Download defining tragedy

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
Document related concepts

Distributed operating system wikipedia , lookup

RSTS/E wikipedia , lookup

Burroughs MCP wikipedia , lookup

VS/9 wikipedia , lookup

DNIX wikipedia , lookup

Memory management unit wikipedia , lookup

Spring (operating system) wikipedia , lookup

Unix security wikipedia , lookup

CP/M wikipedia , lookup

Process management (computing) wikipedia , lookup

Paging wikipedia , lookup

Transcript 
Exokernel
Dave Eckhardt
[email protected]
1
Synchronization
●
Happy birthday, NCSA Mosaic
–
●
●
Survey
–
Which OSs strike you as “tragic”? Why?
–
Who knows how to pronounce “quixotic”?
Today: Exokernel
–
●
April 22, 1993
“Exterminate All Operating System Abstractions”
No class Monday
1
Overview
●
●
The Exokernel worldview
–
Tragedy
–
Salvation
My personal reaction to the Exokernel worldview
1
Tragedy
●
●
●
The defining tragedy of the OS community
–
OS = hardware multiplexor
–
and OS = hardware abstractor
OS abstraction is a quixotic goal
–
Always-appropriate abstractions are impossible
–
Always-efficient implementations are impossible
“The only way to win is not to play”
1
“Abstractions Considered Harmful”??
●
No.
●
The right abstractions are good.
●
–
But there is no single right abstraction
–
But each machine runs a single OS
●
A single process model
●
A single VM system
One size cannot fit all
–
Ever
1
What's the harm in trying?
●
You say “quixotic goal” like it's a bad thing...
●
Abstraction-heavy OSs are
–
Complex
–
Large
–
Unreliable
–
Hard to change
–
Slow
1
What's the harm in trying?
●
You say “quixotic goal” like it's a bad thing...
●
Abstraction-heavy OSs are
●
–
Complex
–
Large
–
Unreliable
–
Hard to change
–
Slow
Not just one bad thing! Every bad thing!
1
Defining The Tragedy
●
OS = any software you cannot avoid
●
Issue not “PL0 vs. PL4”
●
–
If you need to be administrator to install it, it's OS
–
Even if it runs in “user mode”
Application software = anybody can avoid it
1
The Exokernel Thesis
●
Q: Which jobs belong to the OS?
●
A: Safe multiplexing of physical resources
–
Jobs which require the use of force
●
–
Preventing unfair initiation of force
●
●
Timer interrupts force context switches
Protecting my memory from your wild pointer
Other jobs best done by other code structures
–
Abstractions provided by voluntary use of libraries
1
What's wrong with OS abstractions?
●
Complexity means bugs
●
Complexity means inertia
●
Complexity means slowness
1
Complexity means bugs
●
●
If “virtual memory” means
–
Copy-on-write
–
Memory-mapped files
–
User-wired pages
–
Paging out parts of the OS kernel
Then “virtual memory” will be buggy
–
●
For all processes
(unless 15-412 students do the job)
1
Complexity means inertia
●
●
●
Providing lots of fancy abstractions is hard
–
Needs large, complex code
–
Large, complex code evolves slowly
Everything depends on the OS
–
Changing the OS requires changing everything
–
Costly, slow
Only illuminati can change the OS
–
“Linus doesn't scale”
1
Complexity means slowness
●
Garbage collectors don't want dirty pages stored
–
●
Databases don't want dirty buffers written
–
●
If the transaction hasn't committed yet
Databases don't want 1-block read-ahead
–
●
If they're in the copied region of from-space
Bank withdrawals aren't sequential by account #
A “free” OS optimization for one usage pattern...
–
...is a mandatory OS slowdown for another pattern
1
The Horror is Mandatory
●
There is only one file system
–
●
No other way to access the disk
There is only one VM system
–
Only one page size, replacement policy, ...
1
“Virtual Machine Considered
Harmful”
●
The process model is bad
–
●
Every process model is bad
CISC vs. RISC
–
Processors should provide basic instructions
●
–
Let compilers build them into abstractions
●
●
Load, store, copy register, add
Procedure call, switch()
“End-to-end Arguments In System Design”
1
Eliminate OS Abstractions
●
Export hardware securely
●
No machine-independent wrappers
●
Abstraction-free kernel = exokernel
–
All parts visible
1
Exokernel
●
Safely allocate/deallocate/multiplex ...
–
memory pages
–
CPU time slots
–
disk sectors
–
TLB slots (& address-space id #'s)
–
Interrupts & traps
–
DMA channels, bus bridges
–
I/O devices
1
The Real Hardware
●
●
Real TLB, not abstract TLB
–
If version #13 has 32 entries and #14 has 64, deal
–
If version #17 had a broken reference bit, detect &
deal
Real memory, not abstract memory
–
You can ask for frames #31, #62
●
●
...because you know they don't collide in this TLB
You specify your own PTE entries
–
Don't forget to flush your TLB!!
1
Secure Multiplexing??
●
Guards prevent evil
●
PTEs you install map to your frames
●
Packets you send are from your frames
–
●
Cannot “helpfully” free frame before complete
Packets you receive are into your frames
1
“Is there an OS in the house?”
●
Memory
●
Polling
●
CPU scheduling
●
Packet transmission
●
Packet filtering
●
Packet buffering
1
Xok Memory
●
●
Three OS data structures
–
per-process x86 page table
–
page access matrix
–
free page list
Process can view its PTs
–
Check dirty, referenced bits for gc
1
Xok Memory
●
Process requests changes
–
●
●
Simple, fast system call checks access
Process may store a frame to disk
–
Or anywhere else
–
Then use frame for another page
Process may maintain free-frame pool
–
It can/must handle its page faults
1
Abstract-OS Event Polling
●
●
Wake me up when...
–
Client packet arrives, OR
–
Some client TCP connection can accept data
Unix solution: select()/poll() system call
–
Works only on file descriptors
–
Expensive
1
Xok Event Polling
●
●
Publish list of integers and comparisons
–
&socket->recv->count, &zero, GREATER
–
&socket->xmit->count, &16384, LESS
Kernel generates, optimizes machine code
–
●
(pins pages)
Scheduler runs per-process “runnable predicate”
1
Xok Packet Transmission
●
●
–
List of (address, length) pairs defines packet
–
“txpending” integer decremented when done
●
●
txpending = 1;
send(interface, iovec, &txpending);
might make process runnable
Application must avoid overwriting packet
1
Xok Packet Filtering
●
Application provides packet filter
●
Kernel compiles into machine code
●
Kernel checks for packet theft
–
●
This filter overlaps with an open filter, not yours
Filtering != storage
1
Xok Packet Storage
●
Process provides ring buffers in memory
●
Kernel inserts packet
–
●
No room? Drop
Kernel writes received-length field
–
Probably in receiver's “runnable predicate”
1
It's Weird. Is It Good?
●
●
ExOS – voluntary POSIX emulation library
–
Provides file system, process semantics
–
Can run gcc, csh, etc.
Simple socket-based HTTP server
–
●
2X faster ExOS vs. OpenBSD
Cheetah HTTP Server
–
Customized file system & TCP
–
3X-8X throughput of web servers on OpenBSD
1
Web Server Story
●
Request/Response via TCP sockets
●
Pre-fork()'d process pool for requests
●
File data copied from disk to kernel to user
●
File data copied user to kernel to network
●
Slow
–
System calls block, fork() is slow
–
Checksum data before transmission
–
Memory-to-memory copies
1
Cheetah/Xok story
●
●
Event loop instead of polling
–
Asleep until something is ready (disk, net)
–
Make it busy, sleep again
Network retransmit buffers == file system cache
–
●
No duplication, no copy bandwidth
Store TCP data checksums inside file
–
Computed offline when file is stored
–
Not computed for every transmission!
1
Eckhardt's Reactions
●
●
800% performance is exciting!
–
Wake-up call is good
–
Concepts & approach are a contribution
There are issues
1
Objection: Multiplex != Allocate
●
TLB slots exposed
–
●
How many for my process?
CPU quantum expires
–
Who sets quantum length?
–
Which process is next?
–
“Next process” choice is rate-monotonic or not
●
Can't be rate-monotonic just for those who opt in!
1
Objection: Multiplex != Allocate
●
Disk interrupt!
–
Run newly-runnable process or just-interrupted one?
●
These questions must be answered
●
Answers are mandatory abstractions
1
Objection: Cooperative Multitasking?
●
When kernel needs a frame
–
●
It asks a process to free one!
Process should
●
Store page to disk (if neccesary)
●
Unmap page->frame
●
Free frame
●
What if it doesn't???
●
How can you distinguish “slow” from “no”???
1
Performance/Abstraction Issues
●
(Identified in 2002 paper)
●
“Runnable predicates” scale poorly
–
●
Run-time code generation brittle, hard to port
–
●
How to do better w/o OS-level abstractions???
Inertia???
No packet scheduler, so no connection fairness
–
Would be a mandatory abstraction!
1
Applicability
●
Do regular applications work well?
●
Are genius programmers required?
–
●
Cheetah authors unusually high-powered...
Is this really a general OS paradigm?
–
Is the tragedy over?
1
Summary
●
“One size fits all” abstractions don't.
●
Abstraction mismatches are painful.
●
Multiplexing does not require abstraction.
●
Abstraction = box
–
Think “outside the box” for speed
–
Code outside the box?
●
Me?
1
Papers
●
End-to-end Arguments In System Design
–
●
Exterminate All Operating System Abstractions
–
●
Saltzer, Reed, Clark: SOSP 5 (1981)
Engler & Kaashoek: HotOS 5 (1995)
Fast and Flexible Application-Level Networking
on Exokernel Systems
–
Ganger, Engler, Kaashoek, Briceño, Hunt, Pinckney
–
ACM TOCS 20:1 (2002)
1
Related documents
The Aegis Exokernel
The Aegis Exokernel
pptx - Computer Science
pptx - Computer Science
COP4020 Homework Assignment 2
COP4020 Homework Assignment 2
Operating System Design
Operating System Design
PPT
PPT
COP4020 Homework Assignment 2
COP4020 Homework Assignment 2
Operating Systems CMPSC 473
Operating Systems CMPSC 473
Slide 1
Slide 1
pptx - GitHub Pages
pptx - GitHub Pages
Advanced Operating Systems
Advanced Operating Systems
ppt - Computer Science
ppt - Computer Science
Charles Haiber`s presentation on Exokernels
Charles Haiber`s presentation on Exokernels