Presentation is loading. Please wait.

Presentation is loading. Please wait.

KaffeOS: Controlling Resources In A Multi-Process Java Virtual Machine Godmar Back.

Published byMarjory Fox Modified over 8 years ago

Similar presentations

Presentation on theme: "KaffeOS: Controlling Resources In A Multi-Process Java Virtual Machine Godmar Back."— Presentation transcript:

1 KaffeOS: Controlling Resources In A Multi-Process Java Virtual Machine Godmar Back

2 Summary A model for a Java run-time system that isolates and controls the resource consumption of processes allows safe termination of processes allows processes to directly share objects

3 What is Java used for? Applets in Netscape’s Mozilla Browser Customized Queries in Oracle’s Database Server Servlets running in Apache’s Web Server  These systems run multiple programs simultaneously

4 One-in-one or Many-in-one? Operating System JVM Java Prg1 JVM Java Prg2 Java Prg3 Java Prg1 Java Prg2 Java Prg3 KaffeOS

5 What does an OS provide? Hardware Abstraction Layer Security & Protection Resource Management Isolation Reclamation Termination Communication Sharing

6 What does an OS provide? Hardware Abstraction Layer Security & Protection Resource Management Isolation Reclamation Termination Communication Sharing

7 Is Type Safety enough? Language properties guarantee protection only! They do not –support safe termination –control & manage resources –enable communication & sharing

8 Assumptions & Goals Comprehensive accounting with focus on memory & CPU cycles Full accounting for resources spent in garbage collection Allow direct sharing of structured data for inter-process communication Guarantee safe termination

9 Problems with existing JVMs Do not support processes Do not support safe termination Existing approaches either –do not fully isolate resource consumption or –do not allow direct sharing

10 Terminating Threads in Java First-generation Java systems do not support safe termination of uncooperative threads Safe termination requires atomicity Stopping threads in Sun’s Java: –no atomicity –hence Thread.stop() is deprecated

11 Client Sharing Attack Server

12 KaffeOS Model Kernel structure –user/kernel mode, red line Resource classification –define resource consumption contexts Separate heaps, separate GC IPC through structured sharing –programming model

13 KaffeOS Kernel Multiple functions –trusted –accounts for resources –manages and accounts for sharing –guarantees safe termination Monolithic –implements system services

14 Safe Termination Termination requests postponed in kernel mode –kernel is still preemptible –kernel can safely back out of any error condition User mode is fully stoppable Does not solve general problem of asynchronous termination

15 Drawing The Red Line User GC Kernel GC User code (untrusted) Kernel code (trusted) Runtime Libs (trusted) Finalization User Kernel

16 Classifying Resources Transient resources: –scheduled for short time quanta –access can be preempted –e.g.: CPU time, network bandwidth Permanent resources: –scheduled for longer time quanta –revocation leads to termination –e.g.: memory

17 Consumption Contexts Process: context for the consumption of permanent resources –memory, file descriptors Thread: context for the consumption of transient resources –cycles, network device Problem: scheduling excess resources

18 Resource API Specify how to –denote and manipulate resources –create resource hierarchies –assign resources to processes and threads –provide feedback on their consumption –associate resources with users

19 Memory Separation Kernel Heap Heap AHeap B Per-process heaps Separately accounted and collected

20 Separating GC Collect heaps independently Use distributed garbage collection technique –cross-references treated like remote references Monitor writes Shared scanning of thread stacks

21 Sharing Kernel Heap Heap A Heap B Shared objects Separately accounted Fully collected Basic datatypes Shared Buffer

22 Programming Model class Buffer { int length; int offset; byte []data; } Producer/Consumer Agree on buffer type to share data Register shared type Create buffer Use it transparently

23 Sharing Example Producer Class bufferClass = Shared.register(“Buffer”); Buffer b = (Buffer)Shared.create(bufferClass, “ourbuffer”); synchronized (b) { produceData(b); b.signal(); } Consumer Class bufferClass = Shared.register(“Buffer”); Buffer b = (Buffer)Shared.lookup(bufferClass, “ourbuffer”); synchronized (b) { b.wait(); consumeData(b); }

24 Experimental Setup Proof of concept and evaluation Reuse and extend existing Kaffe libraries –Will run the same applications as base Kaffe Use OSKit components where needed –CPUI scheduling

25 Evaluation Resource control mechanism –simulate denial-of-service attacks –full reclamation Safe termination –check integrity Sharing –is it a viable communication mechanism?

26 Efficiency Microbenchmarks –base VM performance –write barrier overhead Memory overhead –GC overhead

27 Experimental Comparison Macrobenchmarks –JVMSpec 98 industry benchmark Compare with –serialization-based RPC in JKernel –traditional OS communication based on underlying OS (one-in-one approach) –unrestricted sharing

28 Related Work OS research –SPIN Resource management in OS –Resource Containers, Escort Java research –JKernel, JRes, Alta

29 OS Research SPIN [Bershad ‘95] Provides extensibility, safety, and speed –type-safe kernel extensions in Modula-3 –directly linked with kernel –no process abstraction –hard to control & unload

30 Resource Management Research Resource containers [Banga ‘99] –consumption contexts for traditional monolithic OS –account resources for activities Escort [Spatscheck ‘99] –consumption contexts: paths & protection domains

31 100% Pure Java Approaches JKernel [Hawblitzel ‘98] –sharing only through capabilities –serialization-based RPC JRes [Czajkowski ‘98] –instrument bytecode –use callbacks when resource limits have been exceeded

32 Extensions to Java Alta [Tullmann ‘98] –derived from Fluke microkernel –nesting model for name spaces and all resources –clear user/kernel separation –GC not per-process –requires extensions to type system for sharing

33 Open Issues Sharing of more complex structures –copying overhead Interaction between modern collectors and heap separation –possibility of heap fragmentation Unresolved issues in CPU inheritance scheduling

34 Conclusion Java runtime systems require an OS- like structure –independent of whether they will replace traditional HW-based operating systems KaffeOS is a model that allows –safe termination –resource control –structured data sharing

Download ppt "KaffeOS: Controlling Resources In A Multi-Process Java Virtual Machine Godmar Back."

Similar presentations

Operating Systems Components of OS

Operating Systems Components of OS
Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Resource Containers: A new Facility for Resource Management in Server Systems G. Banga, P. Druschel,

CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Resource Containers: A new Facility for Resource Management in Server Systems G. Banga, P. Druschel,
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
PlanetLab Operating System support* *a work in progress.

PlanetLab Operating System support* *a work in progress.
Janos A Java-oriented Active Network Operating System Jay Lepreau, Patrick Tullmann, Kristin Wright Wilson Hsieh, Godmar Back, many more... University.

Janos A Java-oriented Active Network Operating System Jay Lepreau, Patrick Tullmann, Kristin Wright Wilson Hsieh, Godmar Back, many more... University.
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.

Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, and Henry M. Levy Presented by Alana Sweat.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, David Becker, Marc.
Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,

Extensibility, Safety and Performance in the SPIN Operating System Department of Computer Science and Engineering, University of Washington Brian N. Bershad,
Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.

Extensible Kernels Edgar Velázquez-Armendáriz September 24 th 2009.
The Alta Operating System Patrick Tullmann Masters Thesis Defense University of Utah.

The Alta Operating System Patrick Tullmann Masters Thesis Defense University of Utah.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,

Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
CS533 Concepts of Operating Systems Class 8 Shared Memory Implementations of Remote Procedure Call.

CS533 Concepts of Operating Systems Class 8 Shared Memory Implementations of Remote Procedure Call.
CS533 Concepts of Operating Systems Class 4 Remote Procedure Call.

CS533 Concepts of Operating Systems Class 4 Remote Procedure Call.
Extensibility, Safety and Performance in the SPIN Operating System Dave Camarillo.

Extensibility, Safety and Performance in the SPIN Operating System Dave Camarillo.
6/12/20011 KaffeOS: Isolation, Resource Management and Sharing in Java Godmar Back School of Computing University of Utah Dissertation Defense.

6/12/20011 KaffeOS: Isolation, Resource Management and Sharing in Java Godmar Back School of Computing University of Utah Dissertation Defense.
1/28/2004CSCI 315 Operating Systems Design1 Operating System Structures & Processes Notice: The slides for this lecture have been largely based on those.

1/28/2004CSCI 315 Operating Systems Design1 Operating System Structures & Processes Notice: The slides for this lecture have been largely based on those.
Multitasking JVMs Isolates and KaffeOS Presentation by James Rose.

Multitasking JVMs Isolates and KaffeOS Presentation by James Rose.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.

Similar presentations

Ads by Google