Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Application Performance and Flexibility on Exokernel Systems Kaashoek, Engler, Ganger, Briceno, Hunt, Mazieres, Pinckney, Grimm, Jannotti, Mackenzie.

Published byElinor McKenzie Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Application Performance and Flexibility on Exokernel Systems Kaashoek, Engler, Ganger, Briceno, Hunt, Mazieres, Pinckney, Grimm, Jannotti, Mackenzie."— Presentation transcript:

1 1 Application Performance and Flexibility on Exokernel Systems Kaashoek, Engler, Ganger, Briceno, Hunt, Mazieres, Pinckney, Grimm, Jannotti, Mackenzie CS5204 – Operating Systems Christopher J. Goddard 11-02-2005

2 2 Introduction ■ Traditional Operating Systems Rely on kernel and privileged servers to manage system resources ■ Unprivileged applications required to use interfaces of privileged software Applications cannot do what they want May run slowly Or, cannot be implemented at all

3 3 Issues ■ An “interface for all” Must consider possible needs and all ways it could be used Must consider trade-offs ■ Authors' Position This sort of anticipation is: Prone to mistakes Restrictive Infeasible

4 4 Proposed Solution ■ Separate protection from management Kernel protects resources Applications manage their own resources End-to-end argument ■ Example: Application manages its disk-block cache and kernel allows cached pages to be shared securely between applications ■ Result: Exokernel approach

5 5 Abstractions ■ Of course, not all applications need (or want) to their own customized resource management scheme ■ Need for traditional abstractions (shells, file utilities, other UNIX abstractions) ■ Library operating systems (libOSes) provide these abstractions In this way the application need not communicate with exokernel directly

6 6 Exokernel + libOSes Image from SOSP '95 Exokernel Talk (http://pdos.csail.mit.edu/~engler/exo-sosp-talk.ps)

7 7 Justification ■ Step by step integration of new OS features ■ New functionality can be distributed with applications ■ Any skilled programmer can create a standalone libOS without having to modify rest of system ■ There are many more application authors than there are operating system developers (weak)

8 8 Exokernel ■ Goal of exokernel: to give applications more control ■ Challenge: To provide extensibility to applications, allowing them to exploit performance Also, to provide a base for a general purpose (well rounded) system Ideal: Operating systems built on top of exokernel perform just as well as, or better than, current operating systems

9 9 Exokernel Principles ■ Separate protection from management Exokernel is only allowed management necessary for protection ■ Expose Allocation Applications allocate resources explicitly ■ Expose Names Use physical names whenever possible Capture useful information

10 10 Principles Continued ■ Expose Revocation Revocation policies exposed to applications Allowed to decide which resource instance to give up Each application has control over its physical resources ■ Expose Information All system information is exposed to applications Examples: Application knows number of hardware network buffers Application knows which pages cache file blocks

11 11 Protected Abstractions ■ Kernel protection of high level abstractions Files = metadata, disk blocks, buffer cache pages Want access control on high level (permissions) But exokernels allow access to low level resources ■ Main challenge in designing exokernels Discover kernel interfaces that provide high level access control Do not require a specific implementation Do not limit application control over low level resources

12 12 Protected Sharing ■ Advantages of library implementations: Can trust applications that are using them Need not protect against malicious use ■ Disadvantages: Cannot trust other libOSes that have access to a particular resource Guarantees regarding invariants must take into consideration other processes that have access to the resource What level of trust should the libOS place on other processes?

13 13 Three Levels of Trust ■ Mutual Trust Common case Example: UNIX programs run by the same user trust each other Similarly, when two exokernel processes can write each others' memory, libOSes can trust each other ■ Unidirectional Trust Two processes share resources – one trusts the other but trust is not mutual Example: Network Servers – Privileged process accepts connection, forks, performs as user

14 14 Trust Levels Continued ■ Mutual Distrust Two processes share high level abstractions but distrust each other Example: Two unrelated processes communicate over UNIX socket but neither has trust libOSes must reasonably and defensively interpret all actions of the other process Example: Socket write larger than buffer interpreted as end of file Mutual distrust is infrequent

15 15 Stable Storage ■ Exokernel must multiplex disks across multiple library file systems (libFSes) which are contained within each libOS ■ libFSes can define new file types with different metadata characteristics ■ Exokernel must give libFSes control over hardware while still protecting files from unauthorized access

16 16 Stable Storage Continued ■ Exokernel has a difficult job Must multiplex disk but cannot rely on simple techniques to do so ■ Exokernel must follow four requirements: New file formats should be simple/lightweight libFSes should be able to share files at raw disk block and metadata level Storage must be efficient (close to raw hardware performance) Cache sharing between libFSes

17 17 XN: A Stable Storage System ■ Stable storage is difficult to implement XN is the authors' fourth design ■ XN's main purpose: Efficiently determine access rights of a principal to a disk block Prevent a user from claiming another user's disk blocks as part of their own files ■ Conventional OS: Easy – knows metadata format ■ Exokernel: Hard – application defined metadata

18 18 Solution: UDFs ■ XN uses untrusted deterministic functions (UDFs) These are specific to each file type and translate metadata Used to translate metadata into a simple form for the kernel to use UDFs can be installed by a developer to define new metadata formats ■ UDFs enable the kernel to handle metadata formatting without actually having to understand the format itself

19 19 C-FFS: A Library File System ■ The co-locating fast file system (C-FFS) is a UNIX- like libFS ■ Access Control Provides UNIX style access control (uids, gids, etc.) ■ Well Formed Updates Supplies UNIX specific file semantics (legal filenames) ■ Atomicity Performs locking (ensures that data is recoverable) ■ Implicit Updates Certain state transitions imply actions (mod times)

20 20 ExOS: A Library Operating System ■ ExOS: A libOS that provides many 4.4BSD abstractions Runs many unmodified UNIX applications Most shells, file utilities (grep, ls, etc.), and network programs (telnetd, ftp, etc.) Missing functionality Full paging, process groups, windowing system Authors note that there is no reason why these cannot be implemented; they just did not have time to implement or port them

21 21 ExOS Goals ■ Goals Simplicity Flexibility ■ Entirely library based, so applications can override any feature ■ Any functionality of ExOS can be replaced by application-specific code

22 22 Performance Enhancements ■ Cheetah HTTP Server ■ Merged File Cache and Retransmission Pool Uses precomputed file checksums which are stored in each file No in memory data touching by CPU Transmission/retransmission(s) directly from file cache ■ HTML-based File Grouping HTML document and associated files co-located on disk

23 23 Cheetah Performance Image from Application Performance and Flexibility on Exokernel Systems

24 24 Lessons ■ Libraries are simpler than kernels Over many iterations, “edit, compile, debug” much faster than the “edit, compile, reboot, debug” associated with traditional kernels Libraries easier to debug due to isolation from rest of system ■ But... exokernel interface not easy to design Exokernel must export low level interfaces but also offer protection Several iterations required to develop a substantial interface

25 25 Conclusion Exokernel is a radical change in traditional kernel design Using libraries to implement file systems and operating systems gives applications more power Applications can take advantage of performance Good foundation for a multipurpose operating system Libraries themselves not always so easy to implement “Large implementor base” is questionable

26 26 Discussion Questions or comments?

27 27

28 28 A Note on Virtual Machines ■ Virtual machine monitor Privileged Isolates less privileged applications in emulated copies of hardware ■ However, emulation hides information ■ VMMs confine processes to virtual machines, whereas exokernels give applications access to libOSes without compromising a single view of the machine

29 29 More on UDFs ■ Each UDF is stored (on disk) as a template which corresponds to a metadata format Example: A UNIX file system would have templates for data blocks, inodes, indirect blocks, etc. A template cannot be changed after it is specified ■ Each template contains at least one non- deterministic function (owns-udf) ■ Functions are written in a pseudo-RISC assembly language (checked by kernel for determinacy)

30 30 More on UDFs ■ So, interpreted UDFs allow libFSes to track access rights ■ XN does not need to understand ■ XN just verifies that block ownership is tracked correctly

31 31 C-FFS: A Library File System ■ The co-locating fast file system (C-FFS) is a UNIX- like libFS ■ Since XN just provides basic file system integrity guarantees, more specific invariants may be needed Example: UNIX file systems guarantee uniqueness of filenames within a directory ■ Provides four additions to XN's protection policies

32 32 Xok: An Exokernel ■ Exokernel: Xok ■ Multiplexes physical resources ■ Virtual memory abstractions at application level Exposes hardware capabilities Exposes kernel data structures Low level interface allows for paging at the application level Paging can be done from disk or over the network Allows for page transformations – compression, digital signatures and verification, or encryption

33 33 More on Xok ■ Issue: Process might want to sleep until a certain condition is true Difficult with exokernels since applications handle most of the OS functionality ■ Solution: Wakeup predicates Wakeup predicates are injected into kernel by application Boolean expressions used by application to wake when state of system changes

34 34 Wakeup Predicates ■ Simple, yet powerful Due to application control ■ Example: To wait for a disk block to finish being paged in, an application can use a wakeup predicate to wait for the block's state to change from “in transit” to “resident” ■ Example: Webserver

Download ppt "1 Application Performance and Flexibility on Exokernel Systems Kaashoek, Engler, Ganger, Briceno, Hunt, Mazieres, Pinckney, Grimm, Jannotti, Mackenzie."

Similar presentations

Interactive lesson about operating system

Interactive lesson about operating system
Northwestern University 2007 Winter – EECS 443 Advanced Operating Systems Exokernel: An Operating System Architecture for Application-Level Resource Management.

Northwestern University 2007 Winter – EECS 443 Advanced Operating Systems Exokernel: An Operating System Architecture for Application-Level Resource Management.
Operating System Structures

Operating System Structures
CS 443 Advanced OS David R. Choffnes, Spring 2005 Application Performance and Flexibility on Exokernel Systems M. F. Kaashoek, D.R. Engler, G.R. Ganger,H.M.

CS 443 Advanced OS David R. Choffnes, Spring 2005 Application Performance and Flexibility on Exokernel Systems M. F. Kaashoek, D.R. Engler, G.R. Ganger,H.M.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
PlanetLab Operating System support* *a work in progress.

PlanetLab Operating System support* *a work in progress.
Introduction CSCI 444/544 Operating Systems Fall 2008.

Introduction CSCI 444/544 Operating Systems Fall 2008.
End-to-End Arguments in System Design J.H. Saltzer, D.P. Reed and D.D Clark M.I.T. Laboratory for Computer Science Presented by Jimmy Pierce.

End-to-End Arguments in System Design J.H. Saltzer, D.P. Reed and D.D Clark M.I.T. Laboratory for Computer Science Presented by Jimmy Pierce.
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.

Slide 1 Client / Server Paradigm. Slide 2 Outline: Client / Server Paradigm Client / Server Model of Interaction Server Design Issues C/ S Points of Interaction.
G22.3250-001 Robert Grimm New York University Extensibility: SPIN and exokernels.

G Robert Grimm New York University Extensibility: SPIN and exokernels.
Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr.

Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr.
G22.3250-001 Robert Grimm New York University Extensibility: SPIN and exokernels.

G Robert Grimm New York University Extensibility: SPIN and exokernels.
Extensibility, Safety and Performance in the SPIN Operating System Dave Camarillo.

Extensibility, Safety and Performance in the SPIN Operating System Dave Camarillo.
Microkernels: Mach and L4

Microkernels: Mach and L4
Common System Components

Common System Components
Dawson Engler, Frans Kaashoek, James O’Toole

Dawson Engler, Frans Kaashoek, James O’Toole
OPERATING SYSTEMS Introduction

OPERATING SYSTEMS Introduction
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.

Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
Extensible Kernels Mingsheng Hong. OS Kernel Types Monolithic Kernels Microkernels – Flexible (?) – Module Design – Reliable – Secure Extensible Kernels.

Extensible Kernels Mingsheng Hong. OS Kernel Types Monolithic Kernels Microkernels – Flexible (?) – Module Design – Reliable – Secure Extensible Kernels.

Similar presentations

Ads by Google