L4 Operating System (L4/fiasco Introduction)

Source: Internet
Author: User

(From: http://oss.lzu.edu.cn/blog/article.php? Tid_583.html)

While studying the operating system course, we have been talking about the microkernel, saying "the microkernel is the mainstream of the modern operating system" (for too long, I can't remember it. If it is wrong, do not pat me ). However, in fact, there are not many micro-kernel operating systems that actually enter industrial applications. Microsoft's systems claim to be micro-Kernels, but they should not, I have never seen a person who can cut down the XP or 2000 system to less than 50 MB (95/98 can be used as a small one. This can be used to search related materials from the Internet, but they are dos encapsulation. I will not talk about it here ). However, Linux is not a micro-kernel, but a monolitic, which is widely accepted by everyone. UNIX, a predecessor of Linux, is certainly not a micro-kernel. Specifically, this difference is mainly due to the differences between the academic and industrial circles. Academia believes that the microkernel is the mainstream direction of the development of operating systems, but the industry does not think so. This may be the reason why Linus and his teacher Andy taonenbau (the cool who writes minix) shoot each other after Linux is launched.
But to be exact, the overall performance of microkernel is not as good as that of monolitic, which makes sense for vendors pursuing cost effectiveness. However, microkernel also has its own strength, namely, stability. Microkernel is relatively simpler than monolitic, so it is more stable. However, the first generation of microkernel is really disappointing. To Jochen Liedtke (German), he designed the second generation of microkernel, called L4. In order to pursue efficiency, all L4 is implemented in assembly language, write the operating system using the sink), but this result is in the pursuit of efficiency, so that the first generation L4 can only run on 486 and Pentium. But at present L4 has become a microkernel design standard, around this standard, there are a lot of L4 implementation (http:// OS .inf.tu-dresden.de/L4/impl.html ). Previously designed by Jochen, L4 is currently called L4/x86. Currently, the most active two are Pistachio and fiasco. The former is a common microkernel, and the latter is a microkernel specially designed for real-time systems, implementing l4v2 (L4 API version 2 ). Due to this relationship between fiasco and L4, fiasco is also called L4/fiasco to emphasize that it is an implementation of L4.
Now I finally want to talk about fiasco. fiasco means "failure", which seems to have been borrowed from Italian (I don't know why they went to such a name, but it sounds pretty easy ). Fiasco is a core sub-project of Dresden Real-time Operating Systems Project (real-time operating system project of the University of Germany). It is a microkernel with real-time functions. We know that in a real-time system, there are usually two types of tasks: Real-Time and time-sharing. Real-time is provided by fiasco. In time-sharing, developers use Linux. Generally, Linux runs on a certain hardware platform (x86, arm, PowerPC, MIPS). In fiasco/L4, developers modify Linux, this allows Linux to run in L4/fiasco, which is called l4linux. At present, the latest version of l4linux has reached the L4Linux-2.6.17, which is the current stable version of the latest Linux-2.6.
Next, let's talk about the service model (program architecture) in L4/fiasco, which I think is interesting. If no module is loaded, nothing can be done with a single microkernel. Therefore, many modules are designed based on L4/fiasco. These modules provide services for the modules loaded later in the form of servers, just as if multiple C/S modules are nested.
Finally, let's talk about the difference between microkernel and monolitic. When we talk about fiasco, we also talk about module. When we compile Linux kernel, there will also be a module. The modules in these two locations are different. The previous module is isolated from each other and has different address spaces, while the latter shares the same address space.

 

Operating System Based L4-Like microkernel

In recent years, the L4 microkernel has received more and more attention. There are more and more people studying and using L4, but there are still few Chinese documents about L4, this article tries to collect various L4-based operating system projects to help you study and learn. Basically, there are two types of L4 systems: Dead system and live system. For the dead system, if the meaning of the study has been lost, it will not be included in this list.
Generally speaking, the L4 system has two features: Fast IPC and sigma0. Sigma0 is an IPC-based memory management protocol. With sigma0, memory management is hierarchical. For example, there are two programs A and B. If program B wants to use the memory of program. If sigma0 is used, it is easy to implement. You only need to set a to the pager of B and provide the Page Fault Handler program of B. In this case, programs a and B still have different address spaces, and A and B are isolated from each other (for this hierarchical memory management, see The sawmill framework for Virtual Memory diversity). However, if you use Linux to implement this mode, unless share memory is used, I cannot find any better method, but share memory makes the address space between A and B have an intersection, both security and safety are not a good solution. In recent years, more and more L4 systems have begun to support a new feature-capability, designed to improve the security of the operating system, the relationship between capability and the resource to be accessed is similar to that between file descriptive symbols and files. to access a resource, you must use capability, capability specifies the security features such as resource access.
Grant is allowed (from one user to another). In short, capability is a better way to enhance system security than access control list.
Live System
1. The commercial non-open-source system of pikeos/elinos sysgo AG in Germany. It provides a good resource isolation mechanism and uses paravirtualization to run every OS personality in one VM, supports Java and Ada applications. Pikeos not only has spatial isolation, but also has good Temporal isolation. Therefore, it also supports real-time application. Elinos is an embedded Linux system (2.4 and 2.6) transplanted to pikeos. It supports many hardware platforms and development boards. Pikeos is certified by arinic 653 and D0-178B, so it is used for safety-critical and secure applications such as military space. Pikeos has been developed since 98 years. In recent years, sysgo has become the fastest growing embedded manufacturer in Europe, and elinos has become a popular embedded Linux development environment. Because it is a commercial system, there is very little reference. Http://en.wikipedia.org/wiki/PikeOS (www.sysgo.com)
2, fiasco/l4env/l4linux fiasco is the real-time micro kernel developed by tud operating system group (OS .inf.tu-dresden.de), supporting L4 v2.0 and L4 x.0 standards (L4 interface standards ), fiasco is a typical L4 System Implemented by C ++. fiasco provides a large number of L4 system calls and real-time extensions of fiasco. Click fiasco syscall. L4env is a fiasco-based service program, including roottask, sigma0, log, names, dm_phys, l4vfs, l4io, dope, con, and other servers, l4env is a typical sawmill multi-server OS (refer to paper The sawmill multiserver approach). For some basic information about l4env, click l4env manual. L4linuxIs based on l4env transplantation of Linux system, Linux-2.0, Linux-2.2, Linux-2.4, Linux-2.6 before and after were transplanted to l4env above, the current l4linux version was updated to 2.6.26, l4linux is equivalent to a Linux System Based on "L4 CPU". Modifications to the Linux system are stored under the arch/L4 Directory, which effectively maintains the semantic integrity of the Linux system. For fiasco, l4env, and l4linux designs, see paper. The performance of μ-kernel-based systemsThis paper is also one of the most famous paper in the microkernel field. It is worth noting that, based on fiasco and l4linux, there are two important research results. Drops real-time system is a Real-Time System Oriented to service quality requirements, it can provide a certain degree of assurance (guarantee ). L4/nizza, a trusted computing-based microkernel-based system architecture. This is also the first work to use L4 microkernel for security system research. For details, refer to paper: Security Architecture revisited. In addition, they maintain an IDL for L4 called dice.
3. Pistachio/afterburner pistachio is currently one of the best L4 micro-kernels developed by the System Architecture Research Group at the University of karsrul and the operating system research group at the State University of New South Wales. Like all research institutions, we started from the very beginning with standalone. karsrul made hazelnut and New South Wales state made L4/MIPS and L4/Alpha. Later, we joined hands to build pistachio. However, all the people above the micro-kernel have been working on their own, and each has its own system. For a long time, the pistachio team of karsrul has been using l4linux from tud as a virtualization technology based on pistachio until the emergence of pistachio's afterburner technology. Afterburning is a kind of pre-commit lization technology developed by the Team (pre-commit alization is an attempt to consider the high performance of para-commit lization and the maintainability of modularity. Specifically, A source code can be compiled into different systems as needed. In the same Linux system, you can compile the guest OS for xen, or compile the virtual machine that uses L4: Pistachio. Because this work is completed in the compilation phase, many optimizations can take effect at the same time, avoiding the singularity of para-virtualization. For example, l4linux can only use fiasco for applications, xenlinux is only applicable to xen, and so on. Because it is compiled, the performance will be better. Interestingly, they have a burnnt technology that supports multi-windows and provides source code download on the website. Their article about Device Driver virtualization alization is paper of osdi and unmodified Device Driver reuse, which is a rare masterpiece in the L4 field in recent years. The main idea is to regard each virtual Linux as a device driver server, so as to provide dependable system.
4. okl4/iguana okl4 is a continuation of L4: pistachio-embedded. It is maintained by open kernel labs, but the research work is basically completed in ertos. Currently, okl4 is well marketed and many products have used okl4, including openmoko Based on okl4. Equivalent to the L4 group of TU-D and Uni Karlsruhe, ertos is very large, there are many projects on their website, there are various projects. Mainly include: 1) Basic system maintenance, okl4 + iguana + magpie + wombat, iguana is similar to l4env, magpie is similar to dice, and wombat is similar to l4linux. 2) Security sel4 + l4.verified. I cannot tell the differences between the two projects. sel4 indicates Security embedded L4. In short, even if formal method is used to verify okl4 is secure kernel, it seems that they have reached the level of machine code verification. The general step is to use Haskell to re-implement okl4 APIs, then we use Isabela to prove that in this regard, kernel verification is very successful, which is also one reason why they can win the favor of many industrial manufacturers. 3) since real-time is oriented to embedded, real-time is naturally used; Component-Based microkernel; power management, these are also some hotopics of the current OS research.
5. coyotos first, coyotos is not L4, but the close relationship between coyotos and L4 is far better than that between other microkernels and L4. Such as fast IPC, capability-based OS, and IDL. Coyotos is an improved version of keykos and Eros (extremely reliable OS). The name of Eros may indicate that this system is somewhat different from the preceding one. It emphasizes reliable, eros was applied to some military systems at the beginning, but later it was found that synchronous IPC would cause a denial of service bug, which exists in all synchronous IPC-based systems, of course, it also includes all L4, which are described in detail in vulnerability in synchronous IPC design. Of course, this bug has also been fixed. Coyotos should aim to provide a microkernel with a military level (eal7 = Evaluation assurance level). It uses a new safety language called BITC (similar to Haskell's safety language) to implement this system, in addition, the entire system adopts a format similar to OOP (all L4 systems are Oop, and fiasco and Pistachio are c ++ ). Coyotos is still persistant and transactional microkernel OS. In terms of concept, coyotos is more advanced and capability is also applied to this system for the first time. Therefore, if you are interested in developing 3rd microkernel, you may wish to pay more attention to this microkernel.
6. mungi is the persistant sasos (single address space operating system) developed by the ertos team. This project has been stopped. However, as the first operating system to develop different types using L4/microkernel, we can still provide a lot of new idea, especially persistant, even until now, it should be worth studying. Http://www.coyotos.org/ there are a lot of design documents for the microkernel, which are worth watching.
7, M. d. bennett "A kernel for IMA systems" is the University of York thought pH. d. Try to build the IMA System Based on L4. The whole process of IMA is integrated_modular_avionics, which is the only attempt of Safety Critical System Based on L4, because I prefer to do this, list this kernel here. Because the University of York is the base camp of Safety Critical system, this paper should be good.
8. genode OS framework. A Recursive hierarchical constructive OS framework. Currently, it is developed based on L4/fiasco. homepage: genode.org. For your security, please open only the URL with reliable source

Open website {
Share. safelink. Close (); Return false;
} "Href =" http://writeblog.csdn.net/# "> cancel

From :{
Share. safelink. showconfirm (this );
} "Href =" http://hi.baidu.com/l4os/blog/item/7838405269fb64080df3e3d4.html "target =" _ blank "> http://hi.baidu.com/l4os/blog/item/7838405269fb64080df3e3d4.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.