JX - A flexible Java Operating System

dent sch ps and in ent code en ed ea de ar sh p u h p p Heap Heap a e li t e s r Domain A Domain B n n in d g n Global Heap n e a statics statics g in traditional d r d Heap of Domain A t Threads Threads JVM e n n Components Components JX Heap of Domain B local local e scheduler scheduler t Domain A Domain B

p

Heap of Domain C G

e

C

d Each domain has its own heap that is completely

n independent from the heaps of other domains. This is i in contrast to namespace-based domains of Shared Components global traditional Java systems and allows independent Immutable state can be shared between domains. scheduler garbage collection runs, domain-specific This includes compiled code and string Threads of one domain can be scheduled garbage collection implementations, and constants. Mutable state, such as static independently of other domains. It is domain termination with immediate variables, is created per domain which possible to use domain-specific resource reclamation. makes code sharing completely schedulers that are written transparent. in Java.

Domain Domain

Portal Service vice Heap Heap configu de d Domain le ra t ri b Configuration examples us ve i tio Heap x b Components Threads n rs le FS FS FS o DRAM Components Threads Components Threads f NFSd NFSd r VFS VFS RPC FS RPC Memory ext2FS ext2FS virtual JVM virtual JVM virtual JVM UDP Memor y Heap Buffer Buffer AtomicV ariab le NFS Daemon UDP Threads IRQ-Thread DeviceMemor y DomainZero Heap UDP BlockIO conservative domain UDP FileSystem Device Driver Domain Java-level BlockIO collector r management Memory BlockIO

o scheduler Registers, t c UDP UDP e On-device r l BlockIO l e

copying l memory o preemptive u c portal Domain

garbage d

e round-robin IP IP invocation e Manager g IDE IDE collector h a

c scheduler b s r

JX mark&swep a Ether BlockProvider Ether g memory non-preemptive Naming garbage management round-robin All device drivers are written in Java and benefit from µKernel collector scheduler NIC NIC component the robustness that is provided by type safety. garbage collector low-level Network monolitic NFS Server management support framework CPU management Robustness is further supported by special The protection domain structure is independent portal interfaces that allow drivers to access monitoring of the component structure. Components device registers and interrupt handler Runtime System DomainZero Portals can be placed into the same or in threads to synchronize with other separate domains without threads. changing them.

Hardware

nd con perform servic y a tai d an tic e c it n o IOZONE benchmark: JX vs. Linux c r r Heap m o e a e % a u e g record size in KBytes: m(1) Service 100 4 8 16 32 64 128 256 512 Object t c Components Threads t n n 90 o i Security e t Domain A Domain B o c

e r t e 80 p n s check u n

i 70

t

u 60 a (2) Service p h

g 50 Heap Heap u o Domain A Domain B r 40 h t

transfer portal d 30 e

Components Threads Components Threads v Por tal e i 20 Service

Domain A Domain B h (3) c 10 a 0 Domain A Domain B Domains are isolated and can communicate only via 4 8 16 32 64 128 256 512 dedicated channels: the portal objects. The JX filesize in KBytes The performance of JX compares well with a A service is automatically created when a service security system can control the propagation of all object is passed to another domain. This includes portals as well as their use. The security system traditional UNIX system, such as Linux. Our ext2- compatible file system, which is completely the creation of a new service thread or the that contains the security policy is separated addition of the service to an existing from the domains and can be written in Java, achieves a throughput of 50 to 100 percent of Linux in the thread pool. The other domain exchanged without changing the receives a portal to the application domains. IOZONE re-read benchmark. service.

ctio ment rote n a ge of ediate re p nd na m m so t Domain A e m h s a m i u c m r g Memor y h before after c i a DRAM o it e e l c termination termination a i r t Heap Memory y w Invalid r w b e a Por tal Por tal - Service t a n Heap Heap i Memory c l Reference Domain A Heap Domain A m r h i Counts o

Memor y Invalid l

i t e

Domain C a

t y o

g Por tal Por tal

i

t m

a Heap Heap l

Heap a Domain B u Domain B s

n

Domain B a i

A protection domain is a complete Java execution a

JX provides a special abstraction – memory portals t

environment but has a very low memory footprint. i m

Except device driver domains all domains o

– to cope with large memory or special memory

Creating 1000 domains that concurrently print r can be terminated immediately and n

“Hello World!” in a loop requires about 35 areas, such as memory-mapped device e t their resources can be released MBytes, creating 1000 domains that registers. Memory portals can be completely. concurrently serve 1000 TCP shared between domains and are m a e connection needs 105 garbage-collected. -T X

J MBytes. 2 0 0 2 ©

University of Erlangen-Nuremberg Department of Computer Science Michael Golm • Meik Felser • Christian Wawersich • Jürgen Kleinöder