Microkernel Virtualization Under One Roof - Dare the Impossible

Total Page:16

File Type:pdf, Size:1020Kb

Microkernel Virtualization Under One Roof - Dare the Impossible Microkernel virtualization under one roof - dare the impossible - Alexander Böttcher <[email protected]> Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible -2 Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible -3 Motivation Off-the-shell virtualization solution ridden with complexity. Application of virtualization call for trustworthy solutions. Complexity defeats trust. Alternative approach → Microkernels with hardware assisted virtualization extensions Microkernel virtualization under one roof - dare the impossible -4 Component based virtualization architecture Guest OS Guest OS Guest OS non-root mode root mode VMM VMM VMM Resource management Apps Drivers 9,000 SLOC kernel NOVA Microhypervisor Microkernel virtualization under one roof - dare the impossible -5 Genode OS framework Microkernel virtualization under one roof - dare the impossible -6 General supported kernels on Genode Microkernel virtualization under one roof - dare the impossible -7 Kernels with hardware assisted virtualization Microkernel virtualization under one roof - dare the impossible -8 VMM inventory of Genode Hardware assisted virtualization/separation support Microkernel Host VMM Guest vCPU hw ARM, 32bit custom 1, 32bit hw/trustzone ARM, 32bit custom 1, 32bit hw with Muen Intel, 64bit VBox 4 1, 32bit Seoul N, 32bit NOVA Intel & AMD VBox 4 N, 32bit, 64 bit 32bit, 64bit VBox 5 N, 32bit, 64 bit Microkernel virtualization under one roof - dare the impossible -9 Focus on x86 microkernels for now → NOVA, seL4, Fiasco.OC, and -hw- Approach: Generalize VM interface as used by -hw- Research challenge Vision: VMMs runnable on all kernels w/o re-compilation Microkernel virtualization under one roof - dare the impossible - 10 Approach: Generalize VM interface as used by -hw- Research challenge Vision: VMMs runnable on all kernels w/o re-compilation Focus on x86 microkernels for now → NOVA, seL4, Fiasco.OC, and -hw- Microkernel virtualization under one roof - dare the impossible - 10 Research challenge Vision: VMMs runnable on all kernels w/o re-compilation Focus on x86 microkernels for now → NOVA, seL4, Fiasco.OC, and -hw- Approach: Generalize VM interface as used by -hw- Microkernel virtualization under one roof - dare the impossible - 10 Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible - 11 Flow of a virtualization event User-level VMM Guest OS UTCB VMCS UTCB copy NOVA world switch Microkernel virtualization under one roof - dare the impossible - 12 vCPU state on NOVA UTCB VMM user space kernel space UTCB VMCS/VMCB NOVA microhypervisor Transfer: UTCB, VMCS/VMCB agnostic, partial state support Microkernel virtualization under one roof - dare the impossible - 13 vCPU state on Fiasco.OC UTCB VMM vCPU state user space kernel space UTCB VMCS/VMCB vCPU state Fiasco.OC microkernel Transfer: vCPU state, not VMCS/VMCB agnostic, full state Microkernel virtualization under one roof - dare the impossible - 14 vCPU state on seL4 IPCBuffer VMM user space kernel space IPCBuffer VMCS vCPU state seL4 microkernel Transfer: hybrid - IPCBuffer & syscall per VMCS register IPCBuffer: VM exit - 17 registers, VM enter - 3 registers Microkernel virtualization under one roof - dare the impossible - 15 Control flow on NOVA UTCB VMM thread IPC call user space kernel space IPC reply UTCB vCPU VMCS/VMCB NOVA microhypervisor Microkernel virtualization under one roof - dare the impossible - 16 Control flow on Fiasco.OC UTCB VMM vCPU state thread syscall done user space vmresume kernel space (blocking) UTCB vCPU VMCS/VMCB vCPU state Fiasco.OC microkernel Microkernel virtualization under one roof - dare the impossible - 17 Control flow on seL4 IPCBuffer VMM thread syscall done user space vmenter kernel space (blocking) IPCBuffer vCPU VMCS vCPU state seL4 microkernel Microkernel virtualization under one roof - dare the impossible - 18 Control flow on Genode’s -hw- UTCB VMM vCPU state thread signal user space kernel space run UTCB vCPU vCPU state Genode’s -hw- microkernel (ARM) Microkernel virtualization under one roof - dare the impossible - 19 Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible - 20 VM event → just another event source I/O event → just another event source Kernel agnostic ABI Unified vCPU state per platform Design goals VMM → just a component Genode components designed event driven Non-blocking thread (entrypoint) register for event sources Events cause transition in state machine State transition by Genode signal or RPC Microkernel virtualization under one roof - dare the impossible - 21 Design goals VMM → just a component Genode components designed event driven Non-blocking thread (entrypoint) register for event sources Events cause transition in state machine State transition by Genode signal or RPC VM event → just another event source I/O event → just another event source Kernel agnostic ABI Unified vCPU state per platform Microkernel virtualization under one roof - dare the impossible - 21 Envisioned vCPU handling VMM entrypoint timer network signal signal user space VM event kernel space vCPU0 vCPUn kernel Microkernel virtualization under one roof - dare the impossible - 22 Envisioned vCPU handling - multi core VMM entrypoint A entrypoint B user space kernel space vCPU A0 ... vCPU An vCPU B0 ... vCPU Bn kernel Microkernel virtualization under one roof - dare the impossible - 23 VM interface - kernel agnostic VMM Entrypoint VM interface ld.lib.so user space kernel space vCPU0 ... vCPUn kernel Genode -base- library with unified ABI in ld.lib.so Microkernel virtualization under one roof - dare the impossible - 24 VM interface - kernel agnostic VM connection/session → VM address space established create_vcpu() - setup new vCPUs cpu_state() - access to guest state attach/detach() - memory management of VM VM_handler class - registration for VM event handling run/pause() - control execution of vCPUs - non-blocking Microkernel virtualization under one roof - dare the impossible - 25 VM interface - kernel agnostic entrypoint VMM VM interface (client) ld.lib.so connection init VM interface (server) core user space kernel space kernel Microkernel virtualization under one roof - dare the impossible - 26 VM interface - kernel agnostic entrypoint VMM VM interface (client) ld.lib.so VM session init VM interface (server) core user space kernel space vCPU0 ... vCPUn kernel Microkernel virtualization under one roof - dare the impossible - 27 VM interface - kernel agnostic entrypoint VMM VM interface (client) ld.lib.so VM session init VM interface (server) core user space kernel space Server: 200-400 LOC Client: NOVA, seL4:vCPU0 ~500 ... vCPUn - Fiasco.OC: ~1000 - hw: ~30 LOC kernel Microkernel virtualization under one roof - dare the impossible - 28 Control flow on Genode’s -hw- and NOVA UTCB VMM vCPU state thread signalIPC call user space kernel space IPC replyrun UTCB vCPU VMCS/VMCB vCPU state Genode’sNOVA -hw- microhypervisor microkernel (ARM) Microkernel virtualization under one roof - dare the impossible - 29 Control flow on Genode’s -hw- and NOVA Event source VMM VM (timer) kernel vCPU Entrypoint hw/NOVA vCPU0 vCPU1 VM exit signal/IPC call run/IPC reply non-blocking VM resume event (timeout) pause/recall non-blocking VM exit signal/IPC call run/IPC reply inject vIRQ Microkernel virtualization under one roof - dare the impossible - 30 Control flow on seL4 and Fiasco.OC IPCBufferUTCB VMM vCPU state thread syscall done user space vmresumevmenter kernel space (blocking) IPCBufferUTCB vCPU VMCS/VMCBVMCS vCPU state Fiasco.OCseL4 microkernel microkernel Microkernel virtualization under one roof - dare the impossible - 31 Control flow on seL4 and Fiasco.OC Event source VMM kernel VM (timer) Entrypoint seL4/Fiasco.OC vCPU0 vCPU1 vmenter/vmresume blocking syscall VM resume Blocking syscall unfortunate → complicates life Kernels provide mechanism to cancel Avoid special case handling in Genode for first take → Workaround: spawn per vCPU extra thread Microkernel virtualization under one roof - dare the impossible - 32 Control flow on seL4 and Fiasco.OC Event source VMM kernel VM (timer) Entrypoint Handler0 Handler1 vCPU0 vCPU1 run non-blocking vmenter/vmresume VM resume run non-blocking vmenter/vmresume VM resume Microkernel virtualization under one roof - dare the impossible - 33 Control flow on seL4 and Fiasco.OC Event source VMM kernel VM (timer) Entrypoint Handler0 seL4/Fiasco.OC vCPU0 vCPU1 run non-blocking vmenter/vmresume blocking syscall VM resume event (timeout) pause cancel vmenter/vmresume vmenter/vmresume syscall returns signal run inject vIRQ vmenter/vmresume inject vIRQ VM resume Microkernel virtualization under one roof - dare the impossible - 34 Outline 1. Introduction 2. Kernel interfaces 3. VM interface harmonization 4. VMMs harmonized 5. Conclusion Microkernel virtualization under one roof - dare the impossible - 35 sel4 v9.0: Kernel fault on VMEnter by non vCPU thread → patch No unrestricted guest support → patch Scheduling bug if vCPU spins → starvation → patch Kernel denies to boot on non VT-x platforms → patch → Working toy VMM on all 3 kernels → no AMD support by seL4 VMM unit test Control flow
Recommended publications
  • A Programmable Microkernel for Real-Time Systems∗
    A Programmable Microkernel for Real-Time Systems∗ Christoph M. Kirsch Marco A.A. Sanvido Thomas A. Henzinger University of Salzburg VMWare Inc. EPFL and UC Berkeley [email protected] tah@epfl.ch ABSTRACT Categories and Subject Descriptors We present a new software system architecture for the im- D.4.7 [Operating Systems]: Organization and Design— plementation of hard real-time applications. The core of the Real-time systems and embedded systems system is a microkernel whose reactivity (interrupt handling as in synchronous reactive programs) and proactivity (task General Terms scheduling as in traditional RTOSs) are fully programma- Languages ble. The microkernel, which we implemented on a Strong- ARM processor, consists of two interacting domain-specific Keywords virtual machines, a reactive E (Embedded) machine and a proactive S (Scheduling) machine. The microkernel code (or Real Time, Operating System, Virtual Machine microcode) that runs on the microkernel is partitioned into E and S code. E code manages the interaction of the system 1. INTRODUCTION with the physical environment: the execution of E code is In [9], we advocated the E (Embedded) machine as a triggered by environment interrupts, which signal external portable target for compiling hard real-time code, and in- events such as the arrival of a message or sensor value, and it troduced, in [11], the S (Scheduling) machine as a universal releases application tasks to the S machine. S code manages target for generating schedules according to arbitrary and the interaction of the system with the processor: the exe- possibly non-trivial strategies such as nonpreemptive and cution of S code is triggered by hardware interrupts, which multiprocessor scheduling.
    [Show full text]
  • The Design of the EMPS Multiprocessor Executive for Distributed Computing
    The design of the EMPS multiprocessor executive for distributed computing Citation for published version (APA): van Dijk, G. J. W. (1993). The design of the EMPS multiprocessor executive for distributed computing. Technische Universiteit Eindhoven. https://doi.org/10.6100/IR393185 DOI: 10.6100/IR393185 Document status and date: Published: 01/01/1993 Document Version: Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers) Please check the document version of this publication: • A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal.
    [Show full text]
  • Chapter 1. Origins of Mac OS X
    1 Chapter 1. Origins of Mac OS X "Most ideas come from previous ideas." Alan Curtis Kay The Mac OS X operating system represents a rather successful coming together of paradigms, ideologies, and technologies that have often resisted each other in the past. A good example is the cordial relationship that exists between the command-line and graphical interfaces in Mac OS X. The system is a result of the trials and tribulations of Apple and NeXT, as well as their user and developer communities. Mac OS X exemplifies how a capable system can result from the direct or indirect efforts of corporations, academic and research communities, the Open Source and Free Software movements, and, of course, individuals. Apple has been around since 1976, and many accounts of its history have been told. If the story of Apple as a company is fascinating, so is the technical history of Apple's operating systems. In this chapter,[1] we will trace the history of Mac OS X, discussing several technologies whose confluence eventually led to the modern-day Apple operating system. [1] This book's accompanying web site (www.osxbook.com) provides a more detailed technical history of all of Apple's operating systems. 1 2 2 1 1.1. Apple's Quest for the[2] Operating System [2] Whereas the word "the" is used here to designate prominence and desirability, it is an interesting coincidence that "THE" was the name of a multiprogramming system described by Edsger W. Dijkstra in a 1968 paper. It was March 1988. The Macintosh had been around for four years.
    [Show full text]
  • Research Purpose Operating Systems – a Wide Survey
    GESJ: Computer Science and Telecommunications 2010|No.3(26) ISSN 1512-1232 RESEARCH PURPOSE OPERATING SYSTEMS – A WIDE SURVEY Pinaki Chakraborty School of Computer and Systems Sciences, Jawaharlal Nehru University, New Delhi – 110067, India. E-mail: [email protected] Abstract Operating systems constitute a class of vital software. A plethora of operating systems, of different types and developed by different manufacturers over the years, are available now. This paper concentrates on research purpose operating systems because many of them have high technological significance and they have been vividly documented in the research literature. Thirty-four academic and research purpose operating systems have been briefly reviewed in this paper. It was observed that the microkernel based architecture is being used widely to design research purpose operating systems. It was also noticed that object oriented operating systems are emerging as a promising option. Hence, the paper concludes by suggesting a study of the scope of microkernel based object oriented operating systems. Keywords: Operating system, research purpose operating system, object oriented operating system, microkernel 1. Introduction An operating system is a software that manages all the resources of a computer, both hardware and software, and provides an environment in which a user can execute programs in a convenient and efficient manner [1]. However, the principles and concepts used in the operating systems were not standardized in a day. In fact, operating systems have been evolving through the years [2]. There were no operating systems in the early computers. In those systems, every program required full hardware specification to execute correctly and perform each trivial task, and its own drivers for peripheral devices like card readers and line printers.
    [Show full text]
  • Microkernel Construction Introduction
    Microkernel Construction Introduction Nils Asmussen 04/09/2020 1 / 32 Normal Organization Thursday, 4th DS, 2 SWS Slides: www.tudos.org ! Studies ! Lectures ! MKC Subscribe to our mailing list: www.tudos.org/mailman/listinfo/mkc2020 In winter term: Microkernel-based operating systems (MOS) Various labs 2 / 32 Organization due to COVID-19 Slides and video recordings of lectures will be published Questions can be asked on the mailing list Subscribe to the mailing list! Practical exercises are planed for the end of the semester Depending on how COVID-19 continues, exercises are in person or we use some video-conferencing tool 3 / 32 Goals 1 Provide deeper understanding of OS mechanisms 2 Look at the implementation details of microkernels 3 Make you become enthusiastic microkernel hackers 4 Propaganda for OS research done at TU Dresden and Barkhausen Institut 4 / 32 Outline Organization Monolithic vs. Microkernel Kernel design comparison Examples for microkernel-based systems Vision vs. Reality Challenges Overview About L4/NOVA 5 / 32 Monolithic Kernel System Design u s Application Application Application e r k Kernel e r File Network n e Systems Stacks l m Memory Process o Drivers Management Management d e Hardware 6 / 32 Monolithic Kernel OS (Propaganda) System components run in privileged mode No protection between system components Faulty driver can crash the whole system Malicious app could exploit bug in faulty driver More than 2=3 of today's OS code are drivers No need for good system design Direct access to data structures Undocumented
    [Show full text]
  • Linux on the OSF Mach3 Microkernel
    Linux on top of the OSF Mach3 Microkernel Linux on top of the OSF Mach3 Microkernel Linux on top of OSF MK The Mach3.0 Microkernel: Design • microkernel abstractions François Barbou des Places ([email protected]) • task, thread, port, message, memory object Nick Stephen ([email protected]) • resources and services represented as ports OSF Research Institute - Grenoble • interfaces implemented via RPC to an object port Task Message • Objectives: • widen the audience for the free OSF micro-kernel Ports • provide a complete and free platform to develop new Threads servers, applications or kernel extensions • provide Apple with a freely redistributable microkernel-based operating system for the Memory Apple/PowerMac platform Object Freely Redistributable Software Conference - 5 Feb 1996 - Cambridge 1/17 Freely Redistributable Software Conference - 5 Feb 1996 - Cambridge 2/17 Linux on top of the OSF Mach3 Microkernel Linux on top of the OSF Mach3 Microkernel The Mach3.0 microkernel: Benefits OSF MK Improvements • portability (modular design) • performance • symmetric multi-processing support • kernel-loaded servers (collocation) • thread migration • scalability (from desktop PCs to high-end multi-computers) • short-circuited RPC • extensibility • real-time • OS-neutrality • preemptable kernel • support for OS personalities running as user tasks • real-time RPC, priority inheritance • pageable, preemptable • distributed system (clusters and multi-computers) • more portable: isolated from hardware • DIPC: transparent Distributed IPC • simpler:
    [Show full text]
  • Scalability of Microkernel-Based Systems
    Scalability of Microkernel-Based Systems Zur Erlangung des akademischen Grades eines DOKTORS DER INGENIERWISSENSCHAFTEN von der Fakultat¨ fur¨ Informatik der Universitat¨ Fridericiana zu Karlsruhe (TH) genehmigte DISSERTATION von Volkmar Uhlig aus Dresden Tag der mundlichen¨ Prufung:¨ 30.05.2005 Hauptreferent: Prof. Dr. rer. nat. Gerhard Goos Universitat¨ Fridericiana zu Karlsruhe (TH) Korreferent: Prof. Dr. sc. tech. (ETH) Gernot Heiser University of New South Wales, Sydney, Australia Karlsruhe: 15.06.2005 i Abstract Microkernel-based systems divide the operating system functionality into individ- ual and isolated components. The system components are subject to application- class protection and isolation. This structuring method has a number of benefits, such as fault isolation between system components, safe extensibility, co-existence of different policies, and isolation between mutually distrusting components. How- ever, such strict isolation limits the information flow between subsystems including information that is essential for performance and scalability in multiprocessor sys- tems. Semantically richer kernel abstractions scale at the cost of generality and mini- mality–two desired properties of a microkernel. I propose an architecture that al- lows for dynamic adjustment of scalability-relevant parameters in a general, flex- ible, and safe manner. I introduce isolation boundaries for microkernel resources and the system processors. The boundaries are controlled at user-level. Operating system components and applications can transform their semantic information into three basic parameters relevant for scalability: the involved processors (depending on their relation and interconnect), degree of concurrency, and groups of resources. I developed a set of mechanisms that allow a kernel to: 1. efficiently track processors on a per-resource basis with support for very large number of processors, 2.
    [Show full text]
  • The Outlook for Scalable Parallel Processing
    @) I AUTHOR'S COPY Decision Resources, Inc. Bay Colony Corporate Center 1100 Winter Street Information Systems Industry Waltham, Massachusetts 02154 Telephone 617.487.3700 The Outlook for Scalable Telefax 617.487.5750 Parallel Processing Gordon Bell Consultant to Decision Resources, Inc. It is likely that this decade will usher in the beginning Business Implications of an era in which general-purpose1 scalable parallel - A * Scalable, massively parallel processing computers computers assume most of the applications currently promise to become the most costeffective ap run on mainframes, supercomputers, and specialized proach to computing within the next decade, and scalable computers. A scalable computer is a com- the means by which to solve particular, difficult, puter designed from a small number of basic compo- large-scale commercial and technical problems. nents, without a single bottleneck component, so that The commercial and technical markets are funda- the computer can be incrementally expanded over its mentally different. Massively parallel processors designed scaling range, delivering linear incremental may be more useful for commercial applications performance for a well-defined set of scalable applica- because of the parallelism implicit in accessing a tions. General-purpose scalable computers provide a database through multiple, independent transac- wide range of processing, memory size, and 1/0 re- tions. Ease of programming will be the principal sources. Scalability is the degree to which perform- factor that determines how rapidly this class of ance increments of a scalable computer are linear. computer architecture will penetrate the general- Ideally, an application should be usable at all com- purpose computing market. puter size scales and operate with constant efficiency.
    [Show full text]
  • R00456--FM Getting up to Speed
    GETTING UP TO SPEED THE FUTURE OF SUPERCOMPUTING Susan L. Graham, Marc Snir, and Cynthia A. Patterson, Editors Committee on the Future of Supercomputing Computer Science and Telecommunications Board Division on Engineering and Physical Sciences THE NATIONAL ACADEMIES PRESS Washington, D.C. www.nap.edu THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, DC 20001 NOTICE: The project that is the subject of this report was approved by the Gov- erning Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engi- neering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for ap- propriate balance. Support for this project was provided by the Department of Energy under Spon- sor Award No. DE-AT01-03NA00106. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the organizations that provided support for the project. International Standard Book Number 0-309-09502-6 (Book) International Standard Book Number 0-309-54679-6 (PDF) Library of Congress Catalog Card Number 2004118086 Cover designed by Jennifer Bishop. Cover images (clockwise from top right, front to back) 1. Exploding star. Scientific Discovery through Advanced Computing (SciDAC) Center for Supernova Research, U.S. Department of Energy, Office of Science. 2. Hurricane Frances, September 5, 2004, taken by GOES-12 satellite, 1 km visible imagery. U.S. National Oceanographic and Atmospheric Administration. 3. Large-eddy simulation of a Rayleigh-Taylor instability run on the Lawrence Livermore National Laboratory MCR Linux cluster in July 2003.
    [Show full text]
  • Reversals of Fortune
    CHAPTER ONE Reversals of Fortune t was a warm, breezy day in the early summer of 1994 as I drove south I on Middlefield Road in Mountain View, California, on my way to a new startup named Mosaic Communications, Inc. I had arranged to meet some old Apple Computer friends who had bailed out of Apple to join the new company only a few days earlier. My nethead friends were overly enamored, for my tastes, with the recently commercialized ARPANet, now becoming the Internet. In fact, Apple Computer hadn't paid much attention to their Internet dreams, so they left. Apple was never going to care about networks, so why not move to a networking company? Even I thought the "Internet business" was far too techie for consumers. But when my friends were offered stock options to play with the Internet, they bolted. I thought my friends crazy for jumping the Apple Computer ship to swim with an unknown startup. After all, Apple Computer was going strong, growing its worldwide share of the personal computer market to nearly 10 percent, making it second only to all-powerful IBM. The per- sonal computer market was up for grabs as nobody had more than 11-12 percent of the blooming global market. Things could only get bet- ter for Apple. Mosaic could be gone in 6 months. A classic rock station blasted from my radio as I waited for a red stoplight to turn. The emblem of a polished horse glistened from the car next to me. These Ferrari's are a dime a dozen in Silicon Valley, I thought.
    [Show full text]
  • REAL-TIME SYSTEMS: an INTRODUCTION Keep up with the Data Stream from the Landing Radar
    R REAL-TIME SYSTEMS: AN INTRODUCTION keep up with the data stream from the landing radar. AND THE STATE-OF-THE-ART However, it was discovered that the missed deadlines were nonfatal, and the scheduler automatically adjusted, INTRODUCTION to meet soft real-time behavior for the landing tasks. Our goal in this article is to give an overview of the broad Periodic and Aperiodic Tasks area of real-time systems. This task daunting because real- Real-time applications are also classified depending on the time systems are everywhere, and yet no generally tasks that comprise the application. In some systems, tasks accepted definition differentiates real-time systems from are executed repetitively within a specified period. A task t non–real-time systems. We will make an attempt at pro- i is characterized as (p ,e), where p its periodicity and e is viding a general overview of the different classes of real- i i i i its (worst-case) execution time. Monitoring patient’s vitals time systems, scheduling of tasks (or threads) in such is an example of such a system. Hard real-time systems are systems, design tools and environments for real-time sys- usually designed using periodic tasks, and static schedul- tems, real-time operating systems, and embedded systems. ing can be used for periodic tasks. We will conclude our discussions with research challenges Aperiodic tasks are tasks that are executed on demand that still remain. (or with unknown period). A task is executed in response to an event, and a task t is characterized as (a ,r,e,d) where Definitions i i i i i ai its the arrival time.
    [Show full text]
  • Microkernel Operating Systems
    STAYING AWAKE ON FRIDAY AFTERNOON Interactive Session on MINIX 3 ASCI GNARP workshop March 17, 2006 ± Rockanje Jorrit N. Herder Dept. of Computer Science Vrije Universiteit Amsterdam GNARP ©06 Jorrit N. Herder 1 QUIZ ● What operating systems do you use? ● Which one is more dependable? ● Why? ● Would you install my nifty kernel module? ● How about device drivers? ● What other threats do you see? ● How much performance would you be willing to sacrifice? GNARP ©06 Jorrit N. Herder 2 WHERE DID IT GO WRONG? ● Historically, design was guided by performance ● Fundamental design flaws in monolithic kernels – All code runs at highest privilege level (breaches POLA) – No proper fault isolation (any bug can be fatal) – Huge amount of code in kernel (1-20 bugs per 1000 LOC) – Untrusted, 3rd party code in kernel (70% driver bugs) – Complex and hard to maintain (causes bugs) ● Trade-off between performance and dependability ● New, modular design can solve above problems GNARP ©06 Jorrit N. Herder 3 DRAWING EXERCISE ● Volunteer requested to draw the intersection of a ship GNARP ©06 Jorrit N. Herder 4 DESIGN FOR DEPENDABILITY ● user user user MINIX 3 – Reliability – Availability server server server – Security driver driver driver KERNEL GNARP ©06 Jorrit N. Herder 5 CHARACTERISTICS OF MINIX 3 ● Minimal kernel to support user-mode operating system – Stable kernel (~4000 LoC) reduces number of fatal bugs ● User-mode modules are physically isolated by MMU – Memory access must be explicitly granted by other party ● Privileges of each components are strongly restricted – Kernel policies for IPC, kernel calls, I/O, memory, scheduling ● Servers and drivers are carefully monitored – Failures can be detected and often automatically repaired ● TCB is reduced by over two orders of magnitude – Minimal set of servers comprises about 20,000 LoC GNARP ©06 Jorrit N.
    [Show full text]