Applications must be able to synchronize accesses to operating system resources in order to ensure correctness in the face of concurrency and system failures. System transactions allow the programmer to specify updates to heterogeneous system resources with the OS guaranteeing atomicity, consistency, isolation, and durability (ACID). System transactions efficiently and cleanly solve persistent concurrency problems that are difficult to address with other techniques. For example, system transactions eliminate security vulnerabilities in the file system that are caused by time-of-check-to-time-of-use (TOCTTOU) race conditions. System transactions enable an unsuccessful software installation to roll back without disturbing concurrent, independent updates to the file system.

This paper describes TxOS, a variant of Linux 2.6.22 that implements system transactions. TxOS uses new implementation techniques to provide fast, serializable transactions with strong isolation and fairness between system transactions and non-transactional activity. The prototype demonstrates that a mature OS running on commodity hardware can provide system transactions at a reasonable performance cost. For instance, a transactional installation of OpenSSH incurs only 10% overhead, and a non-transactional compilation of Linux incurs negligible overhead on TxOS. By making transactions a central OS abstraction, TxOS enables new transactional services. For example, one developer prototyped a transactional ext3 file system in less than one month.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	http://www.employees.org/Üsatch/ssh/faq/TheWholeSSHFAQ.html.
	2	http://plash.beasts.org/wiki/PlashIssues/ConnectRaceCondition.
	3	Marcos K. Aguilera , Arif Merchant , Mehul Shah , Alistair Veitch , Christos Karamanolis, Sinfonia: a new paradigm for building scalable distributed systems, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, October 14-17, 2007, Stevenson, Washington, USA  [doi>10.1145/1294261.1294278]
	4	Daniel J. Bernstein, Some thoughts on security after ten years of qmail 1.0, Proceedings of the 2007 ACM workshop on Computer security architecture, p.1-10, November 02-02, 2007, Fairfax, Virginia, USA  [doi>10.1145/1314466.1314467]
	5	C. Blundell, E.C. Lewis, and M.M.K. Martin. Deconstructing transactions: The subtleties of atomicity. In Fourth Annual Workshop on Duplicating, Deconstructing, and Debunking. Jun 2005.
	6	Nikita Borisov , Rob Johnson , Naveen Sastry , David Wagner, Fixing races for fun and profit: how to abuse atime, Proceedings of the 14th conference on USENIX Security Symposium, p.20-20, July 31-August 05, 2005, Baltimore, MD
	7	Milind Kulkarni , Keshav Pingali , Bruce Walter , Ganesh Ramanarayanan , Kavita Bala , L. Paul Chew, Optimistic parallelism requires abstractions, Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, June 10-13, 2007, San Diego, California, USA  [doi>10.1145/1250734.1250759]
	8	J. Larus and R. Rajwar. Transactional Memory. Morgan&Claypool, 2006.
	9	B. Liskov , D. Curtis , P. Johnson , R. Scheifer, Implementation of Argus, Proceedings of the eleventh ACM Symposium on Operating systems principles, p.111-122, November 08-11, 1987, Austin, Texas, United States  [doi>10.1145/41457.37514]
	10	Peter S. Magnusson , Magnus Christensson , Jesper Eskilson , Daniel Forsgren , Gustav Hållberg , Johan Högberg , Fredrik Larsson , Andreas Moestedt , Bengt Werner, Simics: A Full System Simulation Platform, Computer, v.35 n.2, p.50-58, February 2002  [doi>10.1109/2.982916]
	11	P. McDougall. Microsoft pulls buggy windows vista sp1 les. In Information Week. http://www.informationweek.com/story/showArticle.jhtml?articleID=206800819.
	12	Paul E. Mckenney , Jonathan Walpole, Exploiting deferred destruction: an analysis of read-copy-update techniques in operating system kernels, Oregon Health & Science University, 2004
	13	Microsoft. What is system restore. 2008. http://support.microsoft.com/kb/959063.
	14	C.C. Minh, J. Chung, C. Kozyrakis, and K. Olukotun. Stamp: Stanford transactional applications for multi-processing. In IISWC, 2008.
	15	K.E. Moore, J. Bobba, M.J. Moravan, M.D. Hill, and D.A. Wood. LogTM: Log-based transactional memory. In HPCA, 2006.
	16	Michelle J. Moravan , Jayaram Bobba , Kevin E. Moore , Luke Yen , Mark D. Hill , Ben Liblit , Michael M. Swift , David A. Wood, Supporting nested transactional memory in logTM, Proceedings of the 12th international conference on Architectural support for programming languages and operating systems, October 21-25, 2006, San Jose, California, USA  [doi>10.1145/1168857.1168902]
	17	N. Murphy, M. Tonkelowitz, and M. Vernal. The design and implementation of the database file system, 2002.
	18	Edmund B. Nightingale , Peter M. Chen , Jason Flinn, Speculative execution in a distributed file system, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom  [doi>10.1145/1095810.1095829]
	19	Edmund B. Nightingale , Daniel Peek , Peter M. Chen , Jason Flinn, Parallelizing security checks on commodity hardware, Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, March 01-05, 2008, Seattle, WA, USA  [doi>10.1145/1346281.1346321]
	20	NIST. National Vulnerability Database. http://nvd.nist.gov/, 2008.
	21	M.A. Olson. The design and implementation of the inversion file system. In USENIX, 1993.
	22	William Pugh, Skip lists: a probabilistic alternative to balanced trees, Communications of the ACM, v.33 n.6, p.668-676, June 1990  [doi>10.1145/78973.78977]
	23	Ravi Rajwar , James R. Goodman, Transactional lock-free execution of lock-based programs, Proceedings of the 10th international conference on Architectural support for programming languages and operating systems, October 05-09, 2002, San Jose, California  [doi>10.1145/605397.605399]
	24	Hany E. Ramadan , Christopher J. Rossbach , Donald E. Porter , Owen S. Hofmann , Aditya Bhandari , Emmett Witchel, MetaTM/TxLinux: transactional memory for an operating system, Proceedings of the 34th annual international symposium on Computer architecture, June 09-13, 2007, San Diego, California, USA  [doi>10.1145/1250662.1250675]
	25	Hany E. Ramadan , Indrajit Roy , Maurice Herlihy , Emmett Witchel, Committing conflicting transactions in an STM, Proceedings of the 14th ACM SIGPLAN symposium on Principles and practice of parallel programming, February 14-18, 2009, Raleigh, NC, USA  [doi>10.1145/1504176.1504201]
	26	Christopher J. Rossbach , Owen S. Hofmann , Donald E. Porter , Hany E. Ramadan , Bhandari Aditya , Emmett Witchel, TxLinux: using and managing hardware transactional memory in an operating system, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, October 14-17, 2007, Stevenson, Washington, USA  [doi>10.1145/1294261.1294271]
	27	M. Russinovich and D. Solomon. Windows Internals. Microsoft Press, 2009.
	28	Frank Schmuck , Jim Wylie, Experience with transactions in QuickSilver, Proceedings of the thirteenth ACM symposium on Operating systems principles, p.239-253, October 13-16, 1991, Pacific Grove, California, United States  [doi>10.1145/121132.121171]
	29	Russell Sears , Eric Brewer, Stasis: flexible transactional storage, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p.3-3, November 06-08, 2006, Seattle, WA
	30	Margo I. Seltzer, Transaction Support in a Log-Structured File System, Proceedings of the Ninth International Conference on Data Engineering, p.503-510, April 19-23, 1993
	31	Alfred Z. Spector , Dean Daniels , Daniel Duchamp , Jeffrey L. Eppinger , Randy Pausch, Distributed transactions for reliable systems, Proceedings of the tenth ACM symposium on Operating systems principles, p.127-146, December 1985, Orcas Island, Washington, United States  [doi>10.1145/323647.323641]
	32	Richard P. Spillane , Sachin Gaikwad , Manjunath Chinni , Erez Zadok , Charles P. Wright, Enabling transactional file access via lightweight kernel extensions, Proccedings of the 7th conference on File and storage technologies, p.29-42, February 24-27, 2009, San Francisco, California
	33	Haris Volos , Andres Jaan Tack , Neelam Goyal , Michael M. Swift , Adam Welc, xCalls: safe I/O in memory transactions, Proceedings of the 4th ACM European conference on Computer systems, April 01-03, 2009, Nuremberg, Germany  [doi>10.1145/1519065.1519093]
	34	Matthew J. Weinstein , Thomas W. Page, Jr. , Brian K. Livezey , Gerald J. Popek, Transactions and synchronization in a distributed operating system, Proceedings of the tenth ACM symposium on Operating systems principles, p.115-126, December 1985, Orcas Island, Washington, United States  [doi>10.1145/323647.323640]
	35	Charles P. Wright , Richard Spillane , Gopalan Sivathanu , Erez Zadok, Extending ACID semantics to the file system, ACM Transactions on Storage (TOS), v.3 n.2, p.4-es, June 2007  [doi>10.1145/1242520.1242521]
	36	M. Zalewski. Delivering signals for fun and profit. 2001.
	37	C. Zilles and L. Baugh. Extending hardware transactional memory to support non-busy waiting and non-transactional actions. In TRANSACT, Jun 2006.
	38	X. Cai, Y. Gui, and R. Johnson. Exploiting unix file-system races via algorithmic complexity attacks. Oakland, 2009.
	39	Chi Cao Minh , Martin Trautmann , JaeWoong Chung , Austen McDonald , Nathan Bronson , Jared Casper , Christos Kozyrakis , Kunle Olukotun, An effective hybrid transactional memory system with strong isolation guarantees, Proceedings of the 34th annual international symposium on Computer architecture, June 09-13, 2007, San Diego, California, USA  [doi>10.1145/1250662.1250673]
	40	Crispin Cowan , Steve Beattie , Chris Wright , Greg Kroah-Hartman, RaceGuard: kernel protection from temporary file race vulnerabilities, Proceedings of the 10th conference on USENIX Security Symposium, p.13-13, August 13-17, 2001, Washington, D.C.
	41	Peter Damron , Alexandra Fedorova , Yossi Lev , Victor Luchangco , Mark Moir , Daniel Nussbaum, Hybrid transactional memory, Proceedings of the 12th international conference on Architectural support for programming languages and operating systems, October 21-25, 2006, San Jose, California, USA  [doi>10.1145/1168857.1168900]
	42	Drew Dean , Alan J. Hu, Fixing races for fun and profit: how to use access(2), Proceedings of the 13th conference on USENIX Security Symposium, p.14-14, August 09-13, 2004, San Diego, CA
	43	D. Dice, O. Shalev, and N. Shavit. Transactional locking II. In DISC, pages 194--208, 2006.
	44	U. Drepper. Secure file descriptor handling. In LiveJournal, 08.
	45	Eran Gal , Sivan Toledo, A transactional flash file system for microcontrollers, Proceedings of the annual conference on USENIX Annual Technical Conference, p.7-7, April 10-15, 2005, Anaheim, CA
	46	Narain H. Gehani , H. V. Jagadish , William D. Roome, OdeFS: A File System Interface to an Object-Oriented Database, Proceedings of the 20th International Conference on Very Large Data Bases, p.249-260, September 12-15, 1994
	47	Sanjay Ghemawat , Howard Gobioff , Shun-Tak Leung, The Google file system, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA  [doi>10.1145/945445.945450]
	48	Jim Gray, Notes on Data Base Operating Systems, Operating Systems, An Advanced Course, p.393-481, January 1978
	49	Jim Gray , Andreas Reuter, Transaction Processing: Concepts and Techniques, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1992
	50	Lance Hammond , Vicky Wong , Mike Chen , Brian D. Carlstrom , John D. Davis , Ben Hertzberg , Manohar K. Prabhu , Honggo Wijaya , Christos Kozyrakis , Kunle Olukotun, Transactional Memory Coherence and Consistency, Proceedings of the 31st annual international symposium on Computer architecture, p.102, June 19-23, 2004, München, Germany
	51	Rober Haskin , Yoni Malachi , Gregory Chan, Recovery management in QuickSilver, ACM Transactions on Computer Systems (TOCS), v.6 n.1, p.82-108, Feb. 1988  [doi>10.1145/35037.35060]
	52	Maurice Herlihy , Eric Koskinen, Transactional boosting: a methodology for highly-concurrent transactional objects, Proceedings of the 13th ACM SIGPLAN Symposium on Principles and practice of parallel programming, February 20-23, 2008, Salt Lake City, UT, USA  [doi>10.1145/1345206.1345237]
	53	Maurice Herlihy , Victor Luchangco , Mark Moir , William N. Scherer, III, Software transactional memory for dynamic-sized data structures, Proceedings of the twenty-second annual symposium on Principles of distributed computing, p.92-101, July 13-16, 2003, Boston, Massachusetts  [doi>10.1145/872035.872048]
	54	Maurice P. Herlihy , Jeannette M. Wing, Linearizability: a correctness condition for concurrent objects, ACM Transactions on Programming Languages and Systems (TOPLAS), v.12 n.3, p.463-492, July 1990  [doi>10.1145/78969.78972]