DOCSLIB.ORG

Extensibility, Safety and Performance in the SPIN Operating System

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Extensibility, Safety and Performance in the SPIN Operating System Aversion of this pap er app eared in the Pro ceedings of the Fifteenth Symp osium on Op erating Systems Principles Extensibility Safety and Performance in the SPIN Op erating System Brian N Bershad Stefan Savage PrzemyslawPardyak Emin Gun Sirer Marc E Fiuczynski David Becker Craig Chambers Susan Eggers Department of Computer Science and Engineering UniversityofWashington Seattle WA paging algorithms found in mo dern op erating systems Abstract can b e inappropriate for database applications result ing in p o or p erformance Stonebraker General pur This pap er describ es the motivation architecture and p ose network proto col implementations are frequently p erformance of SPIN an extensible op erating system inadequate for supp orting the demands of high p erfor SPIN provides an extension infrastructure together mance parallel applications von Eicken et al Other with a core set of extensible services that allow applica applications suchasmultimedia clients and servers and tions to safely change the op erating systems interface realtime and fault tolerant programs can also present and implementation Extensions allow an application to demands that p o orly match op erating system services sp ecialize the underlying op erating system in order to Using SPIN an application can extend the op erating achieve a particular level of p erformance and function systems interfaces and implementations to provide a ality SPIN uses language and linktime mechanisms to b etter matchbetween the needs of the application and inexp ensively exp ort negrained interfaces to op erat the p erformance and functional characteristics of the ing system services Extensions are written in a typ e system safe language and are dynamically linked into the op erating system kernel This approach oers extensions rapid access to system services while protecting the op Goals and approach erating system co de executing within the kernel address space SPIN and its extensions are written in Mo dula The goal of our research is to build a general purp ose and run on DEC Alpha workstations op erating system that provides extensibility safety and go o d p erformance Extensibilit y is determined bythe interfaces to services and resources that are exp orted Intro duction to applications it dep ends on an infrastructure that allows negrained access to system services Safetyde SPIN is an op erating system that can b e dynamically termines the exp osure of applications to the actions of sp ecialized to safely meet the p erformance and function others and requires that access b e controlled at the ality requirements of applications SPIN is motivated same granularity at which extensions are dened Fi by the need to supp ort applications that presentde nally go o d p erformance requires lowoverhead commu mands p o orly matched by an op erating systems imple nication b etween an extension and the system mentation or interface A p o orly matched implementa The design of SPIN reects our view that an op erat tion prevents an application from working well while a p o orly matched interface prevents it from working at all ing system can b e extensible safe and fast through the use of language and runtime services that provide low For example the implementations of disk buering and cost negrained protected access to op erating system This researchwas sp onsored by the Advanced Research resources Sp ecicallythe SPIN op erating system re Pro jects Agency the National Science Foundation Grants no CDA and CCR and by an equipmentgrant liesonfourtechniques implemented at the level of the from Digital Equipment Corp oration Bershad was partially sup language or its runtime p orted by a National Science Foundation Presidential FacultyFel lowship Chamb ers was partially sp onsored by a National Science Foundation Presidential Young Investigator Award Sirer was Colocation Op erating system extensions are dy supp orted by an IBM Graduate StudentFellowship Fiuczynski namically linked into the kernel virtual address was partially supp orted by a National Science Foundation GEE space Colo cation enables communication b etween Fellowship system and extension co de to havelow cost to system services is written in the systems safe ex Enforcedmodularity Extensions are written in tension language For example wehaveused SPIN to Mo dula Nelson a mo dular programming lan implement a UNIX op erating system server The bulk guage for which the compiler enforces interface of the server is written in C and executes within its own b oundaries b etween mo dules Extensions which address space as do applications The server consists execute in the kernels virtual address space can of a large b o dy of co de that implements the DEC OSF not access memory or execute privileged instruc SPIN ex system call interface and a small number of tions unless they have b een given explicit access tensions that provide the thread virtual memory and through an interface Mo dularity enforced bythe device interfaces required by the server compiler enables mo dules to b e isolated from one another with low cost Wehave also used extensions to sp ecialize SPIN to the needs of individual application programs For ex Logical protection domains Extensions exist ample wehave built a clientserver video system that within logical protection domains which are ker requires few control and data transfers as images move nel namespaces that contain co de and exp orted in from the servers disk to the clients screen Using SPIN terfaces Interfaces which are languagelevel units the server denes an extension that implements a direct represent views on system resources that are pro stream b etween the disk and the network The client tected by the op erating system An inkernel dy viewer application installs an extension into the kernel namic linker resolves co de in separate logical pro that decompresses incoming network video packets and tection domains at runtime enabling crossdomain displays them to the video frame buer communication to o ccur with the overhead of a pro cedure call The rest of this pap er Dynamic cal l binding Extensions execute in re The rest of this pap er describ es the motivation design sp onse to system events An event can describ e and p erformance of SPIN In the next section we moti any p otential action in the system such as a virtual vate the need for extensible op erating systems and dis memory page fault or the scheduling of a thread cuss related work In Section we describ e the sys Events are declared within interfaces and can b e tems architecture in terms of its protection and exten dispatched with the overhead of a pro cedure call sion facilities In Section we describ e the core services provided by the system In Section we discuss the Colo cation enforced mo dularity logical protection systems p erformance and compare it against that of domains and dynamic call binding enable interfaces to several other op erating systems In Section we discuss b e dened and safely accessed with lowoverhead How our exp eriences writing an op erating system in Mo dula ever these techniques do not guarantee the systems ex Finally in Section we present our conclusions tensibility Ultimately extensibilityisachieved through the system service interfaces themselves which dene the set of resources and op erations that are exp orted to applications SPIN provides a set of interfaces to Motivation core system services such as memory management and scheduling that rely on colo cation to eciently exp ort Most op erating systems are forced to balance gener negrained op erations enforced mo dularity and logical ality and sp ecialization A general system runs many protection domains to manage protection and dynamic programs but may run few well In contrast a sp e call binding to dene relationships b etween system com cialized system may run few programs but runs them p onents and extensions at runtime all well In practice most general systems can with some eort b e sp ecialized to address the p erformance and functional requiremen ts of a particular applications System overview needs suchasinterpro cess communication synchro The SPIN op erating system consists of a set of extension nization thread management networking virtual mem services and core system services that execute within the ory and cache managementDraves et al Bershad kernels virtual address space Extensions can b e loaded et al b Sto dolsky et al Bershad Yuhara into the kernel at any time Once loaded they integrate et al Maeda Bershad Felten Young themselves into the existing infrastructure and provide et al Harty Cheriton McNamee Armstrong system services sp ecic to the applications that require Anderson et al Fall Pasquale Wheeler them SPIN is primarily written in Mo dula which Bershad Romer et al Romer et al Cao allows extensions to directly use system interfaces with et al Unfortunately existing system structures out requiring runtime conversion when communicating are not wellsuited for sp ecialization often requiring a with other system co de substantial programming eort to aect evenasmall Although SPIN relies on language features to ensure change in system b ehavior Moreover changes intended safety within the kernel applications can b e written in to improve the p erformance of one class of applications any language and execute within their own virtual ad can often degrade that of others As a result system dress space Only co de that requires lowlatency access sp ecialization is a costly and errorprone pro cess An extensible system is one
Load more

Recommended publications
  • Historical Perspective and Further Reading 162.E1
    2.21 Historical Perspective and Further Reading 162.e1 2.21 Historical Perspective and Further Reading Th is section surveys the history of in struction set architectures over time, and we give a short history of programming languages and compilers. ISAs include accumulator architectures, general-purpose register architectures, stack architectures, and a brief history of ARMv7 and the x86. We also review the controversial subjects of high-level-language computer architectures and reduced instruction set computer architectures. Th e history of programming languages includes Fortran, Lisp, Algol, C, Cobol, Pascal, Simula, Smalltalk, C+ + , and Java, and the history of compilers includes the key milestones and the pioneers who achieved them. Accumulator Architectures Hardware was precious in the earliest stored-program computers. Consequently, computer pioneers could not aff ord the number of registers found in today’s architectures. In fact, these architectures had a single register for arithmetic instructions. Since all operations would accumulate in one register, it was called the accumulator , and this style of instruction set is given the same name. For example, accumulator Archaic EDSAC in 1949 had a single accumulator. term for register. On-line Th e three-operand format of RISC-V suggests that a single register is at least two use of it as a synonym for registers shy of our needs. Having the accumulator as both a source operand and “register” is a fairly reliable indication that the user the destination of the operation fi lls part of the shortfall, but it still leaves us one has been around quite a operand short. Th at fi nal operand is found in memory.
    [Show full text]
  • Performance Best Practices for Vmware Workstation Vmware Workstation 7.0
    Performance Best Practices for VMware Workstation VMware Workstation 7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-000294-00 Performance Best Practices for VMware Workstation You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: [email protected] Copyright © 2007–2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc. Contents About This Book 5 Terminology 5 Intended Audience 5 Document Feedback 5 Technical Support and Education Resources 5 Online and Telephone Support 5 Support Offerings 5 VMware Professional Services 6 1 Hardware for VMware Workstation 7 CPUs for VMware Workstation 7 Hyperthreading 7 Hardware-Assisted Virtualization 7 Hardware-Assisted CPU Virtualization (Intel VT-x and AMD AMD-V)
    [Show full text]
  • Chapter 1. Origins of Mac OS X
    1 Chapter 1. Origins of Mac OS X "Most ideas come from previous ideas." Alan Curtis Kay The Mac OS X operating system represents a rather successful coming together of paradigms, ideologies, and technologies that have often resisted each other in the past. A good example is the cordial relationship that exists between the command-line and graphical interfaces in Mac OS X. The system is a result of the trials and tribulations of Apple and NeXT, as well as their user and developer communities. Mac OS X exemplifies how a capable system can result from the direct or indirect efforts of corporations, academic and research communities, the Open Source and Free Software movements, and, of course, individuals. Apple has been around since 1976, and many accounts of its history have been told. If the story of Apple as a company is fascinating, so is the technical history of Apple's operating systems. In this chapter,[1] we will trace the history of Mac OS X, discussing several technologies whose confluence eventually led to the modern-day Apple operating system. [1] This book's accompanying web site (www.osxbook.com) provides a more detailed technical history of all of Apple's operating systems. 1 2 2 1 1.1. Apple's Quest for the[2] Operating System [2] Whereas the word "the" is used here to designate prominence and desirability, it is an interesting coincidence that "THE" was the name of a multiprogramming system described by Edsger W. Dijkstra in a 1968 paper. It was March 1988. The Macintosh had been around for four years.
    [Show full text]
  • Zenon Manual Programming Interfaces
    zenon manual Programming interfaces v.7.11 ©2014 Ing. Punzenberger COPA-DATA GmbH All rights reserved. Distribution and/or reproduction of this document or parts thereof in any form are permitted solely with the written permission of the company COPA-DATA. The technical data contained herein has been provided solely for informational purposes and is not legally binding. Subject to change, technical or otherwise. Contents 1. Welcome to COPA-DATA help ...................................................................................................... 6 2. Programming interfaces ............................................................................................................... 6 3. Process Control Engine (PCE) ........................................................................................................ 9 3.1 The PCE Editor ............................................................................................................................................. 9 3.1.1 The Taskmanager ....................................................................................................................... 10 3.1.2 The editing area .......................................................................................................................... 10 3.1.3 The output window .................................................................................................................... 11 3.1.4 The menus of the PCE Editor .....................................................................................................
    [Show full text]
  • Operating System Architectures
    Operating System Architectures • Learning objectives: • Explain how OS functionality is orthogonal to where you place services relative to processor modes. • Describe some alternative ways to structure the operating system. • Operating systems evolve over time, but that evolution is frequently in terms of their architecture: how they structure functionality relative to protection boundaries. • We’ll review some of the basic architectures: • Executives • Monolithic kernels • Micro kernels • Exo kernels • Extensible operating systems 2/3/15 CS161 Spring 2015 1 OS Executives • Think MS-DOS: With no hardware protection, the OS is simply a set of services: • Live in memory • Applications can invoke them • Requires a software trap to invoke them. • Live in same address space as application 1-2-3 QBasic WP Applications Command Software Traps Operating System routlines 2/3/15 CS161 Spring 2015 2 Monolithic Operating System • Traditional architecture • Applications and operating system run in different address spaces. • Operating system runs in privileged mode; applications run in user mode. Applications Operating System file system processes networking Device drivers virtual memory 2/3/15 CS161 Spring 2015 3 Microkernels (late 80’s and on) • Put as little of OS as possible in privileged mode (the microkernel). • Implement most core OS services as user-level servers. • Only microkernel really knows about hardware • File system, device drivers, virtual memory all implemented in unprivileged servers. • Must use IPC (interprocess communication) to communicate among different servers. Applications Process Virtual management memory file system networking Microkernel 2/3/15 CS161 Spring 2015 4 Microkernels: Past and Present • Much research and debate in late 80’s early 90’s • Pioneering effort in Mach (CMU).
    [Show full text]
  • Computer Organization EECC 550 • Introduction: Modern Computer Design Levels, Components, Technology Trends, Register Transfer Week 1 Notation (RTN)
    Computer Organization EECC 550 • Introduction: Modern Computer Design Levels, Components, Technology Trends, Register Transfer Week 1 Notation (RTN). [Chapters 1, 2] • Instruction Set Architecture (ISA) Characteristics and Classifications: CISC Vs. RISC. [Chapter 2] Week 2 • MIPS: An Example RISC ISA. Syntax, Instruction Formats, Addressing Modes, Encoding & Examples. [Chapter 2] • Central Processor Unit (CPU) & Computer System Performance Measures. [Chapter 4] Week 3 • CPU Organization: Datapath & Control Unit Design. [Chapter 5] Week 4 – MIPS Single Cycle Datapath & Control Unit Design. – MIPS Multicycle Datapath and Finite State Machine Control Unit Design. Week 5 • Microprogrammed Control Unit Design. [Chapter 5] – Microprogramming Project Week 6 • Midterm Review and Midterm Exam Week 7 • CPU Pipelining. [Chapter 6] • The Memory Hierarchy: Cache Design & Performance. [Chapter 7] Week 8 • The Memory Hierarchy: Main & Virtual Memory. [Chapter 7] Week 9 • Input/Output Organization & System Performance Evaluation. [Chapter 8] Week 10 • Computer Arithmetic & ALU Design. [Chapter 3] If time permits. Week 11 • Final Exam. EECC550 - Shaaban #1 Lec # 1 Winter 2005 11-29-2005 Computing System History/Trends + Instruction Set Architecture (ISA) Fundamentals • Computing Element Choices: – Computing Element Programmability – Spatial vs. Temporal Computing – Main Processor Types/Applications • General Purpose Processor Generations • The Von Neumann Computer Model • CPU Organization (Design) • Recent Trends in Computer Design/performance • Hierarchy
    [Show full text]
  • Moving FLASK to BSD Systems
    MovingMoving FLASKFLASK toto BSDBSD SSystemsystems SELinux Symposium 2006 Chris Vance Information Systems Security Operation, SPARTA, Inc. Vance_20060301_01 Overview • Security Frameworks • A Brief History • SELinux Inspired… – Security Enhanced BSD – Security Enhanced Darwin Vance_20060301_02 Security Frameworks • Traditional UNIX security isn’t enough – OS hardening – Mandatory protection – Flexible, manageable, scalable protection • Support required in the operating system for new security services – Costs of locally maintaining security extensions are high – Framework offers extensibility so that policies may be enhanced without changing the base operating system • There does not appear to be one perfect security model or policy – Sites may have different security/performance trade-offs – Sites may have special local requirements – Vendors unlikely to adopt a single policy • Bottom Line: Frameworks for Linux, FreeBSD, Darwin Vance_20060301_03 How We Got Here… Vance_20060301_04 Focus and Reuse • Don’t “reinvent” security – Learn from the past – The research is often decades old – A good design is durable, doesn’t require constant change – FLASK hasn’t changed much recently, what’s that mean? • Leverage existing technology, focus on “new” issues – Focus on improving operating system security – Spend the time to get Frameworks correct – Work with vendor for acceptance – Develop rule sets that work – Develop effective tools to manage policy • Do innovate – Don’t stop thinking! – Don’t squash new ideas – Re-factor old ideas Vance_20060301_05
    [Show full text]
  • Phaser 600 Color Printer User Manual
    WELCOME! This is the home page of the Phaser 600 Color Printer User Manual. See Tips on using this guide, or go immediately to the Contents. Phaser® 600 Wide-Format Color Printer Tips on using this guide ■ Use the navigation buttons in Acrobat Reader to move through the document: 1 23 4 5 6 1 and 4 are the First Page and Last Page buttons. These buttons move to the first or last page of a document. 2 and 3 are the Previous Page and Next Page buttons. These buttons move the document backward or forward one page at a time. 5 and 6 are the Go Back and Go Forward buttons. These buttons let you retrace your steps through a document, moving to each page or view in the order visited. ■ For best results, use the Adobe Acrobat Reader version 2.1 to read this guide. Version 2.1 of the Acrobat Reader is supplied on your printer’s CD-ROM. ■ Click on the page numbers in the Contents on the following pages to open the topics you want to read. ■ You can click on the page numbers following keywords in the Index to open topics of interest. ■ You can also use the Bookmarks provided by the Acrobat Reader to navigate through this guide. If the Bookmarks are not already displayed at the left of the window, select Bookmarks and Page from the View menu. ■ If you have difficultly reading any small type or seeing the details in any of the illustrations, you can use the Acrobat Reader’s Magnification feature.
    [Show full text]
  • Operating System Structure
    Operating System Structure Joey Echeverria [email protected] modified by: Matthew Brewer [email protected] Nov 15, 2006 Carnegie Mellon University: 15-410 Fall 2006 Overview • Motivations • Kernel Structures – Monolithic Kernels ∗ Kernel Extensions – Open Systems – Microkernels – Exokernels – More Microkernels • Final Thoughts Carnegie Mellon University: 15-410 Fall 2006 1 Motivations • Operating systems have a hard job. • Operating systems are: – Hardware Multiplexers – Abstraction layers – Protection boundaries – Complicated Carnegie Mellon University: 15-410 Fall 2006 2 Motivations • Hardware Multiplexer – Each process sees a “computer” as if it were alone – Requires allocation and multiplexing of: ∗ Memory ∗ Disk ∗ CPU ∗ IO in general (network, graphics, keyboard etc.) • If OS is multiplexing it must also allocate – Priorities, Classes? - HARD problems!!! Carnegie Mellon University: 15-410 Fall 2006 3 Motivations • Abstraction Layer – Presents “simple”, “uniform” interface to hardware – Applications see a well defined interface (system calls) ∗ Block Device (hard drive, flash card, network mount, USB drive) ∗ CD drive (SCSI, IDE) ∗ tty (teletype, serial terminal, virtual terminal) ∗ filesystem (ext2-4, reiserfs, UFS, FFS, NFS, AFS, JFFS2, CRAMFS) ∗ network stack (TCP/IP abstraction) Carnegie Mellon University: 15-410 Fall 2006 4 Motivations • Protection Boundaries – Protect processes from each other – Protect crucial services (like the kernel) from process – Note: Everyone trusts the kernel • Complicated – See Project 3 :) – Full
    [Show full text]
  • Access Control for the SPIN Extensible Operating System
    Access Control for the SPIN Extensible Operating System Robert Grimm Brian N. Bershad Dept. of Computer Science and Engineering University of Washington Seattle, WA 98195, U.S.A. Extensible systems, such as SPIN or Java, raise new se- on extensions and threads, are enforced at link time (when curity concerns. In these systems, code can be added to a an extension wants to link against other extensions) and at running system in almost arbitrary fashion, and it can inter- call time (when a thread wants to call an extension). Ac- act through low latency (but type safe) interfaces with other cess restrictions on objects are enforced by the extension code. Consequently, it is necessary to devise and apply that provides an object’s abstraction (if an extension is not security mechanisms that allow the expression of policies trusted to enforce access control on its objects but is ex- controlling an extension’s access to other extensions and its pected to do so, DTE can be used to prevent other exten- ability to extend, or override, the behavior of already exist- sions from linking against the untrusted extension). ing services. In the SPIN operating system [3, 4] built at the Due to the fine grained composition of extensions in University of Washington, we are experimenting with a ver- SPIN, it is important to minimize the performance overhead sion of domain and type enforcement (DTE) [1, 2] that has of call time access control. We are therefore exploring opti- been extended to address the security concerns of extensible mization that make it possible to avoid some dynamic ac- systems.
    [Show full text]
  • RISC-V Geneology
    RISC-V Geneology Tony Chen David A. Patterson Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2016-6 http://www.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016-6.html January 24, 2016 Copyright © 2016, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Introduction RISC-V is an open instruction set designed along RISC principles developed originally at UC Berkeley1 and is now set to become an open industry standard under the governance of the RISC-V Foundation (www.riscv.org). Since the instruction set architecture (ISA) is unrestricted, organizations can share implementations as well as open source compilers and operating systems. Designed for use in custom systems on a chip, RISC-V consists of a base set of instructions called RV32I along with optional extensions for multiply and divide (RV32M), atomic operations (RV32A), single-precision floating point (RV32F), and double-precision floating point (RV32D). The base and these four extensions are collectively called RV32G. This report discusses the historical precedents of RV32G. We look at 18 prior instruction set architectures, chosen primarily from earlier UC Berkeley RISC architectures and major proprietary RISC instruction sets. Among the 122 instructions in RV32G: ● 6 instructions do not have precedents among the selected instruction sets, ● 98 instructions of the 116 with precedents appear in at least three different instruction sets.
    [Show full text]
  • Chapter 2 Operating System Structures
    Operating Systems Associate Prof. Yongkun Li 中科大-计算机学院 副教授 http://staff.ustc.edu.cn/~ykli Chapter 2 Operating System Structures 1 Objectives • Operating System Services – User Operating System Interface – System Calls • Operating System Structure • Operating System Design and Implementation • MISC: Debugging, Generation & System Boot 2 Operating System Services Services Overview, User Interface 3 Operating System Services • Operating systems provide – an environment for execution of programs and – services to programs and users • Services may differ from one OS to another • What are the common classes? – Convenience of the user – Efficiency of the system 4 Overview of Operating System Services 5 OS Services for Helping Users • User interface - Almost all operating systems have a user interface (UI). – Three forms • Command-Line (CLI) – Shell command • Batch – Shell script • Graphics User Interface (GUI) – Windows system 6 OS Services for Helping Users • Program execution – Load a program into memory – Run the program – End execution • either normally or • abnormally (indicating error) 7 OS Services for Helping Users • I/O operations - A running program may require I/O, which may involve a file or an I/O device – Common I/Os: read, write, etc. – Special functions: recording CD/DVD • Notes: Users usually cannot control I/O devices directly, so OS provides a mean to do I/O – Mainly for efficiency and protection 8 OS Services for Helping Users • File-system manipulation - The file system is of particular interest – OS provides a variety of file systems • Major services – read and write files and directories – create and delete files and directories – search for a given file – list file Information – permission management: allow/deny access 9 OS Services for Helping Users • Communications: information exchange between processes – Processes on the same computer – Processes between computers over a network • Implementations – Shared memory • Two or more processes read/write to a shared section of mem.
    [Show full text]