The benefits and costs of writing a POSIX kernel in a high-level language

This paper presents an evaluation of the use of a high-level language (HLL) with garbage collection to implement a monolithic POSIX-style kernel. The goal is to explore if it is reasonable to use an HLL instead of C for such kernels, by examining performance costs, implementation challenges, and programmability and safety benefits. The paper contributes Biscuit, a kernel written in Go that implements enough of POSIX (virtual memory, mmap, TCP/IP sockets, a logging file system, poll, etc.) to execute significant applications. Biscuit makes liberal use of Go's HLL features (closures, channels, maps, interfaces, garbage collected heap allocation), which subjectively made programming easier. The most challenging puzzle was handling the possibility of running out of kernel heap memory; Biscuit benefited from the analyzability of Go source to address this challenge. On a set of kernel-intensive benchmarks (including NGINX and Redis) the fraction of kernel CPU time Biscuit spends on HLL features (primarily garbage collection and thread stack expansion checks) ranges up to 13%. The longest single GC-related pause suffered by NGINX was 115 microseconds; the longest observed sum of GC delays to a complete NGINX client request was 600 microseconds. In experiments comparing nearly identical system call, page fault, and context switch code paths written in Go and C, the Go version was 5% to 15% slower.

[1]  James H. Morris,et al.  Early experience with Mesa , 1977 .

[2]  Elvira Albert,et al.  Live heap space analysis for languages with garbage collection , 2009, ISMM '09.

[3]  Armando Solar-Lezama,et al.  Towards optimization-safe systems: analyzing the impact of undefined behavior , 2013, SOSP.

[4]  Richard D. Greenblatt,et al.  A LISP Machine , 1980, CAW '80.

[5]  David F. Bacon,et al.  IBM Research Report Staccato: A Parallel and Concurrent Real-time Compacting Garbage Collector for Multiprocessors , 2008 .

[6]  D. F. Bacon,et al.  Staccato : A Parallel and Concurrent Real-time Compacting Garbage Collector for Multiprocessors Bill , 2008 .

[7]  Luca Faust,et al.  Modern Operating Systems , 2016 .

[8]  Yogen K. Dalal,et al.  Pilot: an operating system for a personal computer , 1980, CACM.

[9]  M. Frans Kaashoek,et al.  Scaling a file system to many cores using an operation log , 2017, SOSP.

[10]  Philip Levis,et al.  Multiprogramming a 64kB Computer Safely and Efficiently , 2017, SOSP.

[11]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[12]  Martín Abadi,et al.  An Overview of the Singularity Project , 2005 .

[13]  Henry G. Baker,et al.  List processing in real time on a serial computer , 1978, CACM.

[14]  Mark P. Jones,et al.  A principled approach to operating system construction in Haskell , 2005, ICFP '05.

[15]  Jon Crowcroft,et al.  Unikernels: library operating systems for the cloud , 2013, ASPLOS '13.

[16]  Derek Bruening,et al.  AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.

[17]  Shengchao Qin,et al.  Memory Usage Verification for OO Programs , 2005, SAS.

[18]  Xi Wang,et al.  Linux kernel vulnerabilities: state-of-the-art defenses and open problems , 2011, APSys.

[19]  Warren Teitelman,et al.  The cedar programming environment: a midterm report and examination , 1984 .

[20]  Wei-Ngan Chin,et al.  A Fast Algorithm to Compute Heap Memory Bounds of Java Card Applets , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[21]  Wilson C. Hsieh,et al.  The KaffeOS Java runtime system , 2005, TOPL.

[22]  Christophe Calvès,et al.  Faults in linux: ten years later , 2011, ASPLOS XVI.

[23]  Jeffrey H. Meyerson,et al.  The Go Programming Language , 2014, IEEE Softw..

[24]  Brian W. Kernighan,et al.  The Go Programming Language , 2015 .

[25]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[26]  Shriram Krishnamurthi,et al.  Reenix: Implementing a Unix-Like Operating System in Rust , 2015 .

[27]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[28]  Emery D. Berger,et al.  Quantifying the performance of garbage collection vs. explicit memory management , 2005, OOPSLA '05.

[29]  Jeff Bonwick,et al.  The Slab Allocator: An Object-Caching Kernel Memory Allocator , 1994, USENIX Summer.

[30]  K. K. Ramakrishnan,et al.  Eliminating receive livelock in an interrupt-driven kernel , 1996, TOCS.

[31]  Wilson C. Hsieh,et al.  Techniques for the Design of Java Operating Systems , 2000, USENIX Annual Technical Conference, General Track.

[32]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[33]  David E. Culler,et al.  Ownership is theft: experiences building an embedded OS in rust , 2015, PLOS@SOSP.

[34]  Michael Burrows,et al.  Performance of Firefly RPC , 1990, ACM Trans. Comput. Syst..

[35]  Deyu Hu,et al.  Implementing Multiple Protection Domains in Java , 1998, USENIX Annual Technical Conference.

[36]  Jong-Deok Choi,et al.  Stack allocation and synchronization optimizations for Java using escape analysis , 2003, TOPL.

[37]  Lawrence C. Stewart,et al.  Firefly: a multiprocessor workstation , 1987, IEEE Trans. Computers.

[38]  James R. Larus,et al.  Singularity: rethinking the software stack , 2007, OPSR.

[39]  Ankush Das,et al.  Towards automatic resource bound analysis for OCaml , 2016, POPL.

[40]  Jon A. Solworth,et al.  Ethos' Deeply Integrated Distributed Types , 2014, 2014 IEEE Security and Privacy Workshops.

[41]  Emery D. Berger,et al.  Automatic heap sizing: taking real memory into account , 2004, ISMM '04.

[42]  Paul E. McKenney,et al.  RCU Usage In the Linux Kernel : One Decade Later , 2012 .

[43]  Luiz André Barroso,et al.  The tail at scale , 2013, CACM.

[44]  Michael Wolf,et al.  The Collie: a wait-free compacting collector , 2012, ISMM '12.

[45]  Sergio Yovine,et al.  Parametric prediction of heap memory requirements , 2008, ISMM '08.

[46]  Bruno Blanchet,et al.  Escape analysis for JavaTM: Theory and practice , 2003, TOPL.

[47]  John Regehr,et al.  Precise garbage collection for C , 2009, ISMM '09.

[48]  Paul E. McKenney,et al.  READ-COPY UPDATE: USING EXECUTION HISTORY TO SOLVE CONCURRENCY PROBLEMS , 2002 .

[49]  Yanhong A. Liu,et al.  Optimized Live Heap Bound Analysis , 2002, VMCAI.

[50]  Perry Cheng,et al.  Demystifying magic: high-level low-level programming , 2009, VEE '09.