1 / 16

Toward Self-Stabilizing Operating Systems

Toward Self-Stabilizing Operating Systems. Shlomi Dolev, BGU Reuven Yagel, BGU-Rafael. Talk Outline. Motivation for self-stabilizing operating systems OS do not stabilize! NMI example, must shut down the computer! Blackbox Periodic reset re-install and execute

duer
Télécharger la présentation

Toward Self-Stabilizing Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward Self-Stabilizing Operating Systems Shlomi Dolev, BGU Reuven Yagel, BGU-Rafael

  2. Talk Outline • Motivation for self-stabilizing operating systems • OS do not stabilize! NMI example, must shut down the computer! • Blackbox • Periodic reset re-install and execute • Periodic re-install and execute • Continues re-install monitor and establish consistency • Write a self-stabilizing tiny OS

  3. Goal: Autonomic Computer • Following any sequence of transient faults, soft-errors (98% of RAM errors are soft errors), wrong crc during communication etc. the system converges. • Self Stabilization • System can be started in arbitrary state • Traditionally used in distributed systems (where transient faults are frequent) • Cannot run self-stabilizing algorithms unless hardware+OS are stabilizing (Fair composition [Dolev2K,DH03])

  4. Operating Systems • Main OS (black-box): • UNIX (Berkeley), LINUX (freeware) • DOS, WINDOWS (Microsoft) • Three main parts of a kernel (tailored): • Process scheduler • Memory manager • Device drivers

  5. Hardware Platform • IA-32 Architecture • CPU modes – (real, protected, virtual 8086, system) • Boot process – BIOS, MBR, 2nd Loader. • Memory: RAM + ROM, 20-bit segment addressing, Interrupt Vector Table, IDTR • Interrupts (INT + NMI pins, software interrupts) • Watchdog device • Machine restart • Recovery Monitor in ROM [Castro & Liskov 2k] • OS Re-install • Harvard Model (data - program separated)

  6. Unix-Linux-Windows-Dos do not Stabilize • Processor - NMI • During NMI handler, further NMI are discarded, until the IRET instruction is executed [Intel 2003 • IDTR • LIDT instruction can change table location

  7. Periodic reset re-install and execute • Watchdog Timer – Self Stabilizing • Processor reset • OS code copy from ROM to RAM during bootstrap (check that it is self-stabilizing) • Slow & Bother continuous work

  8. Periodic re-install and execute • Watchdog • Re-install only • Require hardware changes • NMI countdown register • Decremented toward 0 in each cycle • Enables NMIs when equal to 0 • Set to a value that enables full execution of the stabilizer code • NMI vector hardwired • Still bothers continuous work

  9. OS Stabilizer Code OS_SEGMENT equ 0x1000 STABILIZER_ROM_SEGMENT equ 0x2000 OS_ROM_SEGMENT equ 0x3000 ;enter real mode mov cr0, 0 ;copy OS image mov ax, OS_ROM_SEGMENT mov ds, ax mov ax, OS_SEGMENT mov es, ax mov si, 0x00 mov di, 0x00 mov cx, 0x100 cld rep movsb Processor Address Space cr0 0 0 10000 20000 30000 2000 ax 1000 3000 OS CODE cx 99 100 Stabilizer ds 3000 OS Image si 0 1 es 1000 di 1 0 PC PSW 2000 0

  10. OS Stabilizer Code cont. ; prepare for journey back mov ax, WATCHDOG_ROM_SEGMENT mov ss, ax mov sp, 0xFFFF pushf push word OS_SEGENT push word 0x0 ; enable NMI & jump to OS code iret Or better just: mov ax, OS_SEGMENT mov es, ax jmp [es:0]

  11. Assumptions • Initial Configuration • RAM contains OS code and initialized variables, processor is configured to run the OS (real-mode), PC register points to the first instruction of the OS code. • Stabilizing processor & watchdog. • Processor will react to watchdog interrupt. • Stabilizer code can not be corrupted

  12. Proof Sketch • Every execution of the OS stabilizer is finite and does not depend on previous state • OS stabilizer will be executed infinitely often. • The OS stabilizer code enters the system into the initial configuration. • Thus: In every infinite execution the system will infinitely often will reach the initial configuration.

  13. Continues re-install monitor and establish consistency • Warm boot • Consistency check & Establishment • …

  14. Minimal OS • Various Small OSs • Tiny OS – Specialized • SONIX (Temporary Name)

  15. Demonstration

  16. Demo – SONIX Code • [SEGMENT .text] • jmp StartOS • msgWelcome db "SONIX is NOT Linux!", 0x00 • reversedCol db 9 ;holds the raw that will be reversed • fontColor db 1 ;originally blue • delayCounter dw 0 ;make it work slower • StartOS: • mov ax, cs ;location where loader2 is loaded • mov ds, ax • OsLoop: • mov si, msgWelcome ; welcome message • mov cl, 10 ; screen col 10 • mov ch, 13 ; screen row 13 • mov dh, byte [fontColor] ; normal attribute • ; all this mess is to determine which character will be reserved • mov al, [reversedCol] • inc al • cmp al, 29 ; end of message • jb GoAhead • ; put reverse video back to first column and also switch color • mov al, 9 • inc byte [fontColor] • cmp byte [fontColor], 8 • jb GoAhead • mov byte [fontColor], 1

More Related