Merken

MINIX 3

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
OK I'm about to introduce I don't need an introduction many remember him from some newsgroup also like many many years ago most of you know all that is 1 of and I am presenting you
and then on
fewer and fewer of the people word you want for all that it on and thought about minutes through currently the mode is a reimplementation of the BST
using a microkernel and I'm in and can amount of my students that all work actually programmers 1 of the the goal of the project is to build a reliable operating system so let's start with my definition of a reliable operating system that an operating system is that the reliable when a typical user has never experienced even a single filter in his her lifetime and does not know anybody who's ever experienced a float and fj the in engineering terms is probably need some like mean time to failure like 50 years I don't think we're there yet let me describe
what I think of as the television at least
old-style TVs it's getting less so of it by the television but you plug it in it works part of the next 10 years OK now let's look at the computer model windows edition OK the computer of it's like in our 2 thirds of the way they're just this whole part about it works for the next 10 years it as all the different from 1st to install service 1 from 9 after that so 18 new emergency security badges that happened after 9 F and then you find install 70 device drivers and that is all the antivirus software then you install the anti-spyware software the news the and by hackers software then install the anti-spam software then you're going to compare but I'm not done yet friend space on the slide
so there's more it doesn't work and you call the hope that you will hold for 30 minutes they tell you reinstall Windows which is why you trying to do in the 1st place OK can be the table user a reaction to this is something like this but I storing your time for said at 25 %
computer use computer users have actually gotten so angry they kept the computer the most and unworthy computer is as the 1 in which is not where the problem anyway so you might
say is reliability so
important because it works and it's annoying that doesn't work and you might lose some work if it goes down but also think about other situations like industrial process control systems in factories think about power grids when their computer doesn't work think about hospital operating since it in hospital operating rooms when the the power you the computer doesn't work the banking camera servers went into that doesn't work emergency found centers or you know control softer in cars and airplanes and places like that so there are places where it actually matters were the words from that again so the question is is it feasible is it possible to make softer you know and artery that works well 1st of all we won't find out if we don't really try and so and the dust well Academy give me 2 million euros tries I said thank you very much what try and then the European Union and every year see advanced ranking or that is returned have million euros to give it a shot so we're trying the thank you very much for the Royal Academy there is much European Research Council the 1st question is is reliability achievable all is even possible well systems can actually survive hardware failures for example on raids can survive a failed best just dies if your rate is properly working the system summarily continues even with the dead this this is read the redundancy in the then disparity in and other than the rate 1 rate the ones on you can survive a failed best configured properly ECC memory and survive parity errors in memory is evident that redundancy basically the Hamming encode and they can survive memory errors TCP IP can survive lost packets because there's an acknowledgment algorithm is in the back packet Duncan acknowledgements and again keep doing it until you can acknowledge so you can do that CD-ROM drives CD-ROM round blanks and DVDs will rise about 3 quarters of the bits are actually error-correcting that's very complicated scheme with a code is 14 bits to code a bit and then this is the case sectors and multiple levels of redundancy so they can recover from a very large number of errors because the distal stamped mechanically look at the it is out of you can recover from hardware errors in many areas so you know you think that software is to be doable if you can recover from you know fables hardware errors this requires organizing is optimal but differently and so think operators and research which sort new union is to refocus all that we have basically nearly infinite hard work and PC-class machines artery PC by the now this guy compared to other were were working 20 years and this is basically infinite and but is lost as epicycles lots RAM there's lots of bandwidth on current after his tons of useless features and nobody was having to the economics of the softer business of you know version 14 has to more features in version 30 nobody is using the future beyond version 7 but they got a new features and so the cell at again on so the softer slow and bloated and budget is you know how to achieve our goal the TV model I think future operating systems be change somehow that is smaller than the simpler after be modular is report and they have to be more reliable and on every security I think self-healing think self-healing is a key word that the look for their own errors and try to fix them on the fly and that's what researchers have
been focused on the maybe a very brief history of the work we've been doing for about this idea 7 1976 present John Lyons at New South Wales in Australia wrote a book on UNIX version 6 when convergence this cannot he wrote this commentary on it so what commentaries on the Bible or something and then 18 the its brilliance when it came out in out version 7 had a clause and they're saying now shalt not writing a book about versions 7 God forbid that students all over the world learn about the product we cannot tolerate that's so they didn't in 85 I said maybe I can rewrite unix on my own all by myself as a descriptor young and presented no that was hard so I did it in the years long stories about that but I so I wrote it and then a book about you know software and released that it was free of 18 the code and also so all the the source code without that people that are related was the some minor licensing initially but basically available at so universities and for non-commercial use 97 amount another version version 2 and a new book this is positive rather than 7 compatible and the 2 thousand we change the license publisher principle had arguments with embedded understands after filing 2008 gave up and said this is a bit of a somewhat is this the licenses that little is the way 2004 research and working on this reliable most 2 thousand 6 is the 3rd edition but with other what 2008 I got the European grant and then we really start to hire programmers and got no more serious at that point and then the focus of moving forward embedded systems so there is no and then we
moved to admit that gives the compelled compatibility something we know that linear struggled with 1 of the 1st minute users and in changing in changing gender research unit has on systems up to some extent you know let's have a fork of matrix look the 3
editions the book nothing to cover
got better as someone other
retirement intelligent design on the least as applied operating systems you know this is a microkernel about 50 thousand lines of code and most of them are a signal that
assembly code and lexical 15 million lines winners from the above 100 million lines is really pretty bad people than studies of blogs in companies in the but repositories and you know 1 blood per thousand lines of code of but the best you can that we're really in a state of the art techniques in code reviews think you can get down to 1 but profound and lines of code that pretty well the other 50 million lines of code or 100 million lines into the isn't that not all the bodies of serious and maybe spelling errors in messages of stuff but some are always serious right these past all time because you know the ministers got you know in the 15 kernel slices got you know not 15 thousand windows got a million it is all about that and drivers that really will study the A 3 to 7 times more bugs that everything else is everybody wants a set of memory management nobody wants to study the action 21 56 printer driver which is you know enormously complicated etc. you know 7 % of drivers X so all open source inferior people to look reality nobody ever that's and Windows you know that has a cohesive Microsoft and they're too busy so I think which but highly modular systems in the the operating system to run basically as multiple user-mode processes not on the kernel using separated from each other In the step 1 is still 1 isolate the components very well we're going to move all that loadable modules and everyday except the very very hot core kernel out of the kernel into user space and that means all the drivers out all of our systems our parametric out when everyone out with set as a separate process using the whole of the principle of least authority that don't give a component anymore power to do damage then it action needs to do its work we'll come back to that later principled ways authority report principle that there was actually the idea I Iceland all the I O devices limit access to I O ports in a conventional everything in the process of the audio driver has access to the deaths in the US Postal but it's technically that once they can write on the best thing that has to be prohibited by putting each driver separate user mode process and restricting access to the reports that constrain the DNA get DNA over somebody else's memory then isolated communications yeah 11 interprocess communication to restrict the kernel calls on a per component you need to use basis but we don't restrict interprocess communication and not everybody can talk to everybody which go and talk to those other components that you need to talk to get the work done and make sure the fault receiver can handle the of all standards of a sense of metastability in and then a dozen wait for the reply hand here's the architecture of the ministry it in the kernel running in the actual kernel of the
integral on the bare metal is a microkernel it handles interrupts the sales process scheduling sales interprocess communication is not here let me the device drivers of this model memory management was not able and office was very rare bare-bones stuff that's still 15 thousand lines of code that but that's you know can make all the I O devices that you know this stuff together make work you know it when interrupt happens certain things have to happen next so it can do the next step know registers have to be saved them is there's a lot of stuff going on is a little bit of steadily at the bottom you manage the and use something together the girl it's all about 15 thousand words but after careful when L 4 which is a accountable system also about the size of somewhere in the other 1 the next level which are all user-mode processes of the I O devices that so you just write her the terminal driver the network drivers printer printer-driver all the drivers each 1 runs as a separate user-mode process with the MMU you turned on limited you know what it can do in terms of accessing physical resources and so on and then the next level are the servers which is sort of a real operating system file-server possibly multiple ones process server that from every servers things actually normally think of as the operators each running as a separate process the top layer artists regular you know positive programs but that this is sort of the architecture of the system the the use of a device
drivers each driver runs as a user-mode process protected by the MMU it doesn't the Super User power to the regular old user processes
of protected in them and you start can get out of it address space on this idea access to the I O ports but this traffic and best you can ask the kernels and the kernel calls here is a bunch of registers is about values go right these values and registers kernel 1st checks is allowed allowed it doesn't but that's not allowed it's like an error message saying no permission from the district in right and that just as the audio driver tries the right and that just gets back in the you know per annum message get servers are and you just space each server runs a separate process but some of the key servers are the virtual file server to get multiple file systems is the actual file systems process manager was most of the work managing processes the memory manager figured out you know who goes where memory is the network server this thing called the reincarnation server without come to later which is interesting in this respect the dead but there's a simplified example of some of the stuff so here's what happens if you try to read something from you know you read system
called Buzz it's called you know you're
lucky because the blocking what happens to be in process cash that so the user makes a call to process the little colored thing under FS that's the fastest and scariest passes checks is the blocking need in the correction of reflecting the answer is yes is because the kernel as you go copy that what the user that is applied to the user and everybody's happy that
that's the user gets the harder cases is the block is not in the cache and then now the user both file
system busses and called the destructors inquiry that black people over here and the destroyer in our kernel saying I want to describe how here the parameters Jackson valid terms at this time it will but later the actual drive since the node it doesn't interrupt basically at a very low level of turned from message to get rid of the interrupted very low-level message comes into the dust driver saying you know harder interrupt the district those reads registers find that you know it worked and then eventually reports back to the file system saying we completed correctly or it was an error and then and then uses informed at the top is that it uses that always have a process is a little bit overhead here is like a
microsecond we have had recently there's less than a microsecond overhead so there is you know some overhead and process with reading for that that's that's millisecond maybe even a necessity is 109 100 of microseconds so a couple more microseconds here there is a need to be that the real killer what is the reincarnation server that it's the parents of all the drivers
and service so it's like up there in the system boots he know that appearance of it and its inter ati file of a force that for he of all these servers and privacy it runs its appearance of all the know the things of that this service and drivers and sometimes if elected of parent and what is it to give some of these guys it looks up in a table so what what must posted the table that will say state a logit somewhere it isn't an e-mail to the Administrator and then try to restart it's a driver it will go to the disk and the driver for the pressure of minus 1 of this driver well clever enough to to keep this driver Ram time so if the disk driver dies they ran copy input and once we have working distributing redress and that's and it also came the various servers at all times of the reincarnation also the Trevor I just a the federal state great detected the we will later things drive I this is greater than 104 regression was the later these against kind of
benefits at this right how are you doing but no what margin how he's doing the this pointer International Semantic Web jails that doesn't start a new 1 the new 1 you know is OK the other components are told something happens at the file-server you know I was waiting for requests completed it has recorded the fables where it was and then it's told where the new 1 is that message to the new ones and goes to the command against the consensus that item potent in order to make this work eventually it's doable with a little bit of structuring so on you can't make a transparent everybody would make a reason we transform OK so this
forever recovery the looks like this basically the user calls classes possible this driver that this further crashes and so the reincarnation server years about that is you get to the equivalent of signal child all this is out of Sunderland doesn't about it that you know the driver crashed in your your problem also saved for the message it sent do that this driver is other than the 1 so the new 1 the message and then hopefully the new 1 doesn't work that find new 1 doesn't have the right the process is repeated from 1 another so the work finally gets that and if it's a really hard you know hard error that's something you know very very wrong with the code public recover
but our experience and everybody's experience most areas of trenchant some weird timing combination causes things fail to run again probably won't happen again in most there a sort of friendship and so this is the whole point about a self-healing so attacks its own errors could
correct the errors on its own on the floor and this is the kind of property you want have a system we detect and correct around errors in the same way for example TCP IP will send the packet out of a lot of time recognizing and acknowledging the timer goes off as well as a problem think the recovery actions and again that's an example of doing this is sort of the the operations we tried to use that as number so some of the issues about
reliability and security of
fewer lines of code means fewer kernel but we don't have as many bugs in kernel is a reality in last likely a better rate you know but understanding that stuff on the 15 thousand lines of code into smaller person being that there's no for encoding the current only our other systems you driver you have to install driver written by some given 1 was blossoms breathing down his neck saying we got a ship without a ship which it because ready wasn't character we got a ship that doesn't happen in the next this kernel is the driver code units some user process will work the kernel is affected by installing a new we've also been fairly careful about static data structures there's no Malik in the kernel we do sometimes have over dimension things when cheap and so you will have all the problems you now like you memory leaks and all that stuff in the north of the dynamics of moving bodies to users spaces or doing doesn't make the purified means that less powerful but if you're a budget audio driver you know or worse yet your you know hack in order to have a sum is compromised you you can make a strange noise you can forgotten you shall continue trying to create a new process the kernels as the audio driver you have know permission to create other processes sorry you know you don't know before you get it so we reduce the power of the parts of the fixed messages all the messages 64 bytes a buffer overruns you know you can't have all the problems buffer overruns is a variable length messages were not so the hard constant you in more the header files that offers a 64 bytes messages 64 bytes with rendezvous system that a you know sent the baby listen got the message a copula over but it turns out that some reliability issues namely if the sender sends it to the inner city so the clients and server the server is trying to to buys server can respond everything has to have a go through an asynchronous scheme even like the rendezvous better than a lost messages about from an inference without Eddie messages we try to avoid using as much as we can and we be integrated interrupted messages forever low-level interrupted turn into 1 messages OK you know the untrusted code like drivers is heavily in protected by the MMU so our model is you know most of the operating system matches untrusted code that's going to different model and everybody else so bugs and viruses and 1 that can spread from 1 module to another model easily because we assume starting players learning decision is that the most of the average and untrusted code of kernels trusted that's very small going on nobody can touch kernel data structures the mother bottom-up nobody has permission to write on the kernel of somebody needed to read the kernel data structure we have we have a couple of system calls we could read it to be copied into your address on right that a lot of the problems of something not so you know kernel data structures and you you have you can at that point is not that point the crash of a driver or 1 component that contrast the kernel is again you know that I the infinite loops can be detected if some components will think that know the intention doesn't answer the pain from the reincarnation server that's effectively dead and then will be killed and you will be started and I should say that starting things is tricky when their state were were working on that to some extent but we haven't solved the problem entirely out of but things that a stateless most drivers as they left that we can deal with me to start afresh come on all talk more about that later so we're restricting the power of words do damage rather than reducing the number the other advantage of user drivers what shorter development cycles in do something to think about a year and it doesn't work out if you can just start new of 3 with the computer with external 5 minutes that's a normal programming model start a process that doesn't work you know you can divide it was no no crashed time there's no reboot begin using normal dividing tools just another process that makes the whole cycle the users more flexible ran a couple former students ransom fault injection experiments and rejected 800 thousand falls into each of 3 Ethernet drivers than the binary drivers at run time so you know debugging program to overall memory and we're careful about writing right random numbers into what we look for like branch less then we change at the branch less than or equal to 0 that's the kind of error programmer might make so we look for specific areas that programmers might make it we modify the binary to emulate kind errors and actually happens in the reject 100 false we waited 1 thing is that the premise that graph we reject another 100 adjusted going there is a minister craft drivers 18 thousand times can be expressed as but but we never lost the operating system or various drivers 1 of
down all but we never lost operates
as and that's fault tolerance but I think it's on a little while back again
about 2nd advanced 2nd year cigarette that was about and to try to make this thing more useful to the outside world this reported minutes of your time in the we had restructure the source tree from multiple architectures oddly enough we had that mimics 1 but got lost along the way somewhere but which is going to use you boot up for the all we can rewrite the low-level code dealing with a hard workers and you were told the fully 6 the plan that achieves the code for context which is a little low levels of is differently on the datasets and the change of that we the segmentation because of that think Intel's also lost interest in it and opposite have habits so throughout the gradually began importing the net BST on matters and libraries and you know that B the is fanatic about portability they really want to make things run every known platform really been very careful not to be useful things like put in line x 86 code in the middle of the C programming that do that kind of stuff so we basically we have changed the old system to do cross
compilation of it and we didn't build a model of the building on ensembles we're virus the as the card has some of the other big devices and our initial
target was the Beagle Bone available on black because you don't
know if it's a a single PC with an online about the size of a smartphone small smartphone and is here similar
characteristics of the biggest on the 7 for those of you who don't know the answer I thought runs of the gigahertz that half a gig elements minutes of 4 gigs of distant fast memory and it's not it's too much for attending 1092 I O pins you can connect the want to have a drive these embedded systems enable Ethernet 2 USB port on its open source was important about 40 thousand 55 dollars and which model exact couple models so may know by the Raspberry Pi compared to the the plus button on the 6 which is an older and some you no less good processes at that 700 megahertz also have a gig dismantling this time a problem but it's also that 1080 on 240 even at the 4 years report which is a plus 1 and black data how did you want to go more 1 so open source the main reason want such and so the children OK so I will I will want to on
about right a lot of the moment January 29
1992 I posted the count the last of minutes don't get me wrong I'm not unhappy with Linux will get all people who wanted terminating the BSD units off my back so I apologize for that I do want to mention the history 20 years to realize that I'm sorry about that kind of slow on the water so the minutes needs to be a be he has to be the thing is
have your carrot Marshall which is used by his permission of or maybe so
what do you think that makes the number application software and this is proven reliable
quality product and I think the code quality in general better than than Linux those guys are really fanatic about good code quality and they don't release things in this very slow release scale and once while as in relation right that's a pretty carefully so but different philosophies of the active sources really package manager is really like that the thousands of packages out there and is an active community also license compatibility that and I was just speaker and Linux conference in Australia dimension licensing approximately Stanford what's the license of because this the License always begin interior the limits some of so there were obviously 1 that this is this is a tremendous emphasis on portability some really guys give
us security in but the that is the task of a probability if you're writing an 80 platforms can have any weird stuff that use some peculiar feature of undocumented and actually think that flighty platforms to that really benefit make it really really clean code so the appreciate
there is a bunch of features from that gives the we have the kind of
LVM compiler that's someone may know that Linux is not written in C this reduces the ants or they can't use it been attempts to use the kind compiler we've tried to you about limits of the fine compiler thousands and thousands of places in the code which are not in the standard states we past of people but not to do this we have never gonna working it's just a disaster and I think the the moral of the story is right yourself in its sentences which it was but you know they need user compiler actually the best whatever time so for us to change our own at compiler to find was pressured changing the build system called that compiler right at the back of the bed and finds very nice compilers invariance properties people talk about later as well to the synchronous car and we adopted that this legal system without that the file format all sorts tree dealing with architectures model in the way that gives the doesn't headers and libraries are often that is it's got x 11 you know it's got package source last summer look we could build
about 5 thousand that is the packet is right at the bottom so you can make and everything happens right and some of them don't work because we don't have some font library or some other things we didn't have the time to really try to write it down my guess is with a small amount of effort
probably get thousands more packages to work out of the box you know there's a few system calls you don't have those are actually are impediments a lot of of some minor things that some patterns need some peculiar far we don't have the requires so we use the theory where the font is but lot of this work out the art never
last we build minutes on top of you you know that if the environment is
built on top of the of Linux over
that the the build up of Linux environment so there's some things we don't have a lot of kernel thread you know long story but the beginning was therefore complicated we have used a land threads things that actually require kernel threads that's a problem but some system called that were missing but we don't have the LWP calls and that's all samples some ideas that don't have a long time we don't have some of the get an apple calls of taking trees the review for work on the job control but city of x 11 why would you want drug control some of the window and some minor calls on this is nevertheless we can build over 5 thousand packages so it's moderately close
a few looking for accounts of how close it is to good at this
city there's a QA task and we're all these tasks and you know by the central failed and 21 39 past so basically 81 per cent of the
QA test passed so it's sort of 81 % of way there the things that don't work tend to be more exotic things and so it's always there are some that require some work but where a large way along the along the road there so here's the system
architecture well the bottom line is the bottom layer is a microkernel with suffering that's the part that runs in promoting handles interrupts since it loads the registers often metaphysically manages the page tables on the next layer is the drivers all processes become all the servers all that just minutes that but in user lands you know with packages and playing and all author and that's that so it's not these are really implemented on the infrastructure with the reliability and self-healing properties of minutes but to the user look like that if that we think this is kind of the best of a list of possible worlds have all the nice reliability properties managed achieve a user interface which is familiar with the people who were you know if the people you know could have the next day they could still be done I think would be hard to to don't think critically and is that is OK so here's a minutes
on the on the beagle boards now you
can't read this book re is regret is that so we have tested on 3 different billboards that the above black big 1 white and available on X M In the black most of the works as a few things like serial peripheral interface but we get around to writing a driver for for those are all things that could be done relatively easy to produce a random and powerful but most of the stuff the water to the works
OK you're role in all this it's
not open source project funding is right now and theoretical retired 11 and we hope some of you will join us to help you work out of like all the other open-source projects around here is an interesting project in a word combining established user land with a somewhat novel and interesting to lower levels with this modularity property if the crucial system calls missing the the training in add them we don't want done things up with you know use system call that 1 package somewhere here nobody wants to do something that nobody cares about the existence of all we can find that the world of so reporting more patches we don't have jobs we don't have a browser we have links to the united graphical browser you know I don't know firefox would be portable it's still a very big program and but there might be smaller until all of this is really smaller browsers the graphical have another some missing drivers the board and of the really important but that might be need something like this so you know that so I get a running on other platforms such as the Raspberry Pi other platforms
that the of wrong is a project with the guys in Norway which allows use of BST driver in Windows drivers on obviously it's interface
between the driver lands and the operating system but the interesting project of truly portable
libraries important do we doesn't have to be carried but the other grew out there we have 1 for a while back the loss but some kind of a girl we all people click on the icon effectively you just don't really relevant to have someone show why ancestry look like and that's on the rest of the very simple reason that the the job and in general for of packages OK so there's ministry in a nutshell it's a microkernel
reimplementation of that history and start out that way but it's sort of all that well over time a fully open source BSD license so you know it's it's that piece of the world of open source and but it's still highly compatible with this these people know the history of previous labels recognize a lot of this stuff supports both LDA and GCC default compiler is LVM Battisti's is there if you want to really wanna use I GCC but normal weight about things LVM we control that the minute we use the package manager from that is the pattern sort of various package manager acceptance of about 5 thousand packages all right of parts and then
the Ministry of origins downloaded from which a virtual machines to try out working refuted 1st so how we're positioning minutes now 1 of the
things want to show the multiserver operating system this is all both of the components can be made to be reliable that I will demonstrate virus belonging news about Microsoft's figures out all also that I that you know this user driver framework that Microsoft's pushing the encouraging Windows developers to write the drivers in user motivation in the same problem and I want to write a driver but for the good of the kernel doesn't like that brings the windows every other Microsoft as not really there for you know that they would prefer the to drive around in user mode but doesn't bring down the operating system that we look get a message saying no printer-driver practice something like that but the operation it's going to microsoft understands this very well the drivers 1 is about but you know higher real high reliability and fault tolerant applications in many applications in the world press event ones where reliable is important so that so we focus on you know this was the hundred dollar laptop project in MIT at some point somebody's make a 50 dollar 1 ship you know the that computer like the boat for the 3rd world countries and to have a small memory of when you Richard trip area there so that's the size constraint minutes think of you as much RAM some of the systems became 1 of the things 16 values was therefore focused on embedded systems but also you runs a virtual machines and that's some for example is a feature that's not in the system yet but will work and hope to get out there in the next release like quite working yet what story is lined up there that so softer is updated for a variety of reasons for example explored their common reasons to prove performance summary read something that 1st that's fine by way of the features of you know in which the goal is to update the operating system in real time without rebooting right so you know you're attitude may be all you know if I can remove the bottom because if you're running a nuclear reactor taking down the control system for 5 minutes what would it turns out is not a popular thing that that they tend not to like that so there are plenty of applications where they really don't want them ever basically in the face of constant updates a lot about that allows you to update the operating system without affecting the application program currently running during a web server in Europe with the operation just what you want goes down to get somebody of doing about service for a while and try to avoid it operate in place while it's running but and furthermore the new operating system versions may have some different data structure but the old version of user linked list for something or other universities you after enough to get a signal properties Oracle move the stage from the old 1 to the other 1 because it may have changes instructors going to member in the middle you can come to that so much more complicated and hence a things
of open files environmental matter of things you have to blow up states that there is an example of that work so sporting that Apache running on previously there were 1 or whatever which what is a patch still running an irony introduced at that point the change the operating system and the application is still there will be a very short period of time that it is and when the application freezes with you know what I do the update nothing happens but that's only half a 2nd or something like that OK and so goes to place the apparatus while the user processes are running is very hard to do with the Linux and Windows and other operating systems and we think we can
do it we have a running in the lab but it's not in the current release 2 years like alive Update in minutes you know you're running the country and you've got file system 6 . 0 running initially we're all done in the file system 7 . 0 running is that the version of himself they had to how we do
well this some manager
process which tells so the old file system and we went up there you go so it does is it sets up a better finish of all the work that I'm in the middle of this it's going you know operations with various other pieces and waiting for you know other processes to respond to it it nature finishes although there's nothing so in the middle if you were comes in just use messages so around but it doesn't begin processing that all keeps them in a somewhere interrelated everybody who you know it was currently interacting with has said and done this will work pending with other servers all incoming work is going to at that point you know it can tell the the manager OK I'm gonna I'm ready to be updated manager that is OK operate another new process and you file system separate process with the new code and it is in the process they've got the old 1 In theory writing all of flopping schedule right now and then the new 1 is there but it isn't you running the so that's where you know your initial now inside the new file system fact inside the old files of all kinds of tables listing every data object there that's 1 of the things that we really like about all programmable you can write new passes for his whole infrastructure providing your own past to LDA so we wrote a past which simply collect all the information about all the data structures and put it in the table in RAM in certain places appointed with someone list every single data structure where it is what type it is how big it is all stuff is infallible some FIL system both the old 1 and a new 1 so all of those structures on this is that the table listing at exactly the report it to the producers new file system knows which variables and data structures it needs so it goes to the old 1 sends a message and says hey I need this variable x given VerbaLex the old woman replies here's X the new ones are is wife so it goes against why it keeps asking 1 after the other for everything needs it turns out that some data structure has changed in important ways but what used to be a linked list is you have to able the the new version as the conversion routines convert from the old to the world that the assumption is the guy running the new white ones conversion to work those the old 1 work those you know what the data structure used to being what it is now and then it gets the old version of an internal it does a conversion to the new format but you you know in place and the next so these are actively cooperating with the assumption is not hostile the same guys who wrote the overall to know and there was a conversion from work we all status transfer that we
create a 3rd file system it runs the process backwards faster than 1 gets all state and tries to recreate the whole state from the middle of the but if that works there were probably and this this is somewhat analogous to using Google Translate to translate English into German and interests of the German back and English and English you got you know the 2nd time around is more or less the same as what you started with to regional but the German was sort of moral as right we should probably couldn't have gotten the right English the German was all right the perfect but sort of more or less the same so we make that check if it's not the same as it is until we kill off a new file system that revert back to the old 1 the updated is aborted the old continues this still running it just you know the updated messages sent someone
saying make the that of OK so how does the
yeah yet that workers let's say
patch running all file systems running then somebody says of get ready made up that you the new 1 started the fastest possible so the old 1 I need some verbal VerbaLex get the answer here is x repeats that you but times get everything then this is 3rd file system recall start-up it says I need x it gets X and then compares itself to the original 1 if the matchups where business everything works there we go forward if
they don't match up but they don't match up there the you know we report the update and you continue running all 1 of these losses that that that that work on so many of our of K slices with that MIT action 1 of my former students from Catholic and his students they can set up that Linux in real time however they can only handle very small security patches couple lines account some wrong put in a branch place with problem breast somewhere else put in the new colony branch back skipping over the old so that didn't work that can handle major data structures changes like that all of that surpasses the running process but that that over time front-end of accumulates in the process because it said that the 2nd catch up somewhere else the pedestal still there and there's another job somewhere else over a period of years and the reason for this patches that there is also if something goes wrong with patch there's no way to recover in our case if we do the check that doesn't work we just go off in the new version of the file system go back to running the old 1 and back to where we were known as the language of the other day that they have a problem with that they have an fact so it's really a much better scheme there are also some there's some other interesting uses a lot of the so for example there's a lot of security problems where the attacker basically knows the layout of memory very accurately and does something like you know it creates a gadget for a return to live see kind of attack or something like that where you know it does a buffer overflow attack over rights in the stack in such a way with the current function returns the return address is overwritten to a jump into the buffer that overflowed and there is a piece of code that a node does whatever the attackers trying to make that work you have to be very very detailed knowledge exactly the layout of memory OK we can do and update of the operating system at a very high frequency is changing at random way for the purpose of falling out there so that only works if you memory well looks like we've got thousands of different memory layout would change them all the time you know it's very hard for somebody to you can guess what the memory layout if they guess wrong it in a randomly in the crash that the crash much better than having just something taken over so it turns this kind of return the Tribunal into a crash rather than a takeover of that that of the use of the huge had vanished security yeah part you it also occasionally would looks like against you information is like this place they think it is very so worlds with that of it's also possible that the garbage collection and you would think you'd don't remember where we were to start a new version of the new 1 is a list of what once that is all the things it needs a lot of memory that nobody is using that indicated that nobody ever asked for it so and with all the topic of all the things that actually needs it doesn't cover different drunk that you know the auditoriums there's no pointed some piece of memory you know on long time ago doesn't get copied over only the things we're currently at the Faculty its garbage collection and limited memory leaks in a programming and C programmers nothing to know about outdoor that's kind of of unusual things all light they discovered over at this and fixed
memory leaks there another research thing which I don't think it and make it into a account because of time is full
injection it is a long way if
you claim your system is that the summary of everything that's going to more reliable flow through that that's still working on testing reliability then we do that you know we inject a fault you would at run time we have compiled into versions very basic block is the real 1 and the faulty 1 and then this test for the basic block of should I run the faulty block where the real block and so we have all this code is generated automatically by the LVM compiler can program the past inject false as
to the new program structure doesn't have basic once we this extra blocks with the test so this will go that way so we have a single binary where we can run all kinds of different tasks without having to recompile so we can write a whole bunch of different kinds of tests that we're recompilations we very quickly we can run lots and lots of tests using this unfolds action taken that we can optimize the whole thing to produce a single binary to what do with the overhead for doing this is about a person the size of 1 that gives the whole playground for a lot of papers about it and if you look at low error from a cow 156 usually
published by 2 papers and got best paper awards this circle cool most stuff OK we have a logo a
raccoon pursuant to tu-logo sometimes use a full load of the user and
the record space of who what it seems a lot of operations possible animal will notice that cover the there is a small constant because of a smallish excuse they're very clever ontological open garbage cans of them will be of the books and but the question on the problem more likely to use your house arrest if you look at at all of these 2
few but there's route from the movement of the website ministry that
organism capture website the
documentation is a wiki so you can help us to document things from the blast I can't program cannot help messages about document things we cannot document system there's wiki in everything of systems in
which have a user ID developer also in there is some that's about
the traffic will double but
basically we were running about 20 thousand visitors from 1 to the website doing this for over 10 years which spike in September of last year when we release corroborates left out of 80 thousand words so the number of downloads we've had since I began warning in 2007 is about 650 thousand conservative estimate of been fairly careful about not counting expires remarkable stuff is to read and having something like that so much 650 thousand downloads surprising before you know like endemic project for the few of that was thing we have a
newsgroup several social attitudes and Facebook it seems the most serious developers know about
Google groups and much more appropriate place to talk that Facebook that we haven't Google news shows that the front page it says for group like here in the best questions and discussions on to the owner the conclusions is that the current operations become bloated and unreliable mixed attempts to produce a reliable and secure operating system the curvature is smallest 15 thousand lines of code the operation runs as a collection of user processes for each driver of process each operators component as restricted privileges this for for every kind of thing it might wanna do like what are the processes can I talk to what kernel calls can make you know look and stuff the bit-mapped and cables inside the kernel that describe what a lot of those of component makes kernel called protocols at different than the causes falls with that's handling much higher levels golfers checks this is allowed that allowed that doesn't have a lot of sense back in a message saying no permission OK so this is a very fine grained no control over what the components and faulty drivers replaced
automatically some state service can replace automatically all of the ones the state changes slowly currently for example an audio driver has a little bit of state of the basin travel levels and volume that kind of stuff the driver or any component with slowly changing state whenever everything state changes can send a message to the data sourcing please save my state and if there is a new version comes up for the does this go to that a certain things in my state of gets statement put the state-backed were worldwide things like the fastest were changes very rapidly other techniques which was for working on a much of the get in there and I lie about it's is possible we have a working the lab not in the current release were trying to get the application the cases we haven't got that right yet but we're pretty sure it's doable on am
but we need delegates from website given try in this survey
and the main page where we have suggested that dialog we don't know the users are we don't to do it and I would like to find out that 1 of the disadvantages of BSD license is that when people going to talk at 2 o'clock and some people using units for something had to know about it it was 1 of them is the GP on certain ordering of the the GPL but post the source changes as disposable don't tell anybody about their there to what you find but some announced Republican but so we don't know the odds were trouble the community is were thinking about a conference next year while ultimate whatever composed means a situation can do it we're thinking of having maybe adevarul much faster them in Brussels while people of this community knowledge notifies them which is interesting conference or if we don't get room where it does with like the right thing we might call the small conference in Amsterdam you know the 2 before 5 them or the day after 4 people coming from far away in coming from the US you know which have come to Brussels condenses enough from a small increment to coming from Spain in 2 separate trips but we're thinking of doing tender shorthand honey might be innocent coming to such a conference 1 1 place the other small number of without expecting a vast numbers that 30 people showed up and quite a successful conference regrettable that community and it it's hard to do it's and and you have some piece of software trying to build a new community for it so is this a little and here we have a master's program for university personal computer subsystems and you're interested in parallel or distributed systems I look forward to going as successor that a lot of my homepage a link to it is a movie about video about a master's program it's research master's program in most of the people who got the masses of guys and got a phd someone that's sort of very common is a research-oriented kind programs of units you're in an undergraduate years the masters of this little selected interesting program or look at PDC yes Earl distributed computer systems that if you don't know if that's the end of the minimum time was it it it
be I lose you would find more than 1 so warm and you know where the and warm we actually it's kind of the question is what do you want to do that in what comes on the use of and what we have to it wasn't long rule underlying al and you your area of instances the there's something industry which is the front back I wrote a paper called lessons from 30 years of mechanics which describes exactly that it's been accepted by the Communications of the ACM it's in the pipeline for publication now but will be a number there they're cannot behind all of it will be published there eventually that goes through the lessons learned you know in many different spaces in great detail and I'd be hard-pressed me knowing what I know now the liberty of kernel threads that make it makes much more complicated systems so much of our there on of the main thing I think I would do it with the ridiculous but the main thing I think I would do differently this when we switched from minute to minute free I would renamed it something other than in minutes because too many people you used it in a course in college long ago that culminated in educational system it's not a real system that is a real system now just wasn't long time ago but nobody knows that because she minutes to the college course and I had a friend who was an advertising she said never throw away from friend but maybe it would be good to throw away from his brand and pick some new name so people wouldn't associated with the educational system which it once was found so far and what was the 2nd part of me it again at all the question is you other the industrial applications are we talking the companies we we were at the Embedded World in Nuremberg compliance of the biggest embedded systems fair In Europe were there 2 times we understand standards on the without of many many customers and it was and a lot of them were very interested they like the open source some with guy guys who make trains this is just a of 60 years we gonna have the source code because we not the companies would be around 60 years without it will make an ourselves or hire somebody work and how big is your company you know will be around for a while we didn't have a company we can get a accompanied we customers we connected customers and will accompany and so on you know there's this vicious circle so there was a lot of industrial interest but it's sort of you know the hand because we won't be enough maybe if I were 30 years younger I would try to get you know venture capital and you do it the right way but so I'm not against other people 1 the ball and go that direction of defined government its foundation for go is an open source project now but we we know that industrial interest in the sense that many people in standard Embedded World and they're like long long list of the properties the self-healing up but you guys who make thermostats all with some IPR and would wall right and ends on the internet in people can hack your house so there were about in real time updates through there were about security all these things but you not because we want to company that they could started the consultative you know the new customers at the end of the hall so a vicious circle and it took more time and effort and funding to get is not that started so we we were able to pull it off but actually not against other people trying to do that so there is industrial which we know that which we weren't able pull it off you basically in a very short time frame that
Offene Menge
ATM
Software
Freeware
Vorlesung/Konferenz
Wort <Informatik>
Ereignishorizont
Computeranimation
Mikrokernel
Geschlossenes System
Programmiergerät
Netzbetriebssystem
t-Test
Projektive Ebene
Knoten <Statik>
Term
Computersimulation
Term
Computeranimation
Einfache Genauigkeit
Medizinische Informatik
Computersicherheit
Computer
Dienst <Informatik>
Systemaufruf
Computersimulation
Raum-Zeit
Computeranimation
Rechenschieber
Virensuchprogramm
Software
Dienst <Informatik>
Druckertreiber
Software
Mereologie
Bildschirmfenster
Topologischer Vektorraum
Spyware
Hacker
Druckertreiber
Ext-Funktor
Computersimulation
Virensuchprogramm
Tabelle <Informatik>
Bit
Versionsverwaltung
Computer
Computeranimation
Übergang
Eins
Algorithmus
Geschlossenes System
Ereignisdatenanalyse
Nichtlinearer Operator
Hardware
Kontrolltheorie
Computersicherheit
Nummerung
Strömungsrichtung
Bericht <Informatik>
Bitrate
Software
Gerade Zahl
Festspeicher
Server
Netz <Graphische Darstellung>
Decodierung
Datenfluss
Zentraleinheit
CD-ROM
Fehlermeldung
Maschinencode
Server
Relationentheorie
Disk-Array
Mathematisierung
Zahlenbereich
Zellularer Automat
Unrundheit
ROM <Informatik>
Unendlichkeit
Virtuelle Maschine
Systemprogrammierung
Multiplikation
Modul <Datentyp>
Software
Netzbetriebssystem
Modelltheorie
Operations Research
Hardware
Leistung <Physik>
NP-hartes Problem
Medizinische Informatik
Objektklasse
Ausgleichsrechnung
Unendlichkeit
Portscanner
Flächeninhalt
Leistung <Physik>
Wort <Informatik>
Faktor <Algebra>
Bandmatrix
Modelltheorie
Mini-Disc
Matrizenrechnung
Parametersystem
Maschinencode
Programmiergerät
Bit
Punkt
Versionsverwaltung
t-Test
Ikosaeder
Quellcode
Kombinatorische Gruppentheorie
Biprodukt
Fokalpunkt
Computeranimation
Systemprogrammierung
Einheit <Mathematik>
Geschlossenes System
Geschlecht <Mathematik>
Software
Grundsätze ordnungsmäßiger Datenverarbeitung
Maßerweiterung
Grundraum
Kernel <Informatik>
Prozess <Physik>
Web log
Program Slicing
Metastabilität
Raum-Zeit
Computeranimation
Kernel <Informatik>
Geschlossenes System
Bildschirmfenster
Maschinencode
Druckertreiber
Gerade
ATM
Dokumentenserver
Assembler
Bericht <Informatik>
Störungstheorie
Systemaufruf
Menge
Rechter Winkel
Festspeicher
Message-Passing
Parametrische Erregung
Aggregatzustand
Fehlermeldung
Standardabweichung
Telekommunikation
Maschinencode
Hyperbelverfahren
Gruppenoperation
Ablöseblase
Mikrokernel
Systemprogrammierung
Modul <Datentyp>
Netzbetriebssystem
Inverser Limes
Operations Research
Basisvektor
Modul
Leistung <Physik>
Autorisierung
Beobachtungsstudie
Trennungsaxiom
Elektronische Publikation
Interprozesskommunikation
Open Source
Inverser Limes
Programmfehler
Druckertreiber
Komponente <Software>
Basisvektor
Speicherabzug
Speicherverwaltung
Unternehmensarchitektur
Kernel <Informatik>
Server
Maschinencode
Bit
Prozess <Physik>
Rechnernetz
Term
Computeranimation
Eins
Übergang
Mikrokernel
Multiplikation
Interrupt <Informatik>
Regulärer Graph
Geschlossenes System
Reelle Zahl
Netzbetriebssystem
Minimum
Vererbungshierarchie
Radikal <Mathematik>
Modelltheorie
Druckertreiber
Gerade
Leistung <Physik>
Nichtlinearer Operator
Interprozesskommunikation
Quick-Sort
Reihenfolgeproblem
Office-Paket
Druckertreiber
ATM
Server
Speicherverwaltung
Mini-Disc
Unternehmensarchitektur
Kernel <Informatik>
Server
Prozess <Physik>
Virtualisierung
Adressraum
Datei-Server
ROM <Informatik>
Raum-Zeit
Computeranimation
Kernel <Informatik>
Multiplikation
Geschlossenes System
Rechnernetz
Virtuelle Realität
Dateiverwaltung
Druckertreiber
Datei-Server
Caching
Elektronische Publikation
Druckertreiber
Rechter Winkel
Festspeicher
Identitätsverwaltung
ATM
Server
Speicherverwaltung
p-Block
Message-Passing
Fehlermeldung
Kernel <Informatik>
Bit
Server
Prozess <Physik>
Datei-Server
Term
Interrupt <Informatik>
Computeranimation
Übergang
Kernel <Informatik>
Knotenmenge
Geschlossenes System
Dateiverwaltung
Druckertreiber
Caching
Parametersystem
Elektronische Publikation
Validität
Systemaufruf
p-Block
Elektronische Publikation
Druckertreiber
Caching
Mini-Disc
Overhead <Kommunikationstechnik>
p-Block
Message-Passing
Fehlermeldung
Tabelle <Informatik>
Server
Datenmissbrauch
Prozess <Physik>
Booten
Systemverwaltung
Elektronische Publikation
Ein-Ausgabe
Computeranimation
Gruppenoperation
Modallogik
Dienst <Informatik>
Druckertreiber
Forcing
Lineare Regression
Mini-Disc
Mixed Reality
Vererbungshierarchie
Server
Overhead <Kommunikationstechnik>
Druckertreiber
E-Mail
Aggregatzustand
Tabelle <Informatik>
Randverteilung
Kernel <Informatik>
Maschinencode
Bit
Server
Prozess <Physik>
Klasse <Mathematik>
Äquivalenzklasse
Systemzusammenbruch
Computeranimation
Eins
Wiederherstellung <Informatik>
Vorlesung/Konferenz
Zeiger <Informatik>
Druckertreiber
Druckertreiber
Komponente <Software>
Rechter Winkel
ATM
Server
Wiederherstellung <Informatik>
Ordnung <Mathematik>
Mini-Disc
Semantic Web
Message-Passing
Fehlermeldung
Kernel <Informatik>
Gewichtete Summe
t-Test
Raum-Zeit
Computeranimation
Geschlossenes System
Maschinencode
Vorlesung/Konferenz
E-Mail
Gerade
Dicke
Geschlossenes System
Kategorie <Mathematik>
Computersicherheit
Stichprobe
Bitrate
Zeiger <Informatik>
Entscheidungstheorie
Rechter Winkel
Festspeicher
Server
Ordnung <Mathematik>
Fehlermeldung
Maschinenschreiben
Subtraktion
System Dynamics
Systemzusammenbruch
Geräusch
Identitätsverwaltung
Leck
Loop
Variable
Modul <Datentyp>
Netzbetriebssystem
Maßerweiterung
Datenstruktur
Booten
Verzweigendes Programm
Rechenzeit
Modul
Programmfehler
Unendlichkeit
Zufallsgenerator
Komponente <Software>
Leistung <Physik>
Wort <Informatik>
Wiederherstellung <Informatik>
Programmiergerät
Punkt
Prozess <Physik>
Inferenz <Künstliche Intelligenz>
Adressraum
Binärcode
Systemzusammenbruch
Kernel <Informatik>
Metropolitan area network
Einheit <Mathematik>
Programmierparadigma
Druckertreiber
Nichtlinearer Operator
Nummerung
Arithmetisches Mittel
Maschinenschreiben
ATM
Message-Passing
Aggregatzustand
Maschinencode
Computervirus
Server
Hausdorff-Dimension
Gruppenoperation
Schaltnetz
Zahlenbereich
Wiederherstellung <Informatik>
Hydrostatik
Unendlichkeit
Message-Passing
Mittelwert
Modelltheorie
Softwareentwickler
Optimierung
Leistung <Physik>
Binärcode
Data Encryption Standard
Graph
Mathematisierung
Quick-Sort
Druckertreiber
Flächeninhalt
Pufferüberlauf
Loop
Dreiecksfreier Graph
Mereologie
Injektivität
Normalvektor
Mini-Disc
Modelltheorie
Maschinencode
Automatische Handlungsplanung
Rechnernetz
Systemplattform
Systemzusammenbruch
Computeranimation
Übergang
Fehlertoleranz
Multiplikation
Geschlossenes System
Maschinencode
Programmbibliothek
Optimierung
Mobiles Endgerät
Druckertreiber
Gerade
Hardware
Data Encryption Standard
Binärcode
Systemstart
Geschlossenes System
Schießverfahren
Stichprobe
Mathematisierung
Übergang
Quellcode
Kontextbezogenes System
Loop
Unternehmensarchitektur
Offene Menge
Computervirus
Prozess <Physik>
Compiler
Element <Mathematik>
Computeranimation
PRINCE2
Systemprogrammierung
Metropolitan area network
Geschlossenes System
Gruppe <Mathematik>
Maschinencode
Modelltheorie
Druckertreiber
Computersimulation
Hardware
Open Source
Gebäude <Mathematik>
Schießverfahren
Mathematisierung
Bericht <Informatik>
Übergang
Chipkarte
Persönliche Identifikationsnummer
Videokonferenz
Festspeicher
Flash-Speicher
Charakteristisches Polynom
Smartphone
Einfügungsdämpfung
Zentraleinheit
Einheit <Mathematik>
Momentenproblem
Wasserdampftafel
Zählen
Computeranimation
Zentrische Streckung
Maschinencode
Hausdorff-Dimension
Güte der Anpassung
Relativitätstheorie
Mobiles Endgerät
Zahlenbereich
Kartesische Koordinaten
Quellcode
Biprodukt
Computeranimation
Software
Software
Rechter Winkel
Maschinencode
Identitätsverwaltung
Inverser Limes
Biprodukt
Mobiles Endgerät
Geschlossenes System
Maschinencode
Kategorie <Mathematik>
Compiler
Mobiles Endgerät
Quellcode
Systemplattform
Quick-Sort
Computeranimation
Task
Netzwerktopologie
Software
Geschlossenes System
Rechter Winkel
Maschinencode
Programmbibliothek
Dateiformat
Inverser Limes
Biprodukt
Compiler
E-Mail
Aggregatzustand
Kernel <Informatik>
Server
Geschlossenes System
Elektronische Publikation
Prozess <Informatik>
Quader
Kontrolltheorie
Systemaufruf
Dateiformat
Systemaufruf
Physikalische Theorie
Computeranimation
Netzwerktopologie
Geschlossenes System
Font
Prozess <Informatik>
Klon <Mathematik>
Maschinencode
Minimum
Mustersprache
Stichprobenumfang
Bildschirmfenster
Programmbibliothek
Thread
Compiler
Kernel <Informatik>
Server
Prozess <Physik>
Seitentabelle
Interrupt <Informatik>
Computeranimation
Task
Mikrokernel
Softwaretest
Geschlossenes System
Klon <Mathematik>
Zählen
Druckertreiber
Gerade
Autorisierung
Softwaretest
Geschlossenes System
Benutzeroberfläche
Prozess <Informatik>
Kategorie <Mathematik>
Mailing-Liste
Quick-Sort
Mögliche-Welten-Semantik
Systemaufruf
Gruppenoperation
Druckertreiber
Last
ATM
Mereologie
Server
Mini-Disc
Unternehmensarchitektur
Offene Menge
Browser
Wasserdampftafel
Systemplattform
Whiteboard
Computeranimation
Übergang
Methodenbank
Metropolitan area network
Geschlossenes System
Prozess <Informatik>
Existenzsatz
Druckertreiber
Peripheres Gerät
Schnittstelle
Geschlossenes System
Kategorie <Mathematik>
Open Source
Machsches Prinzip
Browser
Applet
Systemaufruf
Binder <Informatik>
Systemaufruf
Patch <Software>
Druckertreiber
Whiteboard
Projektive Ebene
Serielle Schnittstelle
Wort <Informatik>
Offene Menge
Geschlossenes System
Einfügungsdämpfung
Browser
Applet
Bildschirmsymbol
Systemaufruf
Computeranimation
Mikrokernel
Druckertreiber
Prozess <Informatik>
Netzbetriebssystem
Bildschirmfenster
Programmbibliothek
Projektive Ebene
Druckertreiber
Schnittstelle
Offene Menge
Gewicht <Mathematik>
Ortsoperator
Open Source
Compiler
Quick-Sort
Computeranimation
Teilmenge
Virtuelle Maschine
Mustersprache
Identitätsverwaltung
Mereologie
Normalvektor
Default
Kernel <Informatik>
Punkt
Prozess <Physik>
Versionsverwaltung
Kartesische Koordinaten
Euler-Winkel
Computeranimation
Eins
Kernel <Informatik>
Fehlertoleranz
Geschlossenes System
Bildschirmfenster
Regelkreis
Druckertreiber
Nichtlinearer Operator
ATM
Kategorie <Mathematik>
Frequenz
Ereignishorizont
Konstante
Software
Dienst <Informatik>
Beweistheorie
Festspeicher
ATM
Server
Projektive Ebene
Versionsverwaltung
Programmierumgebung
Message-Passing
Varietät <Mathematik>
Aggregatzustand
Nebenbedingung
Subtraktion
Computervirus
Mathematisierung
Framework <Informatik>
Systemprogrammierung
Virtuelle Maschine
Benutzerbeteiligung
Reelle Zahl
Notebook-Computer
Netzbetriebssystem
Softwareentwickler
Datenstruktur
Optimierung
Drei
Grundraum
Medizinische Informatik
Mailing-Liste
Elektronische Publikation
Einfache Genauigkeit
Patch <Software>
Echtzeitsystem
Druckertreiber
Flächeninhalt
Komponente <Software>
Offene Menge
Notebook-Computer
Kernel <Informatik>
Maschinencode
Umsetzung <Informatik>
Punkt
Prozess <Physik>
Natürliche Zahl
Versionsverwaltung
Wärmeübergang
Aggregatzustand
Physikalische Theorie
Computeranimation
RFID
Eins
Variable
Task
Geschlossenes System
Maschinencode
Datentyp
Dateiverwaltung
Datenstruktur
Nichtlinearer Operator
Einfache Genauigkeit
Bericht <Informatik>
Mailing-Liste
Elektronische Publikation
Warteschlange
Objekt <Kategorie>
Scheduling
Identitätsverwaltung
Server
Dateiformat
Information
Message-Passing
Tabelle <Informatik>
Prozess <Physik>
Aggregatzustand
Quick-Sort
Computeranimation
RFID
Warteschlange
Task
Rechter Winkel
Maschinencode
Translation <Mathematik>
Dateiverwaltung
Vorlesung/Konferenz
Drei
Message-Passing
Aggregatzustand
Programmiergerät
Subtraktion
Maschinencode
Prozess <Physik>
Fakultät <Mathematik>
Gruppenoperation
Adressraum
Formale Sprache
Mathematisierung
Versionsverwaltung
t-Test
Regulärer Ausdruck
Systemzusammenbruch
Information
ROM <Informatik>
Computeranimation
Wiederherstellung <Informatik>
Leck
Puffer <Netzplantechnik>
Wechselsprung
Knotenmenge
Prozess <Informatik>
Netzbetriebssystem
Front-End <Software>
Inverser Limes
Dateiverwaltung
Optimierung
Datenstruktur
Drei
Gerade
Lineares Funktional
Matching <Graphentheorie>
Computersicherheit
Verzweigendes Programm
Mailing-Liste
Nummerung
Frequenz
Variable
Portscanner
Patch <Software>
Echtzeitsystem
Pufferüberlauf
Rechter Winkel
Festspeicher
Mereologie
Information
Speicherbereinigung
Bitrate
Softwaretest
Tabusuche
Maschinencode
Compiler
Versionsverwaltung
Rechenzeit
p-Block
Information
Datenfluss
ROM <Informatik>
Computeranimation
Portscanner
Leck
Geschlossenes System
Festspeicher
Injektivität
Compiler
p-Block
Versionsverwaltung
Bitrate
Softwaretest
Subtraktion
Kreisfläche
Compiler
Gruppenoperation
p-Block
Binärcode
Computeranimation
Portscanner
Task
Softwaretest
Mehrrechnersystem
Overhead <Kommunikationstechnik>
Overhead <Kommunikationstechnik>
Strukturierte Programmierung
Fehlermeldung
Nichtlinearer Operator
Datensatz
Dedekind-Schnitt
Ontologie <Wissensverarbeitung>
Offene Menge
Last
Routing
Extrempunkt
Raum-Zeit
Computeranimation
Schätzwert
Geschlossenes System
Selbst organisierendes System
Zahlenbereich
Web Site
Wiki
Computeranimation
Motion Capturing
Metropolitan area network
Geschlossenes System
Total <Mathematik>
Wort <Informatik>
Projektive Ebene
Optimierung
Softwareentwickler
Message-Passing
Hilfesystem
Gammafunktion
Kernel <Informatik>
Maschinencode
Facebook
Subtraktion
Prozess <Physik>
Gruppenkeim
Ablöseblase
Computeranimation
Kernel <Informatik>
Homepage
Übergang
Netzbetriebssystem
Softwareentwickler
Druckertreiber
Gerade
Nichtlinearer Operator
Kontrolltheorie
Krümmung
Physikalischer Effekt
Computersicherheit
Systemaufruf
Druckertreiber
Komponente <Software>
Ablöseblase
Message-Passing
Kernel <Informatik>
Bit
Befehl <Informatik>
Sondierung
Mathematisierung
Ablöseblase
Versionsverwaltung
Kartesische Koordinaten
Sondierung
Computeranimation
Übergang
Eins
Dienst <Informatik>
Druckertreiber
Komponente <Software>
Spezifisches Volumen
Druckertreiber
Phasenumwandlung
Message-Passing
Aggregatzustand
Mathematisierung
Zahlenbereich
Computeranimation
Videokonferenz
Homepage
Homepage
Metropolitan area network
Einheit <Mathematik>
Geschlossenes System
Software
Trennschärfe <Statistik>
t-Test
Optimierung
Grundraum
Trennungsaxiom
Sondierung
Kondensation <Mathematik>
Personalcomputer
Ruhmasse
Web Site
Quellcode
Binder <Informatik>
Knoten <Statik>
Quick-Sort
Videokonferenz
Datenverarbeitungssystem
Brennen <Datenverarbeitung>
Telekommunikation
Subtraktion
Wellenpaket
Rahmenproblem
EDV-Beratung
Zahlenbereich
Kartesische Koordinaten
Raum-Zeit
Computeranimation
Internetworking
Richtung
Metropolitan area network
Geschlossenes System
Vorlesung/Konferenz
Thread
Kraftfahrzeugmechatroniker
Kreisfläche
Kategorie <Mathematik>
Open Source
Computersicherheit
Web Site
Schlussregel
Mailing-Liste
Quellcode
Quick-Sort
Echtzeitsystem
Flächeninhalt
Rechter Winkel
Mereologie
Projektive Ebene
Zustandsgleichung
Standardabweichung
Instantiierung
Offene Menge
Software
Freeware
Computeranimation

Metadaten

Formale Metadaten

Titel MINIX 3
Serientitel FrOSCon 2015
Teil 23
Anzahl der Teile 80
Autor Tanenbaum, Andrew S.
Lizenz CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/19549
Herausgeber Free and Open Source software Conference (FrOSCon) e.V.
Erscheinungsjahr 2015
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Most computer users nowadays are nontechnical people who have a mental model of what they expect from a computer based on their experience with TV sets and stereos: you buy it, plug it in, and it works perfectly for the next 10 years. Computers aren't like that, which leads to frustration. Part of the problem is the operating system, which is often millions of lines of kernel code, each of which can potentially bring the system down. As long as we maintain the current structure of the operating system as a huge single monolithic program full of foreign code device drivers) and running in kernel mode, the situation will not improve. In an attempt to provide better reliability and security, we have created a new multiserver operating system, MINIX 3, with only 15,000 lines in kernel and the rest of the operating system split up into small components each running as a separate user-mode processes. It is available for the x86 and ARM for embedded systems. The talk will discuss the design of the system and some of unique aspects, such as live update--the ability to replace the operating system with a new version while it is running without affecting running applications. Andrew S. Tanenbaum

Ähnliche Filme

Loading...