DOCSLIB.ORG

Interface and Execution Models in the Fluke Kernel

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

The following paper was originally published in the Proceedings of the 3rd Symposium on Operating Systems Design and Implementation New Orleans, Louisiana, February, 1999 Interface and Execution Models in the Fluke Kernel Bryan Ford, Mike Hibler, Jay Lepreau, Roland McGrath, Patrick Tullmann University of Utah For more information about USENIX Association contact: 1. Phone: 1.510.528.8649 2. FAX: 1.510.548.5738 3. Email: [email protected] 4. WWW URL:http://www.usenix.org/ Interface and Execution Models in the Fluke Kernel Bryan Ford Mike Hibler Jay Lepreau Roland McGrath Patrick Tullmann Department of Computer Science, University of Utah Abstract damental internal organization of the kernel implemen- We have defined and implemented a kernel API that tation. A central aspect of this internal structure is the execution model in which the kernel handles in-kernel makes every exported operation fully interruptible and events such as processor traps, hardware interrupts, and restartable, thereby appearing atomic to the user. To achieve interruptibility, all possible kernel states in which system calls. In the process model, which is used by tra- ditional monolithic kernels such as BSD, Linux, and Win- a thread may become blocked for a “long” time are repre- sented as kernel system calls, without requiring the kernel dows NT, each thread of control in the system has its own to retain any unexposable internal state. kernel stack—the complete state of a thread is implicitly encoded its stack. In the interrupt model,usedbysystems Since all kernel operations appear atomic, services such as V [8], QNX [19], and the exokernel implementa- such as transparent checkpointing and process migration tions [13, 22], the kernel uses only one kernel stack per that need access to the complete and consistent state of a processor—thus for typical uniprocessor configurations, process can be implemented by ordinary user-mode pro- only one kernel stack. A thread in a process-model ker- cesses. Atomic operations also enable applications to nel retains its kernel stack state when it sleeps, whereas provide reliability in a more straightforward manner. in an interrupt-model kernel threads must explicitly save This API also allows us to explore novel kernel im- any important kernel state before sleeping, since there is plementation techniques and to evaluate existing tech- no stack implicitly encoding the state. This saved kernel niques. The Fluke kernel’s single source implements ei- state is often known as a continuation [11], since it allows ther the “process” or the “interrupt” execution model on the thread to “continue” where it left off. both uniprocessors and multiprocessors, depending on a configuration option affecting a small amount of code. In this paper we draw attention to the distinction be- We report preliminary measurements comparing fully, tween an interrupt-model kernel implementation—a ker- partially and non-preemptible configurations of both pro- nel that uses only one kernel stack per processor, explic- cess and interrupt model implementations. We find that itly saving important kernel state before sleeping—and the interrupt model has a modest performance advan- an “atomic” kernel API—a system call API designed to tage in some benchmarks, maximum preemption latency eliminate implicit kernel state. These two kernel prop- varies nearly three orders of magnitude, average preemp- erties are related but fall on orthogonal dimensions, as tion latency varies by a factor of six, and memory use illustrated in Figure 1. In a purely atomic API, all pos- favors the interrupt model as expected, but not by a large sible states in which a thread may sleep for a noticeable amount. We find that the overhead for restarting the most amount of time are cleanly visible as a kernel entrypoint. costly kernel operation ranges from 2–8% of the cost of For example, the state of a thread involved in any sys- the operation. tem call is always well-defined, complete, and immedi- ately available for examination or modification by other 1 Introduction threads; this is true even if the system call is long-running and consists of many stages. In general, this requires An essential issue of operating system design and im- all system calls and exception handling mechanisms to plementation is when and how one thread can block and be cleanly interruptible and restartable,inthesameway relinquish control to another, and how the state of a thread that the instruction sets of modern processor architectures suspended by blocking or preemption is represented in are cleanly interruptible and restartable. For purposes of the system. This crucially affects both the kernel inter- readability, in the rest of this paper we will refer to an face that represents these states to user code, and the fun- API with these properties as “atomic.” We use this term because, from the user’s perspective, no thread is ever in This research was largely supported by the Defense Advanced Re- search Projects Agency, monitored by the Dept. of the Army under the middle of any system call. contract DABT63–94–C–0058, and the Air Force Research Laboratory, We have developed a kernel, Fluke [16], which ex- Rome Research Site, USAF, under agreement F30602–96–2–0269. ports a purely atomic API. This API allows the com- Contact information: [email protected], Dept. of Computer Sci- ence, 50 Central Campus Drive, Rm. 3190, University of Utah, SLC, plete state of any user-mode thread to be examined and UT 84112-9205. http://www.cs.utah.edu/projects/flux/. modified by other user-mode threads without being arbi- Execution Model kernel’s execution model. (iii) To present the first com- Interrupt Process parison between the two kernel implementation models using a kernel that supports both in pure form, revealing Fluke Fluke that the models are not necessarily as different as com- (interrupt-model) (process-model) monly believed. (iv) To show that it is practical to use process-model legacy code in an interrupt-model kernel, Atomic VV and to present several techniques for doing so. (original) (Carter) Mach Mach The rest of the paper is organized as follows. In Section (Draves) (original) 2 we look at other systems, both in terms of the “atom- icity” their API and in terms their execution models. In API Model Section 3 we define the two models more precisely, and examine the implementation issues in each, looking at the BSD strengths and weaknesses each model brings to a kernel. Fluke’s atomic API is detailed in Section 4. In the fol- lowing section, we present six issues of importance to the Conventional execution model of a kernel, with measurements based Figure 1: The kernel execution and API model continuums. on different configurations of the same kernel. The final V was originally a pure interrupt-model kernel but was later section summarizes our analysis. modified to be partly process-model; Mach was a pure process- model kernel later modified to be partly interrupt-model. Fluke 2 Related Work supports either execution model via compile time options. Related work is grouped into kernels with atomic or near-atomic system call APIs and work related to kernel trarily delayed. Supporting a purely atomic API slightly execution models. increases the width and complexity of the kernel inter- face but provides important benefits to user-level applica- 2.1 Atomic System Call API tions in terms of the power, flexibility, and predictability The clean interruptibility and restartability of instruc- of system calls. tions is now recognized as a vital property of all mod- In addition, Fluke supports both the interrupt and pro- ern processor architectures. However, this has not always cess execution models through a build-time configuration been the case; as Hennessy and Patterson state: option affecting only a small fraction of the source, en- This last requirement is so difficult that com- abling a comparison between them. Fluke demonstrates puters are awarded the title restartable if they that the two models are not necessarily as different as they pass that test. That supercomputers and many have been considered to be in the past; however, they each early microprocessors do not earn that badge of have strengths and weaknesses. Some processor archi- honor illustrates both the difficulty of interrupts tectures inherently favor the process model and process and the potential cost in hardware complexity model kernels are easier to make fully preemptible. Al- and execution speed. [18] though full preemptibility comes at a cost, this cost is as- sociated with preemptibility, not with the process model Since kernel system calls appear to user-mode code es- itself. Process model kernels use more per-thread ker- sentially as an extension of the processor architecture, nel memory, but this is unlikely to be a problem in prac- the OS clearly faces a similar challenge. However, few tice except for power-constrained systems. We show that operating systems have met this challenge nearly as thor- while an atomic API is beneficial, the kernel’s internal oughly as processor architectures have. execution model is less important: an interrupt-based or- For example, the Unix API [20] distinguishes between ganization has a slight size advantage, whereas a process- “short” and “long” operations. “Short” operations such based organization has somewhat more flexibility. as disk reads are made non-interruptible on the assump- Finally, contrary to conventional wisdom, our kernel tion that they will complete quickly enough that the delay demonstrates that it is practical to use legacy process- will not be noticeable to the application, whereas “long” model code even within interrupt-model kernels. The key operations are interruptible but, if interrupted, must be is to run the legacy code in user mode but in the kernel’s restarted manually by the application.
Recommended publications
  • A Microkernel API for Fine-Grained Decomposition

    A Microkernel API for Fine-Grained Decomposition

    A Microkernel API for Fine-Grained Decomposition Sebastian Reichelt Jan Stoess Frank Bellosa System Architecture Group, University of Karlsruhe, Germany freichelt,stoess,[email protected] ABSTRACT from the microkernel APIs in existence. The need, for in- Microkernel-based operating systems typically require spe- stance, to explicitly pass messages between servers, or the cial attention to issues that otherwise arise only in dis- need to set up threads and address spaces in every server for tributed systems. The resulting extra code degrades per- parallelism or protection require OS developers to adopt the formance and increases development effort, severely limiting mindset of a distributed-system programmer rather than to decomposition granularity. take advantage of their knowledge on traditional OS design. We present a new microkernel design that enables OS devel- Distributed-system paradigms, though well-understood and opers to decompose systems into very fine-grained servers. suited for physically (and, thus, coarsely) partitioned sys- We avoid the typical obstacles by defining servers as light- tems, present obstacles to the fine-grained decomposition weight, passive objects. We replace complex IPC mecha- required to exploit the benefits of microkernels: First, a nisms by a simple function-call approach, and our passive, lot of development effort must be spent into matching the module-like server model obviates the need to create threads OS structure to the architecture of the selected microkernel, in every server. Server code is compiled into small self- which also hinders porting existing code from monolithic sys- contained files, which can be loaded into the same address tems. Second, the more servers exist | a desired property space (for speed) or different address spaces (for safety).
  • Introduction to Debugging the Freebsd Kernel

    Introduction to Debugging the Freebsd Kernel

    Introduction to Debugging the FreeBSD Kernel John H. Baldwin Yahoo!, Inc. Atlanta, GA 30327 [email protected], http://people.FreeBSD.org/˜jhb Abstract used either directly by the user or indirectly via other tools such as kgdb [3]. Just like every other piece of software, the The Kernel Debugging chapter of the FreeBSD kernel has bugs. Debugging a ker- FreeBSD Developer’s Handbook [4] covers nel is a bit different from debugging a user- several details already such as entering DDB, land program as there is nothing underneath configuring a system to save kernel crash the kernel to provide debugging facilities such dumps, and invoking kgdb on a crash dump. as ptrace() or procfs. This paper will give a This paper will not cover these topics. In- brief overview of some of the tools available stead, it will demonstrate some ways to use for investigating bugs in the FreeBSD kernel. FreeBSD’s kernel debugging tools to investi- It will cover the in-kernel debugger DDB and gate bugs. the external debugger kgdb which is used to perform post-mortem analysis on kernel crash dumps. 2 Kernel Crash Messages 1 Introduction The first debugging service the FreeBSD kernel provides is the messages the kernel prints on the console when the kernel crashes. When a userland application encounters a When the kernel encounters an invalid condi- bug the operating system provides services for tion (such as an assertion failure or a memory investigating the bug. For example, a kernel protection violation) it halts execution of the may save a copy of the a process’ memory current thread and enters a “panic” state also image on disk as a core dump.
  • Openvms Record Management Services Reference Manual

    Openvms Record Management Services Reference Manual

    OpenVMS Record Management Services Reference Manual Order Number: AA-PV6RD-TK April 2001 This reference manual contains general information intended for use in any OpenVMS programming language, as well as specific information on writing programs that use OpenVMS Record Management Services (OpenVMS RMS). Revision/Update Information: This manual supersedes the OpenVMS Record Management Services Reference Manual, OpenVMS Alpha Version 7.2 and OpenVMS VAX Version 7.2 Software Version: OpenVMS Alpha Version 7.3 OpenVMS VAX Version 7.3 Compaq Computer Corporation Houston, Texas © 2001 Compaq Computer Corporation Compaq, AlphaServer, VAX, VMS, the Compaq logo Registered in U.S. Patent and Trademark Office. Alpha, PATHWORKS, DECnet, DEC, and OpenVMS are trademarks of Compaq Information Technologies Group, L.P. in the United States and other countries. UNIX and X/Open are trademarks of The Open Group in the United States and other countries. All other product names mentioned herein may be the trademarks of their respective companies. Confidential computer software. Valid license from Compaq required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for Compaq products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty.
  • Microkernel Mechanisms for Improving the Trustworthiness of Commodity Hardware

    Microkernel Mechanisms for Improving the Trustworthiness of Commodity Hardware

    Microkernel Mechanisms for Improving the Trustworthiness of Commodity Hardware Yanyan Shen Submitted in fulfilment of the requirements for the degree of Doctor of Philosophy School of Computer Science and Engineering Faculty of Engineering March 2019 Thesis/Dissertation Sheet Surname/Family Name : Shen Given Name/s : Yanyan Abbreviation for degree as give in the University calendar : PhD Faculty : Faculty of Engineering School : School of Computer Science and Engineering Microkernel Mechanisms for Improving the Trustworthiness of Commodity Thesis Title : Hardware Abstract 350 words maximum: (PLEASE TYPE) The thesis presents microkernel-based software-implemented mechanisms for improving the trustworthiness of computer systems based on commercial off-the-shelf (COTS) hardware that can malfunction when the hardware is impacted by transient hardware faults. The hardware anomalies, if undetected, can cause data corruptions, system crashes, and security vulnerabilities, significantly undermining system dependability. Specifically, we adopt the single event upset (SEU) fault model and address transient CPU or memory faults. We take advantage of the functional correctness and isolation guarantee provided by the formally verified seL4 microkernel and hardware redundancy provided by multicore processors, design the redundant co-execution (RCoE) architecture that replicates a whole software system (including the microkernel) onto different CPU cores, and implement two variants, loosely-coupled redundant co-execution (LC-RCoE) and closely-coupled redundant co-execution (CC-RCoE), for the ARM and x86 architectures. RCoE treats each replica of the software system as a state machine and ensures that the replicas start from the same initial state, observe consistent inputs, perform equivalent state transitions, and thus produce consistent outputs during error-free executions.
  • Introduction to Unix

    Introduction to Unix

    Introduction to Unix Rob Funk <[email protected]> University Technology Services Workstation Support http://wks.uts.ohio-state.edu/ University Technology Services Course Objectives • basic background in Unix structure • knowledge of getting started • directory navigation and control • file maintenance and display commands • shells • Unix features • text processing University Technology Services Course Objectives Useful commands • working with files • system resources • printing • vi editor University Technology Services In the Introduction to UNIX document 3 • shell programming • Unix command summary tables • short Unix bibliography (also see web site) We will not, however, be covering these topics in the lecture. Numbers on slides indicate page number in book. University Technology Services History of Unix 7–8 1960s multics project (MIT, GE, AT&T) 1970s AT&T Bell Labs 1970s/80s UC Berkeley 1980s DOS imitated many Unix ideas Commercial Unix fragmentation GNU Project 1990s Linux now Unix is widespread and available from many sources, both free and commercial University Technology Services Unix Systems 7–8 SunOS/Solaris Sun Microsystems Digital Unix (Tru64) Digital/Compaq HP-UX Hewlett Packard Irix SGI UNICOS Cray NetBSD, FreeBSD UC Berkeley / the Net Linux Linus Torvalds / the Net University Technology Services Unix Philosophy • Multiuser / Multitasking • Toolbox approach • Flexibility / Freedom • Conciseness • Everything is a file • File system has places, processes have life • Designed by programmers for programmers University Technology Services
  • Blackberry QNX Multimedia Suite

    Blackberry QNX Multimedia Suite

    PRODUCT BRIEF QNX Multimedia Suite The QNX Multimedia Suite is a comprehensive collection of media technology that has evolved over the years to keep pace with the latest media requirements of current-day embedded systems. Proven in tens of millions of automotive infotainment head units, the suite enables media-rich, high-quality playback, encoding and streaming of audio and video content. The multimedia suite comprises a modular, highly-scalable architecture that enables building high value, customized solutions that range from simple media players to networked systems in the car. The suite is optimized to leverage system-on-chip (SoC) video acceleration, in addition to supporting OpenMAX AL, an industry open standard API for application-level access to a device’s audio, video and imaging capabilities. Overview Consumer’s demand for multimedia has fueled an anywhere- o QNX SDK for Smartphone Connectivity (with support for Apple anytime paradigm, making multimedia ubiquitous in embedded CarPlay and Android Auto) systems. More and more embedded applications have require- o Qt distributions for QNX SDP 7 ments for audio, video and communication processing capabilities. For example, an infotainment system’s media player enables o QNX CAR Platform for Infotainment playback of content, stored either on-board or accessed from an • Support for a variety of external media stores external drive, mobile device or streamed over IP via a browser. Increasingly, these systems also have streaming requirements for Features at a Glance distributing content across a network, for instance from a head Multimedia Playback unit to the digital instrument cluster or rear seat entertainment units. Multimedia is also becoming pervasive in other markets, • Software-based audio CODECs such as medical, industrial, and whitegoods where user interfaces • Hardware accelerated video CODECs are increasingly providing users with a rich media experience.
  • Blackberry Playbook OS 2.0 Performs. Best in Class Communications

    Blackberry Playbook OS 2.0 Performs. Best in Class Communications

    BlackBerry PlayBook OS 2.0 Performs. Best in class communications. Powerful productivity. Performance powerhouse. What’s new and exciting about PlayBook™ OS 2.0 A proven performance powerhouse PlayBook OS 2.0 builds on proven performance through powerful hardware and intuitive, easy to use gestures. BlackBerry® PlayBook™ packs a blazing fast dual core processor, two HD 1080p video cameras, and 1 GB of RAM for a high performance experience that is up to the task – whatever it may be. The best of BlackBerry® comes built-in The BlackBerry PlayBook now gives you the BlackBerry communications experience you love, built for a tablet. PlayBook OS 2.0 introduces built-in email that lets you create, edit and format messages, and built-in contacts app and social calendar that connect to your social networks to give you a complete profile ™ of your contacts, including recent status updates. So, seize the BlackBerry App World moment and share it with the power of BlackBerry. The BlackBerry PlayBook has all your favorite apps and thousands more. Games like Angry Birds and Cut The Rope, BlackBerry® Bridge™ Technology social networking sites like Facebook, and even your favorite books from Kobo - the apps you want are here for you to New BlackBerry® Bridge™ features let your BlackBerry® smartphone discover in the BlackBerry AppWorld™ storefront. act as a keyboard and mouse for your BlackBerry PlayBook, giving you wireless remote control of your tablet. Perfect for pausing a movie when your BlackBerry PlayBook is connected to your TV with An outstanding web experience an HDMI connection. Plus, if you’re editing a document or browsing BlackBerry PlayBook puts the power of the real Internet at your a webpage on your BlackBerry smartphone and want to see it on a fingertips with a blazing fast Webkit engine supporting HTML5 larger display, BlackBerry Bridge lets you switch screens to view on and Adobe® Flash® 11.1.
  • Advanced Operating Systems #1

    Advanced Operating Systems #1

    <Slides download> https://www.pf.is.s.u-tokyo.ac.jp/classes Advanced Operating Systems #2 Hiroyuki Chishiro Project Lecturer Department of Computer Science Graduate School of Information Science and Technology The University of Tokyo Room 007 Introduction of Myself • Name: Hiroyuki Chishiro • Project Lecturer at Kato Laboratory in December 2017 - Present. • Short Bibliography • Ph.D. at Keio University on March 2012 (Yamasaki Laboratory: Same as Prof. Kato). • JSPS Research Fellow (PD) in April 2012 – March 2014. • Research Associate at Keio University in April 2014 – March 2016. • Assistant Professor at Advanced Institute of Industrial Technology in April 2016 – November 2017. • Research Interests • Real-Time Systems • Operating Systems • Middleware • Trading Systems Course Plan • Multi-core Resource Management • Many-core Resource Management • GPU Resource Management • Virtual Machines • Distributed File Systems • High-performance Networking • Memory Management • Network on a Chip • Embedded Real-time OS • Device Drivers • Linux Kernel Schedule 1. 2018.9.28 Introduction + Linux Kernel (Kato) 2. 2018.10.5 Linux Kernel (Chishiro) 3. 2018.10.12 Linux Kernel (Kato) 4. 2018.10.19 Linux Kernel (Kato) 5. 2018.10.26 Linux Kernel (Kato) 6. 2018.11.2 Advanced Research (Chishiro) 7. 2018.11.9 Advanced Research (Chishiro) 8. 2018.11.16 (No Class) 9. 2018.11.23 (Holiday) 10. 2018.11.30 Advanced Research (Kato) 11. 2018.12.7 Advanced Research (Kato) 12. 2018.12.14 Advanced Research (Chishiro) 13. 2018.12.21 Linux Kernel 14. 2019.1.11 Linux Kernel 15. 2019.1.18 (No Class) 16. 2019.1.25 (No Class) Linux Kernel Introducing Synchronization /* The cases for Linux */ Acknowledgement: Prof.
  • Process Scheduling Ii

    Process Scheduling Ii

    PROCESS SCHEDULING II CS124 – Operating Systems Spring 2021, Lecture 12 2 Real-Time Systems • Increasingly common to have systems with real-time scheduling requirements • Real-time systems are driven by specific events • Often a periodic hardware timer interrupt • Can also be other events, e.g. detecting a wheel slipping, or an optical sensor triggering, or a proximity sensor reaching a threshold • Event latency is the amount of time between an event occurring, and when it is actually serviced • Usually, real-time systems must keep event latency below a minimum required threshold • e.g. antilock braking system has 3-5 ms to respond to wheel-slide • The real-time system must try to meet its deadlines, regardless of system load • Of course, may not always be possible… 3 Real-Time Systems (2) • Hard real-time systems require tasks to be serviced before their deadlines, otherwise the system has failed • e.g. robotic assembly lines, antilock braking systems • Soft real-time systems do not guarantee tasks will be serviced before their deadlines • Typically only guarantee that real-time tasks will be higher priority than other non-real-time tasks • e.g. media players • Within the operating system, two latencies affect the event latency of the system’s response: • Interrupt latency is the time between an interrupt occurring, and the interrupt service routine beginning to execute • Dispatch latency is the time the scheduler dispatcher takes to switch from one process to another 4 Interrupt Latency • Interrupt latency in context: Interrupt! Task
  • QNX Neutrino® Realtime Operating System

    QNX Neutrino® Realtime Operating System

    PRODUCT BRIEF QNX Neutrino® Realtime Operating System QNX Neutrino® is a full-featured and robust operating system designed to enable the next-generation of products for automotive, medical and industrial embedded systems. Microkernel design and modular architecture enable customers to create highly optimized and reliable systems with low total cost of ownership. With QNX Neutrino®, embedded systems designers can create compelling, safe and secure devices built on a highly reliable operating system software foundation that helps guard against system malfunctions, malware and cyber security breaches. For over 35 years, thousands of companies have deployed and The QNX Neutrino microkernel memory-protected architecture trusted QNX realtime technology to ensure the best combination provides a foundation to build safety-critical systems. QNX of performance, security and reliability in the world’s most Neutrino® is 100% API compatible with QNX pre-certified mission-critical systems. software products that address compliance with safety certifica- tions in automotive (ISO 26262), industrial safety (IEC 61508) and Built-in mission critical reliability medical devices (IEC 62304). Time-tested and field-proven, the QNX Neutrino® is built on a true microkernel architecture. Under this system, every driver, Maximize software investments application, protocol stack, and filesystem runs outside the kernel QNX Neutrino® provides a common software platform that can be in the safety of memory-protected user space. Virtually any deployed for safety certified and non-certified projects across a component can fail and be automatically restarted without broad range of hardware platforms. Organizations can reduce aecting other components or the kernel. No other commercial duplication, costs and risks associated with the deployment of RTOS provides such a high level of fault containment and recovery.
  • Microkernels in a Bit More Depth • Early Operating Systems Had Very Little Structure • a Strictly Layered Approach Was Promoted by Dijkstra

    Microkernels in a Bit More Depth • Early Operating Systems Had Very Little Structure • a Strictly Layered Approach Was Promoted by Dijkstra

    Motivation Microkernels In a Bit More Depth Early operating systems had very little structure A strictly layered approach was promoted by Dijkstra THE Operating System [Dij68] COMP9242 2007/S2 Week 4 Later OS (more or less) followed that approach (e.g., Unix). UNSW Such systems are known as monolithic kernels COMP9242 07S2 W04 1 Microkernels COMP9242 07S2 W04 2 Microkernels Issues of Monolithic Kernels Evolution of the Linux Kernel E Advantages: Kernel has access to everything: all optimisations possible all techniques/mechanisms/concepts implementable Kernel can be extended by adding more code, e.g. for: new services support for new harwdare Problems: Widening range of services and applications OS bigger, more complex, slower, more error prone. Need to support same OS on different hardware. Like to support various OS environments. Distribution impossible to provide all services from same (local) kernel. COMP9242 07S2 W04 3 Microkernels COMP9242 07S2 W04 4 Microkernels Approaches to Tackling Complexity Evolution of the Linux Kernel Part 2 A Classical software-engineering approach: modularity Software-engineering study of Linux kernel [SJW+02]: (relatively) small, mostly self-contained components well-defined interfaces between them Looked at size and interdependencies of kernel "modules" enforcement of interfaces "common coupling": interdependency via global variables containment of faults to few modules Analysed development over time (linearised version number) Doesn't work with monolithic kernels: Result 1:
  • Building Performance Measurement Tools for the MINIX 3 Operating System

    Building Performance Measurement Tools for the MINIX 3 Operating System

    Building Performance Measurement Tools for the MINIX 3 Operating System Rogier Meurs August 2006 Contents 1 INTRODUCTION 1 1.1 Measuring Performance 1 1.2 MINIX 3 2 2 STATISTICAL PROFILING 3 2.1 Introduction 3 2.2 In Search of a Timer 3 2.2.1 i8259 Timers 3 2.2.2 CMOS Real-Time Clock 3 2.3 High-level Description 4 2.4 Work Done in User-Space 5 2.4.1 The SPROFILE System Call 5 2.5 Work Done in Kernel-Space 5 2.5.1 The SPROF Kernel Call 5 2.5.2 Profiling using the CMOS Timer Interrupt 6 2.6 Work Done at the Application Level 7 2.6.1 Control Tool: profile 7 2.6.2 Analyzing Tool: sprofalyze.pl 7 2.7 What Can and What Cannot be Profiled 8 2.8 Profiling Results 8 2.8.1 High Scoring IPC Functions 8 2.8.2 Interrupt Delay 9 2.8.3 Profiling Runs on Simulator and Other CPU Models 12 2.9 Side-effect of Using the CMOS Clock 12 3 CALL PROFILING 13 3.1 Introduction 13 3.1.1 Compiler-supported Call Profiling 13 3.1.2 Call Paths, Call and Cycle Attribution 13 3.2 High-level Description 14 3.3 Work Done in User-Space 15 3.3.1 The CPROFILE System Call 15 3.4 Work Done in Kernel-Space 16 3.4.1 The PROFBUF and CPROF Kernel Calls 16 3.5 Work Done in Libraries 17 3.5.1 Profiling Using Library Functions 17 3.5.2 The Procentry Library Function 17 3.5.3 The Procexit Library Function 20 3.5.4 The Call Path String 22 3.5.5 Testing Overhead Elimination 23 3.6 Profiling Kernel-Space/User-Space Processes 24 3.6.1 Differences in Announcing and Table Sizes 24 3.6.2 Kernel-Space Issue: Reentrancy 26 3.6.3 Kernel-Space Issue: The Call Path 26 3.7 Work Done at the Application