Alan Skousen Arizona State University Operating Systems Research - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Alan Skousen Arizona State University Operating Systems Research PowerPoint Presentation
Download Presentation
Alan Skousen Arizona State University Operating Systems Research

play fullscreen
1 / 40
Alan Skousen Arizona State University Operating Systems Research
90 Views
Download Presentation
tyler
Download Presentation

Alan Skousen Arizona State University Operating Systems Research

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Sombrero: Implementation of a Single Address Space Paradigm for Distributed Computing Exhibiting Reduced Complexity Alan Skousen Arizona State University Operating Systems Research

  2. OUTLINE • Basics • Why SASOS? • Computer Evolution • Protection Models • Sombrero Current Architecture • Implementation Effort • Middle Level Architecture and Tools • Research Contributions • Summary Alan Skousen Dissertation Defense - Arizona State University

  3. Many Address Space Operating Systems - MASOS • Current Operating System Technology is based on Multiple VA spaces commonly known as processes. • UNIX, Windows NT, Windows 9x, Linux, MACH etc. Alan Skousen Dissertation Defense - Arizona State University

  4. Single Address Space Operating Systems - SASOS • Use only a single address space • Examples:MS-DOS, many embedded OSs, Mac etc. • Single VA space OS’s: AS400, Opal, Mungi, Monads, Sombrero etc. Alan Skousen Dissertation Defense - Arizona State University

  5. Namespace • A domain of all possible names each of which can be paired with at most one object. • Namespaces include: File names, IP numbers, Capabilities, DSM space, the addresses in a virtual address space. Alan Skousen Dissertation Defense - Arizona State University

  6. Very Large Single Address Space Operating System – VLSASOS • Very Large Namespace • 64 bit address space, 18 Quintillion bytes • 4GB/s can be allocated for 136 years • Can be used instead of file systems and other name spaces. Reduces the need for namespace translation. • Est 30% of code used for trans to/from store Alan Skousen Dissertation Defense - Arizona State University

  7. Why SASOS? • Single namespace allows complexity reduction due to elimination of code performing namespace translations. Atkinson 30% translation code; Feigen 80% program effort, 65% bug prediction. • Reduced requirements mean cost of writing programs is reduced. • Natural persistence, reduced memory copying, and reduced context switching. Alan Skousen Dissertation Defense - Arizona State University

  8. Coding example //MASOS client that uses file server to copy a file: #include <header.h> int copy(char *src, char *dst) /* procedure to copy file using the server */ { struct message m1; /* message buffer */ long position; /* current file position */ long client = 110; /* client's address */ initialize(); /* prepare for execution */ position = 0; do { /* Get block of data from source file */ m1.opcode = READ; /* operation is a read */ m1.offset = position; /* current position in the file */ m1.count = BUF_SIZE; /* how many bytes to read */ strcpy(&m1.name, src); /* copy name of file to be read to message */ send(FILE_SERVER, &m1); /* send message to the file server */ receive(client, &m1); /* block waiting for the reply */ /* Write the data just received to the destination file */ m1.opcode = WRITE; /* operation is a write */ m1.offset = position; /* current position in the file */ m1.count = m1.result; /* how many bytes to write */ strcpy(&m1.name, dst); /* copy name of file to be written to buf */ send(FILE_SERVER, &m1); /* send the message to the file server */ receive(client, &m1); /* block waiting for the reply */ position += m1.result; /* m1.result is the number of bytes written */ } while (m1.result > 0); /* iterate until done */ return(m1.result >= 0 ? OK : m1.result); /* return OK or error code */ } //MASOS file server: #include <header.h> void main(void) { struct message m1, m2; /* incoming and outgoing messages */ int r; /* result code */ while (1) { receive (FILE_SERVER,&m1); /* server runs forever */ switch(m1.opcode) { case CREATE: r = do_create(&m1, &m2); break; case READ: r = do_read(&m1, &m2); break; case WRITE: r = do_write(&m1, &m2); break; case DELETE: r = do_delete(&m1, &m2); break; default: r = E_BAD_OPCODE; } m2.result = r; /* return result to client */ send(m1.source, &m2); /* send reply */ } } Alan Skousen Dissertation Defense - Arizona State University

  9. Coding cont. //SASOS Memory object copy int copy(char *src, char *dst) { FILE_OBJECT *from, *to; from = address(src); /*address() is a new function that obtains an object's*/ to = address(dst); /*address from the NameServer.*/ *to = *from; } Alan Skousen Dissertation Defense - Arizona State University

  10. Server access Active Passive Client Thread Client Thread Receive Message Send Message Returning Thread Calling Thread Server has own Thread Server uses client Thread SASOS and MASOS SASOS only Alan Skousen Dissertation Defense - Arizona State University

  11. Computer Evolution • VA space reuse is compelling in 16 and 32 bit computers. • Inherent isolation solves protection problem for free. • It also creates a very large access problem for sharing and communication. • The process paradigm is now the accepted way. • Much OS research energy is therefore dedicated to making inter-process access less difficult. Alan Skousen Dissertation Defense - Arizona State University

  12. Evolution cont. • 64 bit processors encourage a new approach since VA space reuse is no longer a compelling issue. • The protection that came for free in the process paradigm remains a compelling issue. • A different approach to the access problem is to make protection the issue and get access for free. • Sombrero represents that paradigm switch. Alan Skousen Dissertation Defense - Arizona State University

  13. MASOS Vs SASOS More Protection Easier Memory Sharing • Relatively Secure • Trust is implicit • Limited to Active Services since threads can’t migrate. • Pointer Translation • Pipes/RPC/Sockets • Files for communication • Distributed Shared Memory • RAM-Centricity • Easily Corruptible • Very Trusting • Passive Services • Transparent memory sharing • Simple communication semantics, i.e. no IPC Alan Skousen Dissertation Defense - Arizona State University

  14. Main Issue in VLSASOS Design is the Protection Mechanism • Two main issues in protection mechanism: Memory protection; Protection Domain Switching. • Two Protection Models are used: Standard Access Matrix; CPU Access Matrix Alan Skousen Dissertation Defense - Arizona State University

  15. Standard Access Matrix (SAM) • SAM is an Explicit Protection model that requires user code to invoke. • SASOS PD Switching is normally based on SAM model. Most use Capabilities, All are Explicit PD Switching models. Alan Skousen Dissertation Defense - Arizona State University

  16. CPU Access Matrix (CAM) • CAM is an Implicit Protection model. • Protection and PD switching are Implicit • Makes better use of the SAS properties and reduces program complexity even more. • Used for memory access protection (TLBs) Alan Skousen Dissertation Defense - Arizona State University

  17. Standard vs. CPU Access Matrix • The standard Access Matrix is good at representing protection policy. • The CPU Access Matrix is good at representing protected access in terms that the CPU can directly use. • By combining the two matrices we get the best of both. This allows implicit (transparent) protection and domain switching. Alan Skousen Dissertation Defense - Arizona State University

  18. SOMBRERO HARDWARE • Implements CPU Access Matrix. • Region Protection Lookaside Buffer - RPLB. • Projects hard walls of protection into VA space. • Introduces Implicit PD Switching. • Implements classical OO encapsulation in hardware: Services don’t need to depend on the compiler for protection. Objects accessible only through entry points. • Allows dependable passive services. Alan Skousen Dissertation Defense - Arizona State University

  19. To a first approximation the RPLB Functions in a manner similar to a subnet mask in a network router Alan Skousen Dissertation Defense - Arizona State University

  20. Carrier Protection Domain (CPD) • Sombrero distinguishes between two PD types: • General Protection Domain – Memory, Executable code, and PD switches • Carrier PD – Memory and PD switches. Used by threads to ‘carry’ state. Real thread local storage. Alan Skousen Dissertation Defense - Arizona State University

  21. Protection and Resource Access List - PRAL • Both the standard Access Matrix and CPU Access Matrix data are stored in the PRAL. • Traversed by CPU during execution or data access on RPLB miss. • PRAL data is managed through protected system service calls. Alan Skousen Dissertation Defense - Arizona State University

  22. The PRAL provides CPU Access Matrix data to the RPLB from the lists of accessible memory objects. Alan Skousen Dissertation Defense - Arizona State University

  23. Sombrero Program Instantiation • A Sombrero program instantiation has one or more entry points (methods). The program can be as trivial and efficient as a subroutine call or as expensive as need be to support any trust relationship. Program methods are like conventional subroutines and are called with an argument list and can return a typed value depending on the entry point. This is the classical model for a class instance in OOP. Alan Skousen Dissertation Defense - Arizona State University

  24. Sombrero Current Architecture • Kernel Services distributed among executive protection domains • No central kernel and no hardware protected kernel mode • A few Protection Domain Lock Registers name the protection domain that can access sensitive protected instructions and registers Alan Skousen Dissertation Defense - Arizona State University

  25. VLSAS-D-OS • The Sombrero model is extended to the Network using a copyset algorithm known as Token Tracking. • Sombrero allows the network to be viewed as a single large NUMA multiprocessor. • Pointers remain valid across network. Alan Skousen Dissertation Defense - Arizona State University

  26. Distributed Object Copy Set Management Last Known Writer Graph Pruning of Last Known Writer Graph Pruning of Modified Page Cache Graph Modified Page Cache Graph CopySet Graph Alan Skousen Dissertation Defense - Arizona State University

  27. Network Consistency • The Sombrero address space remains accessible and consistent across the network by distributing system level data to neighboring nodes. • Implements selected consistency semantics for each memory object. Alan Skousen Dissertation Defense - Arizona State University

  28. Backward compatibility • General purpose computing allows processor emulation. • Fully emulated processor can install any OS for that processor. • VMware uses this approach. • Had been successful at running Intel programs on NT Alpha. FX32. Alan Skousen Dissertation Defense - Arizona State University

  29. Side Effects of Processor Emulation • Any program running on Sombrero is distributed by default. • Any OS installed on emulated hardware is therefore automatically distributed. • End up with any OS plus virtualization and distribution for free. Alan Skousen Dissertation Defense - Arizona State University

  30. Implementation Effort • Sombrero constructed on a network of cooperating computers Alan Skousen Dissertation Defense - Arizona State University

  31. Development Tools • Hardware – Networked W2K, Alpha Linux, Alpha NT 4.0, AlphaBios on Target Alpha • Languages – C, C++, Alpha assembler • Compilers – VC++, MSC, GCC, GAS, ASAXP • My Custom Tools on Linux for the Sombrero Compiler: sosbuild, buildsxe, catdebug • My Custom Tools on W2K host: SOSHostdll, SOSHost, SOSDebug, SOSRBuild Alan Skousen Dissertation Defense - Arizona State University

  32. Sombrero Boot Sequence • Start Sombrero boot loader on Target Alpha • Target contacts Host and requests modules • Host sends modules to Target • Boot loader on Target instantiates system modules • Boot loader on Target starts Debugger on W2K Host and transfers control to Sombrero system modules. Alan Skousen Dissertation Defense - Arizona State University

  33. Middle Level Architecture • Middle Level Architecture was developed during implementation to solve issues that became apparent during implementation. • New hardware design, Compiler support, system strategies, libraries, useful behavior. Alan Skousen Dissertation Defense - Arizona State University

  34. Compiler Support • The GCC based Sombrero Compiler was designed to support IDC via Entry and Return points. • Every Sombrero program has a class type to represent it. • Entry points to other instantiations are accessed via proxy program class instantiations Alan Skousen Dissertation Defense - Arizona State University

  35. Runtime Depiction of a proxy method invocation Alan Skousen Dissertation Defense - Arizona State University

  36. Some Middle Architecture • Tail Switch – Allows RPLB to push a one-shot return permission on thread tail stack. • Semaphores and Locks – Special advantage can be taken of a SASOS to make Semaphores and Locks globally visible without system calls or a lock manager. • Interrupts can be designed to act directly as a signal to a blocking thread. Alan Skousen Dissertation Defense - Arizona State University

  37. More Middle Architecture • Sombrero Communication Protocol – built over UDP/IP stack • Library support for heaps and trees • Intermediate Cache between emulated RPLB and PRAL • Scheduler, Run time Linker and other system modules. Alan Skousen Dissertation Defense - Arizona State University

  38. My Contributions • RPLB Protection Model • Carrier Protection Domains • Implicit Protection Domain Switching • Kernelless Architecture • Binding Hardware resources to PDs • Policy Programmable System Hierarchies • Entry/Return Point Mechanism • Tail Switch Alan Skousen Dissertation Defense - Arizona State University

  39. My Contributions Cont. • C++ Compiler Support for Return/Entry • Semaphores and Locks • Passive System Services • Signal Interrupts • Proposed Algorithms to Distribute Sombrero • Surrogate Control Blocks - Routing • Reduced Complexity • Did all the actual implementation work Alan Skousen Dissertation Defense - Arizona State University

  40. Summary • The ultimate goal of Sombrero is to provide: • a distributed client/server environment that is inherently less complex and therefore inherently cheaper to manage and program. • gets improved performance from the hardware. Alan Skousen Dissertation Defense - Arizona State University