Extensibility, Safety and Performance in the SPIN Operating System - - PowerPoint PPT Presentation

▶

May 10, 2023 279 likes •489 views

Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski, David Becker,

SLIDE 1

Extensibility, Safety and Performance in the SPIN Operating System

Department of Computer Science and Engineering, University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski, David Becker, Craig Chambers, Susan Eggers Presented By James Whiteneck

SLIDE 2

Outline

 Overview  Related Work  Motivation  Goals  SPIN

Architecture (Domains and Extensions)
Core Services (Memory and Thread

Management)

Performance

 Conclusion

SLIDE 3

Overview

 SPIN is an extensible OS that allows

applications to alter the OS

 Executed in kernels virtual address space  Extensions are written in a type safe

language

 Dynamically linked into existing OS kernel  Provides ability to alter core services

SLIDE 4

Related Work

 Hydra

Allows applications to manage resources

through kernel (high overhead)

 Microkernels

Extendible (high overhead)

 RPCs

L3 (high overhead, 100x as much as PC)

 Software-Based Fault Isolation

Not application specific

SLIDE 5

Motivation

 Operating Systems are complex

Not easy to change

 Want: System that can be dynamically

changed to suit specific applications

Safe, easy to use, good performance

Image taken from Language Support for Extensible Operating Systems talk. Link: http://www-spin.cs.washington.edu/papers/talks/wcs96.ps

SLIDE 6

Operating System Structures

User Level Kernel Hardware Monolithic User Level Microkernel Hardware Microkernel OS Extensible User Level Kernel Hardware OS

SLIDE 7

SPIN

Image taken from Language Support for Extensible Operating Systems talk. Link: http://www-spin.cs.washington.edu/papers/talks/wcs96.ps

SLIDE 8

Goals

 Co-location: extensions are linked directly

into kernel

Reduces cost of sharing data

 Enforced modularity: Compiler enforced

boundaries

 Protection domains: kernel interfaces

Isolate failures and provide cheap context

switches

Safely exposing kernel interfaces

 Dynamic Call Binding:

Events trigger extensions

 Page faults, threads

SLIDE 9

SPIN - Architecture

 Software to safely combine system and

application code

 Implemented in Modula-3

Safety

 Defined in two models

Protections

 Controls access to resources through capabilities

Extensions

 Defined in terms of events and handlers

SLIDE 10

Protection Domains

 Capabilities: is a reference (pointer) to a

system object, interface, or collection of interfaces

Protection provided by compiler
Can’t be changed

 Protection is at the language level, not in

virtual memory

SLIDE 11

Extensions

 Extension model provides controlled

communication between extensions (events and event handlers) and system

 Event

Message that announces a change in system

state or requests a service

 Event handler

Procedure that receives messages from events

 Events sent through central dispatcher

SLIDE 12

SPIN – Core Services

 Memory Management

Three service interfaces

 Physical Address

 Physical page allocation and use

 Virtual Address

 Capability allocation

 Translation

 Mappings between physical and virtual addresses

SLIDE 13

SPIN – Core Services

 Thread Management

Strands

 Similar to threads  No state in kernel

Set of events and event handlers
Interfaces provide scheduling, concurrency,

synchronization

 Application specific

SLIDE 14

SPIN – Core Services

 Trust

SPIN trusts core services

 Required to mediate access to resources, applications, and extensions

Extension failures only affect their own

extension

SLIDE 15

SPIN - Performance

 OS Model Comparisons

SPIN v0.4
DEC OSF/1 v2.1 (monolithic)
MACH v3.0 (microkernel)

 Compared

System Size
Microbenchmarks
Networking
End-to-end Performance

SLIDE 16

Performance - Microbenchmarks

Operation DEC OSF/1 Mach SPIN Protected in-kernel call n/a n/a 0.13 System call 5 7 4 Cross-address space call 845 104 89

20 40 60 80 100 120

Protected in-kernel call System call Cross-address space call

Microseconds Operation

Protected Communication

DEC OSF/1 Mach SPIN

 845, way off the page

SLIDE 17

Performance - Microbenchmarks

Operation DEC OSF/1 Mach SPIN kernel user kernel user kernel layered integrated Fork-Join 198 1230 101 338 22 262 111 Ping-Pong 21 264 71 115 17 159 85

50 100 150 200 250 300 350 400 kernel user kernel user kernel layered integrated DEC OSF/1 Mach SPIN

Microseconds OS - Operation

Thread Management

Fork-Join Ping-Pong

 1230, also way off the page

SLIDE 18

Performance - Microbenchmarks

329 260 45 1041 1016 382 351 415 185 106 1792 302 819 608 2 29 7 16 213 214 39 29 200 400 600 800 1000 1200 1400 1600 1800 2000 Dirty Fault Trap Prot1 Prot100 Unprot100 Appel1 Appel2

Microseconds Operation

Virtual Memory

DEC OSF/1 Mach SPIN

SLIDE 19

Other T ests

 Networking

Measured round trip latency and bandwidth
SPIN application code executes at kernel level

 Low latency access to both device and data

 End-to-end

Measured number of clients serviced by a

networked video server

 SPIN allowed same number of clients for less CPU

Extensibility, Safety and Performance in the SPIN Operating System

Outline

 Overview  Related Work  Motivation  Goals  SPIN

Management)

 Conclusion

Overview

 SPIN is an extensible OS that allows

applications to alter the OS

 Executed in kernels virtual address space  Extensions are written in a type safe

language

 Dynamically linked into existing OS kernel  Provides ability to alter core services

Related Work

 Hydra

through kernel (high overhead)

 Microkernels

 RPCs

 Software-Based Fault Isolation

Motivation

 Operating Systems are complex

 Want: System that can be dynamically

changed to suit specific applications

Operating System Structures

SPIN

Goals

 Co-location: extensions are linked directly

into kernel

 Enforced modularity: Compiler enforced

boundaries

 Protection domains: kernel interfaces

switches

 Dynamic Call Binding:

 Page faults, threads

SPIN - Architecture

 Software to safely combine system and

application code

 Implemented in Modula-3

 Defined in two models

 Controls access to resources through capabilities

 Defined in terms of events and handlers

Protection Domains

 Capabilities: is a reference (pointer) to a

system object, interface, or collection of interfaces

 Protection is at the language level, not in

virtual memory

Extensions

 Extension model provides controlled

communication between extensions (events and event handlers) and system

 Event

state or requests a service

 Event handler

 Events sent through central dispatcher

SPIN – Core Services

 Memory Management

 Physical Address

 Virtual Address

 Translation

SPIN – Core Services

 Thread Management

 Similar to threads  No state in kernel

synchronization

 Application specific

SPIN – Core Services

 Trust

 Required to mediate access to resources, applications, and extensions

extension

SPIN - Performance

 OS Model Comparisons

 Compared

Performance - Microbenchmarks

Performance - Microbenchmarks

Performance - Microbenchmarks

Other T ests

 Networking

 Low latency access to both device and data

 End-to-end

networked video server

 SPIN allowed same number of clients for less CPU

Conclusion

 An extensible OS can achieve good

performance without compromising safety