Redirected from Exokernel
The kernel is the fundamental part of an operating system. It is responsible for providing secure multiplexing and arbitration of a machine's hardware, which it provides in the form of a set of abstractions.
Some operating systems, such as Linux, have monolithic kernels which provide rich and powerful abstractions. Others, such as GNU Hurd have microkernels which provide a small set of simple abstractions. Yet others have exokernels which provide no abstractions. In the latter cases, the remaining features require small modules which can be flexibly configured.
Monolithic kernels The monolithic approach defines a high-level virtual interface over the hardware, with a set of primitives or system calls to implement operating system services such as process management, concurrency, and memory management in several modules that run in supervisor mode.
Even if every module servicing these operations is separate from the whole, the code integration is very tight and difficult to do easily and correctly, and, as all the modules run in the same space, a bug in one of them can bring down the whole system. However, when the implementation is complete and trustworthy, the tight internal integration of components allows the low-level features of the underlying system to be effectively exploited, making a good monolithic kernel highly efficient. Proponents of the monolithic kernel approach make the case that if code is not correct, it does not belong in a kernel, and if it is, there is little advantage in the microkernel approach.
A hybrid monolithic kernel is one that can load modules at runtime.
Examples of monolithic kernels:
Microkernels The microkernel approach consists in defining a very simple virtual machine over the hardware, with a set of primitives or system calls to implement minimal OS services such as thread management, address spaces and interprocess communication.
The main objective is the separation of basic service implementations from the operation policy of the system. For example, the process I/O locking could be implemented by a user server running on top of the microkernel. These user servers, used to carry on the system high level parts, are very modular and simplify the structure and design of the kernel. A service server that fails doesn't bring the entire system down; this simpler module can be restarted independently of the rest.
Examples of microkernels:
Monolithic kernels vs. microkernels Monolithic kernels are typically preferred over microkernels due to the lower level of complexity of dealing with all system control code in one address space. For example, XNU, the Mac OS X kernel, is based on Mach 3.0 + BSD in the same address space in order to cut down on the latency incurred by the traditionaly microkernel design.
In the early 1990s, monolithic kernels were considered obsolete. The design of Linux as a monolithic kernel rather than a microkernel was the topic of a famous flame war between Linus Torvalds and Andrew Tanenbaum; a summary (http://www.dina.dk/~abraham/Linus_vs_Tanenbaum) is available online.
There is correctness in both sides of the arguments presented in the Tanenbaum/Torvalds debate. Monolithic kernels tend to be easier to design correctly and therefore may grow more quickly than a microkernel based system. There are success stories in both camps.
Contrary to popular belief, Mach is not the end-all, be-all of microkernel techonology. L3[?] was created to debunk the myth that microkernels are slow. L4[?] is a successor to L3[?] and a popular implementation called Fiasco[?] is able to run Linux next to other L4[?] processes in separate address spaces. There are screenshots available on freshmeat.net showing this feat.
QNX is an operating system that has been around since the early 1980s and has a very minimalistic microkernel design. This system has been far more successful than Mach in achieving the goals of the microkernel paradigm. It is used in situations where software is not allowed to fail. This includes the robotic arms on the space shuttle to machines that grind glass where a tiny mistake may cost hundreds of thousands of dollars.
Many believe that since Mach basically failed to address the sum of the issues that microkernels were meant to solve that all microkernel technology is useless. Mach enthusiasts state that this is a closed minded attitude which has become popular enough that people just accept it as truth.
The idea behind this is, nobody knows better how to make efficient use of available hardware but the application developer, so enable him to make the decisions. Exokernels are extremly small, since they arbitrarily limit their functionality to the protection and multiplexing of resources.
"Classic" kernel designs (both monolithic and microkernels) abstract the hardware, hiding resources under the hardware abstraction layer (HAL), or behind "trusted" servers (i.e., the servers are extensions of kernel functionality, and there is no way around them).
In these "classic" systems, if you allocate memory, you have no saying in which physical page you will be returned by the OS. If you write to a file, you have no saying on file system or physical block allocation.
It is this abstraction layer that an exokernel tries to avoid. It allows an application to request a specific piece of memory, a specific disk block etc., and merely ensures that the requested resource is free, and the application is allowed to access it.
Since an exokernel is therefore only providing a very low-level interface to the hardware, lacking any of the higher-level functionalities of other operating systems, it is augmented by a "library operating system". Such a libOS[?] interfaces to the exokernel below, and provides application writers with the familiar functionalities of a complete OS.
This has several implications:
It is possible to have several different libOSes in the system. If, for example, you have a libOS that exports a Unix API and one exporting a Windows API, nothing keeps you from running an application linking the Windows libOS and one linking the Unix libOS, simultaneously. libOS development is done in user space -- no reboots, no terminal debugging, fully memory protected. Application designers are free to replace parts, or all of the libOS with abstractions of their own, to increase performance.