Improving the Reliability of Commodity Operating Systems

Total Page:16

File Type:pdf, Size:1020Kb

Improving the Reliability of Commodity Operating Systems Improving the Reliability of Commodity Operating Systems Michael M. Swift A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy University of Washington 2005 Program Authorized to Offer Degree: Computer Science and Engineering University of Washington Graduate School This is to certify that I have examined this copy of a doctoral dissertation by Michael M. Swift and have found that it is complete and satisfactory in all respects, and that any and all revisions required by the final examining committee have been made. Co-Chairs of Supervisory Committee: Henry M. Levy Brian N. Bershad Reading Committee: Henry M. Levy Brian N. Bershad John Zahorjan Date: In presenting this dissertation in partial fulfillment of the requirements for the doctoral degree at the University of Washington, I agree that the Library shall make its copies freely available for inspection. I further agree that extensive copying of this dissertation is allowable only for scholarly purposes, consistent with “fair use” as prescribed in the U.S. Copyright Law. Requests for copying or reproduction of this dissertation may be referred to Proquest Information and Learning, 300 North Zeeb Road, Ann Arbor, MI 48106-1346, to whom the author has granted “the right to reproduce and sell (a) copies of the manuscript in microform and/or (b) printed copies of the manuscript made from microform.” Signature Date University of Washington Abstract Improving the Reliability of Commodity Operating Systems Michael M. Swift Co-Chairs of Supervisory Committee: Professor Henry M. Levy Computer Science and Engineering Associate Professor Brian N. Bershad Computer Science and Engineering This dissertation presents an architecture and mechanism for improving the reliability of com- modity operating systems by enabling them to tolerate component failures. Improving reliability is one of the greatest challenges for commodity operating systems, such as Windows and Linux. System failures are commonplace in all domains: in the home, in the server room, and in embedded systems, where the existence of the OS itself is invisible. At the low end, failures lead to user frustration and lost sales. At the high end, an hour of downtime from a system failure can result in losses in the millions. Device drivers are a leading cause of failure in commodity operating systems. In Windows XP, for example, device drivers cause 85% of reported failures [160]. In Linux, the frequency of coding errors is up to seven times higher for device drivers than for the rest of the kernel [45]. Despite decades of research in reliability and extensible operating system technology, little of this technology has made it into commodity systems. One major reason for the lack of adoption is that these research systems require that the operating system, drivers, applications, or all three be rewritten to take advantage of the technology. In this dissertation I present a layered architecture for tolerating the failure of existing drivers within existing operating system kernels. My solution consists of two new techniques for isolation drivers and then recovering from their failure. First, I present an architecture, called Nooks, for isolating drivers from the kernel in a new protection mechanism called a lightweight kernel protection domain. By executing drivers within a domain, the kernel is protected from their failure and cannot be corrupted. Second, I present a mechanism, called shadow drivers, for recovering from device driver fail- ures. Based on a replica of the driver’s state machine, a shadow driver conceals the driver’s failure from applications and restores the driver’s internal state to a point where it can process requests as if it had never failed. Thus, the entire failure and recovery is transparent to applications. I also show that Nooks functions as a platform for higher-level reliability services. I leverage the Nooks and shadow driver code to remove another major source of downtime: reboots to update driver code. This service, dynamic driver update, replaces drivers online, without restarting the OS or running applications and without changes to driver code. This service requires little additional code, and demonstrates that Nooks and shadow drivers provide useful services for constructing additional reliability mechanisms. I implemented the Nooks architecture, shadow drivers, and dynamic driver update within the Linux operating system and used them to fault-isolate several device drivers and other kernel ex- tensions. My results show that Nooks offers a substantial increase in the reliability of operating systems, catching and quickly recovering from many faults that would otherwise crash the system. Under a wide range and number of fault conditions, I show that Nooks recovers automatically from 99% of the faults that otherwise cause Linux to crash. I also show that the system can upgrade exist- ing drivers without rebooting. Finally, I show that the system imposes little performance overhead for many drivers. TABLE OF CONTENTS List of Figures iv List of Tables vi Chapter 1: Introduction 1 1.1 Motivation . 1 1.2 Thesis and Contributions . 2 1.3 Dissertation Organization . 5 Chapter 2: Background and Related Work 6 2.1 Definitions . 6 2.2 System Models . 7 2.3 Failure Models . 7 2.4 Properties of OS Failures . 11 2.5 Previous Approaches to Building Highly Reliable Systems . 12 2.6 Fault Tolerance in Nooks . 25 2.7 Summary . 26 Chapter 3: Device Driver Overview 28 Chapter 4: The Nooks Reliability Layer 31 4.1 Introduction . 31 4.2 Nooks Architecture . 33 4.3 Implementation . 37 4.4 Summary . 55 i Chapter 5: The Shadow Driver Recovery Mechanism 56 5.1 Introduction . 56 5.2 Shadow Driver Design . 57 5.3 Implementation . 61 5.4 Summary . 71 Chapter 6: Evaluation of Nooks and Shadow Drivers 73 6.1 Introduction . 73 6.2 Test Methodology . 73 6.3 System Survival . 77 6.4 Application Survival . 82 6.5 Testing Assumptions . 86 6.6 Performance . 89 6.7 Summary . 96 Chapter 7: The Dynamic Driver Update Mechanism 98 7.1 Introduction . 98 7.2 Related work . 100 7.3 Design and Implementation . 102 7.4 Evaluation of Dynamic Driver Update . 112 7.5 Summary . 119 Chapter 8: Lessons 121 8.1 Introduction . 121 8.2 Driver Interface . 121 8.3 Driver Organization . 123 8.4 Memory Management . 124 8.5 Source Code Availability . 126 8.6 Summary . 127 ii Chapter 9: Future Work 129 9.1 Introduction . 129 9.2 Static Analysis of Drivers . 129 9.3 Hybrid Static/Run-Time Checking . 130 9.4 Driver Design . 131 9.5 Driverless Operating Systems . 133 9.6 Summary . 134 Chapter 10: Conclusions 135 Bibliography 137 iii LIST OF FIGURES Figure Number Page 3.1 A sample device driver. 28 3.2 Examples of driver state machines. 30 4.1 The architecture of Nooks. 34 4.2 The Nooks Reliabilty Layer inside the Linux OS. 38 4.3 Protection of the kernel address space. 39 4.4 Trampoline wrappers for invoking multiple implementations of an interface function. 42 4.5 Control flow of driver and kernel wrappers. 43 4.6 Code sharing among wrappers . 46 5.1 A sample shadow driver operating in passive mode. 60 5.2 A sample shadow driver operating in active mode. 60 5.3 The Linux operating system with several device drivers and the shadow driver re- covery subsystem. 62 5.4 The state machine transitions for a sound-card shadow driver . 63 6.1 The reduction in system crashes observed using Nooks. 79 6.2 The reduction in non-fatal extension failures observed using Nooks. 80 6.3 Results of fault-injection experiments on Linux-SD. 88 6.4 Comparative times spent in kernel mode for the Compile-local (VFAT) benchmark. 94 7.1 A shadow driver capturing the old driver’s state. 105 7.2 Device driver and shadow after an update. 110 7.3 Application performance on Linux-DDU relative to Linux-Native . 118 iv 7.4 Absolute CPU utilization on Linux-DDU and Linux-Native. 119 v LIST OF TABLES Table Number Page 2.1 Comparison of reliability techniques. 27 4.1 The number of non-comment lines of source code in Nooks. 38 5.1 The proxying actions of the shadow sound-card driver. 69 5.2 The size and quantity of shadows and the drivers they shadow. 70 6.1 The Linux extensions tested. 75 6.2 The types of faults injected into extensions. 76 6.3 The applications used for evaluating shadow drivers. 83 6.4 The observed behavior of applications following the failure of a device driver. 84 6.5 The relative performance of Nooks compared to native Linux. 90 7.1 The dynamic driver update process. 104 7.2 The number of lines of code dynamic driver update. 111 7.3 The three classes of shadow drivers and the Linux drivers tested. 113 7.4 The results of dynamically updating drivers. 114 7.5 The results of compatibility tests. 116 7.6 The applications used for evaluating dynamic driver update performance. 117 vi ACKNOWLEDGMENTS Thank you all! I would like to thank my advisors, Hank Levy and Brian Bershad, who encouraged me in this endeavor and taught me how to do research. When I entered graduate school, I thought I knew everything. From Hank and Brian I learned patience, as research is not an overnight process. I learned the value of a good question. I learned the value of a good story. And most importantly, I learned the value of a clear presentation, because ideas are useless if nobody understands them. I would also like to thank all the students who participated in the Nooks project. Steve Mar- tin provided early testing. Doug Buxton and Steve Martin implemented our wrapper generator.
Recommended publications
  • Real-Time Operating System in Java
    University of Wollongong Theses Collection University of Wollongong Theses Collection University of Wollongong Year Real-time operating system in Java Qinghua Lu University of Wollongong Lu, Qinghua, Real-time operating system in Java, MA thesis, School of Computer Science and Software Engineering, University of Wollongong, 2007. http://ro.uow.edu/theses/29 This paper is posted at Research Online. http://ro.uow.edu.au/theses/29 Real-time Operating System in Java A thesis submitted in fulfilment of the requirements for the award of the degree Master of Computer Science -Research from UNIVERSITY OF WOLLONGONG by Qinghua Lu School of Computer Science & Software Engineering August, 2007 1 Dedicated to My Parents, Lu Changyou and Luo Xiue! 2 The following papers were written as part of this research. 1. McKerrow, P.J., Lu, Q., Zhou, Z.Q. and Chen, L. (2007), Developing real-time systems in Java on Macintosh, Submitted to AUC’07, Apple University Consortium, Gold Coast, September, 23-26, 2007. 2. McKerrow, P.J., Lu, Q., Zhou, Z.Q. and Chen, L. (2007), Software development of embedded systems on Macintosh, Submitted to AUC’07, Apple University Consortium, Gold Coast, September, 23-26, 2007. 3 Declaration I, Qinghua Lu, declare that this thesis, submitted in fulfilment of the requirements for the award of Master of Computer Science -Research, in the School of Computer Science & Software Engineering, University of Wollongong, is wholly my own work unless otherwise referenced or acknowledged. The document has not been submitted for qualifications
    [Show full text]
  • Alpha ELT Listing
    Lienholder Name Lienholder Address City State Zip ELT ID 1ST ADVANTAGE FCU PO BX 2116 NEWPORT NEWS VA 23609 CFW 1ST COMMAND BK PO BX 901041 FORT WORTH TX 76101 FXQ 1ST FNCL BK USA 47 SHERMAN HILL RD WOODBURY CT 06798 GVY 1ST LIBERTY FCU PO BX 5002 GREAT FALLS MT 59403 ESY 1ST NORTHERN CA CU 1111 PINE ST MARTINEZ CA 94553 EUZ 1ST NORTHERN CR U 230 W MONROE ST STE 2850 CHICAGO IL 60606 GVK 1ST RESOURCE CU 47 W OXMOOR RD BIRMINGHAM AL 35209 DYW 1ST SECURITY BK WA PO BX 97000 LYNNWOOD WA 98046 FTK 1ST UNITED SVCS CU 5901 GIBRALTAR DR PLEASANTON CA 94588 W95 1ST VALLEY CU 401 W SECOND ST SN BERNRDNO CA 92401 K31 360 EQUIP FIN LLC 300 BEARDSLEY LN STE D201 AUSTIN TX 78746 DJH 360 FCU PO BX 273 WINDSOR LOCKS CT 06096 DBG 4FRONT CU PO BX 795 TRAVERSE CITY MI 49685 FBU 777 EQUIPMENT FIN LLC 600 BRICKELL AVE FL 19 MIAMI FL 33131 FYD A C AUTOPAY PO BX 40409 DENVER CO 80204 CWX A L FNCL CORP PO BX 11907 SANTA ANA CA 92711 J68 A L FNCL CORP PO BX 51466 ONTARIO CA 91761 J90 A L FNCL CORP PO BX 255128 SACRAMENTO CA 95865 J93 A L FNCL CORP PO BX 28248 FRESNO CA 93729 J95 A PLUS FCU PO BX 14867 AUSTIN TX 78761 AYV A PLUS LOANS 500 3RD ST W SACRAMENTO CA 95605 GCC A/M FNCL PO BX 1474 CLOVIS CA 93613 A94 AAA FCU PO BX 3788 SOUTH BEND IN 46619 CSM AAC CU 177 WILSON AVE NW GRAND RAPIDS MI 49534 GET AAFCU PO BX 619001 MD2100 DFW AIRPORT TX 75261 A90 ABLE INC 503 COLORADO ST AUSTIN TX 78701 CVD ABNB FCU 830 GREENBRIER CIR CHESAPEAKE VA 23320 CXE ABOUND FCU PO BX 900 RADCLIFF KY 40159 GKB ACADEMY BANK NA PO BX 26458 KANSAS CITY MO 64196 ATF ACCENTRA CU 400 4TH
    [Show full text]
  • The Synthesis Kernel
    ... " The Synthesis Kernel Calton Pu, Henry Massalin and 21 ~; John loannidis Columbia University ABSTRACT: The Synthesis distributed operating system combines etticient kernel calls with a high­ level, orthogonal interface. The key concept is the use of a code synthesizer in the kernel to generate specialized (thus short and fast) kernel routines for specific situations. We have three methods of synthesizing code: Factoring Invariants to bypass redundant computations; Collapsing Layers to eliminate unnecessary procedure calls and context switches; and Executable Data Structures to shorten data structure traversal time. Applying these methods, the kernel call synthesized to read Idevlmem takes about 15 microseconds on a 68020 machine. A simple model of computation called a synthetic machine supports parallel and distributed processing. The interface to synthetic machine consists of six operations on four kinds of ohjects. This combination of a high-level interface with the code synthesizer avoids the traditional trade-off in operating systems between powerful interfaces and efficient implementations . ., Complliing .\'yslt'nIS, Vol. 1 • No.1' Winter IIJI!I! I I I. Introduction and data, and synthetic 1/0 units to move data in to and out of the synthetic machine. The synthetic machine interface and kernel code synthesizer A trade-off between powerful features and efficient arc independent ideas that have a synergistic eliect. Without the implementation exists in many operating systems. Systems with code synthesizer. even a sophisticated implementation of synthetic high-level interfaces and powerful features, like Argus lO and Eden/ machines would be very inetlicient. Each high-level kernel call require a lot of code for their implementation, and this added would require a large amount of code with a long execution time.
    [Show full text]
  • Empirical Comparison of Scons and GNU Make
    Großer Beleg Empirical Comparison of SCons and GNU Make Ludwig Hähne August 21, 2008 Technical University Dresden Department of Computer Science Institute for System Architecture Chair for Operating Systems Professor: Prof. Dr. rer. nat. Hermann Härtig Tutor: Dipl.-Inf. Norman Feske Dipl.-Inf. Christian Helmuth Erklärung Hiermit erkläre ich, dass ich diese Arbeit selbstständig erstellt und keine anderen als die angegebenen Hilfsmittel benutzt habe. Dresden, den 26. Juni 2008 Ludwig Hähne Abstract Build systems are an integral part of every software developer’s tool kit. Next to the well-known Make build system, numerous alternative solutions emerged during the last decade. Even though the new systems introduced superior concepts like content signa- tures and promise to provide better build accuracy, Make is still the de facto standard. This paper examines GNU Make and SCons as representatives of two conceptually distinct approaches to conduct software builds. General build-system concepts and their respective realizations are discussed. The performance and scalability are empirically evaluated by confronting the two competitors with comparable real and synthetic build tasks. V Contents 1 Introduction 1 2 Background 3 2.1 Design Goals . .3 2.1.1 Convenience . .3 2.1.2 Correctness . .3 2.1.3 Performance . .3 2.1.4 Scalability . .4 2.2 Software Rebuilding . .4 2.2.1 Dependency analysis . .4 2.2.1.1 File signatures . .4 2.2.1.2 Fine grained dependencies . .5 2.2.1.3 Dependency declaration . .5 2.2.1.4 Dependency types . .5 2.2.2 Build infrastructure . .6 2.2.3 Command scheduling . .6 2.3 Build System Features .
    [Show full text]
  • Sealing OS Processes to Improve Dependability and Security
    Sealing OS Processes to Improve Dependability and Safety Galen Hunt, Mark Aiken, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James Larus, Steven Levi, Bjarne Steensgaard, David Tarditi, and Ted Wobber Microsoft Research One Microsoft Way Redmond, WA 98052 USA [email protected] ABSTRACT General Terms In most modern operating systems, a process is a Design, Reliability, Experimentation. hardware-protected abstraction for isolating code and data. This protection, however, is selective. Many common Keywords mechanisms—dynamic code loading, run-time code Open process architecture, sealed process architecture, sealed generation, shared memory, and intrusive system APIs— kernel, software isolated process (SIP). make the barrier between processes very permeable. This paper argues that this traditional open process architecture 1. INTRODUCTION exacerbates the dependability and security weaknesses of Processes debuted, circa 1965, as a recognized operating modern systems. system abstraction in Multics [48]. Multics pioneered As a remedy, this paper proposes a sealed process many attributes of modern processes: OS-supported architecture, which prohibits dynamic code loading, self- dynamic code loading, run-time code generation, cross- modifying code, shared memory, and limits the scope of process shared memory, and an intrusive kernel API that the process API. This paper describes the implementation permitted one process to modify directly the state of of the sealed process architecture in the Singularity another process. operating system,
    [Show full text]
  • Introduction to Java Operating Systems, OS on a Higher Level
    Introduction to Java operating systems, OS on a higher level. By: Benedict Ching Wei Ming Martin Ericsson Peter Haglund May 2006 Introduction The way that programs are engineered has evolved from assembler to object-programming methods. However, the evolution of operating systems has not kept up with these new methods. There are now many different projects that are looking to solve this problem and in particular, how to get a more efficient operating system. In this report, we will be introducing two projects, the JX Operating System and JNode. Both of these projects aim to implement a Java operating system as their goal. The JX Operating System project is a university development research project at being developed at the University of Erlangen-Nurnberg in Germany while JNode is an open-source project developed by Ewout Prangsma and his team of developers. These two projects differ a lot in terms of their implementation as well as support and funding. But we will be concentrating on a brief technical introduction of these two OS and an illustration of our work when we ran the two operating systems. The JX Operating system Golm et al [1] at University of Erlangen-Nurnberg has developed an operating system almost completely written in java. The goal was to achieve good performance and to be able to benefit from the object-oriented and type safe from java. They claimed to reach about 50% performance of Unix in a raw test and about similar speed as Unix when there's a lot of I/O going on. The reason why they did this rather unconventional design is that they believe that an operating system that is dynamically compiled, as java byte codes are, can in the long run outperform traditional operating system.
    [Show full text]
  • Sealing OS Processes to Improve Dependability and Security
    MSR-TR-2006-51 This is a draft paper that is under submission. Please contact Galen Hunt for citation information. Sealing OS Processes to Improve Dependability and Security Galen Hunt, Mark Aiken, Paul Barham, Manuel Fähndrich, Chris Hawblitzel, Orion Hodson, James Larus, Steven Levi, Nick Murphy, Bjarne Steensgaard, David Tarditi, Ted Wobber, Brian Zill Microsoft Research Abstract On most modern operating systems, a process is a hardware-protected abstraction for executing potentially mutable code and data. Common features of processes include: dynamic code loading, dynamic code generation, access to cross-process shared memory, and a universal API. This paper argues that many of the dependability and security weaknesses of modern systems are exacerbated by this open process architecture. Moreover, this architecture impairs the ability of tools to analyze code statically, to improve its performance or dependability. By contrast, a sealed process architecture prohibits dynamic code loading, prohibits self-modifying code, prohibits shared memory, and replaces a universal API with a process-limited API. This paper describes an implementation of a sealed process architecture in the Singularity operating system, discusses its merits, and evaluates its impact. Among the benefits are: improved static program analysis, strong security guarantees, elimination of OS redundancies found in language runtimes such as the JVM and CLR, and better software engineering. 1. Introduction 1.1. Disadvantages of Open Processes The process, as a recognized operating system Although common, open processes are not “free.” abstraction, debuted in Multics [52] in the 1960s. This architecture has negative consequences for Multics processes included support for dynamic code dependability, correctness, security, and performance.
    [Show full text]
  • The Structure of a Type-Safe Operating System
    The Structure of a Type-Safe Operating System Der Technischen Fakultät der Universität Erlangen-Nürnberg zur Erlangung des Grades DOKTOR-INGENIEUR vorgelegt von Michael Golm Erlangen - 2002 Als Dissertation genehmigt von der Technischen Fakultät der Universität Erlangen-Nürnberg Tag der Einreichung: 16. 09. 2002 Tag der Promotion: 17. 12. 2002 Dekan: Prof. Dr. rer. nat. A. Winnacker Berichterstatter: Prof. Dr. rer. nat. F. Hofmann Michael Golm The Structure of a Type-Safe Operating System The architecture of traditional operating systems relies on address-based memory protection. To achieve flexibility at a low cost operating system research has recently started to explore alternative protection mechanisms, such as type safety. This dissertation presents an operating system architecture that completely replaces address-based protection with type-based protection. Replacing such an essential part of the system leads to a novel operating system architecture with im- proved robustness, reusability, configurability, scalability, and security. The dissertation describes not only the design of such a system but also its pro- totype implementation and the performance of initial applications, such as a file system, a web server, a data base management system, and a network file server. The prototype, which is called JX, uses Java bytecode as its type-safe instruction set and is able to run existing Java programs without modifications. The system is based on a modular microkernel, which is the only part of the system that is written in an unsafe language. Light-weight protection domains re- place the heavy-weight process concept of traditional systems. These domains are the unit of protection, resource management, and termination.
    [Show full text]
  • An Interpreted Operating System
    Faculty for Computer Science Operating Systems Group Master Thesis Summer semester 2018 PylotOS - an interpreted Operating System Submitted by: Naumann, Stefan [email protected] Programme of study: Master Informatik 3rd semester Matriculation number: XXXXXX Supervisors: Christine Jakobs Dr. Peter Tröger Prof. Dr. Matthias Werner Submission deadline: 11th July 2018 Contents 1. Introduction 1 2. Preliminary Considerations 3 2.1. Textbook Operating System Architecture . 3 2.1.1. Processes and Interprocess Communication . 4 2.1.2. Driver Model . 6 2.2. Platform Considerations . 9 2.2.1. Intel x86 . 9 2.2.2. Raspberry Pi . 11 3. Existing Implementations 13 3.1. Related Work . 13 3.2. The C subroutine library . 15 3.2.1. Device drivers and files . 15 3.2.2. Process Management . 16 3.3. 4.3BSD . 16 3.3.1. Process Management . 16 3.3.2. Interprocess Communication . 19 3.3.3. Driver Architecture . 21 3.3.4. System Start-up . 23 3.4. Linux 2.6 . 26 3.4.1. Handling Interrupts and Exceptions . 26 3.4.2. Linux I/O Architecture and device drivers . 30 3.4.3. Levels of kernel support for a device . 33 3.5. Windows 2000 . 34 3.5.1. Interrupt Handling . 34 3.5.2. I/O System . 36 3.5.3. I/O Manager . 37 3.5.4. Structure of a Driver . 39 3.5.5. Plug and Play . 40 3.5.6. Power Manager . 41 3.5.7. I/O Data Structures (ntddk.h) . 42 3.6.JX ................................................... 43 3.6.1. Architectural Overview . 44 3.6.2.
    [Show full text]
  • A Java Operating System
    JIKESNODE: A JAVA OPERATING SYSTEM A thesis submitted to the University of Manchester for the degree of Master of Science in the Faculty of Science and Engineering 2005 By Georgios I. Gousios Department of Computer Science Contents Abstract 6 Declaration 7 Copyright 8 Acknowledgements 9 1 Introduction 10 1.1 Motivation and objectives . 10 1.2 Related work . 11 1.3 Organisation of the thesis . 13 2 Operating system architectures 14 2.1 Established architectures . 14 2.1.1 Monolithic kernels . 15 2.1.2 Microkernels . 16 2.2 The Javaos .............................. 18 2.2.1 Basic architecture . 19 2.2.2 System components . 21 2.2.3 Non-functional requirements . 23 3 The Nanokernel 26 3.1 The i386 architecture . 27 3.2 The grub boot loader . 30 3.3 Implementation . 32 4 The Jikes Research Virtual Machine 38 4.1 The JikesRVM architecture . 39 2 4.1.1 Runtime . 40 4.1.2 The boot image . 41 4.1.3 The build system . 42 4.2 Implementation . 43 4.2.1 Changes to the runtime . 43 4.2.2 The build system . 45 4.2.3 Changes to the VM ...................... 46 4.2.4 Not implemented functionality . 46 4.2.5 Runtime operation . 47 5 Merging the components 48 5.1 The JNode operating system . 48 5.1.1 Components of the JNode architecture . 48 5.1.2 Changes to JNode . 51 5.2 The classpath . 52 5.3 The build system . 54 5.3.1 Implementation . 55 5.3.2 The boot image . 56 5.3.3 Not implemented .
    [Show full text]
  • CHAPTER 11 Related Work
    CHAPTER 11 Related Work This chapter compares the JX architecture to other projects that extend Java with capabilities that are important for operating systems, such as isolation of protection domains, inter-domain communica- tion, sharing between domains, resource accounting and user-defined resource management, reus- ability, scalability, and security. Our evaluation of the related systems is guided by a number of ques- tions: Isolation. How are protection domains implemented? How well can domains be isolated from each other? Can domains be completely confined? Can domains be terminated independently from each other? Can domains use different JDK implementations? Communication. Is fast inter-domain communication possible? Does communication creates inter- dependencies between protection domains? Sharing. Is code and/or data sharing possible? How transparent can code be shared? How are special cases, such as static fields or synchronized methods, treated? Resource accounting. How exact is resource accounting and how well does the system cope with specific problems? When accounting CPU time a specific problem is the considerations of garbage collection time and time spent in interrupt handlers. When accounting memory specific problems are the account for stack and thread control block usage. User-defined resource management. Is it possible to use different garbage collectors in different domains and are the GC runs independent from each other. Does the system provide any support for the implementation of independent garbage collection? Is it possible to use different schedulers for different protection domains? Reusability. How does the addition of protection domains affect reusability? Scalability. How expensive are protection domains. Is it possible to efficiently create small as well as large domains? Security.
    [Show full text]
  • Software Reuse: Methods, Models, and Costs
    SOFTWARE REUSE: METHODS, MODELS, AND COSTS Ronald J. Leach Copyright © 2011by Ronald J. Leach Leach, Ronald J. Software Reuse: Methods, Models, Costs/Ronald J. Leach p. cm. Includes bibliographical references ISBN: 1. Software (Computers) 2. Cost estimation (Computers) I. Title II. QA Books by Ronald J. Leach Using C in Software Design Advanced Topics in UNIX Object-Oriented Design and Programming in C++ Software Reuse: Methods, Models, Costs Software Engineering Why 2K? Relative Genealogy Genealogy for the Information Age Identity Theft in the Cyber Age Table of Contents To The Reader Preface Preface to the Electronic Edition CHAPTER 1 WHAT IS SOFTWARE REUSE? 1.1 Origins of Software Reuse 1.2 Reuse and the Software Life Cycle 1.3 Software Reuse, Rapid Prototyping, and Evolving Systems 1.4 Typical Duties of Members of a Reuse Team 1.5 Reengineering and Reuse 1.6 Library Issues 1.7 Potential Disadvantages of Reuse 1.8 Legal and Contractual Issues with Software Reuse 1.9 The Current Status of Software Reuse Summary Further Reading Exercises CHAPTER 2 TECHNIQUES 2.1 Domain Analysis 2.2 An Example - Domain Analysis of the Linux Operating System 2.3 Domain Analysis Revisited 2.4 Object-Oriented Approaches 2.5 Standard Interfaces 2.6 Designing for Reuse 2.7 Using Reuse to Drive Requirements Analysis 2.8 Metrics for Reuse Summary Further Reading Exercises CHAPTER 3 REUSE LIBRARIES 3.1 General Reuse Library Issues 3.2 Organizational Issues for Reuse Libraries 3.3 Managerial Issues for Reuse Libraries 3.4 Research Issues in Reuse Library Organization
    [Show full text]