YCSB [14], SPLASH, and PARSEC [37]. The reason we have picked only a few applications from their respective benchmark suites is that these applications have considerable minor fault overhead for evaluating MFOE. We also wanted the evaluated benchmarks to be diverse. More information about each benchmark and their configuration can be found in Table 2. All the applications are run in multi-threaded mode (if possible), and parallel fault events are taken into consideration when calculating minor fault overhead.

Because MFOE proposes both hardware and software changes to the system, we must simulate the full proposed system to accurately model the impact of the proposed changes. The primary benefit of MFOE, however, will be seen on workloads with large memory utilization, which makes simulation challenging. Thus, to evaluate the performance of our proposed MFOE system, we take a combined approach of detailed microarchitectural simulation together with real system tracing and analytical modeling.

For detailed microarchitectural simulation, we implemented MFOE on gem5 [11] in full-system emulation mode as it allows prototyping with both hardware and software. The simulated gem5 system configuration is as shown in Table 3(a). The gem5 page walker-TLB sub-system was enhanced to implement MFOE. This system was used to perform microbenchmarking and establish the latency of typical minor page faults as well as MFOE-enhanced minor page faults. The microbenchmark analysis is presented in Section 5.2.1.

We also implemented a software-only version of MFOE in the form of a system-call (mfoe_se) whose implementation was explained in Section 4.8. We evaluated mfoe_se on a real system whose configuration is detailed in Table 3(b).

Since gem5 is too slow for memory-intensive applications to complete in a tenable amount of time, we estimate the gain for benchmarks as if they are run on the proposed hardware with a background thread refreshing the pre-allocation tables. This was done via analysis with the performance model of a system equipped with MFOE. The performance model takes the workload traces generated from real systems running these benchmarks as an input and gives the estimated performance gain and MFOE hit rate.

We incorporated the MFOE hit latency and MFOE miss penalty measurements taken from gem5 simulation in this performance model. Plus, we have measured background thread throughput and initialization throughput from the software-only implementation of MFOE. Background thread throughput is the rate at which the kernel background thread will process the MFOE consumed pages and re-allocate frames for future consumption. Initialization throughput is the rate at which the pre-allocation tables are initialized with free pages at the start of the application. Initialization throughput is expected to be larger than background thread throughput because the quantum of work for initialization (frame allocation) is smaller than the background thread (frame allocation plus kernel meta-data updates). We believe that this performance model will give us the best approximation of performance gains due to MFOE.

The working mechanism of our performance model is event based, the event being minor page fault. Each entry in trace we captured from the real system has the core number on which the fault has occurred, and the latency of the page fault. The performance model keeps track of pre-allocation tables, and their refresh timings have been known due to measurements we incorporated from microbenchmarks. So, given the occurrence of a fault on a core, we check the pre-allocation table for free physical page availability. If it’s available, we declare the fault as MFOE hit and all the future faults that occur on the faulting core will be moved back in time (page fault latency-MFOE hit time). If the fault is MFOE miss, we move all the future faults occurring on the same core into the future by MFOE miss penalty. Also, to simulate the producer-consumer nature of software and hardware, we check for faults between each scheduled pre-allocation table update.

Through the explained mechanism, the performance model generates a new trace (timeline) of minor fault events with modified latency. Comparing the fault overheads in the original trace, we can estimate the performance gain through MFOE. Overall performance model methodology is shown in Figure 8. The values of parameters chosen for modeling are shown in Table 4.

Table 5 shows the MFOE hit rate (i.e., the likelihood that a given minor page fault would be covered by MFOE) as well as the overhead of minor page faults remaining after MFOE (due to MFOE misses as well as other MFOE overheads) and the total performance gain provided by MFOE on these applications. As the table shows, MFOE provides an average gain of 6.6% across all the workloads examined.

Of particular note, memcached has a high hit rate of 97%, thus achieveing runtime improvement of 6.2%, nearly completely removing the overhead due to minor faults. gcc has a high 68% hit rate and thus achieves a nearly 25% performance gain, effectively capturing most of the ideal runtime improvement of 1.40. By contrast, splash2x-fft is only able to achieve a 42% MFOE hit rate and thus its overheads are higher and only a 3.7% gain is realized out of a possible 11%. The same is the case with XSBench which is able to get a meagre gain of 1.01 due to 22.91% MFOE hit rate.

To characterize the effect of number of pages allocated during pre-allocation and the background thread refresh interval, we calculate the performance improvement and MFOE hit rate for four benchmarks across different MFOE configurations. The results are shown in Figure 10(b) and 10(a), respectively. As expected, these results show that the MFOE hit rate, and performance gain due to MFOE, decreases as the refresh interval of background thread increases. Also, the MFOE hit rate increases with increase in per-core pre-allocation width. The benefits from bigger pre-allocation width and/or faster background refresh depend on the nature of the application. When the pre-allocation width changes from 512 to 1,024, with a background thread refresh interval of 2 milliseconds, the FaaS application had a better MFOE hit-rate increment compared to gcc, dedup, and radix applications. This implies that the FaaS application benefits from bigger pre-allocation widths, a possible indication of occurrence of burst faults. On the other hand, for 2-millisecond background refresh, splash2x-radix showed only 21% improvement in hit rate when the pre-allocation width changed from 128 to 1,024. This indicates that radix benefits pre-dominantly from a faster background refresh. Additionally, under low MFOE hit rates (for some of the refresh interval = 32-millisecond configurations), the applications show lower performance improvement but no performance loss, implying that MFOE miss penalty is not substantial compared to performance gains due to MFOE.