From: Brian Milnes (brianmilnes_at_qwest.net)
Date: Wed Jan 21 2004 - 14:07:02 PST
Application Performance and Flexibility on the Exokernel System - Kaashoek
et al
The Exokernel architecture takes the concept of a micro kernel to its
extreme. Instead of building a general purpose OS and providing specific
interfaces in a server, they build just the smallest possible kernel and
allow the user to adjust the OS built into a shared library.
The authors propose build a kernel that exposes the hardware primitives and
low level functionality such as blocks, pages, page tables, TLBs and disk
drivers to the user. They use a fast IPC, hierarchical capabilities and
credentials to provide user process communication with this kernel. They
then allow users to build any system that they want with these primitives
and to provide this functionality in shared libraries. One interesting
question is where are they really putting device drivers? They provide
security primitives that allow mutual trust, one way trust and mutual
distrust.
They use interpreted wakeup predicates and a simple type template system to
allow the user to insert code into the kernel for making the kernel
interfaces general enough to allow this factoring. This is an interesting
approach, but a more general programming language and proof carrying code
seems more appealing here. The language independence here is much less
appealing than the expressiveness of a full programming language augmented
with proofs of safety properties such as termination.
They tested these ideas by building a stable storage system, XN and a file
system on it called C-FFS. These required a quite complicated design and
took them several iterations to get right. They can support full UNIX
functionality and produce comparable or better performance on a variety of
file system benchmarks. Their most interesting benchmark was a specialized
HTTP server that produced up to a factor of eight. I have done a similar
file packing optimization and it was much more difficult than how Cheetah
could do it. This really shows the power of letting users optimize their
kernel services for their application.
Although the idea is very appealing, it is clearly a very complicated one.
First, getting the right kernel layer abstractions seemed quite difficult in
their example. Second, they assume that developers can build in optimized
versions of specific applications. They may be right but I suspect that very
few programmers are interested in this. Reliability is much more important
and making your own OS level code reliable is a difficult task.
This archive was generated by hypermail 2.1.6 : Wed Jan 21 2004 - 14:07:09 PST