extensibility, safety and performance in the spin operating system bershad et al presentation by...
Post on 20-Dec-2015
219 views
TRANSCRIPT
![Page 1: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/1.jpg)
Extensibility, Safety and Performance in
the SPIN Operating SystemBershad et al
Presentation by normSlides shamelessly “borrowed” from
Stefan Savage’s SOSP talk
![Page 2: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/2.jpg)
Goals
• Extensibility– Applications can dynamically extend system to
provide specialized services
• Safety– Kernel is protected from actions of extensions
• Performance– Extensibility and safety have low cost
![Page 3: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/3.jpg)
Why is this hard?
![Page 4: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/4.jpg)
Approach
• Put extension code in the kernel– Cheap communication
• Use language protection features– Static safety
• Dynamically interpose on any service– Fine-grained extensibility
![Page 5: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/5.jpg)
A SPIN extension
![Page 6: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/6.jpg)
SPIN structure
![Page 7: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/7.jpg)
Safety
• Language-based protection based on Modula-3– Memory safe– Interfaces for hiding resources– Cheap capabilities
![Page 8: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/8.jpg)
Extensibility
• Events defined as procedures within interfaces in Modula-3
• Dispatcher for finding handlers– Guards for selective execution of handlers
![Page 9: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/9.jpg)
Dispatcher
![Page 10: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/10.jpg)
Other services
• Almost all “system” services are extensions– Network protocols– File systems– System call interface
• SPIN only implements services which cannot be safely implemented as extensions– Processor execution state– Basic interface to MMU and physical memory– Device IO / DMA– Dynamic linker and Dispatcher
![Page 11: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/11.jpg)
A protocol graph in SPIN
![Page 12: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/12.jpg)
Performance
• SPIN runs on DEC Alpha platforms• Measurements– DEC AXP 3000/400 @ 133 Mhz
• Comparison systems– DEC OSF/1 V2.1– Mach 3.0
![Page 13: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/13.jpg)
SPIN performance advantages
• Extensions provide specialized service– Don’t execute unnecessary code
• Extensions execute close to kernel services– Low latency response to faults/interrupts– Invoking services is cheap
![Page 14: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/14.jpg)
Video service
![Page 15: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/15.jpg)
Other basic system services
![Page 16: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/16.jpg)
Discussion
• Do user level programs need to be written in Modula-3 like extensions do?
![Page 17: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/17.jpg)
Discussion
• How can you force extension writers to use Modula-3?
![Page 18: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/18.jpg)
Discussion
• Can SPIN can be efficiently used in resource constrained situations? Most memory safe languages, including Modula-3, are more ‘heavy weight’ than C in which most OS kernels are written. Isn’t performance the reason that we are still using C in most OSes today?
![Page 19: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/19.jpg)
Modula-3 vs C
• Most operations are compiled equivalently whether written in Modula-3 or C
• Modula-3 can sometimes introduce runtime checks to guarantee type safety
![Page 20: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/20.jpg)
Discussion
• In Spin, can multiple event guards be true at the same time? If so, how will the dispatcher decide the order of activating different event handlers?
![Page 21: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/21.jpg)
Discussion
• The authors compare the performance of SPIN with Mach, however, Mach is slow. Do you think SPIN will have good performance compared to L4?
![Page 22: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/22.jpg)
Discussion
• What happens if an extension raises an exception?
![Page 23: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/23.jpg)
Discussion
• Can a buggy extension crash the system, perhaps the dispatcher?
![Page 24: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/24.jpg)
Discussion
• What is the essential difference between SPIN and L4?
![Page 25: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/25.jpg)
Discussion
• Is it really secure to trust the type system of a language for OS safety?
![Page 26: Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649d445503460f94a21a5e/html5/thumbnails/26.jpg)
Discussion
• Why don’t we see any extensible OSes today?