DOCSLIB.ORG

Pure User Mode Deterministic Replay on Windows

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Pure User Mode Deterministic Replay on Windows Pure User Mode Deterministic Replay on Windows Atle Nærum Eriksen Thesis submitted for the degree of Master in Informatics: programming and networks 60 credits Department of Informatics Faculty of mathematics and natural sciences UNIVERSITY OF OSLO Autumn 2017 Pure User Mode Deterministic Replay on Windows Atle Nærum Eriksen August 1, 2017 Abstract The ability to record and replay program executions has many interesting applications such as debugging in the backwards direction, discovering and fixing the source of non-deterministic bugs and data races and retracing the steps of a system intrusion. Unfortunately, the power of deterministic replay tools is underutilized by the general public as the tools are either too difficult to deploy or unable to fulfill the performance and log size requirements of the user. As it happens, the majority of the research has been aimed at implementing such tools for Linux, and other platforms, including Windows, have mostly been neglected. In this thesis we look at whether it is possible to implement a determin- istic replay tool for the Windows platform that is easily deployable (user mode only without operating system support { this entails no OS modifi- cations or drivers), can record all system calls and their side-effects (even if unknown), works on large programs (1 GB+ RAM), and has a high recording performance (≈2x slowdown). We found that the challenges deterministic replay tools are facing in user mode are exacerbated on Windows due to a lack of documentation and a more restrictive API. Despite this we came up with a design proposal that solves all the problems necessary to implement a deterministic replay tool that satisfies all our requirements for the Windows platform. We present novel techniques to record thread scheduling and non-deterministic instructions. We also describe in detail how to recreate the address space of a recorded program in which code can be executed and access resources directly without instrumentation or modifications just like in the original program. An alternative novel approach to this technique is also suggested. None of the methods rely on operating system support. Although the design proposal remains theoretical we have implemented two partial prototypes that were used to experiment on a small dummy pro- gram. Our findings show that it is reasonable to expect a recording slowdown on real programs in the range of 1-5x that will stay consistent even on pro- grams with high memory usage. Regardless, the results are not conclusive and should be taken with a grain of salt. Acknowledgements I would like to express my sincere gratitude to my advisors Trond Arne Sørby and P˚alHalvorsen for giving me the opportunity to work on this amazing project. Considering the circumstances this was not a given, and I wanted to let you know that I am eternally grateful, in particular for giving me the freedom to run my own show. I experienced significant growth as a programmer and I consider the project to be one of the most difficult I have ever taken on { and it was totally worth it! I appreciated all of your input even though I did not have the time to act upon all of it. This thesis helped me grow as a person in unexpected ways and I thank you for this life-changing opportunity. I also want to thank Duncan Ogilvie, known in the community as mrex- odia, for starting and maintaining the x64dbg project, the debugger I have been using while implementing this project. Let me just say this is a seri- ously good debugger. I have spent, or should I say "time wasted debugging", literally weeks of my life staring at assembly code in the time I have been working on this thesis, and the other debuggers I would normally use just kept crashing over and over due to the abnormal behavior of my program (think malware), but x64dbg failed me only a few times in the timespan of a whole year. I can guarantee you this thesis would not exist without this debugger. A shout-out to all the developers on this project! I dedicate this thesis to Lisa, Erika and Miku. Thank you for your never- ending love and support. i Contents 1 Introduction 1 1.1 Background and Motivation . 1 1.2 Problem Statement . 2 1.3 Limitations and Scope . 5 1.4 Research Method . 6 1.5 Main Contributions . 6 1.6 Outline . 8 2 Technical Background 10 2.1 Windows Operating System Background . 10 2.1.1 Processes and Threads . 10 2.1.2 Handles . 15 2.1.3 Virtual Memory . 16 2.1.4 Libraries . 20 2.1.5 WOW64 . 23 2.1.6 Asynchronous Procedure Calls . 25 2.1.7 User Mode Callbacks . 28 2.1.8 Exception Handling . 29 2.1.9 System Calls . 32 2.2 Program Analysis Background . 34 2.2.1 Hooking . 34 2.2.2 Dynamic Binary Instrumentation . 36 2.2.3 Software Emulation . 37 2.2.4 DLL Injection . 39 3 Overview of Deterministic Replay 41 3.1 Program Tracing . 42 3.2 Deterministic Replay . 42 ii 3.3 Sources of Non-Determinism . 43 3.4 Taxonomy of Deterministic Replay . 46 3.4.1 Technical Difficulties of Deterministic Replay . 46 3.4.2 Single-Threaded vs Multi-Threaded Schemes . 49 3.4.3 Single-Processor vs Multi-Processor Schemes . 50 3.4.4 Recording Granularity . 51 3.4.5 Abstraction Levels . 52 3.4.6 Fidelity . 55 3.4.7 Apples and Oranges . 56 3.5 Applications of Deterministic Replay . 57 3.5.1 Online Program Analysis . 57 3.5.2 Fault Tolerance . 58 3.5.3 Intrusion Analysis . 58 3.6 Debugging Using Deterministic Replay . 60 3.6.1 Cyclic Debugging . 60 3.6.2 Time-Travel Debugging . 61 3.6.3 Automated Analysis . 63 3.6.4 Characteristics of a Deterministic Replay Debugger . 64 4 Deterministic Replay in User Mode 66 4.1 Operating System Modifications . 67 4.1.1 Upsides . 67 4.1.2 Downsides . 68 4.1.3 Conclusion . 69 4.2 User Mode Virtual Machines . 70 4.2.1 Recording in User Mode Virtual Machines . 71 4.2.2 Conclusion . 72 4.3 Instrumentation . 72 4.3.1 Instrumentation in User Mode Virtual Machines . 72 4.3.2 Instrumentation in Native Programs . 73 4.4 Challenges of Deterministic Replay in User Mode . 76 4.4.1 Transparency . 76 4.4.2 Recording Non-Deterministic Instructions . 78 4.4.3 Recording Thread Scheduling . 80 4.4.4 Replaying Thread Scheduling . 81 4.4.5 Recording System Calls . 86 iii 5 Dragoon: A Deterministic Replay Tool Design Proposal for Windows 89 5.1 Design Requirements and Limitations . 92 5.1.1 Availability . 92 5.1.2 Flexibility . 93 5.1.3 Performance . 95 5.1.4 Self-Modifying Code . 96 5.1.5 Limitations . 96 5.2 Design Overview . 97 5.2.1 User Space as a Self-Contained Black Box . 97 5.2.2 Unrecorded Zones . 99 5.2.3 System Components . 100 5.2.4 Logging . 102 5.2.5 Transparency . 104 5.3 Recording Component . 105 5.3.1 Recording System Calls . 105 5.3.2 Recording Callbacks . 110 5.3.3 Recording Thread Scheduling . 111 5.3.4 Recording Non-Deterministic Instructions . 114 5.3.5 Recording SharedUserData . 114 5.3.6 Recording Self-Modifying Code . 115 5.3.7 Recording GUI, User Input, Graphics and Audio . 115 5.4 Replay Component . 117 5.4.1 Replay Component Implementations . 117 5.4.2 Replaying Events . 122 5.4.3 Replaying Allocations . 126 5.4.4 Replaying Self-Modifying Code . 129 5.4.5 Post-Processing . 129 6 Evaluation 131 6.1 Dummy Program . 132 6.2 Memory Usage . 133 6.2.1 Conclusion . 133 6.3 Log Size . 134 6.3.1 Conclusion . 135 6.4 Performance . 135 6.4.1 Allocations . 136 6.4.2 Checksumming . 137 iv 6.4.3 Manually Handling System Calls . 139 6.4.4 Conclusion . 141 7 Conclusion 143 7.1 Summary . 143 7.2 Main Contributions . 145 7.3 Future Work . 147 Appendices 149 A Source Code 150 v List of Tables 6.1 Recording slowdown factor for varying system call spread in- tervals. 141 vi Chapter 1 Introduction 1.1 Background and Motivation Computer programs are deterministic; if given the same inputs on every ex- ecution, they will always produce the same outputs. This statement remains true even if we consider sources of randomness such as rand() and rdtsc, be- cause the condition states: given the same inputs { ergo if rand() returns 42 twice the program will output the exact same result both times. The skeleton of the program remains static after compile-time and it is only the inputs that can change, and sources of randomness are considered as inputs to the program for the reason that they could not be predicted and optimized at compile-time. The property of determinism helps us in formally evaluating a program, because the sequence of steps taken inside the program and the resulting outcome may be predicted based on the given inputs. Unfortunately, this is not the case in practice. Any program of reasonable size will contain sources of non-determinism such as user input, network- and disk I/O, OS scheduling, and current-time-retrieval. Any kind of program input that can not be predicted beforehand can be classified as non-deterministic. Even in the case where no such inputs have been added by the programmer it may have been added by the compiler. If the program's execution path can not be predicted, it can be very difficult to formally assess the correctness, robustness, safety, and resource usage of the program as required by its specification.
Load more

Recommended publications
  • Microsoft Update Blue Screen Error Fixing BSOD
    kyoceradocumentsolutions.us Microsoft Update Blue Screen Error Fixing BSOD March 2021 Microsoft Update Blue Screen Error What is causing the Blue Screen error when I print using the KX Driver? Kyocera as well as many other companies began getting reports of Blue Screen of Death (BSOD) incidents when printing. Microsoft released 2 updates this week, KB5000802 and KB5000808. The updates caused the crash. What has Microsoft done since this was reported? Microsoft has removed both updates from the automatic pushed update list. If your PC has not yet downloaded the update it will not install them. If you manually update your system from within Windows Update the 2 problem updates are still there and can be manually selected and installed. Do not do that until a complete fix is released if your PC is used for printing. Microsoft has left them up for manual install for users that have systems not used for printing. How do we fix a PC that has already been updated? The best solution is to uninstall the 2 Updates. Follow the directions below and remember to reboot when done. 1. Open a Command Prompt with Administrator rights. Click on the Start button and type cmd. The following will be displayed. 2 Microsoft Update Blue Screen Error 2. Click Run as Administrator on the right to open the Command Prompt Window. Accept the prompt to open with elevated rights and make changes to the computer. 3. In the Command Prompt enter the following command and press enter. – wusa /uninstall /kb:5000802 4. The Stand alone install will launch and remove the Update.
    [Show full text]
  • How to Fix a Frozen Windows PC
    How to Fix a Frozen Windows PC Mashka/Shutterstock.com Windows PCs freeze for a variety of reasons. One instance might be a fluke, but repeated freezes suggest a problem you’ll want to fix. Here’s how to unfreeze and recover a stuck PC—and stop it from freezing again. How to Speed Up a Slow PC Volume 0% How to Unfreeze a Frozen Windows PC There are several ways you can recover your frozen PC, depending on what caused the problem. Sometimes, all you have to do is wait a few seconds—the PC might get hung up while doing some work and unfreeze itself a few seconds later. If a full-screen application, like a game, freezes and prevents you from leaving it, press Alt+F4. This closes the application if the game is just experiencing graphical problems, but it won’t work if the application has frozen completely. To see if the computer is still responding, press Ctrl+Alt+Delete. From this screen, you can open the Task Manager (and close any running applications), or log out of or restart your PC. If this screen doesn’t appear, you might not be able to recover your PC without rebooting it. If you can open the Task Manager, you might be able to recover from the freeze. (You can also press Ctrl+Shift+Esc to open the Task Manager.) Select the “Processes” tab—if you don’t see it, click “More Details.” Locate any processes using a lot of CPU—you can click the “CPU” column header to sort by CPU usage and see the most demanding processes at the top of the list.
    [Show full text]
  • Acronis True Image for Western Digital
    Acronis True Image for Western Digital USER GUIDE Table of contents 1 Introduction ....................................................................................................................5 1.1 What is Acronis True Image for Western Digital? ..................................................................... 5 1.2 Backups created in Acronis True Image ..................................................................................... 5 1.3 System requirements and supported media ............................................................................. 6 1.3.1 Minimum system requirements .................................................................................................................... 6 1.3.2 Supported operating systems ........................................................................................................................ 7 1.3.3 Backing up all data on your PC ....................................................................................................................... 7 1.3.4 Supported file systems .................................................................................................................................... 8 1.3.5 Supported storage media ............................................................................................................................... 8 1.4 Installing Acronis True Image for Western Digital ..................................................................... 9 1.5 Activating Acronis True Image for Western Digital .................................................................10
    [Show full text]
  • Errors and Error Checking in Windows
    Errors and error checking in Windows Higham and Rushden U3A Let’s first of all look at probably the most serious but least common: Total Windows failure Earlier versions of Windows used to crash much more frequently than they do today, usually accompanied by the very unfriendly Blue Screen of Death (BSOD) shown on the left below, and/or one of the other error messages shown. Windows 10 has moved on from there. Apart from anything else the screen is a much friendlier blue and it has a nice emoticon as well! Joking aside, the blue screen in Windows 10 is normally followed by the PC restarting and quite regularly the machine will boot up normally as Windows has adjusted some settings in the background. It probably doesn’t do any harm to make a note of the error details at the bottom of the screen in case the restart fails to solve the problem, but any solutions you find online are likely to be complicated and technical, and may well contradict other suggested fixes. Be warned! Also be aware that the restart process may take a while. Other errors and warnings are often generated by User Account Control, which is Windows’ way of trying to keep you safe, so turn it off at your peril. When a background program tries to do something, Windows will often ask you if you want it to do that. This program was downloaded, so unless you are absolutely certain that you downloaded it deliberately, and have just clicked on it to start it or make changes, it is probably safer to say “no”.
    [Show full text]
  • Critical Vulnerabilities Bulletin
    January 18th, 2021 Critical Vulnerabilities Bulletin Confidential | Cyberint Copyright © All Rights Reserved 2020 CRITICAL VULNERABILITIES BULLETIN | INDUSTRY SECURITY BULLETIN JANUARY 14, 2021 EXECUTIVE SUMMARY Due to an unusual increase in Critical vulnerabilities found on Windows operating systems, Cyberint's Research Team has decided to release this bulletin to alert our customers of the potential impact. This bulletin will be expanded at the end of the month, as part of the Monthly Vulnerability bulletin we plan on releasing. The reason for this bulletin lies at 2 newly discovered vulnerabilities: 1. <No CVE assigned yet> - Corrupt NTFS OS partition without user interaction. 2. <No CVE assigned yet> - Trigger a BSOD by trying to access a system path. 3. CVE-2020-1398 - Potential bypass of Bitlocker protected systems, including Lock Screen bypass. We suspect that threat actors and updated malware may attempt to exploit these vulnerabilities to further impact potential victims. Confidential | Cyberint Copyright © All Rights Reserved 2020 2 CRITICAL VULNERABILITIES BULLETIN | INDUSTRY SECURITY BULLETIN JANUARY 14, 2021 NTFS CORRUPTION VULNERABILITY Published by a known vulnerability researcher, jonasLyk, it is possible to cause disk partition corruption by executing a cd command as a low privilege user, to a unique path, which causes the Windows Operating System to alert the user to a corrupted partition and force a restart. Whilst technical details are scarce, and the exact reason for the issue being unknown at this time, affected Windows builds using the NTFS file system include those from 1803 all the way to 20H2. According to SANS, the $bitmap is an attribute reserved for files marked as deleted, while $i30 is marked as an NTFS index attribute.
    [Show full text]
  • MTA Windows Operating System Fundamentals Course
    MTA Windows Operating System Fundamentals Course Session 1 Section A: Introduction Windows Operating System Microsoft Certification Paths Knowledge Domains Exam Prerequisites Taking the Exam Exam Preparation Tips Section B: Windows OS DOS, the Precursor DOS Screens Windows 3.1 Windows 95 Windows NT Windows 7 Windows Evolution Basic OS Architecture Rings in Windows Section C: Windows Interfaces Identifying Windows Interfaces Desktop/Taskbar GUI Overview Command Prompt PowerShell Section D: Planning Installations Exploring OS Editions Edition Upgrades OS Requirements Determining Requirements PC Upgrade Advisor Upgrade Paths Section E: Advanced Installation Topics Application Compatibility Topics Planning for Upgrades Installation Types Product Identification Keys Virtualization Virtualization Types Section F: Desktop Features Configuring Start Menu Customizing Start Menu Adding Administrative Tools Configuring Taskbar Notification Area Section G: Configuring the Interface User Profiles Gadgets Changing Display Settings Aero Session 2 Section A: Using Native Applications Notepad WordPad Calculator Internet Explorer Gallery Snipping Media Center and Player Section B: Configuration Settings Msconfig General Settings Boot Config Services Tab Blue Screen of Death Tools Tab System Information App Section C: The Control Panel Applets Control Panel Categories Control Panel Views Super Control Panel Section D: Control Panel Applets Control Applets Ease of Access Center Default Programs
    [Show full text]
  • Steps for Solving the Reboot Loop Problem
    Steps for solving the reboot loop problem 9 SearchEnterpriseDesktop g Steps for solving the reboot loop problem z by Serdar Yegulalp f c s o n Stuck in an infinite reboot loop? See how to get out of the vicious cycle -- and find out why the problem occurred in the first place. THIS ARTICLE COVERS LOOKING FOR SOMETHING ELSE? Microsoft Windows XP VDI, custom services mitigate Windows XP end of support Pro 0 Admins planning for extended XP support must reduce security exposure + Show More Process Monitor eases Windows troubleshooting of performance problems I have a Windows-based computer stuck in an infinite reboot loop. Why does this happen, 1 and how do I keep it from continuing? 2 The reboot loop problem is often the result of a device driver, a bad system component or hardware f that causes a Windows system to spontaneously reboot in the middle of the boot process. The end result is a machine that can never boot completely. There are several steps that can be taken to solve the reboot loop problem. http://searchenterprisedesktop.techtarget.com/Steps-for-solving-the-reboot-loop-problem[05/05/2015 18:06:04] Steps for solving the reboot loop problem 1. Attempt to boot in Safe Mode. If you can boot the system properly in Safe Mode (press F8 at startup), there's a good chance whatever is wrong revolves around a device driver. Safe Mode loads its own set of fail-safe drivers, which are minimally functional, but more importantly, stable. 2. Disable the auto-reboot function.
    [Show full text]
  • Technology Troubleshooting Tips
    TECHNOLOGY TROUBLESHOOTING TIPS 1. DON'T PANIC. Relax. Take a breath. Many computer problems appear more serious than they really are. It may look like the computer has crashed and all your data is lost forever. But there are a host of problems that keep you from reaching your data or the network that can be fixed, sometimes in a matter of minutes. If it’s your computer at the school, all the documents on the “H” drive (your “My Documents folder) are saved on the server and not on the individual computers in the classroom and labs so they’re most likely still there. Even if they’ve been saved on the “C” drive of your home computer, they may still be there waiting for you. That's not to say catastrophic data loss doesn’t happen – it can, but not very often. 2. MAKE SURE THERE REALLY IS A PROBLEM. Can't start your computer? Check the basics. A. Examine the cables, connectors, and power cords to make sure they're plugged in securely. Often times a loose cable or connector (power, network, keyboard, mouse, speaker, monitor cable, etc.) is the cause of the problem. B. If you're using a power strip or a surge protector, make sure it's on and that it works. Remember that a surge protector may not be working because it is designed to self-destruct. When an electric jolt is too much, your surge protector takes the hit saving your more expensive hardware from the voltage. C. Try plugging something else directly into the electrical outlet to make sure there isn't a power problem.
    [Show full text]
  • Troubleshooting and Recovering from Problems
    Microsoft Windows 7 Unleashed, Paul McFedries, Sams Publishing, 0672330695, July, 201 CHAPTER 21 IN THIS CHAPTER . Troubleshooting Strategies: Troubleshooting and Determining the Source of a Problem Recovering from . General Troubleshooting Tips Problems . More Troubleshooting Tools . Troubleshooting Using Online Resources If it was so, it might be; and if it were so, it would be; but as it isn’t, it ain’t. That’s logic. Recovering from a Problem —Lewis Carroll A long time ago, somebody proved mathematically that it was impossible to make any reasonably complex software program problem-free. As the number of variables increase, as the interactions of subroutines and objects become more complex, and as the underlying logic of a program grows beyond the ability of a single person to grasp all at once, errors inevitably creep into the code. Given Windows 7’s status as possibly the most complex software ever created, the bad news is that there are certainly problems lurking in the weeds. However, the good news is that the overwhelm- ing majority of these problems are extremely obscure and appear only under the rarest circumstances. This doesn’t mean that you’re guaranteed a glitch-free computing experience—far from it. Third-party programs and devices cause the majority of computer woes, either because they have inherent problems themselves or because they don’t get along well with Windows 7. Using software, devices, and device drivers designed for Windows 7 can help tremendously, as can the maintenance program I outlined in Chapter 7, “Maintaining Your Windows 7 System.” But computer problems, like the proverbial death and taxes, are certainties in life, so you need to know how to troubleshoot and resolve the problems that will inevitably come your way.
    [Show full text]
  • How to Fix Blue Screen of Death (BSOD) on Windows 10?
    How to fix blue screen of death (BSOD) on windows 10? BSOD can cause due to various issues from hardware complaints to software issues. This issue mostly occurs due to random reasons. One of the main solutions is to undo your latest action on your PC. This includes removing software recently installed or updating Windows. If you cannot access the system, then Go to the power button and press shift key. While pressing on the shift key, click the reset start (on the Power button visible on the window). Then choose the troubleshooting option on the screen. Select Troubleshooting Go to Advanced options Choose Start-up Settings Click the restart button on the right corner After your computer reboots, on the start-up settings menu, push the F5 key on your keyboard to Enable Safe Mode with Networking. In this safe mode, you can follow the below steps to resolve the issue. Safe mode starts Windows in a basic state, using a limited set of files and drivers. If a problem doesn't happen in safe mode, this means that default settings and basic device drivers aren't causing the issue. Observing Windows in safe mode enables you to narrow down the source of a problem and can help you troubleshoot problems on your PC. If you can access your PC following the steps below could help you to fix it: Go to Control Panel select Hardware and Sound select Power Options Select Choose what the Power Buttons Do Click Change settings that are currently unavailable à then under Shutdown Settings à toggle Turn on fast startup (recommended) (i.e.
    [Show full text]
  • Windows Internals, Sixth Edition, Part 2
    spine = 1.2” Part 2 About the Authors Mark Russinovich is a Technical Fellow in ® the Windows Azure™ group at Microsoft. Windows Internals He is coauthor of Windows Sysinternals SIXTH EDITION Administrator’s Reference, co-creator of the Sysinternals tools available from Microsoft Windows ® The definitive guide—fully updated for Windows 7 TechNet, and coauthor of the Windows Internals and Windows Server 2008 R2 book series. Delve inside Windows architecture and internals—and see how core David A. Solomon is coauthor of the Windows Internals book series and has taught components work behind the scenes. Led by a team of internationally his Windows internals class to thousands of renowned internals experts, this classic guide has been fully updated Windows developers and IT professionals worldwide, SIXTH for Windows 7 and Windows Server® 2008 R2—and now presents its including Microsoft staff. He is a regular speaker 6EDITION coverage in two volumes. at Microsoft conferences, including TechNet As always, you get critical, insider perspectives on how Windows and PDC. operates. And through hands-on experiments, you’ll experience its Alex Ionescu is a chief software architect and internal behavior firsthand—knowledge you can apply to improve consultant expert in low-level system software, application design, debugging, system performance, and support. kernel development, security training, and Internals reverse engineering. He teaches Windows internals courses with David Solomon, and is ® In Part 2, you will: active in the security research community.
    [Show full text]
  • Robustness Testing of the Microsoft Win32 API
    Robustness Testing of the Microsoft Win32 API Charles P. Shelton Philip Koopman Kobey DeVale ECE Department & ICES ECE Department ECE Department Carnegie Mellon University Carnegie Mellon University Carnegie Mellon University Pittsburgh, PA, USA Pittsburgh, PA, USA Pittsburgh, PA, USA [email protected] [email protected] [email protected] Abstract Unfortunately, Windows operating systems have ac- quired a general reputation of being less dependable than Although Microsoft Windows is being deployed in Unix-based operating systems. In particular, the infamous mission-critical applications, little quantitative data has "Blue Screen Of Death" that is displayed as a result of Win- been published about its robustness. We present the results dows system crashes is perceived by many as being far of executing over two million Ballista-generated exception handling tests across 237 functions and system calls more prevalent than the equivalent kernel panics of Unix involving six Windows variants, as well as similar tests operating systems. Additionally, it is a common (although conducted on the Linux operating system. Windows 95, meagerly documented) experience that Windows systems Windows 98, and Windows CE were found to be vulnerable need to be rebooted more often than Unix systems. How- to complete system crashes caused by very simple C ever, there is little if any quantitative data published on the programs for several different functions. No system dependability of Windows, and no objective way to predict crashes were observed on Windows NT, Windows 2000, whether the impending move to Windows 2000 will actu- and Linux. Linux was significantly more graceful at ally improve dependability over either Windows 98 or Win- handling exceptions from system calls in a dows NT.
    [Show full text]