A reimplementation of NetBSD using a MicroKernel (part 2 of 2)

Video in TIB AV-Portal: A reimplementation of NetBSD using a MicroKernel (part 2 of 2)

Formal Metadata

A reimplementation of NetBSD using a MicroKernel (part 2 of 2)
Title of Series
CC Attribution - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
by Andy Tanenbaum Based on the MINIX 3 microkernel, we have constructed a system that to the user looks a great deal like NetBSD. It uses pkgsrc, NetBSD headers and libraries, and passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running, and without user processes noticing it. The talk will discuss the history, goals, technology, and status of the project. Research at the Vrije Universiteit has resulted in a reimplementation of NetBSD using a microkernel instead of the traditional monolithic kernel. To the user, the system looks a great deal like NetBSD (it passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running. The latest work has been adding live update, making it possible to upgrade to a new version of the operating system WITHOUT a reboot and without running processes even noticing. No other operating system can do this. The system is built on MINIX 3, a derivative of the original MINIX system, which was intended for education. However, after the original author, Andrew Tanenbaum, received a 2 million euro grant from the Royal Netherlands Academy of Arts and Sciences and a 2.5 million euro grant from the European Research Council, the focus changed to building a highly reliable, secure, fault tolerant operating system, with an emphasis on embedded systems. The code is open source and can be downloaded from www.minix3.org. It runs on the x86 and ARM Cortex V8 (e.g., BeagleBones). Since 2007, the Website has been visited over 3 million times and the bootable image file has been downloaded over 600,000 times. The talk will discuss the history, goals, technology, and status of the project.
Metropolitan area network Game controller Building Kernel (computing) Electronic mailing list Similarity (geometry) Endliche Modelltheorie Website Gamma function Table (information)
Metropolitan area network Open source Complementarity Source code Execution unit Mikrokernel Similarity (geometry) Counting Insertion loss Inclined plane Plastikkarte Duality (mathematics) Web 2.0 Ring (mathematics) Bit rate Website Window Spacetime Computer architecture Physical system
Server (computing) Functional (mathematics) Greatest element Service (economics) Link (knot theory) Open source Computer file Parameter (computer programming) Centralizer and normalizer File system Energy level Website Gamma function Position operator Physical system Metropolitan area network Dialect File format Memory management Total S.A. System call Datei-Server Data management Message passing Web 2.0 Kernel (computing) Process (computing) Interrupt <Informatik> Right angle Reading (process) Library (computing)
Computer icon Android (robot) Programmer (hardware) Java applet Website Computer
Context awareness State of matter Java applet Code Direction (geometry) Open set Mereology Semantics (computer science) Computer programming Order of magnitude Formal language Programmer (hardware) Mathematics Very-high-bit-rate digital subscriber line Semiconductor memory Core dump File system Endliche Modelltheorie Website Physical system Metropolitan area network Block (periodic table) Software developer Mikrokernel Bit Perturbation theory Category of being Membrane keyboard Message passing Arithmetic mean Data management Process (computing) Befehlsprozessor Quicksort Reading (process) Spacetime Ocean current Server (computing) Service (economics) Divisor Computer file Firewall (computing) Device driver Branch (computer science) Student's t-test Heat transfer Event horizon Value-added network Hypothesis Product (business) Revision control Causality Computer hardware Operating system Data structure Gamma function Address space Alpha (investment) Computer architecture Information Military base Interface (computing) Grand Unified Theory Cartesian coordinate system Datei-Server Web 2.0 Kernel (computing) Loop (music) Software Personal digital assistant Table (information)
Metropolitan area network Web 2.0 Vapor barrier Semiconductor memory State of matter Different (Kate Ryan album) Executive information system Operator (mathematics) Right angle Endliche Modelltheorie Website Computer architecture
In this work we propose the use of the building of the adjective and this is the key idea is somewhat similar capability model you know also strongly limits what you can do and this is in a certain sense it's like an access control lists since the kernel in capabilities in the old table somewhere the kernel can has a list it knows who you are you know as a list of what you can do that so that the kind of thing access control list here goes some equivalent to each other and it's a different way of doing it but it's
similar in spirit also with the complementation by we the way when is in news in online next years its latest legacy know multitudes that but you know you next to have you know came from Multext but it went through a path where the PDP 7 didn't have to read for rings and PP 11 didn't have 4 rings and the loss that you know along the way multi-sector did user ratings
and such legacy Windows doesn't know when users and do it and so people don't do it all so that's 1 of the things right say probably a bad idea because if you're tying yourself to a system which requires 4 rings you move to something like the armor of the something which doesn't have 4 rings in your heart you know and you can sort account on a common user but can't count on 4 rings and other architectures to my inclination is it's actually a bad idea if you're trying to some neutral with 2 architecture-specific you might regret it later read that actually we were only aware of it but you know I never had the source code and other in fact we knew it existed in basically not very much but this is open source and you you better of me similar didn't August people about you know microkernels migrants bad DB I think you an executive dominates the embedded space units of
kernel has somebody features not all the summer can like it's very you know it's use all over the place because well I don't have 1 of my desktop all there's more world and you're just began it's only somewhat like you that this is open source is somewhere in the the the the servers like the files the file server knows the politics calls to the file server gets a posits call this can translated into whatever needs to be done at a lower level to make that happen so that the calls that the user makes our basic all messages to the file system or the memory manager or somebody and the little there's a library tinkle read in the library to that some people read the link into your program and read knows what explosive belt is supposed to send a message to the file server and not the memory manager not the process server the file server to it makes a message format in a certain way with the parameters central file server the file-server knows how to carry out regions and back to this little stubs basically in the library for reading and for for CNOs it's plus the total memory manager for the Process Manager affected so every you know posits call knows which of the service is supposed to talk to you know it makes a call to that service any the parameters that serve to do the work and send the answer back so there's 2 levels of so system calls as deposits level which is implemented by library calls to the servers and the actual kernel functionality which the servers using at the work done and those 2 things like managing interrupts and you know very low
levels of this 2 separate levels and the top level is the net proceeds the passes the bottom levels are proprietary kernel they go talk to each other the right to the file if you're 14 the process server have to tell the file server and in the kernel and the process and this is where it is and premises they talk to each other absolutely what and we we
never in our focus in
doing it but for programmers so is limited manpower but we never really looked much at performance that the thing which you know last few years has told me performance is not important is that there's a lot of Android phones in the that Android users Java which is interpreted that and if you can live interpreted computer then don't come in for and you lose a factor of
20 there don't argue about 50 % you can live factor of 20 not but I know the deal for guys you know in Dresden and they made a lot they really try to get the performance of L for really really good them in a big effort and it's also microkernel and they got down to about 5 per cent and I could run Linux as an application program space there's only 5 % laudable lengthens and bare hardware they can get down to 5 per cent we could probably get that the 25 per cent we were not in the kernel wasn't designed for high performance but you know I would say if you can live with a factor of 20 or anything Java in a 25 per cent probably is not univalent except some very specialized applications but even real-time processes so fast now you know offline you know very very critical kind of thing where you can't live with you know a little bit of lost the CPU so has been invented the beginning of the of the of this and don't like language and we you think that there is but the problem is you have them removed the state of the process that replacing like the file system has a lot of state the Gumbel that state over and moving the state over is very complicated and that's the whole story such as fresh they but if you want have Apache up there still use the file descriptors it using I mean it's an application programs open files you better keep all the i nodes involve a information in the new 1 and that the transfer of that state is the hard part the drivers generally don't have much data and the users of the drivers have to be written in such a way as they have states on processing calls a driver it get to say do this and forget what was going to have to keep in its own memory the factor that somebody to do it to a read from this block and so on so in the event that the driver answers I and II died it can it has enough information to ask knew that the same thing so the users of these things have to be decide the request some restrictions on that you servers are written so in the case of Driver dies they have the information on memory to restore order but that isn't hard to do because we communicate sending a message to it with a cocopier message but stored away I see that as we were still working on that we have some ideas that do that work in very high speed checkpointing so we can detect when the loop is get request process we just in stand answer that all the servers all drivers service had the structure and the role of message driven and once every time around but we have a very very fast way checkpointing everything so we can make a checkpoint of what's changed since last time so that we can restore it that's not in the current code and name and I making in there so by doing very high-speed checkpointing we can restore the state if we have to be that's not in the in the current release not really known it was in the middle was never really Posix-compatible was designed to be really really really fast but it was not in the united and so on interfaces all capability bases with architecture will be all we went on the membrane in the alpha guy that you prove deal for kernel to be correct the kernels also this order of magnitude but took 29 years ago and so we don't have to many years but the alpha guy I showed you could do it you know so we didn't but somebody else could that's not in the current release but 1 of the PhD students did a multi-core version where he got some of it like the TCP IP stack running with the CPI 1 4 and the IP and other core firewall another coronae the driver of core and lot work together nicely but that was in all his PhD thesis he showed it could be done and had some nice nice properties but it didn't make it into the the main 1 that 1 of the things I discovered and was that doing a product development and doing PhD research done always work together with the the the programmers were really focus on high quality they they tested all the stuff they wanted to work even when they were physically Rome the PAC students don't have any of us if it works for them while they were there that was good enough and it's hard to merge those i've written some made up I've written up and I wrote an article called the lessons from 30 years semantics which had submitted the CACM and spend reviewed and I think it's likely to be accepted but we're not quite there yet a few changes they wanted but on make the changes so that is a fair chance will be in CACM and sometimes written here but some of them are all of the microkernel is so small and not worried about false in it because it's fairly stable but they were certainly thing we're looking at the multicore is a better performance in the sense of if the file server runs on 1 core and the virtual files around another on manager the court and you know there are always hot and whenever you know now use which know from somebody sends a message because the kernel easily in context which because process another context which also context which is know hurt performance that everything was hot and you send it to all the thing which only ran the file system only ran something else then you could make the performance problem much better and you know like nobody worries about RAM anymore in the ways that like crazy you know and the 1st amount of evidence that 1 floppy best you know and I think moving to a world where the 64 courses sort of the the entry model and you know going up from there which is yet cost up to the zoo and you can afford to waste you know 30 cause on the operating system because the applications that need more and 40 30 cause and then you can have you know every thing on its own for and then very efficient message passing and no evidence hot and you never know when do you never will screw up the the end of the branch tables are another deal be are stuff after direction were looking at with the network In the last part of the of the of the house you know that makes is a message passing system that doesn't you shared memory banks and so can pass messages that the whole new model issue you know memory coherence and you can read it fast and you get rid of all this becomes very different things in a message passing what we need is a way for a December message to be efficiently and a doesn't need any more can release it under address space and depending on the underlying memory architecture that may or may not be possible or in a mean we we have a look the more exotic so the thing that we want and which some new articles may have his abilities on the block of text from a to B then a abandons it and I was the only and depending on how the
memory coherence works on some of these things that may or may not be
built into the thing that would be good for us we don't need shared knowledge shared memory things of the problem that they can be their rights the memory and be read from a to B doesn't get would a erode was still barrier operation states 4 minutes and so the whole issue of memory architectures and Newman is you know kind of floating around this difference manufactures experiment with different reason we efficient inefficient models have been convicted of a thing


  386 ms - page object


AV-Portal 3.19.2 (70adb5fbc8bbcafb435210ef7d62ffee973cf172)