Safe Kernel Scheduler Development with Bossa

Similar documents

Language Design for Implementing Process Scheduling Hierarchies

On Designing a Target-Independent DSL for Safe OS Process-Scheduling Components

Operating Systems Concepts: Chapter 7: Scheduling Strategies

Comparison between scheduling algorithms in RTLinux and VxWorks

Thomas Fahrig Senior Developer Hypervisor Team. Hypervisor Architecture Terminology Goals Basics Details

Scheduling 0 : Levels. High level scheduling: Medium level scheduling: Low level scheduling

Real-Time Systems Prof. Dr. Rajib Mall Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Performance Comparison of RTOS

CPU Scheduling Outline

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Real Time Programming: Concepts

CPU SCHEDULING (CONT D) NESTED SCHEDULING FUNCTIONS

CPU Scheduling. Basic Concepts. Basic Concepts (2) Basic Concepts Scheduling Criteria Scheduling Algorithms Batch systems Interactive systems

Readings for this topic: Silberschatz/Galvin/Gagne Chapter 5

Introduction. Application Performance in the QLinux Multimedia Operating System. Solution: QLinux. Introduction. Outline. QLinux Design Principles

Linux scheduler history. We will be talking about the O(1) scheduler

Multiprocessor Scheduling and Scheduling in Linux Kernel 2.6

Scheduling. Yücel Saygın. These slides are based on your text book and on the slides prepared by Andrew S. Tanenbaum

Embedded & Real-time Operating Systems

Operating Systems. III. Scheduling.

ò Paper reading assigned for next Thursday ò Lab 2 due next Friday ò What is cooperative multitasking? ò What is preemptive multitasking?

Linux Process Scheduling Policy

Scheduling policy. ULK3e 7.1. Operating Systems: Scheduling in Linux p. 1

Process Scheduling CS 241. February 24, Copyright University of Illinois CS 241 Staff

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Linux Plumbers API for Real-Time Scheduling with Temporal Isolation on Linux

Introduction to Operating Systems. Perspective of the Computer. System Software. Indiana University Chen Yu

White Paper. Real-time Capabilities for Linux SGI REACT Real-Time for Linux

Embedded Systems. 6. Real-Time Operating Systems

Why Threads Are A Bad Idea (for most purposes)

Quality of Service su Linux: Passato Presente e Futuro

Road Map. Scheduling. Types of Scheduling. Scheduling. CPU Scheduling. Job Scheduling. Dickinson College Computer Science 354 Spring 2010.

A POSIX-Ada Interface for Application-Defined Scheduling

Konzepte von Betriebssystem-Komponenten. Linux Scheduler. Valderine Kom Kenmegne Proseminar KVBK Linux Scheduler Valderine Kom

Linux for Embedded and Real-Time Systems

Real-Time Operating Systems for MPSoCs

Towards Class-Based Dynamic Voltage Scaling for Multimedia Applications

Modular Real-Time Linux

Lecture 3 Theoretical Foundations of RTOS

The Service Revolution software engineering without programming languages

RTAI. Antonio Barbalace (modified by M.Moro 2011) RTAI

Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification

IN STA LLIN G A VA LA N C HE REMOTE C O N TROL 4. 1

Real-Time Component Software. slide credits: H. Kopetz, P. Puschner

Linux Process Scheduling. sched.c. schedule() scheduler_tick() hooks. try_to_wake_up() ... CFS CPU 0 CPU 1 CPU 2 CPU 3

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Technical Properties. Mobile Operating Systems. Overview Concepts of Mobile. Functions Processes. Lecture 11. Memory Management.

TI Linux and Open Source Initiative Backgrounder

CPU Scheduling. CSC 256/456 - Operating Systems Fall TA: Mohammad Hedayati

Virtual Machines.

Threads Scheduling on Linux Operating Systems

Xen and the Art of. Virtualization. Ian Pratt

Module 8. Industrial Embedded and Communication Systems. Version 2 EE IIT, Kharagpur 1

Chapter 5 Process Scheduling

Chapter 6, The Operating System Machine Level

Linux A multi-purpose executive support for civil avionics applications?

POSIX. RTOSes Part I. POSIX Versions. POSIX Versions (2)

Support for a reconfiguration DSL in highly constrained embedded systems. Juraj Polakovic, Sebastien Mazaré, Jean-Bernard Stefani Séminaire SARDES

Fabien Hermenier. 2bis rue Bon Secours Nantes.

Real-Time Operating Systems.

Introduction to Embedded Systems. Software Update Problem

Predictable response times in event-driven real-time systems

Real-Time Scheduling 1 / 39

EECatalog SPECIAL FEATURE

Process Scheduling in Linux

Improving the performance of data servers on multicore architectures. Fabien Gaud

Linux Scheduler. Linux Scheduler

Real- Time Scheduling

Example of Standard API

Linux O(1) CPU Scheduler. Amit Gud amit (dot) gud (at) veritas (dot) com

Operating System Overview. Otto J. Anshus

First-class User Level Threads

Overview of the Linux Scheduler Framework

Real-time Performance Control of Elastic Virtualized Network Functions

STORM. Simulation TOol for Real-time Multiprocessor scheduling. Designer Guide V3.3.1 September 2009

Run-Time Scheduling Support for Hybrid CPU/FPGA SoCs

Performance Testing at Scale

What is going on in Operating Systems Research: The OSDI & SOSP Perspective. Dilma M. da Silva IBM TJ Watson Research Center, NY dilmasilva@us.ibm.

Linux Block I/O Scheduling. Aaron Carroll December 22, 2007

OPERATING SYSTEM SERVICES

Operating Systems 4 th Class

INTEL PARALLEL STUDIO EVALUATION GUIDE. Intel Cilk Plus: A Simple Path to Parallelism

Tools Page 1 of 13 ON PROGRAM TRANSLATION. A priori, we have two translation mechanisms available:

Chapter 13 Embedded Operating Systems

CS 377: Operating Systems. Outline. A review of what you ve learned, and how it applies to a real operating system. Lecture 25 - Linux Case Study

sel4: from Security to Safety Gernot Heiser, Anna Lyons NICTA and UNSW Australia

Basics of VTune Performance Analyzer. Intel Software College. Objectives. VTune Performance Analyzer. Agenda

LynxOS RTOS (Real-Time Operating System)

Chapter 2: OS Overview

Operating Systems OBJECTIVES 7.1 DEFINITION. Chapter 7. Note:

EECS 750: Advanced Operating Systems. 01/28 /2015 Heechul Yun

OPERATING SYSTEMS SCHEDULING

Types Of Operating Systems

Project No. 2: Process Scheduling in Linux Submission due: April 28, 2014, 11:59pm

Stream Processing on GPUs Using Distributed Multimedia Middleware

Operating System Tutorial

From L3 to sel4: What Have We Learnt in 20 Years of L4 Microkernels?

Real-Time Scheduling (Part 1) (Working Draft) Real-Time System Example

Lecture Outline Overview of real-time scheduling algorithms Outline relative strengths, weaknesses

Transcription:

Safe Kernel Scheduler Development with Bossa Gilles Muller Obasco Group, Ecole des Mines de Nantes/INRIA, LINA Julia L. Lawall DIKU, University of Copenhagen http://www.emn.fr/x-info/bossa 1 1

Process scheduling is an old issue, but: there is no single perfect scheduler Application requirements: Computation server: fairness Number crunching: ASAP Hard real-time: strict deadlines Multimedia: user perception, relaxed deadlines Embedded systems: energy Recent research work OSDI (8), SOSP (4), RTSS (28), Usenix (5) 2 2

Still Very limited impact on commercial OSes Round robin Priority-based Fifo Application needs known only by the application (or framework) programmer The OS must be customized to application needs Very few application programmers possess kernel expertise 3 3

Bossa goals Simplify scheduler development so that an application programmer can safely extend kernel behavior Predictable development Safe development Integration within existing OSes 4 4

Issues in customizing the OS 1. How to integrate a scheduling policy into the kernel? 2. How to write a policy? 3. How to verify policy correctness? 5 5

1- How to integrate new policies in the kernel We need an extensible kernel (a la SPIN, exokernel) Extensible kernel Event Interface Scheduling policy as an OS extension Complex to program Research prototypes, limited support (drivers, libraries) 6 6

1 - How to integrate new policies in the kernel Bossa approach Enrich an existing kernel (Linux, Windows) with a scheduling-specific event interface Existing scheduling code removed Tool-assisted transformation process using AOP and temporal logic [ASE-2003, EW2004] Existing bossa-ified kernel Event Interface Block.*, Unblock.*, Clocktick Policy code as an OS extension (Kernel component) 7 7

2 - How to write policies: Kernel development is a nightmare C Development is error-prone Low-level C code => little help from the compiler Likely to crash the OS => test and debug tedious 8 8

2 - How to write policies Capture kernel expertise into a DSL A programming language dedicated to a family of programs that offers specific abstractions and notations. Trade expressiveness for expertise/knowledge: Productivity : easier and safer programming Robustness : (static) verification of properties Performance : efficient compilation 9 9

2 - How to write policies Capture kernel expertise into a DSL Domain analysis System components Policy... Policy Library 1. Family of system components 2. Enforce a two-stage design: policy/algorithms/strategy common mechanisms/library domain properties 3. DSL syntax language restrictions 10 10

2 - How to write policies Capture kernel expertise into a DSL Benefits of Domain Specific Languages Expertise re-use separate What/How expertise repository in underlying kernel mechanisms Code re-use well-identified basic mechanisms enforced re-use of the mechanisms Program safety and robustness property verification (predictable) enforced correct usage of the mechanisms 11 11

2 - How to write policies Capture kernel expertise into a DSL Existing bossa-ified kernel Event Interface DSL policy Bossa compiler/verifier Compiled policy (kernel component) 12 12

The Bossa DSL Looks like C but: Provides high level abstractions Process attributes Ordering criteria Process states Event handlers Interface functions Typical well known scheduling policies are under 200 lines 13 13

Process attributes and priorities scheduler Linux = { type policy_t = enum { SCHED_FIFO,SCHED_RR, SCHED_OTHER }; // RT policies // Round Robin process = { policy_t policy, int rt_priority, // 0 for round robin int priority, // initial time slice int ticks // current time slice }; ordering_criteria = { highest rt_priority, highest ticks }; 14 14

Process states Class of state + Process storage states = { RUNNING running : process; READY ready : fifo select queue; READY expired : queue; READY yield : process; BLOCKED blocked : queue; } TERMINATED terminated; 15 15

Event handlers handler (event e) { On block.* { e.target => blocked; } On unblock.preemptive { if (e.target in blocked) { e.target => ready; if (!empty(running) && (e.target > running)) running => ready; } } 16 16

Event handlers - Schedule On bossa.schedule { if (empty(ready)) { foreach (p in blocked) { p.ticks = p.ticks/2 + (((p.priority)>>2)+1); } if (!empty(yield)) { yield.ticks = yield.ticks/2 + (((yield.priority)>>2)+1); } if ( empty (expired)) { yield => ready; } else { foreach (p in expired) { p => ready; } } } select() => running; } if (!empty(yield)) { yield => ready; } 17 17

Properties of the Bossa DSL Termination Bounded loops Complete set of event handlers No loss of a process Kernel protection w.r.t. crashes 18 18

3 -How to verify policy correctness? Is the implementation consistent? DSL properties Does the implementation interact correctly with the target OS? Extensible system development» Kernel expert» Policy programmer Example: do not elect a blocked process 19 19

Event types For each event, describe: Event notification context. Expected handler effect. block.*: [tgt in RUNNING] -> [tgt in BLOCKED] Usage: Check that kernel expectations are satisfied at compile time Document these expectations. Event types are kernel-specific. Written once by the kernel expert. 20 20

Blocking in Linux (Tout ce que vous avez toujours voulu savoir sans oser le demander) tgt in ready E_unblock tgt in blocked E_schedule E_block add to wait queue Resource available yes no no signal State test + Signal pending E_schedule signal Kernel schedule green: executed by tgt (normally running) remove from wait queue E_yield tgt in ready blue: executed by another process 21 21

Taking into account interrupts: Target of block might not be running tgt in ready unblock tgt in blocked E_schedule E_block add to wait queue Resource available yes no no signal State test + Signal pending signal E_schedule Kernel schedule Unblock of a higher priority process. remove from wait queue E_yield tgt in ready 22 22

Taking into account interrupts: Target of unblock might not be blocked tgt in ready unblock tgt in blocked schedule block add to wait queue Unblock of the target process. Resource available yes no remove from wait queue schedule State Test yield Kernel schedule tgt in ready 23 23

Unblock of the target process: Target of unblock might not be blocked tgt in ready E_unblock tgt in blocked E_schedule E_block add to wait queue Unblock of the target process Resource available yes no remove from wait queue E_schedule State test E_yield Kernel schedule tgt in ready 24 24

Linux event types (kernel expert) unblock.preemptive: [[] = RUNNING, tgt in BLOCKED] -> [[] = RUNNING, tgt in READY] [p in RUNNING, tgt in BLOCKED] -> {[p in RUNNING, tgt in READY], [[p, tgt] in READY]} [tgt in RUNNING] -> [tgt in RUNNING] [tgt in READY] -> [tgt in READY] block.*: [tgt in RUNNING] -> [tgt in BLOCKED] [[] = RUNNING, tgt in READY] -> [tgt in BLOCKED] 25 25

Bossa evaluation Benefit of new policies QoS for a video player on a highly loaded machine Precise control of CPU usage for legacy applications (web servers) Performance overhead w.r.t. the original Linux kernel LMbench micro-benchmark Impact of context switches on legacy applications Web server - Apache 26 26

QoS for multimedia applications Managing several classes of applications using a hierarchy of schedulers Priority Virtual scheduler Process scheduler for multimedia applications EDF 30 20 Round Robin Standard Linux process scheduler Video player Parallel compilation 27 27

Impact of context switches on Apache Same number of req/s on Linux & Bossa (1160 req/s, 5kb pages) 50% 40% 30% 20% bossa <5K linux <5K bossa 10K-15K linux 10K-15K bossa >20K linux >20K 10% 0% <5K # cycles <10K <100K <250K <500K >500K 28 28

LMbench - Absolute overhead Bossa2.4/Linux 2.4 cycles 60000 40000 Linux Bossa 20000 0 array size (KB) 0 processes 2 4 8 163264 0 4 4 8 163264 0 8 4 8 163264 0 4 8 163264 0 4 8 163264 0 4 8 163264 0 4 8 163264 0 4 8 163264 16 24 32 64 96 29 29

LMbench - relative overhead Bossa2.4/Linux 2.4 140% 130% 120% 110% 100% 90% array size (KB) 0 processes 2 4 8 163264 0 4 4 8 163264 0 8 4 8 163264 0 4 8 163264 0 4 8 163264 0 4 8 163264 0 4 8 163264 0 4 8 163264 16 24 32 64 96 30 30

On-going work Encyclopedia of scheduling policies (Bossa Nova) Bossa-Box: Personal Video Recorder with QOS Generalization to other resources Energy management (R. Urunuela) Multi-OS generalized approach (C. Augier) Port to Windows XP Port to Jaluna/Chorus (RT kernel) Port to the 2.6 linux kernel 31 31

Conclusion Programming scheduling policies is now possible for non kernel experts Dissemination of research work Nice support for teaching scheduling Verification of safety properties Confidence in system behavior Event types document kernel behavior 32 32

PUB! 2.4/2.6 bossa-linux kernel, Teaching lab, Bossa-Knoppix, http://www.emn.fr/x-info/bossa 33 33

Re- PUB! 8 Octobre EuroSys 23-26 Octobre SOSP, Brighton 28-30 Novembre Middleware, Grenoble 3-7 Juillet 2006 ECOOP, Nantes 20 ans 34 34