From: shearerje_at_comcast.net
Date: Sat Jan 17 2004 - 17:53:29 PST
“Application Performance and Flexibility on Exokernel Systems” (Kaashoek et al, 1995) defines an “Exokernel” architecture, discusses the key issues motivating the architecture and the key issues in implementing such an architecture. It then goes on to present and evaluate specific examples (XN and Xok). While the overall discussion was detail-rich, I was particularly excited by the meticulous detail provided on crash recovery.
The exokernel concept seems to me to be a natural fallout of, and complement of, the trend toward microkernal architectures. Where microkernals encapsulate the bare essential functions of protection and resource coordination, exokernels are a way to provide resource abstractions while still providing applications flexible access to system resources and information, including resource allocation, physical names, revocation policies, and detailed system state or performance. The paper describes how the exokernel concept can use this ability to provide a robust environment for applications to interact and share resources when they do not completely trust each other. Lack of trust between applications is managed through several mechanisms including “wakeup predicates” and “critical sections”. These mechanisms wake up processes when pre-defined conditions become true (such as an error condition) and replace error-prone lock mechanisms. Combined with the crash-tolerant cache and disk management capability att
ributed to the XN implementation, this sounds like an excellent model for a system where reliability cannot be compromised but the nature of the applications is at odds with the “standard” expectations of typical monolithic operating systems. Large systems with a significant real-time component (such as air traffic control) would, I think, benefit the most.
Much of the paper delves into the details of XN’s philosophy of disk access in a way that makes a pretty good check-list of disk access design issues, should I ever find myself this far into the dirt of designing such a thing (actually, I would like to know more about the “restricted language” of UDFs). Similarly, the main point I got out of the benchmarking section is that the impact of the exokernel approach is strongly dependent on how poorly suited the “standard” operating system resource abstractions are for a specific application. The kinds of applications that I am most involved in were not addressed, but the potential benefit is apparent none-the-less.
This archive was generated by hypermail 2.1.6 : Sat Jan 17 2004 - 17:53:36 PST