School of Computer Science & Engineering
University of New South Wales
Advanced Operating Systems
COMP9242 2002/S2
Next: Chorus
Up: 04-uk
Previous: Early example: Hydra
Subsections
- Developed at CMU by Rashid and others[RTY$^+$88] from 1984
- successor of Accent[FR86] and
RIG[Ras88].
- Tailorability: support different OS interfaces.
- Portability: almost all code H/W independent.
- Real-time capability.
- Multiprocessor and distribution support.
- Security.
Coined term microkernel.
- Task and thread management;
- interprocess communication (asynchronous message-passing);
- memory object management;
- system call redirection;
- device support;
- multicomputer support.
- Task consists of one or more threads.
- Task provides address space and other environment.
- Thread is active entity (basic unit of CPU utilisation) .
- Threads have own stacks, are kernel scheduled.
- Threads may run in parallel on multiprocessor.
- ``Privileged user-state program'' may be used to control
scheduling.
- Task created from ``blueprint'' with empty or inherited address
space.
- Activated by creating a thread in it.
- Addressing based on ports:
- port is a mailbox, allocated/destroyed via a system call;
- has a fixed-size message queue associated with it;
- is protected by (segregated) capabilities;
- has exactly one receiver, but possibly many senders;
- can have ``send-once'' capability to a port.
- Can pass the receive capability for a port to another process
- give up read access to the port.
- Kernel detects ports without senders or receiver.
- Processes may have many ports (UNIX server has 2000!)
- Ports can be grouped into port sets.
- Allows listening to many ports (like select())
- Send blocks if queue is full
- except with send-once cap (used for server replies)
- Segregated capabilities:
- threads refer to them via local indices.
- kernel marshalls capabilities in messages.
- message format must identify caps
- Message contents:
- Send capability to destination port (mandatory)
- used by kernel to validate operation;
- optional send capability to reply port
- for use by receiver to send reply
- possibly other capabilities;
- ``in-line'' (by-value) data;
- ``out-of-line'' (by reference) data, using copy-on-write,
- may contain whole address spaces;
- Address space constructed from memory regions
- initially empty
- populated by:
- ${}$
- explicit allocation
- ${}$
- explicitly mapping a memory object;
- ${}$
- inheriting from ``blueprint'' (as in Linux clone()),
- inheritance: not, shared or copied;
- ${}$
- allocated automatically by kernel during IPC
- when passing by-reference parameters;
==>
- sparse virtual memory use (unlike UNIX).
- 3 page states:
- unallocated,
- allocated & unreferenced,
- allocated & initialised
- When data is copied (``blueprint'' or passed by-reference):
- source and destination share single copy,
- both virtual pages are mapped to the same frame.
- Marked as read-only.
- When one copy is modified, a fault occurs.
- Handling by kernel involves making a physical copy is made,
- VM mapping is changed to refer to the new copy.
- Advantage:
- efficient way of sharing/passing large amounts of data.
- Drawbacks:
- expensive for small amounts of data (page table manipulations)
- data must be properly aligned
- Address spaces represented as address maps:
- Any part of AS can be mapped to (part of) a memory object
- Compact representation of sparse address
spaces
- Compare to multi-level page tables?
- Kernel doesn't support file system
- Memory objects are an abstraction of secondary storage:
- can be mapped into virtual memory
- are cached by the kernel in physical memory
- pager invoked if uncached page is touched
- used by file system server to provide data
- Support data sharing
- by mapping objects into several address spaces
- Memory is only cache for memory objects
- All actual I/O performed by pager; can be
- default pager (provided by kernel), or
- external pager, running at user-level.
- Intrinsic page fault cost: 2 IPCs
- Check protection & locate memory object
- Check cache, invoke pager if cache miss
- Check copy-on-write
- perform physical copy if write fault
- Enter new mapping into H/W page tables.
- Client sends message to server on remote node.
- sends message to local proxy port for 's receive port
- User-level network message server receives from proxy port
- NMS converts proxy port into (global) network port.
- NMS sends message to NMS on 's node
- may need conversion (byte order...)
- Remote NMS converts network port into local port ('s).
- Remote NMS sends message to that port.
- emulation library in user address space handles IPC
- invoked by system call redirection (trampoline mechanism)
- supports binary compatibility
- Most OS services implemented at user level
- using memory objects and external pagers
- Provides mechanisms, not policies.
- Mostly hardware independent.
- 140 system calls.
- Size: 200k instructions.
- Performance???
- tendency to move features into kernel
- Served as basis for OSF/1, MacOS X...
- Further information on Mach:
[YTR$^+$87,CDK94,Sin97]
Next: Chorus
Up: 04-uk
Previous: Early example: Hydra
Gernot Heiser
2002-08-21