the benefits and costs of writing a posix kernel in a
play

The benefits and costs of writing a POSIX kernel in a high-level - PowerPoint PPT Presentation

Oct 17, 2022 •206 likes •788 views

The benefits and costs of writing a POSIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL 1 / 38 Should we use high-level languages to build OS kernels? 2 / 38 HLL Benefits Easier to program

  1. The benefits and costs of writing a POSIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL 1 / 38

  2. Should we use high-level languages to build OS kernels? 2 / 38

  3. HLL Benefits Easier to program Simpler concurrency with GC Prevents classes of kernel bugs 3 / 38

  4. Kernel memory safety matters Inspected Linux kernel execute code CVEs for 2017 40 CVEs due to just memory-safety bugs 4 / 38

  5. Kernel memory safety matters Inspected Linux kernel execute code CVEs for 2017 40 CVEs due to just memory-safety bugs HLL would have prevented code execution 4 / 38

  6. HLL downside: safety costs performance Bounds, cast, nil-pointer checks Reflection Garbage collection 5 / 38

  7. Goal: measure HLL impact Pros: Reduction of bugs Simpler code Cons: HLL safety tax GC CPU and memory overhead GC pause times 6 / 38

  8. Methodology Build new HLL kernel, compare with Linux Isolate HLL impact: Same apps, POSIX interface, and monolithic organization 7 / 38

  9. Previous work Taos (ASPLOS’87) , Spin (SOSP’95) , Singularity (SOSP’07) , Tock (SOSP’17) , J-kernel (ATC’98) , KaffeOS (ATC’00) , House (ICFP’05) ,... Explore new ideas Different architectures Several studies of HLL versus C for user programs Kernels different from user programs 8 / 38

  10. Previous work Taos (ASPLOS’87) , Spin (SOSP’95) , Singularity (SOSP’07) , Tock (SOSP’17) , J-kernel (ATC’98) , KaffeOS (ATC’00) , House (ICFP’05) ,... Explore new ideas Different architectures Several studies of HLL versus C for user programs Kernels different from user programs None measure HLL impact in a monolithic POSIX kernel 8 / 38

  11. Contributions B ISCUIT , new x86-64 Go kernel Runs unmodified Linux applications with good performance Measurements of HLL costs for NGINX, Redis, and CMailbench Description of qualitative ways HLL helped New scheme to deal with heap exhaustion 9 / 38

  12. Which HLL? Go is a good choice: Easy to call asm Compiled to machine code w/good compiler Easy concurrency Easy static analysis GC 10 / 38

  13. Go’s GC Concurrent mark and sweep Stop-the-world pauses of 10s of µ s 11 / 38

  14. B ISCUIT overview 58 syscalls, LOC: 28k Go, 1.5k assembly (boot, entry/exit) 12 / 38

  15. Features Multicore Threads Journaled FS (7k LOC) Virtual memory (2k LOC) TCP/IP stack (5k LOC) Drivers: AHCI and Intel 10G NIC (3k LOC) 13 / 38

  16. No fundamental challenges due to HLL But many implementation puzzles Interrupts Kernel threads are lightweight Runtime on bare-metal ... 14 / 38

  17. No fundamental challenges due to HLL But many implementation puzzles Interrupts Kernel threads are lightweight Runtime on bare-metal ... Surprising puzzle: heap exhaustion 14 / 38

  18. Puzzle: Heap exhaustion 15 / 38

  19. Puzzle: Heap exhaustion 15 / 38

  20. Puzzle: Heap exhaustion 15 / 38

  21. Puzzle: Heap exhaustion 15 / 38

  22. Puzzle: Heap exhaustion Can’t allocate heap memory = ⇒ nothing works All kernels face this problem 15 / 38

  23. How to recover? Strawman 1: Wait for memory in allocator? 16 / 38

  24. How to recover? Strawman 1: Wait for memory in allocator? May deadlock! 16 / 38

  25. How to recover? Strawman 1: Wait for memory in allocator? May deadlock! Strawman 2: Check/handle allocation failure, like C kernels? 16 / 38

  26. How to recover? Strawman 1: Wait for memory in allocator? May deadlock! Strawman 2: Check/handle allocation failure, like C kernels? Difficult to get right 16 / 38

  27. How to recover? Strawman 1: Wait for memory in allocator? May deadlock! Strawman 2: Check/handle allocation failure, like C kernels? Difficult to get right Can’t! Go doesn’t expose failed allocations and implicitly allocates Both cause problems for Linux; see “too small to fail” rule 16 / 38

  28. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  29. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  30. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  31. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  32. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  33. B ISCUIT solution: reserve memory To execute syscall... No checks, no error handling code, no deadlock 17 / 38

  34. Reservations HLL easy to analyze Tool computes reservation via escape analysis Using Go’s static analysis packages ≈ three days of expert effort to apply tool 18 / 38

  35. Building B ISCUIT was similar to other kernels 19 / 38

  36. Building B ISCUIT was similar to other kernels B ISCUIT adopted many Linux optimizations: large pages for kernel text per-CPU NIC transmit queues RCU-like directory cache concurrent FS transactions pad structs to remove false sharing Good OS performance more about optimizations, less about HLL 19 / 38

  37. Eval questions Should we use high-level languages to build OS kernels? 1 Did B ISCUIT benefit from HLL features? 2 Is B ISCUIT performance in the same league as Linux? 3 What is the breakdown of HLL tax? 4 What is the performance cost of Go compared to C? More experiments in paper 20 / 38

  38. 1: Qualitative benefits of HLL features Simpler code with: GC’ed allocation defer multi-valued return closures maps 21 / 38

  39. HLL example benefits Example 1: Memory safety Example 2: Simpler concurrency 22 / 38

  40. 1: B ISCUIT benefits from memory safety Inspected fixes for all publicly-available execute code CVEs in Linux kernel for 2017 Category # Outcome in Go — 11 unknown logic 14 same use-after-free/double-free 8 disappear due to GC out-of-bounds 32 panic or disappear due to GC panic likely better than malicious code execution 23 / 38

  41. 1: B ISCUIT benefits from simpler concurrency Generally, concurrency with GC simpler Particularly, GC greatly simplifies read-lock-free data structures Challenge: In C, how to determine when last reader is done? Main purpose of read-copy update (RCU) ( PDCS’98 ) Linux uses RCU, but it’s not easy Code to start and end RCU sections No sleeping/scheduling in RCU sections ... In Go, no extra code — GC takes care of it 24 / 38

  42. Experimental setup Hardware: 4 core 2.8Ghz Xeon-X3460 16 GB RAM Hyperthreads disabled Eval application: NGINX (1.11.5) – webserver Redis (3.0.5) – key/value store CMailbench – mail-server benchmark 25 / 38

  43. Applications are kernel intensive No idle time 79%-92% kernel time In-memory FS Run for a minute 512MB heap RAM for B ISCUIT 26 / 38

  44. 2: Is B ISCUIT perf in the same league as Linux? Debian 9.4, Linux 4.9.82 Disabled expensive features: page-table isolation retpoline kernel address space layout randomization transparent huge-pages ... 27 / 38

  45. 2: Biscuit is in the same league B ISCUIT ops/s Linux ops/s Ratio CMailbench (mem) 15,862 17,034 1.07 NGINX 88,592 94,492 1.07 Redis 711,792 775,317 1.09 28 / 38

  46. 2: Biscuit is in the same league B ISCUIT ops/s Linux ops/s Ratio CMailbench (mem) 15,862 17,034 1.07 NGINX 88,592 94,492 1.07 Redis 711,792 775,317 1.09 28 / 38

  47. HLL cost unclear from comparison May understate Linux performance due to features: NUMA awareness Optimizations for large number of cores (>4) ... Focus on HLL costs: Measure CPU cycles B ISCUIT pays for HLL tax Compare code paths that differ only by language 29 / 38

  48. 3: What is the breakdown of HLL tax? Measure HLL tax: GC cycles Prologue cycles Write barrier cycles Safety cycles 30 / 38

  49. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% 31 / 38

  50. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% 31 / 38

  51. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% 31 / 38

  52. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% 31 / 38

  53. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% Benchmarks allocate kernel heap rapidly but have little persistent kernel heap data Cycles used by GC increase with size of live kernel heap Dedicate 2 or 3 × memory ⇒ low GC cycles 31 / 38

  54. 4: What is the cost of Go compared to C? Make code paths same in B ISCUIT and Linux Two code paths in paper pipe ping-pong (systems calls, context switching) page-fault handler (exceptions, VM) Focus on pipe ping-pong: LOC: 1.2k Go, 1.8k C No allocation; no GC Top-10 most expensive instructions match 32 / 38

  55. 4: C is 15% faster C Go (ops/s) (ops/s) Ratio 536,193 465,811 1.15 Prologue/safety-checks ⇒ 16% more instructions 33 / 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The benefits and costs of writing a UNIX kernel in a high-level language Cody Cutler, M. Frans

The benefits and costs of writing a UNIX kernel in a high-level language Cody Cutler, M. Frans

The benefits and costs of writing a UNIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL 1 / 62 What language to use for developing a kernel? A hotly-debated question but often with few facts

803 views • 67 slides
pthreads pthreads (POSIX threads) is a library for doing threading pthreads Can

pthreads pthreads (POSIX threads) is a library for doing threading pthreads Can

12/10/2019 pthreads pthreads (POSIX threads) is a library for doing threading pthreads Can transparently be used under User or Kernel threads Dr. Jonathan Misurda jmisurda@cs.arizona.edu 1 2 pthread_create() POSIX #include

524 views • 3 slides
POSIX IPC: Overview primitive POSIX function description message queues create or access

POSIX IPC: Overview primitive POSIX function description message queues create or access

CPSC-313: Introduction to Computer Systems POSIX IPC POSIX Inter-Process Communication (IPC) Message Queues Shared Memory Semaphores Reading: R&amp;R, Ch 15 POSIX IPC: Overview primitive POSIX function description message

392 views • 6 slides
Example: Mentor Graphics POSIX Implementation ( Nucleus ) Mentor Graphics Nucleus User Guide

Example: Mentor Graphics POSIX Implementation ( Nucleus ) Mentor Graphics Nucleus User Guide

Example: Mentor Graphics POSIX Implementation ( Nucleus ) Mentor Graphics Nucleus User Guide Nucleus POSIX Kernel Nucleus POSIX demo program (Mentor Graphics EDGE tools for SoC/ARM) Six tasks/five functions a system timer a

166 views • 13 slides
Rumprun for Rump Kernels: Instant Unikernels for POSIX applications Martin Lucina, @matolucina 1

Rumprun for Rump Kernels: Instant Unikernels for POSIX applications Martin Lucina, @matolucina 1

Rumprun for Rump Kernels: Instant Unikernels for POSIX applications Martin Lucina, @matolucina 1 / 8 So many Kernels, what are they? Monolithic kernel, Microkernel: standard stuff. Rump kernel: an existing monolithic kernel componentized into

215 views • 8 slides
www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read,

www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read,

POSIX I/O High Performance Computing Extensions Brent Welch (Speaker) Panasas www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read, write, stat) have semantics that can make it hard to achieve high

674 views • 24 slides
Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix

Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix

Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix Filesystem Posix file system semantics? open(2) Hierarchical directories with aliasing Human-readable symbolic names Atomic ops on

599 views • 12 slides
RENEWABLE ENERGY BENEFITS AND COSTS David Littell Commissioner, Maine Public Utilities

RENEWABLE ENERGY BENEFITS AND COSTS David Littell Commissioner, Maine Public Utilities

RENEWABLE ENERGY BENEFITS AND COSTS David Littell Commissioner, Maine Public Utilities Commission Renewables Economic benefits for ratepayers &amp; state Higher upfront (capital) costs Environmental benefits &amp; impacts

225 views • 22 slides
Natural Gas Pipeline Regulation: Natural Gas Pipeline Regulation: Costs and Benefits of the

Natural Gas Pipeline Regulation: Natural Gas Pipeline Regulation: Costs and Benefits of the

Natural Gas Pipeline Regulation: Natural Gas Pipeline Regulation: Costs and Benefits of the Costs and Benefits of the Canadian Approach Canadian Approach Glenn Booth Chief Economist National Energy Board Gold Coast, July 2004 1(title)

580 views • 36 slides
Chapter 4: Relevant Costs and Benefits for Decision- Making Agenda Sunk/Opportunity Costs

Chapter 4: Relevant Costs and Benefits for Decision- Making Agenda Sunk/Opportunity Costs

Chapter 4: Relevant Costs and Benefits for Decision- Making Agenda Sunk/Opportunity Costs Decision Relevance Differential Analysis 2 1 Its all relevant Sunk Costs outlays of resources or effort from past periods.

398 views • 15 slides
1. Why . ? 2. What + How . ? 3. Who + How long + Costs . ? 4. Benefits +

1. Why . ? 2. What + How . ? 3. Who + How long + Costs . ? 4. Benefits +

Environmental Management Systems at University of Paderborn &gt; Implementation at the Chair (Environmental) Process Engineering 1. Why . ? 2. What + How . ? 3. Who + How long + Costs . ? 4. Benefits + Perspectives . ? Josef

221 views • 21 slides
ScoutFS: POSIX Archiving at Extreme Scale Zach Brown, Versity MSST 2019 POSIX Archiving with

ScoutFS: POSIX Archiving at Extreme Scale Zach Brown, Versity MSST 2019 POSIX Archiving with

ScoutFS: POSIX Archiving at Extreme Scale Zach Brown, Versity MSST 2019 POSIX Archiving with ScoutFS POSIX: NFS / SAMBA / RSYNC / CUSTOM ScoutFS SAN Fabric ScoutAM Archive Manager Archival Storage Archival Filesystem Differences Built

443 views • 8 slides
CSE 333 Section I/O, POSIX, and System Calls! 1 Logistics Due TODAY: Homework 1 @ 11:59 pm

CSE 333 Section I/O, POSIX, and System Calls! 1 Logistics Due TODAY: Homework 1 @ 11:59 pm

CSE 333 Section I/O, POSIX, and System Calls! 1 Logistics Due TODAY: Homework 1 @ 11:59 pm Due Monday: Exercise 7 @ 11 am 2 POSIX Posix is a family of standards specified by the IEEE. These standards maintains compatibility across

642 views • 30 slides
Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram

Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram

CSE 506: Opera.ng Systems Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Kernel System Calls Scheduling threads RCU File

318 views • 31 slides
USEPA Methods for Quantifying the Benefits and Costs of Reducing Air Pollution Amy Lamson U.S.

USEPA Methods for Quantifying the Benefits and Costs of Reducing Air Pollution Amy Lamson U.S.

USEPA Methods for Quantifying the Benefits and Costs of Reducing Air Pollution Amy Lamson U.S. Environmental Protection Agency Office of Air and Radiation Risk and Benefits Group Presentation for Multi-stakeholder Workshop South Africas

717 views • 50 slides
CSE 3320 Operating Systems POSIX Threads Programming Jia Rao Department of Computer Science and

CSE 3320 Operating Systems POSIX Threads Programming Jia Rao Department of Computer Science and

CSE 3320 Operating Systems POSIX Threads Programming Jia Rao Department of Computer Science and Engineering http://ranger.uta.edu/~jrao Recap of Previous Classes Processes and threads The thread model o User-level thread o Kernel-level

567 views • 29 slides
Privacy in a Mobile-Social World CompSci 590.03 Instructor:

Privacy in a Mobile-Social World CompSci 590.03 Instructor:

Privacy in a Mobile-Social World CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 1 : 590.03 Fall 13 1 Administrivia

1.21k views • 58 slides
Domain analysis l Goal: build an object-oriented model of the real- world system (or imaginary

Domain analysis l Goal: build an object-oriented model of the real- world system (or imaginary

Domain analysis l Goal: build an object-oriented model of the real- world system (or imaginary world) l Slicing the soup: OOA vs. OOD OOA concerned with what , not how OOA activities focus on the domain layer l Common OOA

500 views • 33 slides
Is Anybody Out There? Breakthrough Listen and SETI@home Search for ET Dan Werthimer University

Is Anybody Out There? Breakthrough Listen and SETI@home Search for ET Dan Werthimer University

Is Anybody Out There? Breakthrough Listen and SETI@home Search for ET Dan Werthimer University of California, Berkeley http://seti.berkeley.edu Drake Equation N=R f s f p n e f l f i f c L N = number of communicating civilizations in our

1.03k views • 82 slides
First Things First This is 4003-590-09 / 4005-769-09 Welcome to Applications in VR

First Things First This is 4003-590-09 / 4005-769-09 Welcome to Applications in VR

First Things First This is 4003-590-09 / 4005-769-09 Welcome to Applications in VR (Applications in Virtual Reality) I am Joe Geigelyour host! Plan for this afternoon Logistics Logistics mycourses Answer the questions

267 views • 11 slides
Networking in Biscuit Sebastian Voit, Paul Emmerich January 18, 2019 Chair of Network

Networking in Biscuit Sebastian Voit, Paul Emmerich January 18, 2019 Chair of Network

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Networking in Biscuit Sebastian Voit, Paul Emmerich January 18, 2019 Chair of Network Architectures and Services Department of Informatics

588 views • 34 slides
Design of smart buildings Occupancy sensor selection problem Problem: which sensor to install

Design of smart buildings Occupancy sensor selection problem Problem: which sensor to install

BISCUIT: Building Intelligent System CUstomer Investment Tool Hari Prasanna Das University of California, Berkeley Joint work with Ming Jin, Ruoxi Jia, Wei Feng, Costas Spanos Design of smart buildings Occupancy sensor selection problem

349 views • 13 slides
ON THE SYNTAX AND SEMANTICS OF ASSERTION Questioning Speech Acts September 14, 2017 Peter

ON THE SYNTAX AND SEMANTICS OF ASSERTION Questioning Speech Acts September 14, 2017 Peter

Dept. of Linguistics Swarthmore College ON THE SYNTAX AND SEMANTICS OF ASSERTION Questioning Speech Acts September 14, 2017 Peter Klecha the problem with epistemics a performative model assertions biscuits conclusion References THIS

888 views • 65 slides
Introduction to Planning Introduction to Planning Course: CS40022 Course: CS40022 Instructor:

Introduction to Planning Introduction to Planning Course: CS40022 Course: CS40022 Instructor:

Introduction to Planning Introduction to Planning Course: CS40022 Course: CS40022 Instructor: Dr. Pallab Dasgupta Pallab Dasgupta Instructor: Dr. Department of Computer Science &amp; Engineering Department of Computer Science &amp;

303 views • 27 slides

More recommend