| News | Features | Interviews |
| Blog | Contact | Editorials |
| Genode 12.08 runs on base ARM hardware, revives NOVA support |
| By special contributor nfeske on 2012-08-23 08:30:29 |
| The just released version 12.08 of the Genode OS Framework comes with the ability to run Genode-based systems on ARM hardware without an underlying kernel, vastly improves the support for the NOVA hypervisor, and adds device drivers for the OMAP4 SoC. Further functional additions are a FFAT-based file system service, the port of the lighttpd web server, and support for on-target debugging via GDB. |
|
| Comment by drcouzelis |
| By drcouzelis on 2012-08-23 15:05:03 |
|
Thank you for the information about Genode. I looked at their website briefly, but had dificulty finding the information I was looking for. For whom is Genode targeted? At what percentage would you say it has reached it's goals? I was the most surprised to find out that it doesn't have a Wikipedia article. :( |
 - Score: 1 |
| Good Progress |
| By Pro-Competition on 2012-08-23 20:03:18 |
|
It is really encouraging to see continual progress being made on this project. It's nice to see different OS concepts put into practice successfully. The "base-hw" addition is very interesting. Are you planning on adding other CPU architectures also? The NOVA hypervisor work is very intriguing as well. Especially this part: > In addition, NOVA's capability-based security features have been fully embraced. The latter point turns NOVA into one of the few base platforms that fully support Genode's capability-based security concept at the kernel level. Keep up the good work! Edited 2012-08-23 20:04 UTC |
| - Score: 2 |
| RE: Comment by drcouzelis |
| By nfeske on 2012-08-24 15:10:16 |
|
In the short term, Genode is targeted at developers of special-purpose operating systems with high security requirements. The longer-term vision is much more far reaching. The following recently published interview sheds some light on this longer-term vision: http://genode.org/about/intervie... |
| - Score: 2 |
| RE: Good Progress |
| By nfeske on 2012-08-24 15:17:35 |
|
Thanks for your encouraging words! Regarding your question about supporting CPU architectures other than ARM for the base-hw platform, there is a rough plan to incorporate MicroBlaze support and thereby displacing the original base-mb platform. There was also a conversation on the mailing list about supporting OpenRISC via base-hw. But those lines of work are not definite. Even though the base-hw concept would principally be applicable to x86, there is currently no plan to pursue this direction. The current focus is certainly ARM. Which architecture have you had in mind? |
| - Score: 2 |
| RE[2]: Good Progress |
| By jayrulez on 2012-08-24 16:58:17 |
|
I am concerned about the duplication of efforts to manage resources in the kernel and core when using the other platforms. > Consequently, we found several information replicated without a clear benefit. With this comes a seemingly significant redundancy of code for data structures, allocators, and utility functions. Furthermore, there exists a class of problems that must be solved by the kernel and core alike. In particular the resource management of dynamically allocated in-kernel objects respectively in-core objects. Whereas core uses Genode's resource-trading concept to solve this problem, most kernels lack a good solution for the management of in-kernel resources and are consequently prone to resource exhaustion problems. Is there any plan to to address that problem base platforms other than base-hw? Another area of concern is the supported base platforms. Some of the supported kernels do not seem to be developed anymore or are no longer open source. E.g. Codezero, Pistachio, OKL4 and the old Fiasco. Also, Codezero also seem to offer a subset of the features of Fiasco.OC. From what I understand, the wide variety of kernels helps to produce ideal design decisions in genode that are applicable across platforms. Is there any other merit in continuing to develop genode on those platforms? Congratulations on the new release and the detailed release notes. They are always interesting to read. Genode is an excellent project and I am looking forward to seeing it widely deployed in the future. Regards. |
| - Score: 2 |
| RE[2]: Good Progress |
| By Alfman on 2012-08-24 18:00:10 |
|
I think there'd be merit in having base-hw on x86 given the widespread availability of off the shelf hardware.. but of course you gotta focus with what matters to you. System programming jobs have become rare here, I've always thought it would be so much fun to land a job working on an alternative operating system instead of just doing it as a hobby. So anyway, back on topic, I read this in your release notes: "We complemented our C runtime with support for the pread, pwrite, readv, and writev functions. The pread and pwrite functions are shortcuts for randomly accessing different parts of a file. Under the hood, the functions are implemented via lseek and read/write. To provide the atomicity of the functions, a lock guard prevents the parallel execution of either or both functions if called concurrently by multiple threads." You are implementing these functions (pread/pwrite) with two system calls then? Is there one lock per process, per file descriptor, or something else? Is this lock held in the kernel or in user space? It seems to me like such locks could impose a major synchronization bottleneck on SMP architectures, is there a reason you wouldn't just add new syscalls for pread/pwrite? |
| - Score: 2 |
| RE[3]: Good Progress |
| By nfeske on 2012-08-24 19:48:46 |
|
For running Genode on x86 in general, there is no urgent need to have this architecture covered by base-hw. There are several other kernels among Genode's supported base platforms that support x86 just fine, i.e., NOVA. Thank you for having taken the time to study the release notes in such detail. The paragraph you cited refers to the libc. Before the change, the mentioned functions had been mere dummy stubs. Now, they do something meaningful. The lock is locally within the process. The kernel doesn't know anything about the lock nor is it directly involved in handling the actual read/write/lseek operation. Please remember that we are using a microkernel-based architecture where I/O is performed by user-level components rather than the kernel. Is one lock for pread/pwrite per process a bottleneck? This is a good question, which is quite hard to answer without having a workload that heavily uses these functions from multiple threads. As long as many processes contend for I/O or the workload is generally bounded by I/O, this is not a scalability issue. For multi-threaded POSIX applications that call those functions concurrently, however, I agree that the lock per process could be replaced by a lock per file descriptor to improve SMP scalability. I couldn't name such an application from the top of my head, though. Do you have an example that would be worthwhile to investigate? We may change the locking once we see this becoming a real issue rather than a speculative one. Until then, it is just nice to have the functional gap in Genode's libc closed without the risk of introducing race conditions. |
| - Score: 2 |
| RE[3]: Good Progress |
| By nfeske on 2012-08-24 20:31:47 |
|
Apparently, the redundancies between the microkernel and the first user-land component (mostly called root task) have been somehow overlooked for years now. Not just in the context of Genode but in multi-server OS projects in general. I guess the reason is that both kind of programs used to be developed by distinct groups of people. Boldly generalizing, I think that kernel developers love to stay in kernel land. Their view is somehow narrowed to the kernel API and hardly extend to a holistic system. On the other hand, user-land developers do not challenge kernel APIs too much (similar to how most software developers rarely question the hardware interfaces underneath their software). Personally, I find the result of the base-hw experiment quite fascinating. It shows that dissolving the barrier between thinking in categories of kernel land and user land bears the opportunity for simplifying the overall architecture. I share your observation about several of the base platforms. The motivation for keeping them around slightly differ from kernel to kernel. For Codezero, we are still hoping for a relaunch of the kernel as an Open-Source project. Pistachio is actually still maintained. For all of those kernels, there are also common reasons to not abandon them. First, its beneficial for Genode's API design. Each kernel poses different challenges with regard to implementing the API. By accommodating a variety of kernel interfaces, we constantly reassure the portability of the framework and force ourself to find clean solutions that work across all of the kernels. Second, having an arsenal of kernels at our disposal is just great for cross-correlating the behaviour of the system during debugging. Many bugs can be tracked down by just looking at the differences of executing the same scenario on different platforms. In fact, at Genode Labs we are constantly switching between the kernels including the ancient L4/Fiasco kernel. As a bonus, several of the kernels offer unique debugging features, which become pretty handy from time to time. Third, maintaining support for an already supported base platform is cheap. It comes down to maintaining approximately 2000-3000 lines of code per kernel. For a kernel that won't move, the maintenance costs are almost zero (except for changes of the Genode API). |
| - Score: 2 |
| RE[4]: Good Progress |
| By Alfman on 2012-08-25 14:37:05 |
|
nfeske, Like you, I'd have to research it more. But I think an excellent test would be a database engine that doesn't use memory mapped IO. I think mysql is such a database, particularly because 32bit addressing is an unacceptable limitation. Not sure how it works in 64 bit though. http://doc.51windows.net/mysql/?... "Only compressed MyISAM tables are memory mapped. This is because the 32-bit memory space of 4GB is not large enough for most big tables. When systems with a 64-bit address space become more common, we may add general support for memory mapping." When you implement a pread in libc, does it look something like this? (Apologies in advance for the spacing bugs...Thom get that fixed!!) int pread(...) { aquire_process_mutex(...); long long pos = lseek(...); int ret = read(...); lseek(pos); // since pread isn't supposed to have side effects free_mutex(...); return ret; } This makes 3 calls to the file system, do those functions have their own internal mutexes such that each pread/pwrite call will actually invoke 4 total mutex cycles (instead of 1 needed by a native pread function)? That would be alot of sync overhead on SMP systems (IMHO). Also, I think the following example might be able to break the above atomicity: void uncertainty() { char data; int handle = open(...,O_WRONLY|O_TRUNC); int pid = fork(); if (pid==0) { data=1; pwrite(handle, &data, sizeof(data), 1) } else { data=2 pwrite(handle, &data, sizeof(data), 1); waitpid(pid); } } We would normally expect only 2 possible arbitrary outcomes: 0x00 0x01 # child overwrote parent 0x00 0x02 # parent overwrote child However due to race conditions on lseek, we might end up with these variances as well. 0x02 0x01 0x01 0x02 Granted this example is contrived. I don't know if there are typical applications that share file descriptors between processes and use pread/pwrite on them? I brought this up because I really enjoy technical analysis, not because of any particular concern. But if I'm bugging you too much feel free to tell me to sod off :) |
| - Score: 2 |
| RE[5]: Good Progress |
| By nfeske on 2012-08-25 17:58:58 |
|
You are welcome! :-) Indeed, the code looks similar to the snippet you posted. See here: https://github.com/genodelabs/gen... Fortunately, your concerns do not apply for Genode. In Genode's libc, the seek offset is not held at the file system but local to the process within the libc. The file-system interface is designed such that the seek offset is passed from the client to the file system with each individual file-system operation. The seek value as seen at libc API level is just a value stored alongside the file descriptor within the libc. Therefore, lseek is cheap. It is just a library call updating a variable without invoking a syscall. Your example does indeed subvert the locking scheme. But as Genode does not provide fork(), it wouldn't work anyway. ;-) Btw, if programs are executed within the Noux runtime (see [1]), lseek is actually an RPC call to the Noux server. So the pread/pwrite implementation carries an overhead compared to having pread/pwrite as first-class operations. So there is room for optimization in this case. [1] http://genode.org/documentation/... Given all the steps that are involved in a single read I/O operation, however, I am uncertain about the benefit of this specific optimization. To prevent falling into the premature-optimization trap, I'd first try to obtain the performance profile of a tangible workload. Another reason I'd be hesitant to introduce pread/pwrite as first-class operations into Noux is that in general, we try to design interfaces to be as orthogonal as possible. Thanks to this guideline, the Noux server is a cute little component of less then 5000 LOC. Introducing pread/pwrite in addition to read/write somehow spoils this principle and increases complexity. Thanks for the pointer to the database engine. This might be a good starting point for a workload to be taken as reference when optimizing for performance and scalability. |
| - Score: 2 |
| News | Features | Interviews |
| Blog | Contact | Editorials |