Page 2 of 4

Re: Yup ...

Posted: Sat Oct 13, 2007 10:33 am
by SpooK
SandeepMathew wrote:Guys .. I think i understood the concept ..., But why then the
exokernel systems are not so popular ... :?
Developers seem more interested in hybrid kernels these days. The exokernel is still mostly a "proof of concept" project by MIT.

Also, the purpose of an exokernel can be quite easily dismissed with the advent of true hardware multiplexing (e.g. AMD's SVM) and the like.
SandeepMathew wrote: :evil: Even microkernel systems are not so popular when compared
to Monolithic systems with support for loadable modules ... What
is the main reason for this ...? I guess only mach microkernel is
really popular ... What is the main reason ..? Is this something
similar to tcp/ip vs osi ..?
In the end, all of those Ring-3 drivers and task switches count... against the cycles available for all other processes.

As I said above, the "Hybrid" kernel seems to be the way to go these days. Taking the speed and security of a monolithic kernel and injecting the stable concepts of a microkernel to find a happy medium.

Please note that security and stability are interchangeable on some points between the two kernel styles.

As for the "mono vs. micro" warriors, the truth always lies somewhere in the middle... and that middle is the hybrid kernel method.
SandeepMathew wrote: Sligthly off-topic still :- dont you think linux is becoming more windowish
day by day .... :?: :?: :?:
No. Linux (kernel) is still Linux. X11 is still X11. Bash is still Bash.

It's projects like Gnome, KDE, XFCE and Fluxbox and distributions like Ubuntu and Gentoo that are making it more user friendly.

Posted: Sat Oct 13, 2007 7:05 pm
by Avarok
:D

To defend my earlier statement, the x86 platform is still inherently insecure because of certain CPU bugs - privileged things being available in Ring 3. Because this problem is 100% widespread and no solution is yet available, I'm not going to disseminate more information than I should.

Posted: Sat Oct 13, 2007 7:13 pm
by Alboin
Avarok wrote:and no solution is yet available
One could use another processor. ;)

Posted: Sat Oct 13, 2007 7:57 pm
by AndrewAPrice
Avarok wrote::D

To defend my earlier statement, the x86 platform is still inherently insecure because of certain CPU bugs - privileged things being available in Ring 3. Because this problem is 100% widespread and no solution is yet available, I'm not going to disseminate more information than I should.
The OS should cater for this: e.g. scan through a program before executing it for privileged instruction (simpler with Execute Xor Write then you can be sure the instructions won't change during execution), and if for some reason the GDT/IDT/page directory/control register etc changes, the OS could periodically check and change them back, and if something accidentally causes a reboot, then there should be someway of configuring what drivers/program should start automatically (via a recovery disk? GRUB modules?) so you can eliminate the defective code yourself.

Posted: Sat Oct 13, 2007 9:13 pm
by DeletedAccount
Linux is becoming windowish .. I meant with respect to some features
not the UI .. eg Earlier linux was a plain monolithic kernel . Now
it has support for kernel modules ... It has become more modular
like windows ...

Kernel Colonel : I thought Mac Os X was a Microkernel ... It is something
which i read from Silberchatz .. Thanks for the information ... I dont know
much details of the Mac Os X kernel ....


According to a survey much of the OS crashes occur due to faulty device
drivers .. this is where exokernel comes in .. by moving driver code to
user space should give more stablity ... In principle there should be
less swiches from user mode to kernel mode ... But it seems ...during
the implementation .. same problems will crop up again ...

Guess Aspect Oriented Systems and Language Based Protection (slower with some overhead ) is the way to go ... see JX operating system ...

Posted: Sat Oct 13, 2007 9:36 pm
by Brynet-Inc
So if a kernel is modular.. it's trying to be "windowish"? :?

Nonsense.. :roll:

Posted: Sat Oct 13, 2007 10:20 pm
by Alboin
SandeepMathew wrote:Linux is becoming windowish .. I meant with respect to some features
not the UI .. eg Earlier linux was a plain monolithic kernel . Now
it has support for kernel modules ... It has become more modular
like windows ...
To my knowledge, Microsoft hasn't yet patented the idea of using modules....yet....
SandeepMathew wrote: According to a survey much of the OS crashes occur due to faulty device
drivers .. this is where exokernel comes in .. by moving driver code to
user space should give more stablity ... In principle there should be
less swiches from user mode to kernel mode ... But it seems ...during
the implementation .. same problems will crop up again ...

Guess Aspect Oriented Systems and Language Based Protection (slower with some overhead ) is the way to go ... see JX operating system ...
I have to disagree. Really, language based protection? I like the idea that the programmer should know, to a certain extent, what he is doing. If he needs a babysitter, than he shouldn't be programming to begin with. I like speed. A lot. I'd rather have a crash every few years than have a slow system. (I've only had 2 crashes on my Linux box thus far; both of which were due to Beryl trashing my display.)

Posted: Sun Oct 14, 2007 12:14 am
by Crazed123
And I like the idea of not rewriting decades worth of work on compilers just because some jackass has started the Church of the Safe Language and actually thinks he can compile C into something safe.

He can't. The machine model implied by the C spec is inherently and implicitly unsafe!

Ditto on C++, Objective C, Object Pascal, assembler, and anything else with pointers.

Posted: Sun Oct 14, 2007 1:08 am
by Colonel Kernel
SandeepMathew wrote:Linux is becoming windowish .. I meant with respect to some features
not the UI .. eg Earlier linux was a plain monolithic kernel . Now
it has support for kernel modules ... It has become more modular
like windows ...
At best that's a very passing resemblance. It's like saying two people look alike because they both have brown eyes. It just isn't enough.
Kernel Colonel : I thought Mac Os X was a Microkernel ... It is something
which i read from Silberchatz .. Thanks for the information ... I dont know
much details of the Mac Os X kernel ....
The textbooks seem to be frequently wrong about which modern OSes are microkernels, but I think OS X is especially susceptible to this myth because of its association with Mach.
According to a survey much of the OS crashes occur due to faulty device drivers .. this is where exokernel comes in .. by moving driver code to user space should give more stablity ... In principle there should be less swiches from user mode to kernel mode ... But it seems ...during
the implementation .. same problems will crop up again ...
I think you're conflating exokernels and microkernels. The ideas are somewhat orthogonal. The exokernel concept can be implemented as a microkernel, but it need not be. Xok for example has kernel-mode disk and network drivers, but they are extremely bare-bones and only provide the ability to multiplex disk blocks and packets, respectively. The network driver is especially interesting in that it uses filters sent to it from user space that are expressed in a declarative language designed just for this purpose.
Alboin wrote:Really, language based protection? I like the idea that the programmer should know, to a certain extent, what he is doing. If he needs a babysitter, than he shouldn't be programming to begin with.
You clearly haven't spent any time out there in the real world of software development. People make mistakes all the time. The "babysitting" you speak of has other names -- "unit testing", "code reviews", and if you're lucky, "compiler errors". Guess which one is the cheapest and most effective way to find problems before your code is released into the wild?

To give a concrete example, the project I'm working on right now is all being developed in C++. The core of the team has 5 developers including me, with an average number of years' experience in C++ development of about 5 or 6 (I'm at the high end with over 10 years' experience). Almost everyone on the team has put segfault-causing bugs in the code, repeatedly. Except me of course, because I've been burned so many times that I'm extra careful now. :) These are capable people who have been around C and C++ for a while, and problems like these still happen. It is really, really difficult to focus on solving the problem at hand when you're constantly battling low-level issues like memory management and type safety.

(Disclaimer: I know it's possible to write very abstract C++ using libraries like Boost and STL... this project I'm working on is signifcantly lower-level than that (lots of raw buffer manipulation and data conversion) and must be portable to *nixes where these libraries don't work well, if at all.)
I like speed.
What makes you think language-based protection is necessarily slow? It does not imply interpretation, or JIT, or reflection, or any of that stuff.
I'd rather have a crash every few years than have a slow system. (I've only had 2 crashes on my Linux box thus far; both of which were due to Beryl trashing my display.)
I'd rather have a fast system that doesn't crash, and I think so would most of the rest of the computer-using populace.
Crazed123 wrote:And I like the idea of not rewriting decades worth of work on compilers just because some jackass has started the Church of the Safe Language and actually thinks he can compile C into something safe.
The way you go on you'd think someone was asking you, personally to rewrite decades worth of work on compilers. If other people want to do it, or are getting paid to do it, relax and let them try!
He can't. The machine model implied by the C spec is inherently and implicitly unsafe!

Ditto on C++, Objective C, Object Pascal, assembler, and anything else with pointers.
That's why there are other languages.

The big problem I see with language-based protection is not speed, or the extra compiler R&D, but the lack of choice of languages it seems to imply for application developers. That more than anything else makes me skeptical of the idea, just like the idea of having a universal common language run-time... some languages are just too different for it to make sense.

Posted: Sun Oct 14, 2007 5:06 am
by Avarok
I seem to love playing devil's advocate so may I?

~~~
Exokernel:

Xok fails as an example of a pure exokernel. A pure exokernel doesn't necessarily move everything to ring 3, it just necessarily foists the abstraction completely on someone else. Zero abstraction is perfect, if it's multiplexed and secure.

To that end, something like VirtualIron or Xen is an excellent exokernel in that the user code is securely (we hope) multiplexed on top of what it thinks is raw machine hardware.

~~~

In the "real world of software development", we're all still using 860 languages that are subsets of what's possible in assembler. We're all still using verbose lengths of text to express our code. We're still getting hung up on syntax errors and array bounds exceptions.

My computer still has a floppy controller and 16 bit code to manage hardware I don't have that existed 20 years ago. My BIOS is still proprietary locked down **** that hasn't had anything but caked on "features" since the day I was born. It also only boots 2 seconds faster now than DOS did off that 5 1/4".

I've more or less given up on programming as a whole because of the fundamental flaw in the cornerstone of the whole process. Fix the cornerstone, and the rest of the building will practically land in your lap.

I'd start with the BIOS if you're a systems programmer, or the means of expressing assembler/machine code graphically if you're a general programmer. I like IDA Pro's graph functionality.

With love,
The Devil. :twisted:

Posted: Sun Oct 14, 2007 8:03 am
by Alboin
Colonel Kernel wrote:
Alboin wrote:Really, language based protection? I like the idea that the programmer should know, to a certain extent, what he is doing. If he needs a babysitter, than he shouldn't be programming to begin with.
You clearly haven't spent any time out there in the real world of software development. People make mistakes all the time. The "babysitting" you speak of has other names -- "unit testing", "code reviews", and if you're lucky, "compiler errors". Guess which one is the cheapest and most effective way to find problems before your code is released into the wild?
Please note the boldness of
to a certain extent
I wasn't referring to type checking, and lighter systems, but to languages that are run on a VM\and or checked for every possible little bug at runtime. I'm all for language based checking, that is, to a certain degree.

Posted: Sun Oct 14, 2007 12:44 pm
by Colonel Kernel
Alboin wrote:Please note the boldness of to a certain extent
I noticed. I was responding to this part mainly:
Alboin wrote:If he needs a babysitter, than he shouldn't be programming to begin with.
My point was that you'd be surprised just how perfect a programmer has to be to not need at least a little "babysitting" now and then, at least in the absence of decent type safety guarantees.
I wasn't referring to type checking, and lighter systems, but to languages that are run on a VM\and or checked for every possible little bug at runtime.
As I said language based protection != heavyweight VM, necessarily. You can certainly do it that way if you want crappy performance, but it's not the only way.

Posted: Sun Oct 14, 2007 4:35 pm
by Crazed123
And I object to the safe languages on the basis that I can't kernel hack with them (why not a statically-typed safe language that allowed pointers in declared-unsafe sections just like Object Pascal allows inlined assembler blocks?) and their lack of manual, byte-by-byte memory manipulation makes interfacing them to foreign code rather difficult.

I remember how easy it was to generate Delphi units for major C++ libraries (ran on same OS and same processor == WORKED, with as little as a non-default calling convention), and I cry when I read about "foreign function interfaces" of safer languages like Haskell or ML.

Posted: Tue Oct 16, 2007 12:20 am
by Colonel Kernel
Crazed123 wrote:And I object to the safe languages on the basis that I can't kernel hack with them (why not a statically-typed safe language that allowed pointers in declared-unsafe sections just like Object Pascal allows inlined assembler blocks?) and their lack of manual, byte-by-byte memory manipulation makes interfacing them to foreign code rather difficult.
C# can do all that. Of course a kernel needs unsafe code somewhere. How does your need for kernel hacking conflict with taking advantage of optional type safety in the kernel, and enforcing mandatory type safety of user processes that run in the same address space? If all you ever do is hack the kernel, what do you care about how those user processes run?

Posted: Tue Oct 16, 2007 7:49 am
by AndrewAPrice
Colonel Kernel wrote:Of course a kernel needs unsafe code somewhere.
You never know. One day MS and Intel will design a new processor where everything must run on safe code. Think along the lines of an MSIL processor?