Exokernel: An Opertion System Architecture for Application-Level Resource Managem

ent

SIGCOMM ’96, PDOS-MITPresented by Ahn Seunghoon

Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr.

MIT, Laboratory for Computer Science

Motivation• Traditional OS has interface, that is the centra

lized resource manager– Applications run on the virtual machine– Fixed high-level abstraction– Low performance– Low flexibility– Low functionality

• So Exokernel is designed

What is the Exokernel?

• It includes an exokernel and untrusted (application-level) library OS

• Exokernel defines low-level interface & multiplexes(not emulate but exports) available HW resources

• Lib OS implements higher-level OS

Application 1 Application 2

Secure bindingTLB Memory BFF Disk

Library OS

Advantages of the architecture

• Allows extension, specialization, and replacement of abstraction : High functionality & Flexibility

• Conflict between the applications can be resolved without intervention of the kernel architects: High performance

• Easy to implement : Simplicity• Easy to port : High portability &

compatibility

Exokernel Design(1/3)

• Exokernel separates protection from management through a low-level interface– Exokernel avoids resource management

• Design principles– Securely expose hardware– Expose Allocation– Expose Names– Expose Revocation

• Resource policy decision by library OS– Competing is allowed as traditional OS

Exokernel Design(2/3)

• Secure Binding– Primary task that is protection mechanism decouples

authorization – Simple operation– Authorization only at bind time(low management

overhead)• No need to understand semantics at bind time

– Needs set of primitives application can use to express protection check by H/W or S/W

– H/W mechanism, S/W caching, Downloading application code

Exokernel Design(3/3)

• Visible Resource Revocation– Higher latency but library OS can guide deallocation and have

knowledge that resources are scarce– Frequent revoked modules can be invisible

• The Abort protocol– When library OS fails to response quickly in fail state, secure

binding must be broken by force– Using repossession vector

Experiment Environment

• Two S/W– Aegis(Exokernel) & ExOS(Library OS)

• Comparing to Ultrix4.2– Mature monolithic UNIX OS

• On MIPS-based DECstation

Aegis: an Exokernel(1/3)• Subsets of Aegis system call interfaces

– Yield, Scall, Acall, Dealloc• Supports set of primitive operation that encapsulate p

rivileged instructions– TLBBwr, FPUmod, CIDswitch, TLBvadelete

• Aegis’s scheduling flexibility does not add overhead to base operation

• Because Aegis does not use mapped DS, it does not have to separate kernel TLB misses from more general class of exceptions in its exception DEMUX routine -> Fast exceptions

Aegis: An Exokernel(2/3)

Machine OS Procedure Call

Syscall

DEC2100 Ultrix 0.57 32.2

DEC2100 Aegis 0.56 3.2/4/7

DEC3100 Ultrix 0.42 33.7

DEC3100 Aegis 0.42 2.9/3.5

DEC5000 Ultrix 0.28 21.3

DEC5000 Aegis 0.28 1.6/2.3

Aegis: An Exokernel(3/3)

Machine OS unalign overflow coproc prot

DEC2100 Ultrix n/a 208.0 n/a 238.0

DEC2100 Aegis 2.8 2.8 2.8 3.0

DEC3100 Ultrix n/a 151.0 n/a 177.0

DEC3100 Aegis 2.1 2.1 2.1 2.3

DEC5000 Ultrix n/a 130.3 n/a 154.0

DEC5000 Aegis 1.5 1.5 1.5 1.5

ExOS: a library OS(1/3)

• Manages fundamental OS abstraction at application level completely within the address space of the application that is using it– IPC Abstraction– Application-level Virtual Memory– Application-Specific Safe Handlers

ExOS: a library OS(2/3)Machine OS pipe pipe’ shm Lrpc

DEC2100 Ultrix 326.0 n/a 187.0 n/a

DEC2100 Aegis 30.9 24.8 12.4 13.9

DEC3100 Ultrix 243.0 n/a 139.0 n/a

DEC3100 Aegis 22.6 18.6 9.3 10.4

DEC5000 Ultrix 199.0 n/a 118.0 n/a

DEC5000 Aegis 14.2 10.7 5.7 6.3

Machine OS dirty Prot1 Prot100

unprot100

Trap Appel1 Appel2

DEC2100 Ultrix n/a 51.6 175.0 175.0 240.0 383.0 335.0

DEC2100 Aegis 24.8 32.5 213.0 275.0 13.9 74.4 45.9

DEC3100 Ultrix n/a 39.0 133.0 133.0 185.0 302.0 267.0

DEC3100 Aegis 18.6 24.4 156.0 206.0 10.1 55.0 34.0

DEC5000 Ultrix n/a 32.0 102.0 102.0 161.0 262.0 232.0

DEC5000 Aegis 10.7 16.9 143.0 143.0 4.8 34.0 22.0

ExOS: a library OS(3/3)

Machine OS Roundtrip latency

DEC5000/125

ExOS/ASH

259

DEC5000/125

ExOS 320

DEC5000/125

Ultrix 3400

DEC5000/200

Ultrix/FRPC

340