the benefits and costs of writing a posix kernel in a
play

The benefits and costs of writing a POSIX kernel in a high-level - PowerPoint PPT Presentation

Oct 17, 2022 •206 likes •788 views

The benefits and costs of writing a POSIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL 1 / 38 Should we use high-level languages to build OS kernels? 2 / 38 HLL Benefits Easier to program

  1. The benefits and costs of writing a POSIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL 1 / 38

  2. Should we use high-level languages to build OS kernels? 2 / 38

  3. HLL Benefits Easier to program Simpler concurrency with GC Prevents classes of kernel bugs 3 / 38

  4. Kernel memory safety matters Inspected Linux kernel execute code CVEs for 2017 40 CVEs due to just memory-safety bugs 4 / 38

  5. Kernel memory safety matters Inspected Linux kernel execute code CVEs for 2017 40 CVEs due to just memory-safety bugs HLL would have prevented code execution 4 / 38

  6. HLL downside: safety costs performance Bounds, cast, nil-pointer checks Reflection Garbage collection 5 / 38

  7. Goal: measure HLL impact Pros: Reduction of bugs Simpler code Cons: HLL safety tax GC CPU and memory overhead GC pause times 6 / 38

  8. Methodology Build new HLL kernel, compare with Linux Isolate HLL impact: Same apps, POSIX interface, and monolithic organization 7 / 38

  9. Previous work Taos (ASPLOS’87) , Spin (SOSP’95) , Singularity (SOSP’07) , Tock (SOSP’17) , J-kernel (ATC’98) , KaffeOS (ATC’00) , House (ICFP’05) ,... Explore new ideas Different architectures Several studies of HLL versus C for user programs Kernels different from user programs 8 / 38

  10. Previous work Taos (ASPLOS’87) , Spin (SOSP’95) , Singularity (SOSP’07) , Tock (SOSP’17) , J-kernel (ATC’98) , KaffeOS (ATC’00) , House (ICFP’05) ,... Explore new ideas Different architectures Several studies of HLL versus C for user programs Kernels different from user programs None measure HLL impact in a monolithic POSIX kernel 8 / 38

  11. Contributions B ISCUIT , new x86-64 Go kernel Runs unmodified Linux applications with good performance Measurements of HLL costs for NGINX, Redis, and CMailbench Description of qualitative ways HLL helped New scheme to deal with heap exhaustion 9 / 38

  12. Which HLL? Go is a good choice: Easy to call asm Compiled to machine code w/good compiler Easy concurrency Easy static analysis GC 10 / 38

  13. Go’s GC Concurrent mark and sweep Stop-the-world pauses of 10s of µ s 11 / 38

  14. B ISCUIT overview 58 syscalls, LOC: 28k Go, 1.5k assembly (boot, entry/exit) 12 / 38

  15. Features Multicore Threads Journaled FS (7k LOC) Virtual memory (2k LOC) TCP/IP stack (5k LOC) Drivers: AHCI and Intel 10G NIC (3k LOC) 13 / 38

  16. No fundamental challenges due to HLL But many implementation puzzles Interrupts Kernel threads are lightweight Runtime on bare-metal ... 14 / 38

  17. No fundamental challenges due to HLL But many implementation puzzles Interrupts Kernel threads are lightweight Runtime on bare-metal ... Surprising puzzle: heap exhaustion 14 / 38

  18. Puzzle: Heap exhaustion 15 / 38

  19. Puzzle: Heap exhaustion 15 / 38

  20. Puzzle: Heap exhaustion 15 / 38

  21. Puzzle: Heap exhaustion 15 / 38

  22. Puzzle: Heap exhaustion Can’t allocate heap memory = ⇒ nothing works All kernels face this problem 15 / 38

  23. How to recover? Strawman 1: Wait for memory in allocator? 16 / 38

  24. How to recover? Strawman 1: Wait for memory in allocator? May deadlock! 16 / 38

  25. How to recover? Strawman 1: Wait for memory in allocator? May deadlock! Strawman 2: Check/handle allocation failure, like C kernels? 16 / 38

  26. How to recover? Strawman 1: Wait for memory in allocator? May deadlock! Strawman 2: Check/handle allocation failure, like C kernels? Difficult to get right 16 / 38

  27. How to recover? Strawman 1: Wait for memory in allocator? May deadlock! Strawman 2: Check/handle allocation failure, like C kernels? Difficult to get right Can’t! Go doesn’t expose failed allocations and implicitly allocates Both cause problems for Linux; see “too small to fail” rule 16 / 38

  28. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  29. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  30. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  31. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  32. B ISCUIT solution: reserve memory To execute syscall... 17 / 38

  33. B ISCUIT solution: reserve memory To execute syscall... No checks, no error handling code, no deadlock 17 / 38

  34. Reservations HLL easy to analyze Tool computes reservation via escape analysis Using Go’s static analysis packages ≈ three days of expert effort to apply tool 18 / 38

  35. Building B ISCUIT was similar to other kernels 19 / 38

  36. Building B ISCUIT was similar to other kernels B ISCUIT adopted many Linux optimizations: large pages for kernel text per-CPU NIC transmit queues RCU-like directory cache concurrent FS transactions pad structs to remove false sharing Good OS performance more about optimizations, less about HLL 19 / 38

  37. Eval questions Should we use high-level languages to build OS kernels? 1 Did B ISCUIT benefit from HLL features? 2 Is B ISCUIT performance in the same league as Linux? 3 What is the breakdown of HLL tax? 4 What is the performance cost of Go compared to C? More experiments in paper 20 / 38

  38. 1: Qualitative benefits of HLL features Simpler code with: GC’ed allocation defer multi-valued return closures maps 21 / 38

  39. HLL example benefits Example 1: Memory safety Example 2: Simpler concurrency 22 / 38

  40. 1: B ISCUIT benefits from memory safety Inspected fixes for all publicly-available execute code CVEs in Linux kernel for 2017 Category # Outcome in Go — 11 unknown logic 14 same use-after-free/double-free 8 disappear due to GC out-of-bounds 32 panic or disappear due to GC panic likely better than malicious code execution 23 / 38

  41. 1: B ISCUIT benefits from simpler concurrency Generally, concurrency with GC simpler Particularly, GC greatly simplifies read-lock-free data structures Challenge: In C, how to determine when last reader is done? Main purpose of read-copy update (RCU) ( PDCS’98 ) Linux uses RCU, but it’s not easy Code to start and end RCU sections No sleeping/scheduling in RCU sections ... In Go, no extra code — GC takes care of it 24 / 38

  42. Experimental setup Hardware: 4 core 2.8Ghz Xeon-X3460 16 GB RAM Hyperthreads disabled Eval application: NGINX (1.11.5) – webserver Redis (3.0.5) – key/value store CMailbench – mail-server benchmark 25 / 38

  43. Applications are kernel intensive No idle time 79%-92% kernel time In-memory FS Run for a minute 512MB heap RAM for B ISCUIT 26 / 38

  44. 2: Is B ISCUIT perf in the same league as Linux? Debian 9.4, Linux 4.9.82 Disabled expensive features: page-table isolation retpoline kernel address space layout randomization transparent huge-pages ... 27 / 38

  45. 2: Biscuit is in the same league B ISCUIT ops/s Linux ops/s Ratio CMailbench (mem) 15,862 17,034 1.07 NGINX 88,592 94,492 1.07 Redis 711,792 775,317 1.09 28 / 38

  46. 2: Biscuit is in the same league B ISCUIT ops/s Linux ops/s Ratio CMailbench (mem) 15,862 17,034 1.07 NGINX 88,592 94,492 1.07 Redis 711,792 775,317 1.09 28 / 38

  47. HLL cost unclear from comparison May understate Linux performance due to features: NUMA awareness Optimizations for large number of cores (>4) ... Focus on HLL costs: Measure CPU cycles B ISCUIT pays for HLL tax Compare code paths that differ only by language 29 / 38

  48. 3: What is the breakdown of HLL tax? Measure HLL tax: GC cycles Prologue cycles Write barrier cycles Safety cycles 30 / 38

  49. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% 31 / 38

  50. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% 31 / 38

  51. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% 31 / 38

  52. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% 31 / 38

  53. 3: Prologue cycles are most expensive GC GCs Prologue Write barrier Safety cycles cycles cycles cycles CMailbench 3% 42 6% < 1% 3% NGINX 2% 32 6% < 1% 2% Redis 1% 30 4% < 1% 2% Benchmarks allocate kernel heap rapidly but have little persistent kernel heap data Cycles used by GC increase with size of live kernel heap Dedicate 2 or 3 × memory ⇒ low GC cycles 31 / 38

  54. 4: What is the cost of Go compared to C? Make code paths same in B ISCUIT and Linux Two code paths in paper pipe ping-pong (systems calls, context switching) page-fault handler (exceptions, VM) Focus on pipe ping-pong: LOC: 1.2k Go, 1.8k C No allocation; no GC Top-10 most expensive instructions match 32 / 38

  55. 4: C is 15% faster C Go (ops/s) (ops/s) Ratio 536,193 465,811 1.15 Prologue/safety-checks ⇒ 16% more instructions 33 / 38

Recommend

The benefits and costs of writing a UNIX kernel in a high-level language Cody Cutler, M. Frans

The benefits and costs of writing a UNIX kernel in a high-level language Cody Cutler, M. Frans

The benefits and costs of writing a UNIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL 1 / 62 What language to use for developing a kernel? A hotly-debated question but often with few facts

803 views • 67 slides
pthreads pthreads (POSIX threads) is a library for doing threading pthreads Can

pthreads pthreads (POSIX threads) is a library for doing threading pthreads Can

12/10/2019 pthreads pthreads (POSIX threads) is a library for doing threading pthreads Can transparently be used under User or Kernel threads Dr. Jonathan Misurda jmisurda@cs.arizona.edu 1 2 pthread_create() POSIX #include

524 views • 3 slides
POSIX IPC: Overview primitive POSIX function description message queues create or access

POSIX IPC: Overview primitive POSIX function description message queues create or access

CPSC-313: Introduction to Computer Systems POSIX IPC POSIX Inter-Process Communication (IPC) Message Queues Shared Memory Semaphores Reading: R&amp;R, Ch 15 POSIX IPC: Overview primitive POSIX function description message

392 views • 6 slides
Example: Mentor Graphics POSIX Implementation ( Nucleus ) Mentor Graphics Nucleus User Guide

Example: Mentor Graphics POSIX Implementation ( Nucleus ) Mentor Graphics Nucleus User Guide

Example: Mentor Graphics POSIX Implementation ( Nucleus ) Mentor Graphics Nucleus User Guide Nucleus POSIX Kernel Nucleus POSIX demo program (Mentor Graphics EDGE tools for SoC/ARM) Six tasks/five functions a system timer a

166 views • 13 slides
Rumprun for Rump Kernels: Instant Unikernels for POSIX applications Martin Lucina, @matolucina 1

Rumprun for Rump Kernels: Instant Unikernels for POSIX applications Martin Lucina, @matolucina 1

Rumprun for Rump Kernels: Instant Unikernels for POSIX applications Martin Lucina, @matolucina 1 / 8 So many Kernels, what are they? Monolithic kernel, Microkernel: standard stuff. Rump kernel: an existing monolithic kernel componentized into

215 views • 8 slides
www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read,

www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read,

POSIX I/O High Performance Computing Extensions Brent Welch (Speaker) Panasas www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read, write, stat) have semantics that can make it hard to achieve high

674 views • 24 slides
Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix

Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix

Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix Filesystem Posix file system semantics? open(2) Hierarchical directories with aliasing Human-readable symbolic names Atomic ops on

599 views • 12 slides
RENEWABLE ENERGY BENEFITS AND COSTS David Littell Commissioner, Maine Public Utilities

RENEWABLE ENERGY BENEFITS AND COSTS David Littell Commissioner, Maine Public Utilities

RENEWABLE ENERGY BENEFITS AND COSTS David Littell Commissioner, Maine Public Utilities Commission Renewables Economic benefits for ratepayers &amp; state Higher upfront (capital) costs Environmental benefits &amp; impacts

225 views • 22 slides
Natural Gas Pipeline Regulation: Natural Gas Pipeline Regulation: Costs and Benefits of the

Natural Gas Pipeline Regulation: Natural Gas Pipeline Regulation: Costs and Benefits of the

Natural Gas Pipeline Regulation: Natural Gas Pipeline Regulation: Costs and Benefits of the Costs and Benefits of the Canadian Approach Canadian Approach Glenn Booth Chief Economist National Energy Board Gold Coast, July 2004 1(title)

580 views • 36 slides
Chapter 4: Relevant Costs and Benefits for Decision- Making Agenda Sunk/Opportunity Costs

Chapter 4: Relevant Costs and Benefits for Decision- Making Agenda Sunk/Opportunity Costs

Chapter 4: Relevant Costs and Benefits for Decision- Making Agenda Sunk/Opportunity Costs Decision Relevance Differential Analysis 2 1 Its all relevant Sunk Costs outlays of resources or effort from past periods.

398 views • 15 slides
1. Why . ? 2. What + How . ? 3. Who + How long + Costs . ? 4. Benefits +

1. Why . ? 2. What + How . ? 3. Who + How long + Costs . ? 4. Benefits +

Environmental Management Systems at University of Paderborn &gt; Implementation at the Chair (Environmental) Process Engineering 1. Why . ? 2. What + How . ? 3. Who + How long + Costs . ? 4. Benefits + Perspectives . ? Josef

221 views • 21 slides
ScoutFS: POSIX Archiving at Extreme Scale Zach Brown, Versity MSST 2019 POSIX Archiving with

ScoutFS: POSIX Archiving at Extreme Scale Zach Brown, Versity MSST 2019 POSIX Archiving with

ScoutFS: POSIX Archiving at Extreme Scale Zach Brown, Versity MSST 2019 POSIX Archiving with ScoutFS POSIX: NFS / SAMBA / RSYNC / CUSTOM ScoutFS SAN Fabric ScoutAM Archive Manager Archival Storage Archival Filesystem Differences Built

443 views • 8 slides
CSE 333 Section I/O, POSIX, and System Calls! 1 Logistics Due TODAY: Homework 1 @ 11:59 pm

CSE 333 Section I/O, POSIX, and System Calls! 1 Logistics Due TODAY: Homework 1 @ 11:59 pm

CSE 333 Section I/O, POSIX, and System Calls! 1 Logistics Due TODAY: Homework 1 @ 11:59 pm Due Monday: Exercise 7 @ 11 am 2 POSIX Posix is a family of standards specified by the IEEE. These standards maintains compatibility across

642 views • 30 slides
Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram

Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram

CSE 506: Opera.ng Systems Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Kernel System Calls Scheduling threads RCU File

318 views • 31 slides
USEPA Methods for Quantifying the Benefits and Costs of Reducing Air Pollution Amy Lamson U.S.

USEPA Methods for Quantifying the Benefits and Costs of Reducing Air Pollution Amy Lamson U.S.

USEPA Methods for Quantifying the Benefits and Costs of Reducing Air Pollution Amy Lamson U.S. Environmental Protection Agency Office of Air and Radiation Risk and Benefits Group Presentation for Multi-stakeholder Workshop South Africas

717 views • 50 slides
CSE 3320 Operating Systems POSIX Threads Programming Jia Rao Department of Computer Science and

CSE 3320 Operating Systems POSIX Threads Programming Jia Rao Department of Computer Science and

CSE 3320 Operating Systems POSIX Threads Programming Jia Rao Department of Computer Science and Engineering http://ranger.uta.edu/~jrao Recap of Previous Classes Processes and threads The thread model o User-level thread o Kernel-level

567 views • 29 slides
Native POSIX Threading Library (NPTL) Don Porter 1 COMP 790: OS Implementation Logical Diagram

Native POSIX Threading Library (NPTL) Don Porter 1 COMP 790: OS Implementation Logical Diagram

COMP 790: OS Implementation Native POSIX Threading Library (NPTL) Don Porter 1 COMP 790: OS Implementation Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Kernel System Calls Scheduling threads RCU

676 views • 31 slides
Invariance and Equivariance: Benefits, Costs, and Methods Robert Serfling 1 University of Texas

Invariance and Equivariance: Benefits, Costs, and Methods Robert Serfling 1 University of Texas

INVARIANCE AND EQUIVARIANCE: BENEFITS, COSTS, AND METHODS Invariance and Equivariance: Benefits, Costs, and Methods Robert Serfling 1 University of Texas at Dallas May 11, 2011 For the Fourth Erich L. Lehmann Symposium Rice University 1

1.23k views • 88 slides
reading and writing costs have dropped by orders of magnitude: setting the foundations for

reading and writing costs have dropped by orders of magnitude: setting the foundations for

Synthetic biology publications have significantly grown since SB 1.0, June 2004; whilst reading and writing costs have dropped by orders of magnitude: setting the foundations for rapid commercialisation USA USA 25000 authors UK UK 3700

194 views • 3 slides
Native POSIX Thread Library (NPTL) CSE 506 Don Porter Logical Diagram Binary Memory Threads

Native POSIX Thread Library (NPTL) CSE 506 Don Porter Logical Diagram Binary Memory Threads

Native POSIX Thread Library (NPTL) CSE 506 Don Porter Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture System Calls Scheduling Kernel threads RCU File System Networking Sync Memory CPU Device

454 views • 32 slides
1 3 KINDS OF FRINGE BENEFITS 1. Payment in-kind Current payment in some form other than cash;

1 3 KINDS OF FRINGE BENEFITS 1. Payment in-kind Current payment in some form other than cash;

LABOR AS A QUASI-FIXED COSTS: APPLICATION TO FRINGE BENEFITS LIR 809 INVESTMENT PROPERTIES OF FRINGE BENEFITS Definition of Fringe Benefits: Compensation in some form other than currently spendable cash Because benefits not given

269 views • 12 slides
Benefits Death Benefits $5,000 initial payment to members family to assist with funeral costs 1.

Benefits Death Benefits $5,000 initial payment to members family to assist with funeral costs 1.

Life Insurance and Death Benefits Death Benefits $5,000 initial payment to members family to assist with funeral costs 1. (paid from the deceased members Compulsory Account balance). Insurance payment equivalent to members Annual Salary based

260 views • 6 slides
2020 Lectures on Urban Economics Lecture 3: The Benefits and Costs of Cities Gilles Duranton

2020 Lectures on Urban Economics Lecture 3: The Benefits and Costs of Cities Gilles Duranton

2020 Lectures on Urban Economics Lecture 3: The Benefits and Costs of Cities Gilles Duranton (Wharton) 25 June 2020 Introduction Measuring cities Benefits Costs Equilibrium Introduction Cities are about one key tradeo ff , dubbed the

1.57k views • 52 slides
Analyzing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web Austin Hounsel*

Analyzing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web Austin Hounsel*

Analyzing the Costs (and Benefits) of DNS, DoT, and DoH for the Modern Web Austin Hounsel* Kevin Borgolte* Paul Schmitt* Jordan Holland* Nick Feamster Princeton University* University of Chicago DNS Privacy Has Become a

470 views • 18 slides

More recommend