1 / 23

G22.3250-001

G22.3250-001. Extensibility: SPIN and exokernels. Robert Grimm New York University. The Three Questions. What is the problem? What is new or different? What are the contributions and limitations?. OS Abstraction Barrier. Fixed high-level abstractions Hurt application performance

waseem
Télécharger la présentation

G22.3250-001

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. G22.3250-001 Extensibility:SPIN and exokernels Robert Grimm New York University

  2. The Three Questions • What is the problem? • What is new or different? • What are the contributions and limitations?

  3. OS Abstraction Barrier • Fixed high-level abstractions • Hurt application performance • Hide information • Limit functionality • Examples • Buffer cache management • Persistent storage

  4. Goals • Extensibility • Applications introduce specialized services • Safety • Kernel, applications, services are protected • Performance • Extensibility and safety have low cost

  5. Why Is This Hard?

  6. Two Approaches

  7. SPIN Approach • Put extension code in the kernel • Cheap communication • Use language protection features • Static safety • Dynamically impose on any service • Fine-grained extensibility

  8. The Big Picture

  9. Modula-3 • Type-safe programming language • Interfaces • Garbage collection • Other features • Objects, generic interfaces, threads, exceptions • Most of kernel written in Modula-3 • Extensions must be written in Modula-3 • User-space applications written in any language

  10. Safety • Capabilities • Simply a pointer • Can we pass capabilities to user-land? • Protection domains • Language-level • Limit visibility of names • Enforced at dynamic link time

  11. Extensibility • Extension model • Events • Event handlers • Guards • Mechanism • Event dispatcher • Common case: procedure call

  12. Core Services • Memory management • Physical addresses • Virtual addresses • Translations • Thread management • Signals to scheduler • Block, unblock • Signals to thread manager • Checkpoint, resume

  13. Performance • It works

  14. Exokernels Approach • Make the application do it!

  15. Exokernels Approach (again) • Separate protection and management • Expose allocation • Expose names • Expose revocation • Expose information

  16. The Big Picture

  17. At The Core Aegis: MIPS-based DECstations Xok: x86-based PCs • Processor time slices • Processor environments • Hardware exceptions (Aegis, Xok) • Timer interrupts (Aegis, Xok) • Protected entries (Aegis, Xok) • Addressing • Aegis: Guaranteed mappings, applications notified of TLB misses • Xok: Hardware page tables, applications specify mappings • Hierarchical capabilities (Xok only) • Book keeping

  18. Case Study: The Disk • Problem • How to store meta-data? • Ownership of disk blocks • Failed approaches • Simple capabilities • Self-descriptive meta-data • Template-based descriptions

  19. The Disk (cont.) • Untrusted deterministic functions • Programmatic templates • Shared data • Buffer cache registry • Ordered disk writes • Ensure consistency after crash

  20. Performance • It works • It scales

  21. Issues • SPIN • Trusted compiler • Resource control

  22. Issues (cont.) • Exokernels • Extension model • Downloaded code • Wakeup predicates • Dynamic packet filters • Application-specific handlers • Untrusted deterministic functions • Complexity of disk management

  23. What Do You Think?

More Related