the flk project my first idea was to write a l4 kernel
play

The FLK project My first idea was to write a L4 kernel using the - PowerPoint PPT Presentation

Aug 22, 2022 •409 likes •711 views

The FLK project My first idea was to write a L4 kernel using the EIFFEL langage. But ... 2 Feb 2015 http://flhq.org 2 While reading references on the SECURITY topic, it became evident that handling security by the software was an

  1. The FLK project

  2. My first idea was to write a L4 kernel using the EIFFEL langage. But ... 2 Feb 2015 http://flhq.org 2

  3. ① While reading references on the SECURITY topic, it became evident that handling security by the software was an interesting challenge. 2 Feb 2015 http://flhq.org 3

  4. ② It is difficult to find examples of secure kernel using the FLAT memory model (for processors without MMU – MMUs drain current –). That shows that there is an interesting challenge. 2 Feb 2015 http://flhq.org 4

  5. ③ The thread/process model does not fit the SCOOP model because of the costs : - in MEMORY (for stacks) - in TIME (for context switches) 2 Feb 2015 http://flhq.org 5

  6. S imple C oncurrent O bject O riented P rogramming An overview... 2 Feb 2015 http://flhq.org 6

  7. Few terminology ● A processor is a set of objects within a same memory manager and with the guaranty that methods of the objects are executed “as single threaded” ● Objects of a processor can invoke object of other processors, such “remote” objects are called separate objects, they belong in a separate processor 2 Feb 2015 http://flhq.org 7

  8. -- DO YOU KNOW EIFFEL LANGUAGE ? -- this is a simple FIFO description deferred class FIFO[X] feature empty: BOOLEAN deferred end full: BOOLEAN deferred end put(x: X) require not full deferred ensure not empty end item: X require not empty deferred end drop require not empty deferred ensure not full end invariant at_least_one_element: not (empty and full) end 2 Feb 2015 http://flhq.org 8

  9. -- this is an abstract of a simple client class CLIENT ... order_task(q: separate FIFO[ separate TASK]; t: separate TASK) require not q.full do q.put(t) end ... end -- this is an abstract of a simple server class SERVER ... next_task(q: separate FIFO[ separate TASK]): separate TASK require not q.empty do Result := q.item ; q.drop end ... end 2 Feb 2015 http://flhq.org 9

  10. Using POSIX system, this is often made using UDS (unix domain socket) Client Client FIFO SERVER Client Having a process/thread for such a small processor is NOT WANTED But SCOOP tends to favor such small processors 2 Feb 2015 http://flhq.org 10

  11. FLK principle ● Processors are nor processes neither threads ● Processors gain their single execution context on need and release it when not more need ● When invoking a separate object: – Either, the current execution context is lent to the called processor in case of query (having a result) – Or, a new execution context is created in case of command (not having result) ● Optimizations can modify the previous rule 2 Feb 2015 http://flhq.org 11

  12. Summary In red, the This call waits execution In blue, the processors contexts 2 Feb 2015 http://flhq.org 12

  13. A failure case 2 Feb 2015 http://flhq.org 13

  14. Acquiring many processors exchg(a, b: separate C) local x: X do x := a.item ; a.put(b.item) ; b.put(x) ensure a.item = old b.item ; b.item = old a.item end ● The acquiring of multiple processors is granted by the system and the compiler in a safe way ● An implementation compatible with distributed system (Rhee lock) can be used if needed 2 Feb 2015 http://flhq.org 14

  15. Safety ● EIFFEL language is safe: – No peek / poke – Array boundaries are checked – Calling void reference is not possible – Wrong casting of objects is not possible – The memory is managed (GC, no “free”) ● SCOOP is safe: – Separate objects are tracked and not alterable ● No IPC, no IDL: consistency by the compiler 2 Feb 2015 http://flhq.org 15

  16. Wait a minute.... FLK is written using EIFFEL thus how is it possible if the language doesn't allow peek/poke/casting? EIFFEL provides selective exportation of features. feature {UNSAFE_KERNEL} ... some unsafe features only for FLK ... feature {UNSAFE_SYSTEM} ... some restricted features only for system components ... This mechanism is enforced by the language and the compiler is improved to forbid inheritance of critical classes either outside of a cluster of classes or without integrator authorization The compiler allow in fact peek/poke/casting but in a VERY RESTRICTED way 2 Feb 2015 http://flhq.org 16

  17. Security at API level ● Using the exportation feature of EIFFEL and the compiler FLC: – Features are selectively exported to specific client classes – Such authorized client classes can be: ● not inheritable and not insertable outside a given context ● Inheritable (or insertable) with integrator/user authorisation (when compiling or installing) ● Inheritable or insertable as usual 2 Feb 2015 http://flhq.org 17

  18. applications Kind of Application simplified library overview Compiler System SAFE DANGEROUS FLK UNSAFE Compiler library 2 Feb 2015 http://flhq.org 18

  19. MEMORY ● The memory is managed. That is in the language and it is done at the kernel level. ● Each processor has its memory manager ● Any pointer maps to a unique memory manager that maps to a unique processor: that is used to identify the processor of the separate objects ● Mechanic of the keyword separate and safety of the language allows to not protect memory using MMU 2 Feb 2015 http://flhq.org 19

  20. MMU? ● Using static analysis of code, the size need by the stack can be pre-computed for each processor entry method (recursivity...) thus MMU is not strictly needed for stacks ● But MMU can be useful for: – STACK – FILE MAPPING – LARGE DYNAMIC ARRAYS – FOREIGN LIBRARIES ● If used, MMU is global (not per processor) 2 Feb 2015 http://flhq.org 20

  21. Context switch When a method of a separate object is called, the execution context should: – On a query: ● Set the current processor to the one called, this activates its memory manager ● Revert at end of the call ● No task switch – On a command: ● Activate a new execution context for the called processor ● Can be optimised – No memory switch (MMU) 2 Feb 2015 http://flhq.org 21

  22. Life cycle ● Processors are created using the create keyword ● Processors die when – It is not in an execution context – It has no client (no other processor reference it) ● Processors are GARBAGE COLLECTED ● Starve conditions are detected and generate exceptions 2 Feb 2015 http://flhq.org 22

  23. Execution context Client Client FIFO SERVER Client FIFO has 4 clients FIFO is alive Feb 2, 2015 http://flhq.org 23

  24. AFTER CLIENTS DEATH Execution context FIFO SERVER FIFO has 1 client FIFO is alive Alive because execution context But waiting on require not fifo.empty Where FIFO has only one client FLK SENDS AN EXCEPTION TO Thus, server is dead because THE SERVER TO SIGNAL THAT FIFO can't change ITS WAITING IS UNUSEFUL Feb 2, 2015 http://flhq.org 24

  25. Optimisation ● EIFFEL is making compilation of whole systems (no linking is needed) ● Frozen keyword allows more optimisation ● Some creation of execution contexts can be removed ● Unused components are removed from the binary set Feb 2, 2015 http://flhq.org 25

  26. Challenge 1: coupling of the memory management using Challenge 2: improved compacting GC at kernel, system security at API level and application level without using capabilities (static) Challenge 3: optimisation of activations, avoid creating a new context when possible (using Challenge 4: allowing frozen) downsizing for tiny embedded environments Challenge 5: create standard on semantic of separate and implements some of its tricky items Challenge 6: avoid linker paradigm Challenge 7: prove the safety, the security, the efficiency Feb 2, 2015 http://flhq.org 26

  27. i T Y How many drivers? How many supported platforms? BACK TO the R e a L How many code reusable? How much money? How many people? Feb 2, 2015 http://flhq.org 27

  28. planning ● Finish the compiler end of 2015, opening code ASAP ● RFCs process for FLK starting in spirng 2015 ● First implementation of FLK on top of an other kernel in 2016 ● Help wanted? YES YES YES – Coding, specifying, financing, research, students, how to integrate existing C drivers Feb 2, 2015 http://flhq.org 28

  29. QUESTIONS sopox@flhq.org Feb 2, 2015 http://flhq.org 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module Linux is written in C, but does not include all standard libraries And some other idiosyncrasies This lecture will give you a crash

1.35k views • 22 slides
TDD of toEnglish Justin Pearson 1 Introduction This is not an original idea. I found the idea on

TDD of toEnglish Justin Pearson 1 Introduction This is not an original idea. I found the idea on

TDD of toEnglish Justin Pearson 1 Introduction This is not an original idea. I found the idea on the web in an article 1 written by Colin Angus Mackay. The idea is to write a function that given a number between 0 and 999 inclusive returns a

348 views • 14 slides
Models In Parallel Computation It is difficult to write programs without a good idea of how the

Models In Parallel Computation It is difficult to write programs without a good idea of how the

Models In Parallel Computation It is difficult to write programs without a good idea of how the target computer will execute the code. The most important information is knowing how expensive the operations are in terms of time, space, and

660 views • 42 slides
One-Step Ahead Prediction of the Wiener-Hammerstein Benchmark with Process Noise using Kernel

One-Step Ahead Prediction of the Wiener-Hammerstein Benchmark with Process Noise using Kernel

One-Step Ahead Prediction of the Wiener-Hammerstein Benchmark with Process Noise using Kernel Adaptive Learning Rishi Relan Dieter Verbecke Koen Tiels Department ELEC 12.05.2017 Idea of this workshop: Nonlinear System 2 Idea of this

356 views • 21 slides
Project 1: Bootloader COS 318 Fall 2016 Project 1: Schedule Design Review - Monday, 9/26 -

Project 1: Bootloader COS 318 Fall 2016 Project 1: Schedule Design Review - Monday, 9/26 -

Project 1: Bootloader COS 318 Fall 2016 Project 1: Schedule Design Review - Monday, 9/26 - 10-min time slots from 1:30pm-9:20pm - Write functions print_char and print_string - Answer the questions: How to move the kernel from disk to

835 views • 27 slides
Best Shared Value Business Idea A project idea of implemented together with who we are? MOTOSEC

Best Shared Value Business Idea A project idea of implemented together with who we are? MOTOSEC

Best Shared Value Business Idea A project idea of implemented together with who we are? MOTOSEC (moto securise) sarl is a company which aims to formalize the public motorcycle transport industry. by guaranteeing safe transport for all and

83 views • 7 slides
Best Shared Value Business Idea A project idea of implemented together with expand anding g

Best Shared Value Business Idea A project idea of implemented together with expand anding g

Best Shared Value Business Idea A project idea of implemented together with expand anding g prod oduct uction on cap apac acity ty to ar o arou ound d 2 tonnes a d a day ay of of b best st qu qual ality y fr fruits s with l

156 views • 15 slides
LTSI project update (2015 fall editoin) How to choose the best kernel for your embedded system

LTSI project update (2015 fall editoin) How to choose the best kernel for your embedded system

What is LTS & LTSI kernel ? BSP development w/LTSI kernel Conclusion and Resources LTSI project update (2015 fall editoin) How to choose the best kernel for your embedded system Hisao Munakata LTSI Project @ Linux Foundation, CE working

846 views • 46 slides
Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/kr/kspp.pdf Agenda Background Security in the context of this presentation

800 views • 59 slides
pytest Big Idea: You can write a function to test the correctness of another function! This is

pytest Big Idea: You can write a function to test the correctness of another function! This is

Testing with pytest Big Idea: You can write a function to test the correctness of another function! This is generally called unit testing in industry Helps you confirm correctness during development Helps you avoid accidentally

218 views • 9 slides
How Not to Write an x86 Platform Driver Core-kernel dev plays with device drivers.... October 24,

How Not to Write an x86 Platform Driver Core-kernel dev plays with device drivers.... October 24,

How Not to Write an x86 Platform Driver Core-kernel dev plays with device drivers.... October 24, 2013 Darren Hart <darren.hart@intel.com> ELC-E Edinburgh 2013 Agenda Platform MinnowBoard Examples Lessons Learned

799 views • 36 slides
Project 2 Non-preemp/ve Kernel COS 318 Fall 2015

Project 2 Non-preemp/ve Kernel COS 318 Fall 2015

Project 2 Non-preemp/ve Kernel COS 318 Fall 2015 Project 2: Schedule Design Review: - Monday, 10/12; - Answer the ques/ons: Process Control

655 views • 22 slides
kernelci.org The upstream kernel validation project Who is this guy? Tyler Baker

kernelci.org The upstream kernel validation project Who is this guy? Tyler Baker

kernelci.org The upstream kernel validation project Who is this guy? Tyler Baker Director of Engineering at Linaro Automation and CI Maintainer of Linaros Automated Validation Architecture (LAVA) Upstream Linux Kernel

500 views • 23 slides
CSE 477 CSE 477 Project Ideas January 20, 2009 January 20, 2009 Project Idea Pitches Project Idea

CSE 477 CSE 477 Project Ideas January 20, 2009 January 20, 2009 Project Idea Pitches Project Idea

CSE 477 CSE 477 Project Ideas January 20, 2009 January 20, 2009 Project Idea Pitches Project Idea Pitches Two (or at most three ppt slides) Two (or at most three ppt slides) Components Basic problem that is being addressed B i bl

1.29k views • 82 slides
UNIX History UNIX Kernel The kernel is the central part of the operating system and is 1965-1969

UNIX History UNIX Kernel The kernel is the central part of the operating system and is 1965-1969

UNIX History UNIX Kernel The kernel is the central part of the operating system and is 1965-1969 Bell Labs participates in the Multics project. always resident in the primary memory. 1969 Ken Thomson develops the first UNIX version in The kernel

440 views • 8 slides
Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel

Tight Kernel Query Complexity of Kernel Ridge Regression and Kernel -means Clustering Manuel Fernndez V, David P. Woodruff, Taisuke Yasuda Kernel Method Many machine learning tasks can be expressed as a function of the inner product

389 views • 22 slides
Uninformed Search (Ch. 3-3.4) 2 Announcements HW due tonight Writing 1 due next week 3 Search

Uninformed Search (Ch. 3-3.4) 2 Announcements HW due tonight Writing 1 due next week 3 Search

1 Uninformed Search (Ch. 3-3.4) 2 Announcements HW due tonight Writing 1 due next week 3 Search algorithm To search, we will build a tree with the root as the initial state Any problems with this? 6 Search algorithm We can remove

400 views • 22 slides
Uninformed Search (Ch. 3-3.4) 3 Breadth first search BFS can be implemented by using a simple

Uninformed Search (Ch. 3-3.4) 3 Breadth first search BFS can be implemented by using a simple

1 Uninformed Search (Ch. 3-3.4) 3 Breadth first search BFS can be implemented by using a simple FIFO (first in, first out) queue to track the fringe/frontier/unexplored nodes Metrics for BFS: Complete (i.e. guaranteed to find solution if

435 views • 14 slides
Breadth first search Uniform cost search Robert Platt Northeastern University Some images and

Breadth first search Uniform cost search Robert Platt Northeastern University Some images and

Breadth first search Uniform cost search Robert Platt Northeastern University Some images and slides are used from: 1. CS188 UC Berkeley 2. RN, AIMA What is graph search? Goal state Start state What is a graph? Graph: Vertices: Edges:

792 views • 66 slides
Its Time to Revisit LRU vs. FIFO Ohad Eytan 1,2 , Danny Harnik 1 , Effi Ofer 1 , Roy Friedman 2

Its Time to Revisit LRU vs. FIFO Ohad Eytan 1,2 , Danny Harnik 1 , Effi Ofer 1 , Roy Friedman 2

Its Time to Revisit LRU vs. FIFO Ohad Eytan 1,2 , Danny Harnik 1 , Effi Ofer 1 , Roy Friedman 2 and Ronen Kat 1 July 13, 2020 HotStorage 20 1 IBM Research 2 Technion - Israel Institute of Technology The Essence of Caching A fast but

402 views • 25 slides
CS 423 Operating System Design: Sch Schedulin ling Tianyin Tianyin Xu Xu * Thanks for Prof.

CS 423 Operating System Design: Sch Schedulin ling Tianyin Tianyin Xu Xu * Thanks for Prof.

CS 423 Operating System Design: Sch Schedulin ling Tianyin Tianyin Xu Xu * Thanks for Prof. Adam Bates for the slides. CS 423: Operating Systems Design MP1 is due tonight Eat well and sleep well. Nothing is worth risking your

523 views • 39 slides
CS 423 Operating System Design: Scheduling Professor Adam Bates Spring 2017 CS 423:

CS 423 Operating System Design: Scheduling Professor Adam Bates Spring 2017 CS 423:

CS 423 Operating System Design: Scheduling Professor Adam Bates Spring 2017 CS 423: Operating Systems Design Goals for Today Learning Objective: Introduce goals, definitions, and policies related to uniprocessor and multiprocessor

744 views • 33 slides
C H A P T E R F I V E 223 5.2 Memory Types clk a 1 a 2 A en FIG U R E 5.11 Timing for a fl

C H A P T E R F I V E 223 5.2 Memory Types clk a 1 a 2 A en FIG U R E 5.11 Timing for a fl

C H A P T E R F I V E 223 5.2 Memory Types clk a 1 a 2 A en FIG U R E 5.11 Timing for a fl ow-through SSRAM. wr xx D_in xx M( a 2 ) D_out Again, these values are stored on the next clock edge, and during the third cycle the SSRAM

253 views • 11 slides
Last Time u Real-time scheduling using cyclic executives Today u Real-time scheduling using

Last Time u Real-time scheduling using cyclic executives Today u Real-time scheduling using

Last Time u Real-time scheduling using cyclic executives Today u Real-time scheduling using priorities How to assign priorities? Will the assigned priorities work? What can we say in general about the scheduling algorithms?

352 views • 17 slides

More recommend