Presentation is loading. Please wait.

Presentation is loading. Please wait.

G22.3250-001 Robert Grimm New York University Opal.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "G22.3250-001 Robert Grimm New York University Opal."— Presentation transcript:

1 G22.3250-001 Robert Grimm New York University Opal

2 The Three Questions  What is the problem?  What is new or different?  What are the contributions and limitations?

3 Technology Change Provides Opportunity  Technology: 64-bit address space architectures  DEC Alpha, HP PA-RISC, MIPS R4000  Opportunity: Separate addressing and protection  Enhance sharing  Simplify integration  Improve reliability  Approach: Use a single virtual address space  Without special-purpose hardware  Without loss of protection or performance  Without requiring a single type-safe language

4 Other Operating Systems: Private Address Spaces  Advantages  Increase amount of address space for all programs  Provide hard memory protection boundaries  Permit easy cleanup  Disadvantage  Hard to efficiently share, store, or transmit information  Two unattractive work-arounds  Independent processes that use pipes, files, messages  One process

5 Better Cooperation Through Shared Memory  With private address spaces (think Unix mmap)  Requires a-priori application coordination  Shared regions must be known in advance  Can lead to problems  Private pointers in shared regions  With a single address space  Each address has a single meaning, across all protection domains  System (rather than applications) coordinates address bindings

6 Some Notes on Sharing, Trust, and Distribution  Complete encapsulation can be too confining  Trust relationships may be asymmetric (read-only access)  Protection and trust can be orthogonal  Same database program working for different users  System protection should not impose modularity!  Single address space can simplify distribution  No pointer swizzling, marshaling, or translation  But, this only reduces frequency of these conversions

7 Opal Abstractions and Mechanisms

8 Storage and Protection  Unit of storage allocation is a segment  Contiguous extent of virtual pages (typically >> 1)  Unit of execution is a thread  Execution context for a thread is a protection domain  Provides a passive context (instead of an active process)  Restricts access to a particular set of segments  Enforced through page-based hardware mechanisms  Does this sound familiar?  Storage allocation, protection, and reclamation should be coarse-grained  Fine-grained control best provided by languages / runtime

9 Access Control  All kernel resources are named by capabilities  User-level, password-style 256-bit references  How does this compare to Mach or Hydra capabilities?  Name service provides a mapping between symbolic names and capabilities, protected by ACLs  Segments are attached and detached by presenting the corresponding capabilities  Segments can also be attached transparently on address faults  Runtime handler retrieves published capability and performs attach operation

10 Inter-domain Communication  Calls between domains build on portals  Have we seen a similar concept?  Portals are identified by a 64-bit ID  Entry point is at a fixed, global virtual address  Password-capabilities build on portals (and RPC)  Portal ID, object address, randomized check field  Language support makes cross-domain calls transparent  Client capabilities hidden in proxy objects  Server guards contain check field

11 Using Protection Domains  Parents create new domains  Attach arbitrary segments  Execute arbitrary code  Protected calls are the only way to transfer control  Register a portal  Specify a procedure as the entry point  Call through that portal  Rights amplification only possible through privileged server

12 Linking and Executing Code  Linking and execution essentially the same  Resolve symbols to actual addresses on a global level  Shared libraries become trivial; they are the default  Procedure pointers can be passed directly  No possibility of address conflicts  Private static data requires extra mechanism  Linker uses register-relative addressing  Base register addresses assigned dynamically  Based on instance of module

13 Resource Management and Reclamation  Storage management based on reference counting  Builds on assumption of coarse-grained allocation  Does not reflect number of capabilities  Rather, indicates general interest in resource  What to do about buggy or malicious programs?  Hierarchical resource groups  Provide unit of accounting; implicitly associated with each thread  Charges flow up the hierarchy; deletions flow down the hierarchy  Reference objects  Separate accounting between different references  May also imply different access rights

14 Summary  Basic abstractions  Protection domains, segments, portals, resource groups  Applications structured as groups of threads in overlapping protection domains  Resource reclamation based on reference counts  Accounting and bulk delete through resource groups  Address pointers and capabilities are freely shared

15 Summary (cont.)  Protection is decoupled from  Program execution (RPC)  Resource naming (capabilities)  Resource ownership (resource groups)  Virtual storage (segments)  Proxies can make RPC transparent to applications  Runtime facility!

16 Implementation & Evaluation

17 Prototype Implementation  Built on top of Mac 3.0 microkernel  Opal server implements basic abstractions  Segments, protection domains, portals, resource groups  Runtime package provides C++ API to applications  User-level threads, capability-based RPC, proxies, heap management  Linking utilities assign persistent virtual addresses  Co-hosted with Unix server  Simplifies implementation by leveraging Unix file system

18 Mapping Opal onto Mach  Protection domains are Mach tasks  Execution context for threads  Segments are Mach memory objects  Virtual memory region backed by user-mode paging server  Server uses inodes, thus making them accessible through Unix FS  Domains have Mach ports  End-points for receiving messages  One port for each domain multiplexes onto all portals

19 Some Implementation Details  Opal server maps segments to address ranges  But it also contains a mapping from addresses to segments  Why?  Opal server maps domains to Mach port send rights  Runtime caches mappings  Why?  Segments are backed by Unix files  Address management structures of Opal server also in persistent segment  What problem does this raise? How is it solved?

20 Applications and Performance  Boeing might benefit  Humongous aircraft parts database  A tree-indexing program does benefit  Both performance and protection!  Micro-benchmarks dominated by (sucky) Mach performance

21 Issues  How to ensure contiguity of memory?  How to conserve address space?  How to support a Unix-style fork?  How to avoid data copying?

22 Discussion

Download ppt "G22.3250-001 Robert Grimm New York University Opal."

Similar presentations

OS Organization Continued Andy Wang COP 5611 Advanced Operating Systems.

OS Organization Continued Andy Wang COP 5611 Advanced Operating Systems.
Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.

Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.
Chapter 4 Threads, SMP, and Microkernels Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.

Chapter 4 Threads, SMP, and Microkernels Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.

Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,

Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
G22.3250-001 Robert Grimm New York University Extensibility: SPIN and exokernels.

G Robert Grimm New York University Extensibility: SPIN and exokernels.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Virtual Memory Virtual Memory Management in Mach Labels and Event Processes in Asbestos Ingar Arntzen.

Virtual Memory Virtual Memory Management in Mach Labels and Event Processes in Asbestos Ingar Arntzen.
Scheduler Activations Effective Kernel Support for the User-Level Management of Parallelism.

Scheduler Activations Effective Kernel Support for the User-Level Management of Parallelism.
G22.3250-001 Robert Grimm New York University Extensibility: SPIN and exokernels.

G Robert Grimm New York University Extensibility: SPIN and exokernels.
CS 550 Amoeba-A Distributed Operation System by Saie M Mulay.

CS 550 Amoeba-A Distributed Operation System by Saie M Mulay.
Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.

Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Communication in Distributed Systems –Part 2

Communication in Distributed Systems –Part 2
Object Based Operating Systems1 Learning Objectives Object Orientation and its benefits Controversy over object based operating systems Object based operating.

Object Based Operating Systems1 Learning Objectives Object Orientation and its benefits Controversy over object based operating systems Object based operating.

Similar presentations

Ads by Google