1 / 19

Towards a Schedu Capturing OS Expertise in an Event Type System: the Bossa Experience

Towards a Schedu Capturing OS Expertise in an Event Type System: the Bossa Experience. Julia L. Lawall DIKU, University of Copenhagen Joint work with: Gilles Muller Obasco Group, Ecole des Mines de Nantes/INRIA http://www.emn.fr/x-info/bossa. Program issues.

akiko
Download Presentation

Towards a Schedu Capturing OS Expertise in an Event Type System: the Bossa Experience

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards a ScheduCapturing OS Expertise in an Event Type System:the Bossa Experience Julia L. Lawall DIKU, University of Copenhagen Joint work with: Gilles Muller Obasco Group, Ecole des Mines de Nantes/INRIA http://www.emn.fr/x-info/bossa

  2. Program issues • Approach: exploit the restricted nature of DSLs to address all of these issues. Does nothing wrong Does something right Executes efficiently

  3. Context: OS extensibility • Goals: • Policies for specific applications. • Policies for specific execution contexts. • Eliminate unnecessary functionality for speed / reduced resource consumption. • Safety is critical

  4. Approaches to OS extensibility • Berkeley Packet Filter: • interpreted for safety • Exo-kernel • extensions run at the user level • Proof-carrying code • extensions accompanied by a correctness proof • SPIN, OKE: • extensions written in a safe language • Address safety, correctness at best ad hoc.

  5. DSLpolicy Bossa compiler/verifier Kernel (Linux) Compiled policy RTS A domain-specific approach Bossa, a DSL for developing CPU schedulers policy developers kernel expert

  6. Bossa DSL: policy structure • Declarations • states • process attributes • process priorities • OS interface • Programmer interface

  7. Extract of a scheduling policy states = { RUNNING running : process; READY ready : select sorted queue; READY expired : sorted queue; READY yield : process; BLOCKED blocked : queue; TERMINATED terminated; }

  8. Event handlers handler (event e) { … On block.* { running => blocked; } On unblock.preemptive.* { if (!empty(running) && e.target > running) running => ready; e.target => ready; } … }

  9. Correctness issues • Is the chosen algorithm appropriate? • Is the algorithm implemented faithfully? • Does the implementation interact correctly with the target OS? This work focuses on the third issue...

  10. Event handlers handler (event e) { … On block.* { running => blocked; } On unblock.preemptive.* { if (!empty(running) && e.target > running) running => ready; e.target => ready; } … } Reasonable behavior, but what does the kernel expect?

  11. Event types • For each event, describe: • Event notification context. • Expected handler effect. • block.*:[tgt in RUNNING]  [tgt in BLOCKED] • Provided by the OS expert. • Goals: • Document kernel expectations. • Check that these expectations are satisfied. • Encapsulate kernel expertise. • Policy independent.

  12. Event type examples • block.*: • [tgt in RUNNING]  [tgt in BLOCKED] • unblock.preemptive.*: • [tgt in BLOCKED]  [tgt in READY] • [p in RUNNING, tgt in BLOCKED]  [[p, tgt] in READY] • Missing Linux expertise: • unblock.preemptive.* is an interrupt; affects block.*. • a process can be unblocked before it blocks.

  13. Corrected types and handlers • block.*: • [tgt in RUNNING]  [tgt in BLOCKED] • [[] = RUNNING, tgt in READY]  [tgt in BLOCKED] On block.* { running => blocked; } should be: On block.* { e.target=> blocked; }

  14. Corrected types and handlers • unblock.preemptive.*: • [tgt in BLOCKED]  [tgt in READY] • [p in RUNNING, tgt in BLOCKED]  [[p, tgt] in READY] • [tgt in RUNNING]  [tgt in RUNNING] • [[] in RUNNING, tgt in READY]  [tgt in READY] On unblock.preemptive.* { if (e.target in blocked) { if (!empty(running) && e.target > running) running => ready; e.target => ready; }}

  15. Event types for safety • bossa.schedule • [[] = RUNNING, q in READY]  [q in RUNNING] On bossa.schedule { if (empty(ready)) { if (empty(expired)) { yield => ready; } else { expired => ready; } } select() => running; }

  16. Event types for optimization • block.*: • [tgt in RUNNING]  [tgt in BLOCKED] • [[] = RUNNING, tgt in READY]  [tgt in BLOCKED] • Specialized event sequences. if (tgt == running) move_proc_queue(running,blocked); else move_queue_queue(tgt,blocked);

  17. Assessment • For critical OS services, need more than safety guarantees. • Analyzing the entire kernel with respect to each new policy is both expensive and not so necessary. • Event types guide the developer and permit relevant verifications.

  18. Current status • Bossa versions of Linux 2.2 and 2.4 kernels. • Policies: • Process schedulers: • Linux, BSD, EDF, Progress-based, Linux O(1) • Virtual schedulers: • Fixed-priority, proportional share • Automatic kernel instrumentation in progress • Low overhead for lat_ctx. No overhead for more typical applications.

  19. Future work • Test event type expressiveness: • New OSes: • BSD, OSes for real-time or embedded systems... • New policies • multimedia, real-time, energy aware… • Model checking for verifying policies. • Model checking for verifying event types. http://www.emn.fr/x-info/bossa

More Related