Download - Microkernels and Beyond
![Page 1: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/1.jpg)
cs4414 Spring 2014University of VirginiaDavid Evans
Class 22:Microkernelsand Beyond
![Page 2: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/2.jpg)
2
Plan for TodayMicrokernelsL4Exokernels
Reminder: don’t forget to sign up for your project submission/presentation option
![Page 3: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/3.jpg)
3
From: [email protected] (Linus Benedict Torvalds)Newsgroups: comp.os.minixSubject: Re: LINUX is obsoleteDate: 31 Jan 92 10:33:23 GMT
…
>I still maintain the point that designing a monolithic kernel in 1991 is>a fundamental error. Be thankful you are not my student. You would >not get a high grade for such a design :-)
Well, I probably won't get too good grades even without you: I had anargument (completely unrelated - not even pertaining to OS's) with theperson here at the university that teaches OS design. I wonder whenI'll learn :)…
Andy Tanenbaum
From Class 3:
![Page 4: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/4.jpg)
4
Should a file system be in the kernel?
![Page 5: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/5.jpg)
5
Monolithic Kernel
Hardware
Application
Syscall HandlerFile System
Device DriversScheduler
Memory Manager
Kernel Mode
User M
ode
Microkernel
Hardware
Minimal Kernel
Application User M
ode
File System
Device
Drivers
I/O
Device
Display
Device
![Page 6: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/6.jpg)
6
Kernel Mode
Microkernel
Hardware
Minimal Kernel
Application User M
ode
What must be in the minimal kernel?
File System
Device
Drivers
I/O
Device
Display
Device
![Page 7: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/7.jpg)
7
From: [email protected] (Andy Tanenbaum)Newsgroups: comp.os.minixSubject: LINUX is obsoleteDate: 29 Jan 92 12:12:50 GMT I was in the U.S. for a couple of weeks, so I haven't commented much on LINUX (not that I would have said much had I been around), but for what it is worth, I have a couple of comments now. As most of you know, for me MINIX is a hobby, something that I do in the evening when I get bored writing books and there are no major wars, revolutions, or senate hearings being televised live on CNN. My real job is a professor and researcher in the area of operating systems. As a result of my occupation, I think I know a bit about where operating are going in the next decade or so. Two aspects stand out:
(Picture from 1998)
![Page 8: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/8.jpg)
8
1. MICROKERNEL VS MONOLITHIC SYSTEMMost older operating systems are monolithic, that is, the whole operating system is a single a.out file that runs in 'kernel mode.' This binary contains the process management, memory management, file system and the rest. Examples of such systems are UNIX, MS-DOS, VMS, MVS, OS/360, MULTICS, and many more. The alternative is a microkernel-based system, in which most of the OS runs as separate processes, mostly outside the kernel. They communicate by message passing. The kernel’s job is to handle the message passing, interrupt handling, low-level process management, and possibly the I/O. Examples of this design are the RC4000, Amoeba, Chorus, Mach, and the not-yet-released Windows/NT. While I could go into a long story here about the relative merits of the two designs, suffice it to say that among the people who actually design operating systems, the debate is essentially over. Microkernels have won.
![Page 9: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/9.jpg)
9
Kernel Mode
Microkernel
Hardware
Minimal Kernel
Application
File System
Device
Drivers
I/O
Device
User M
ode
Why didn’t microkernels actually win?
Monolithic Kernel
Hardware
Application
Syscall HandlerFile System
Device DriversScheduler
Memory Manager
Display
Device
![Page 10: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/10.jpg)
10
Kernel Mode
Microkernel
Hardware
Minimal Kernel
Application User M
ode
What is hard about making microkernels work?
File System
Device
Drivers
I/O
Device
Display
Device
![Page 11: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/11.jpg)
11
Kernel Mode
Microkernel
Hardware
Minimal Kernel
Application User M
ode
What is hard about making microkernels work?
File System
Device
Drivers
I/O
Device
Display
Device
fopen
Inter-process Communication
(IPC)
![Page 12: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/12.jpg)
12
Comparing Linux and Minix Performance
“The IOtest read test simply performs random reads of varying sizes.”
MB/
s
Minix
Linux
LWN.net, 5 Feb 2007
![Page 13: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/13.jpg)
13
Really Comparing Linux and Minix
LWN.net, 5 Feb 2007 “Throughput” (Indexed)
LinuxMinix
Linux is 8-50 times faster for things that matter!
![Page 14: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/14.jpg)
14
Did microkernels actually lose?
2008 2013
1 000 000 000Android Activations
-13.8B
UniverseTools
Altruism
-5M 1679
Programmable Machines
S ::= NP V ONP ::= N and NP
Recursive Language
-300K 1945
Practical Universal Machines
1950s
Abstractions
1969
Modern OS
1993
Open Source OS,
runs on cheap
machines
Cheaper, faster, low-
energy processors,
Internet, web, $$$
From Class 3:
Monolithic Kernels
“Microkernels have won.” 1992
![Page 15: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/15.jpg)
15
Did microkernels actually lose?
2008 2013
1 000 000 000Android Activations
-13.8B
UniverseTools
Altruism
-5M 1679
Programmable Machines
S ::= NP V ONP ::= N and NP
Recursive Language
-300K 1945
Practical Universal Machines
1950s
Abstractions
1969
Modern OS
1993
Open Source OS,
runs on cheap
machines
Cheaper, faster, low-
energy processors,
Internet, web, $$$
Monolithic Kernels
“Microkernels have won.” 1992
![Page 16: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/16.jpg)
16
2008 2013
1B Android ActivationsSep 2013
-13.8B
UniverseTools
Altruism
-5M 1679
Programmable Machines
S ::= NP V ONP ::= N and NP
Recursive Language
-300K 1945
Practical Universal Machines
1950s
Abstractions
1969
Modern OS
1993
Open Source OS, runs on
cheap machines
Cheaper, faster, low-
energy processors,
Internet, web, $$$
1993
> 1B Windowsmachines in 2011
![Page 17: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/17.jpg)
17
Is Windows NT/XP/7/8
really a microkernel?
![Page 18: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/18.jpg)
18
Is Windows NT/XP/7/8
really a microkernel?
Summer 1986 USENIX Conference
![Page 19: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/19.jpg)
19
Summer 1986 USENIX Conference
![Page 20: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/20.jpg)
20
![Page 21: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/21.jpg)
21
Is Windows NT/XP/7/8
really a microkernel?
![Page 22: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/22.jpg)
22
2008 2013
1B Android ActivationsSep 2013
-13.8B
UniverseTools
Altruism
-5M 1679
Programmable Machines
S ::= NP V ONP ::= N and NP
Recursive Language
-300K 1945
Practical Universal Machines
1950s
Abstractions
1969
Modern OS
1993
Open Source OS, runs on
cheap machines
Cheaper, faster, low-
energy processors,
Internet, web, $$$
![Page 23: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/23.jpg)
23
2008 2013
1B Android ActivationsSep 2013
-13.8B
UniverseTools
Altruism
-5M 1679
Programmable Machines
S ::= NP V ONP ::= N and NP
Recursive Language
-300K 1945
Practical Universal Machines
1950s
Abstractions
1969
Modern OS
1993
Open Source OS, runs on
cheap machines
Cheaper, faster, low-
energy processors,
Internet, web, $$$
1.5B L4 Microkernel SystemsJan 2012
![Page 24: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/24.jpg)
24
![Page 25: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/25.jpg)
25
1953-10 June 2001
![Page 26: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/26.jpg)
26
![Page 27: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/27.jpg)
27
L3 AbstractionsTask
Threads: each has global, unique ID
Own Address SpaceShared data spaces
MessageFrom: thread IDTo: thread IDDirect/Indirect String Data (optional)
Microkernel
Manages TasksSends messages between tasks
![Page 28: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/28.jpg)
28
L3 AbstractionsTask
Threads: each has global, unique ID
Own Address SpaceShared data spaces
MessageFrom: thread IDTo: thread IDDirect/Indirect String Data (optional)
Microkernel
Manages TasksSends messages between tasks
What is a hardware interrupt in L3?
![Page 29: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/29.jpg)
29
Minimal IPCTask A Task B
Kernel
Thread A1 Thread B1Message
![Page 30: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/30.jpg)
30
Minimal IPCTask A Task B
Kernel
Thread A1 Thread B11. load B1 ID2. load message3. call kernel
![Page 31: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/31.jpg)
31
Minimal IPCTask A Task B
Kernel
Thread A1 Thread B11. load B1 ID2. load message3. call kernel
4. access Thread B15. switch stack pointer6. switch address space7. load A’s ID8. return to user mode
9. receive
![Page 32: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/32.jpg)
32
ImplementationTask A Task B
Kernel
1. load B1 ID2. load message3. call kernel
4. access Thread B15. switch stack pointer6. switch address space7. load A’s ID8. return to user mode
9. receive
![Page 33: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/33.jpg)
33
ImplementationTask A Task B
Kernel
1. load B1 ID2. load message3. call kernel
4. access Thread B15. switch stack pointer6. switch address space7. load A’s ID8. return to user mode
9. receive
![Page 34: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/34.jpg)
34
ImplementationTask A Task B
Kernel
1. load B1 ID2. load message3. call kernel
4. access Thread B15. switch stack pointer6. switch address space7. load A’s ID8. return to user mode
9. receive
What does this minimal implementation rely on?
![Page 35: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/35.jpg)
35
ImplementationTask A Task B
Kernel
1. load B1 ID2. load message3. call kernel
4. access Thread B15. switch stack pointer6. switch address space7. load A’s ID8. return to user mode
9. receive
What does this minimal implementation rely on?
Synchronous:Receiving thread is
waitingSender waits until reply
No timeouts: all IPC calls must guarantee termination
![Page 36: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/36.jpg)
36
![Page 37: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/37.jpg)
37
What if the message has data? Task A Screen Driver
Kernel
Thread A1 Thread B11. load B1 ID2. load message3. call kernel
4. access Thread B15. switch stack pointer6. switch address space7. load A’s ID8. return to user mode
9. receive
display “Hello L3!”
“Hello L3!”
![Page 38: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/38.jpg)
38
Copy Through Kernel Task A Screen Driver
Kernel
Thread A1 Thread B11. load B1 ID2. load message3. call kernel
4. access Thread B15. switch stack pointer6. switch address space7. load A’s ID8. return to user mode
9. receive
display “Hello L3!”
“Hello L3!”
“Hello L3!”
“Hello L3!”
![Page 39: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/39.jpg)
39
Screen Driver
Copy Direct Task A
Kernel
Thread A1 Thread B11. load B1 ID2. load message3. call kernel
4. access Thread B15. switch stack pointer6. switch address space7. load A’s ID8. return to user mode
9. receive
“Hello L3!” “Hello L3!”
0. set up receive buffer
![Page 40: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/40.jpg)
40
OS Design TradeoffsMonolithic (e.g., Linux) Microkernel (e.g., L4)
![Page 41: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/41.jpg)
41
Biggest Advantage of Microkernels
IronKernel:9.8K lines of Rust+ 273 lines of asmrust-core: 6.5K
Windows NT 3.1: 5M LOC
Linux kernel 3.6: 16M LOC
![Page 42: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/42.jpg)
42
Biggest Advantage of MicrokernelsIronKernel:
9.8K lines of Rust + 273 lines of asmrust-core: 6.5Karch: 2.1K (1.7K is font.rs)kernel: 1178 63 fs.rs 38 int.rs 95 mod.rs 10 ptr.rs 351 rt.rs 343 sgash.rs (46 for printing logo!) 278 memory/*.rs
![Page 43: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/43.jpg)
43
SOSP 2009
![Page 44: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/44.jpg)
44
Size of code: 8,700 lines (2 person-months)Size of proof: 200,000 lines (20 person-years ~ 11)
![Page 45: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/45.jpg)
45
What should the specification for the scheduler look like?
![Page 46: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/46.jpg)
46
What should the specification for the scheduler look like?
Isabelle/HOLscheduler spec
![Page 47: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/47.jpg)
47
Kernel Mode
Microkernel
Hardware
Minimal Kernel
Application
File System
Device
Drivers
I/O
Device
User M
ode
Monolithic Kernel
Hardware
Application
Syscall HandlerFile System
Device DriversScheduler
Memory Manager
Display
Device
Exokernel
Hardware
Really Minimal Kernel
Application 2 (+ libraries)
Application 1 (+ libraries)
![Page 48: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/48.jpg)
48
Definition from Class 1:
An operating system is a program that manages resources and provides abstractions.
![Page 49: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/49.jpg)
49
HotOS 1995
![Page 50: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/50.jpg)
50
Slide fromExokernels (or,
making the operating system
just another application library)
Dawson EnglerFrans Kaashoek
Greg GangerH. Briceño
R. HuntD. MazièresT. Pinckney
J. Jannotti
![Page 51: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/51.jpg)
51
![Page 52: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/52.jpg)
52
Kernel Mode
User M
ode
Exokernel
Hardware
Really Minimal Kernel
Application 2 (+ libraries)
Application 1 (+ libraries)
Multiplexing Resources
![Page 53: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/53.jpg)
53
Kernel Mode
User M
ode
Exokernel
Hardware
Really Minimal Kernel
Application 2 (+ libraries)
Application 1 (+ libraries)
Multiplexing Resources
CPU Core: time shareMemory: share by allocating pages to processesPersistent Storage (Disk): divide into blocks
How should exokernel decide if a process can read a disk block?
![Page 54: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/54.jpg)
54
Kernel can query FS:owns(meta) := set of blocks
owned by meta
Must be deterministic and persistent
Kernel checks after any modification!
![Page 55: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/55.jpg)
55
Examples from Dawson Engler’s PhD Thesis
![Page 56: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/56.jpg)
56
2008 2013
1B Android ActivationsSep 2013
-13.8B
UniverseTools
Altruism
-5M 1679
Programmable Machines
S ::= NP V ONP ::= N and NP
Recursive Language
-300K 1945
Practical Universal Machines
1950s
Abstractions
1969
Modern OS
1993
Open Source OS, runs on
cheap machines
Cheaper, faster, low-
energy processors,
Internet, web, $$$
1.5B L4 Microkernel SystemsJan 2012
How many exokernels?
![Page 57: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/57.jpg)
57
2008 2013
1B Android ActivationsSep 2013
-13.8B
UniverseTools
Altruism
-5M 1679
Programmable Machines
S ::= NP V ONP ::= N and NP
Recursive Language
-300K 1945
Practical Universal Machines
1950s
Abstractions
1969
Modern OS
1993
Open Source OS, runs on
cheap machines
Cheaper, faster, low-
energy processors,
Internet, web, $$$
1.5B L4 Microkernel SystemsJan 2012Companies (intellectually)
derived from exokernel project:
![Page 58: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/58.jpg)
58
What’s Next?“Bitter experience in the design of operating systems leads to the conclusion that radical changes must be made, both the way we think about functions of operating systems and in the way they are implemented.”
![Page 59: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/59.jpg)
59
What’s Next?“Bitter experience in the design of operating systems leads to the conclusion that radical changes must be made, both the way we think about functions of operating systems and in the way they are implemented.”
Butler LampsonNATO Software Engineering Techniques Conference 1969
![Page 60: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/60.jpg)
60
Kernel
Hope for FeROS?
(Rust) Task A (Rust) Task B (File System)
Memory Isolation enforced by language mechanismsIPC through safe, shared dataExternal resources managed through cryptographyNo cost to calling between tasks, kernel: all in same address space!
![Page 61: Microkernels and Beyond](https://reader037.vdocuments.us/reader037/viewer/2022102813/546569b0af7959c04e8b4e5d/html5/thumbnails/61.jpg)
61
Charge!Tanenbaum was wrong about microkernels having won in 1992Prevailing wisdom is wrong about microkernels having lost in 2014
Butler is still right: The real OS of the future should be something radically different and you should help build it!
Remember to sign up for your project
submission option!