The exokernel operating system architecture

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999.Includes bibliographical references (p. 115-120).This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.On traditional operating systems only trusted software such as privileged servers or the kernel can manage resources. This thesis proposes a new approach, the exokernel architecture, which makes resource management unprivileged but safe by separating management from protection: an exokernel protects resources, while untrusted application-level software manages them. As a result, in an exokernel system, untrusted software (e.g., library operating systems) can implement abstractions such as virtual memory, file systems, and networking. Themain thrusts of this thesis are: (1) how to build an exokernel system; (2) whether it is possible to build a real one; and (3) whether doing so is a good idea. Our results, drawn from two exokernel systems [25, 48], show that the approach yields dramatic benefits. For example, Xok, an exokernel, runs a web server an order of magnitude faster than the closest equivalent on the same hardware, common unaltered Unix applications up to three times faster, and improves global system performance up to a factor of five. The thesis also discusses some of the new techniques we have used to remove the overhead of protection. Themost unusual technique, untrusted deterministic functions, enables an exokernel to verify that applications correctly track the resources they own, eliminating the need for it to do so. Additionally, the thesis reflects on the subtle issues in using downloaded code for extensibility and the sometimes painful lessons learned in building three exokernel-based systems.by Dawson R. Engler.Ph.D

Trusted Collaborative Real Time Scheduling in a Smart Card Exokernel

This paper presents the work we have conducted concerning real time scheduling in Camille, an exokernel dedicated to smart cards. We show that it is possible to embedded a flexible real-time operating system despite the important hardware limitations of the smart card platform. We present the major difficulties one has to face when integrating real time support in an exokernel embedded on a very resource-limited platform. We first present a naive solution consisting in allocating an equal time slice to every system extensions and letting each one share it as needed amongst its tasks. We show that this solution does not account for loading of new extensions in the system, and that it can fail if some extensions have much more work to carry out than the others. We then present a more complex solution based upon collaborative schedulers grouped as virtual extensions. We show that this solution supports dynamic loading of new extensions and works even for very unbalanced task repartitions. We finally address the issue of trust between the collaborating extensions and we propose a solution based on exhaustive testing and formal proving of the plan functions

Flexible Bindings for Type-Safe Embedded Operating Systems.

This paper presents the binding model implemented in Camille, an extensible operating system for resource-limited devices. Modern embedded systems need on the first hand to fully exploit the limited hardware on which they run and on the other hand to dynamically adapt themselves to changes in their runtime environment. Camille is an exokernel which support static customization of components and dynamic loading of system extensions. Dynamic kernel and application adaptation is implemented by an inter-component communication model. This model is based on flexible bindings which permit to fully customize the way components interact with each others. Bindings can be static, virtual or compiled to guarantee performances of inter-component communications. This paper shows that it is possible to build a flexible operating system without sacrificing runtime performances, even for devices as constrained as smart cards. We first present the architecture of the Camille exokernel and the intermediate language Facade into which applications and system components are translated to ease type verification. We then describe the component model implemented in Camille and the inter-component communication scheme based on embedded binding factories. We then details the binding generation process and the various verifications which can be enforced when implementing bindings. We present some experimental results we have obtained when monitoring the performances of our native code generator. Finally, we conclude and discuss the future work we plan to conduct concerning extraction of selected properties from generated code

Extensions Temps-Réel pour Exo-Noyau Embarqué

Les cartes à puces sont des petits objets portables axés principalement sur la sécurité ($10^9$ unités vendues principalement en Asie et en Europe). Afin de permettre aux logiciels encartés de supporter plus de services, les systèmes d'exploitation pour cartes ont évolué d'une plateforme d'exécution monolithique dédiée vers des architectures systèmes plus ouvertes qui supportent le chargement dynamique de code. Cet article présente les problèmes temps-réel du système d'exploitation pour carte Camille, qui présente les caractéristiques suivantes : chargement dynamique de code, vérification de type embarquée, compilation à la volée, et chargement dynamique de composants systèmes. D'une manière plus générale, il traite des difficultés à accorder les extensions temps-réel avec les principes des exo-noyaux

Flexible and efficient sharing of protected abstractions

Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.Includes bibliographical references (p. 73-76).by George M. Candea.S.B.and M.Eng

Multiprocessing with the exokernel operating system

Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000.Includes bibliographical references (p. 57-59).by Benjie Chen.S.B.and M.Eng

Doctor of Philosophy

dissertationWith the explosion of chip transistor counts, the semiconductor industry has struggled with ways to continue scaling computing performance in line with historical trends. In recent years, the de facto solution to utilize excess transistors has been to increase the size of the on-chip data cache, allowing fast access to an increased portion of main memory. These large caches allowed the continued scaling of single thread performance, which had not yet reached the limit of instruction level parallelism (ILP). As we approach the potential limits of parallelism within a single threaded application, new approaches such as chip multiprocessors (CMP) have become popular for scaling performance utilizing thread level parallelism (TLP). This dissertation identifies the operating system as a ubiquitous area where single threaded performance and multithreaded performance have often been ignored by computer architects. We propose that novel hardware and OS co-design has the potential to significantly improve current chip multiprocessor designs, enabling increased performance and improved power efficiency. We show that the operating system contributes a nontrivial overhead to even the most computationally intense workloads and that this OS contribution grows to a significant fraction of total instructions when executing several common applications found in the datacenter. We demonstrate that architectural improvements have had little to no effect on the performance of the OS over the last 15 years, leaving ample room for improvements. We specifically consider three potential solutions to improve OS execution on modern processors. First, we consider the potential of a separate operating system processor (OSP) operating concurrently with general purpose processors (GPP) in a chip multiprocessor organization, with several specialized structures acting as efficient conduits between these processors. Second, we consider the potential of segregating existing caching structures to decrease cache interference between the OS and application. Third, we propose that there are components within the OS itself that should be refactored to be both multithreaded and cache topology aware, which in turn, improves the performance and scalability of many-threaded applications

Exodisk--maximizing application control over storage management

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1996.Includes bibliographical references (leaves 67-72).by Robert Grimm.M.Eng

Optimisations de compilateur optimistes pour les systèmes réseaux

Cette thèse présente un ensemble de techniques qui permettent l’optimisation des performances des sysèmes réseaux modernes. Ces techniques reposent sur l’analyse et la transformation des programmes impliqués dans la mise en ´oeuvre des protocoles réseaux. La première de ces techniques fait appel à la spécialisation de programmes pour optimiser des piles de protocoles r´eseaux. La deuxième, que nous avons nomm´ee sp´ecialisation distante, permet à des systèmes embarqu´es limit´es en ressources de b´en´eficier de la sp´ecialisation de programmes en d´eportant à travers le r´eseau les op´erations de sp´ecialisation à une machine distante moins limit´ee. La troisième propose un nouvel allocateur de m´emoire qui optimise l’utilisation des caches mat´eriels faite par un serveur r´eseau. Enfin, la quatrième technique utilise l’analyse de programmes statiques pour int´egrer l’allocateur propos´e dans un serveur réseau existant. On appelle ces techniques optimisations compilateur parce qu’elles opèrent sur le flot des donn´ees et du controle dans des programmes en les transformant pour qu’ils fonctionnent plus efficacement.This dissertation describes techniques that can optimize the performance of modernday network systems. They are applied through the analysis and transformation of programs that implement network protocols. The first of these techniques involves the use of Program Specialization, a well-established code-optimization approach, to optimize network protocol stacks. The second, Remote Specialization makes specialization amenable to resource-limited embedded systems by deferring it over the network to a more capable system. The third technique revolves around a novel memory manager introduced in this thesis and optimizes a network server’s use of the underlying hardware caches. Finally, the fourth technique uses static analysis to integrate the proposed memory manager with an existing network server. All four techniques are implemented in a set of tools that can be used to automatically optimize network applications, and are referred to as compiler optimizations as they are based on program analysis and transformation