eval17.txt

Yu Xu (yxu@cs.ucsd.edu)
Tue, 6 Jun 2000 00:59:53 -0700

Evaluation of "SPIN"

SPIN is an extensible operating system. It provides a core set of extensible services that allow applications to safely change the operating system’s interface and implementation with good performance . One feature of SPIN is its relationship with Modula-3 . It heavily relies on compiler and language run time services to inexpensively export fine-grained interfaces to operating system services.
SPIN specially relies on four techniques implemented at the level of the language or its runtime: co-location, enforced modularity, logical protection domains, and dynamic call binding allow extensions to be dynamically defined and accessed at the granularity of a procedure call.
The protection model uses capabilities. SPIN implements capabilities directly using pointers, which are supported by the language. Complier verification and "safe by assertion" can be used to assert a object file is safe.
Extension in "SPIN" are defined in terms of events and handlers. A central dispatcher routes events to events handlers. Guards can be used to restrict access to event at a fine granularity.
SPIN provides a set of core services that manage memory and processor resources. The memory management interfaces include three basic components: physical storage, naming, and translation. SPIN provides strand interface to allow an application provide its own thread package and scheduler that executes within the kernel.

SPIN is a cool operating system that provide extensibility, safety and performance. It heavily rely on complier and language runtime services to construct systems which is a novel approach.

Evaluation of "Exokernel"

This paper discusses a new operating system architecture: extensible operating system architecture.
A traditional operating system has several big disadvantages.
It attempts to provides a complete features needed by all applications which is almost impossible and is inefficient; Its fixed high-level abstractions hide information form applications and limit the functionality of applications.
Exokernel architecture solves these problems by allowing traditional abstractions to be implemented entirely at application-level. A small kernel securely exports all hardware resources through a low-level interface to untrusted library operating systems. And then library operating systems can use this interface to implement system objects and policies.
The key of an interface that the kernel provides to library operating system is to separate protection from management. Exokernel employs three techniques to export resources securely: secure bindings, visible resource revocation and abort protocol. Secure bindings use three basic techniques: hardware mechanisms, software caching, downloading application code.
Aegis and ExOS are their prototype. Measurements show most primitive kernel operations are ten to 100 times faster than in Ultrix. Also, application-level virtual memory and interprocess communication primitives are five to 40 times faster than Ultrix’s kernel primitives. The experiments using Aegis and ExOS prototypes demonstrate the authors’ four hypotheses: the simplicity and limited number of exokernel primitives enable them to be implemented very efficiently; the secure multiplexing of hardware resources can be implemented efficiently; traditional operating system abstractions can be efficiently at application level; applications can create special-purpose implementation of abstractions by merely modifying a library.

Exokernel is different from SPIN in that SPIN extends traditional operating system in a secure way and uses language facilities to protect the kernel from extensions and implements protected communication using procedures call, but exokernel tries to obtain flexibility and performance by securely exposing a very low-level hardware primitives and relies on hardware protected system calls to isolates extensions from the kernel.
According to the difference between exokernel and SPIN, I think building applications on exokernel has more freedom but requires more effort than on SPIN.