Article

The benefits and costs of writing a POSIX kernel in a high-level language

Authors:

M. Frans Kaashoek,

Robert T. MorrisAuthors Info & Claims

OSDI'18: Proceedings of the 13th USENIX conference on Operating Systems Design and Implementation

Pages 89 - 105

Published: 08 October 2018 Publication History

Abstract

This paper presents an evaluation of the use of a high-level language (HLL) with garbage collection to implement a monolithic POSIX-style kernel. The goal is to explore if it is reasonable to use an HLL instead of C for such kernels, by examining performance costs, implementation challenges, and programmability and safety benefits.

The paper contributes Biscuit, a kernel written in Go that implements enough of POSIX (virtual memory, mmap, TCP/IP sockets, a logging file system, poll, etc.) to execute significant applications. Biscuit makes liberal use of Go's HLL features (closures, channels, maps, interfaces, garbage collected heap allocation), which subjectively made programming easier. The most challenging puzzle was handling the possibility of running out of kernel heap memory; Biscuit benefited from the analyzability of Go source to address this challenge.

On a set of kernel-intensive benchmarks (including NGINX and Redis) the fraction of kernel CPU time Biscuit spends on HLL features (primarily garbage collection and thread stack expansion checks) ranges up to 13%. The longest single GC-related pause suffered by NGINX was 115 microseconds; the longest observed sum of GC delays to a complete NGINX client request was 600 microseconds. In experiments comparing nearly identical system call, page fault, and context switch code paths written in Go and C, the Go version was 5% to 15% slower.

References

[1]

A. Anagnostopoulos. gopher-os, 2018. https://github.com/achilleasa/gopher-os.

[2]

J. Armstrong. Erlang. Commun. ACM, 53(9):68-75, Sept. 2010.

Digital Library

[3]

G. Back and W. C. Hsieh. The KaffeOS Java runtime system. ACM Trans. Program. Lang. Syst., 27(4):583-630, July 2005.

Digital Library

[4]

G. Back, P. Tullmann, L. Stoller, W. C. Hsieh, and J. Lepreau. Techniques for the design of Java operating systems. In In Proceedings of the 2000 Usenix Annual Technical Conference, pages 197- 210. USENIX Association, 2000.

Digital Library

[5]

H. G. Baker, Jr. List processing in real time on a serial computer. Commun. ACM, 21(4):280-294, Apr. 1978.

Digital Library

[6]

F. J. Ballesteros. The Clive operating system, 2014. http://lsub.org/ls/clive.html.

[7]

B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. Fiuczynski, D. Becker, S. Eggers, and C. Chambers. Extensibility, safety and performance in the SPIN operating system. In Proceedings of the 15th ACM Symposium on Operating Systems Principles (SOSP), pages 267-284, Copper Mountain, CO, Dec. 1995.

Digital Library

[8]

J. Bonwick. The slab allocator: An object-caching kernel memory allocator. In Proceedings of the USENIX Summer Conference, 1994.

Digital Library

[9]

J. Corbet. The too small to fail memory-allocation rule. from https://lwn.net/Articles/627419/, Dec 2014.

[10]

J. Corbet. Revisiting too small to fail. from https://lwn.net/Articles/723317/, May 2017.

[11]

D Language Foundation. D programming language, 2017. https://dlang.org/.

[12]

D. Evans. cs4414: Operating Systems, 2014. http://www.rust-class.org/.

[13]

D. Frampton, S. M. Blackburn, P. Cheng, R. J. Garner, D. Grove, J. E. B. Moss, and S. I. Salishev. Demystifying magic: High-level low-level programming. In Proceedings of the 2009 ACM SIGPLAN/ SIGOPS International Conference on Virtual Execution Environments, VEE '09, pages 81-90, New York, NY, USA, 2009. ACM.

Digital Library

[14]

C. M. Geschke, J. H. Morris, Jr., and E. H. Satterthwaite. Early experience with Mesa. SIGOPS Oper. Syst. Rev., Apr. 1977.

Digital Library

[15]

Google. The Go Programming Language, 2017. https://golang.org/.

[16]

Google. gvisor, 2018. https://github.com/google/gvisor.

[17]

R. D. Greenblatt, T. F. Knight, J. T. Holloway, and D. A. Moon. A LISP machine. In Proceedings of the Fifth Workshop on Computer Architecture for Non-numeric Processing, CAW '80, pages 137-138, New York, NY, USA, 1980. ACM.

Digital Library

[18]

T. Hallgren, M. P. Jones, R. Leslie, and A. Tolmach. A principled approach to operating system construction in Haskell. In Proceedings of the Tenth ACM SIGPLAN International Conference on Functional Programming, ICFP '05, pages 116-128, New York, NY, USA, 2005. ACM.

Digital Library

[19]

C. Hawblitzel, C.-C. Chang, G. Czajkowski, D. Hu, and T. von Eicken. Implementing multiple protection domains in Java. In Proceedings of the 1998 USENIX Annual Technical Conference, pages 259-270, 1998.

Digital Library

[20]

M. Hertz and E. Berger. Quantifying the performance of garbage collection vs. explicit memory management. In ACM OOPSLA, 2005.

Digital Library

[21]

R. Hudson. Go GC: Prioritizing low latency and simplicity. from https://blog.golang.org/go15gc, Aug 2015.

[22]

G. C. Hunt and J. R. Larus. Singularity: Rethinking the software stack. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP), pages 37-49, Stevenson, WA, Oct. 2007.

Digital Library

[23]

G. C. Hunt, J. R. Larus, M. Abadi, M. Aiken, P. Barham, M. Fahndrich, C. Hawblitzel, O. Hodson, S. Levi, N. Murphy, B. Steensgaard, D. Tarditi, T. Wobber, and B. Zill. An overview of the Singularity project. Technical Report MSR-TR-2005-135, Microsoft, Redmond, WA, Oct. 2005.

[24]

B. Iyengar, G. Tene, M. Wolf, and E. Gehringer. The Collie: A Wait-free Compacting Collector. In Proceedings of the 2012 International Symposium on Memory Management, ISMM '12, pages 85-96, Beijing, China, 2012. ACM.

Digital Library

[25]

T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General Track of the Annual Conference on USENIX Annual Technical Conference, ATEC '02, pages 275-288, Berkeley, CA, USA, 2002. USENIX Association.

Digital Library

[26]

A. Levy, M. P. Andersen, B. Campbell, D. Culler, P. Dutta, B. Ghena, P. Levis, and P. Pannuto. Ownership is theft: Experiences building an embedded OS in Rust. In Proceedings of the 8th Workshop on Programming Languages and Operating Systems, PLOS '15, pages 21-26, New York, NY, USA, 2015. ACM.

Digital Library

[27]

A. Levy, B. Campbell, B. Ghena, D. B. Giffin, P. Pannuto, P. Dutta, and P. Levis. Multiprogramming a 64kb computer safely and efficiently. In Proceedings of the 26th Symposium on Operating Systems Principles, SOSP '17, pages 234-251, New York, NY, USA, 2017. ACM.

Digital Library

[28]

A. Light. Reenix: implementing a Unix-like operating system in Rust, Apr. 2015.

[29]

A. Madhavapeddy, R. Mortier, C. Rotsos, D. Scott, B. Singh, T. Gazagnaire, S. Smith, S. Hand, and J. Crowcroft. Unikernels: Library operating systems for the cloud. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 461-472, Houston, TX, Mar. 2013.

Digital Library

[30]

B. McCloskey, D. F. Bacon, P. Cheng, and D. Grove. Staccato: A Parallel and Concurrent Real-time Compacting Garbage Collector for Multiprocessors. Technical report, IBM, 2008.

[31]

P. McKenney. Review list for RCU patches. https://www.kernel.org/doc/Documentation/RCU/checklist.txt.

[32]

P. E. McKenney, S. Boyd-Wickizer, and J. Walpole. RCU usage in the Linux kernel: One decade later. 2012.

[33]

P. E. McKenney and J. D. Slingwine. Read-copy update: Using execution history to solve concurrency problems. In Parallel and Distributed Computing and Systems, pages 509-518, 1998.

[34]

MITRE Corporation. CVE Linux Kernel Vulnerability Statistics, 2018. http://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33.

[35]

J. Mogul. Eliminating receive livelock in an interrupt-driven kernel. In USENIX 1996 Annual Technical Conference, January 1996.

Digital Library

[36]

Mozilla research. The Rust Programming Language, 2017. https://doc.rust-lang.org/book/.

[37]

G. Nelson, editor. Systems Programming with Modula-3. Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1991.

Digital Library

[38]

NGINX. Nginx, 2018. https://www.nginx.com/.

[39]

P. Oppermann. Writing an OS in Rust, 2017. http://os.phil-opp.com/.

[40]

N. Palix, G. Thomas, S. Saha, C. Calvès, J. Lawall, and G. Muller. Faults in Linux: Ten years later. In Proceedings of the Sixteenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XVI, pages 305-318, New York, NY, USA, 2011. ACM.

Digital Library

[41]

W. M. Petullo, W. Fei, J. A. Solworth, and P. Gavlin. Ethos' deeply integrated distributed types. In IEEE Security and Privacy Workshop on LangSec, May 2014.

Digital Library

[42]

D. Picheta. Nim in action, 2017. http://nim-lang.org/.

Digital Library

[43]

J. Rafkind, A.Wick, J. Regehr, and M. Flatt. Precise Garbage Collection for C. In Proceedings of the 9th International Symposium on Memory Management, ISMM '09, Dublin, Ireland, June 2009. ACM.

Digital Library

[44]

D. Redell, Y. Dalal, T. Horsley, H. Lauer, W. Lynch, P. McJones, H. Murray, and S. Purcell. Pilot: An operating system for a personal computer. In Proceedings of the 7th ACM Symposium on Operating Systems Principles (SOSP), Pacific Grove, CA, 1979. ACM.

Digital Library

[45]

M. Schroeder and M. Burrows. Performance of Firefly RPC. In Proceedings of the Twelfth ACM Symposium on Operating Systems Principles, SOSP '89, pages 83-90, New York, NY, USA, 1989. ACM.

Digital Library

[46]

K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. Addresssanitizer: A fast address sanity checker. In Proceedings of the 2012 USENIX Annual Technical Conference, Boston, MA, 2012. USENIX.

Digital Library

[47]

A. S. Tanenbaum. Modern Operating Systems. Pearson Prentice Hall, 2008.

Digital Library

[48]

W. Teitelman. The Cedar programming environment: A midterm report and examination. Technical Report CSL-83-11, Xerox PARC, 1984.

[49]

C. P. Thacker and L. C. Stewart. Firefly: a multiprocessor workstation. In Proceedings of the 2nd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). ACM, Apr. 1987.

[50]

Ticki. Redox - Your Next(Gen) OS, 2017. https://doc.redox-os.org/book/.

[51]

L. Torvalds. http://harmful.cat-v.org/software/c++/linus, Jan 2004.

[52]

T. Yang, M. Hertz, E. Berger, S. Kaplan, and J. E. B. Moss. Automatic heap sizing: Taking real memory into account. In ACM ISMM, 2004.

Digital Library

Cited By

Xu HChen ZSun MZhou YLyu M(2021)Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEsACM Transactions on Software Engineering and Methodology10.1145/346664231:1(1-25)Online publication date: 28-Sep-2021
https://dl.acm.org/doi/10.1145/3466642
Lefeuvre HBădoiu VTeodorescu ŞOlivier PMosnoi TDeaconescu RHuici FRaiciu CAngel SKasikci BKohler E(2021)FlexOSProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465292(79-87)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465292
Li JMiller SZhuo DChen AHowell JAnderson TAngel SKasikci BKohler E(2021)An incremental path towards a safer OS kernelProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465277(183-190)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465277
Show More Cited By

The benefits and costs of writing a POSIX kernel in a high-level language
1. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

Better Understanding the Costs and Benefits of Automatic Memory Management
MPLR '22: Proceedings of the 19th International Conference on Managed Programming Languages and Runtimes

Automatic memory management relieves programmers of the burden of having to reason about object lifetimes in order to soundly reclaim allocated memory. However, this automation comes at a cost. The cost and benefits of garbage collection relative to ...
Interactive High-Level Language Direct-Execution Microprocessor System

It is our habit in writing an English composition that, as we write each word, each phrase, each sentence, and each paragraph, we consciously or unconsciously check the syntax and the semantics of the composition just written. Writing a computer program ...
Writing an OS Kernel in a Strictly and Statically Typed Language
Formal to Practical Security

OS kernels have been written in weakly typed or non typed programming languages, for example, C. Therefore, it is extremely hard to verify even simple memory safety of the kernels. The difficulty could be resolved by writing OS kernels in strictly typed ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

OSDI'18: Proceedings of the 13th USENIX conference on Operating Systems Design and Implementation

October 2018

815 pages

ISBN:9781931971478

Program Chairs:
Andrea Arpaci-Dusseau
University of Wisconsin-Madison
,
Geoff Voelker
University of California, San Diego

Sponsors

NetApp
Google Inc.
NSF
Microsoft: Microsoft
Facebook: Facebook

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

USENIX Association

United States

Publication History

Published: 08 October 2018

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xu HChen ZSun MZhou YLyu M(2021)Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEsACM Transactions on Software Engineering and Methodology10.1145/346664231:1(1-25)Online publication date: 28-Sep-2021
https://dl.acm.org/doi/10.1145/3466642
Lefeuvre HBădoiu VTeodorescu ŞOlivier PMosnoi TDeaconescu RHuici FRaiciu CAngel SKasikci BKohler E(2021)FlexOSProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465292(79-87)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465292
Li JMiller SZhuo DChen AHowell JAnderson TAngel SKasikci BKohler E(2021)An incremental path towards a safer OS kernelProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465277(183-190)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465277
Miller SZhang KZhuo DXu SKrishnamurthy AAnderson T(2019)Practical Safe Linux Kernel ExtensibilityProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3317550.3321429(170-176)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3317550.3321429

View Options

View options

Figures

Tables

Media

View Table of Conten