Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

Using MapuSoft Instead of OS Vendor’s Simulators.
Automatic Memory Management Noam Rinetzky Schreiber 123A /seminar/seminar1415a.html.
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Extensibility, Safety and Performance in the SPIN Operating System Brian Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
G Robert Grimm New York University Extensibility: SPIN and exokernels.
Chapter 13 Embedded Systems
Extensibility, Safety and Performance in the SPIN Operating System Dave Camarillo.
A Type System for Expressive Security Policies David Walker Cornell University.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
Chapter 11 Operating Systems
1 Janos Patrick Tullmann Flux Research Group University of Utah.
Exokernel: An Operating System Architecture for Application-Level Resource Management Dawson R. Engler, M. Frans Kaashoek, and James O’Toole Jr. M.I.T.
Outline Chapter 1 Hardware, Software, Programming, Web surfing, … Chapter Goals –Describe the layers of a computer system –Describe the concept.
Os31 Chapter 3 Operating-System Structures. os32 Outlines System Components Operating System Services System Calls System Programs System Structure Virtual.
Silberschatz, Galvin and Gagne  Operating System Concepts Common OS Components Process Management Memory Management File Management I/O System.
Advanced Type Systems for Low-Level Languages Greg Morrisett Cornell University.
1 © 1999 Citrix Systems Inc Java on Nemesis Tim Harris.
© 2004 Soar Technology, Inc.  July 14, 2015  Slide 1 Thinking… …inside the box Randolph M. Jones Commercializing Soar: Software Engineering Perspective.
Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System.
1 OS & Computer Architecture Modern OS Functionality (brief review) Architecture Basics Hardware Support for OS Features.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
What is Concurrent Programming? Maram Bani Younes.
Language Evaluation Criteria
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Lecture 1 Page 1 CS 111 Online Introduction to the Course Purpose of course and relationships to other courses Why study operating systems? Major themes.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Extensibility, Safety and Performance in the SPIN Operating System Ashwini Kulkarni Operating Systems Winter 2006.
Types for Programs and Proofs Lecture 1. What are types? int, float, char, …, arrays types of procedures, functions, references, records, objects,...
Presentation of Singularity OS Seminar, winter 2005 by Jacob Munk-Stander November 23 rd, 2005.
Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
BLU-ICE and the Distributed Control System Constraints for Software Development Strategies Timothy M. McPhillips Stanford Synchrotron Radiation Laboratory.
Programming Models & Runtime Systems Breakout Report MICS PI Meeting, June 27, 2002.
Design engineering Vilnius The goal of design engineering is to produce a model that exhibits: firmness – a program should not have bugs that inhibit.
Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 7 OS System Structure.
Component Technology. Challenges Facing the Software Industry Today’s applications are large & complex – time consuming to develop, difficult and costly.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Modeling Component-based Software Systems with UML 2.0 George T. Edwards Jaiganesh Balasubramanian Arvind S. Krishna Vanderbilt University Nashville, TN.
OSes: 3. OS Structs 1 Operating Systems v Objectives –summarise OSes from several perspectives Certificate Program in Software Development CSE-TC and CSIM,
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM
CS 346 – Chapter 2 OS services –OS user interface –System calls –System programs How to make an OS –Implementation –Structure –Virtual machines Commitment.
Silberschatz, Galvin and Gagne  Operating System Concepts UNIT II Operating System Services.
System Components ● There are three main protected modules of the System  The Hardware Abstraction Layer ● A virtual machine to configure all devices.
ADT data abstraction. Abstraction  representation of concepts by their relevant features only  programming has two major categories of abstraction process.
Review of Parnas’ Criteria for Decomposing Systems into Modules Zheng Wang, Yuan Zhang Michigan State University 04/19/2002.
Operating-System Structures
Version 02U-1 Computer Security: Art and Science1 Correctness by Construction: Developing a Commercial Secure System by Anthony Hall Roderick Chapman.
Lesson 1 1 LESSON 1 l Background information l Introduction to Java Introduction and a Taste of Java.
What Makes Device Driver Development Hard Synthesizing Device Drivers Roumen Kaiabachev and Walid Taha Department of Computer Science, Rice University.
Chapter 10 Software quality. This chapter discusses n Some important properties we want our system to have, specifically correctness and maintainability.
Introduction to Programming 1 1 2Introduction to Java.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
1.3 Operating system services An operating system provide services to programs and to the users of the program. It provides an environment for the execution.
CHESS Methodology and Tool Federico Ciccozzi MBEES Meeting Sälen, January 2011 January 2011.
Module 3: Operating-System Structures
Kernel Design & Implementation
Support for Program Analysis as a First-Class Design Constraint in Legion Michael Bauer 02/22/17.
Types for Programs and Proofs
The Mach System Sri Ramkrishna.
Mobile Operating System
Operating System Structure
Real-time Software Design
JIT Compiler Design Maxine Virtual Machine Dhwani Pandya
In Today’s Class.. General Kernel Responsibilities Kernel Organization
Presentation transcript:

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach

Background: House: a demonstration kernel  Kernel, scheduler, device drivers (Video, Keyboard, Mouse, Network), etc…  Applications: GUI, terminal, calculator, …  Execution of arbitrary user programs L4 microkernel implementation (incomplete)  Scheduling, IPC, memory management  Intended target for formal verification, focusing on security properties such as separation

The “Systems Haskell” Project: Preserve critical, distinguishing features of the current Haskell design  Expressive type system  Support for abstraction  Strong mathematical foundations Address the shortcomings of Haskell for writing high-assurance systems software  Safe access to low-level operations  Small, configurable, trustworthy run-time system  Ability to manage resource usage explicitly

Low-level Operations in Haskell: The Foreign Function Interface (FFI) provides a way to access low-level machine features  Some features (e.g., reading and writing memory, manipulating pointers) are already included  Others can be coded in C and/or assembly and then packaged as new Haskell primitives But many of these functions are unsafe Requires careful and disciplined use to ensure that type and memory safety are preserved

Safe Low-level Operations Using the H-Interface: A hardware abstraction layer that encapsulates the use of unsafe low-level primitives Goals: small, reusable, safe Semantics and safety guarantees captured by a collection of formal properties Still requires careful and disciplined construction

Observations on Safe Low-level Operations: Many low-level operations are safe, but the FFI provides no way to enforce safety constraints  Example: restricting memory accesses to a particular region of memory  Solution: typed memory areas and bitdata primitives Truly untrusted low-level operations should not be able to break orthogonal safety guarantees  Example: preventing foreign function calls from accessing the heap

Both of our kernels rely on a port of the GHC run-time system that runs on bare metal * Characteristics of GHC:  Open source, active development community 50-75kloc, many configurations, unsupported legacy code  Full featured (support for powerful extensions) Many of these features aren’t needed by our systems  Highly optimized Difficult to understand, let alone reason about RTS Support in Haskell: * Initial port done by Carlier and Bobio’s hOp project.

Observations on RTS Design: A monolithic run-time system cannot be both:  Generic enough to support all of the different forms of memory allocation and/or concurrency that are required in a range of systems applications  Simple enough to enable a manageable, verifiable implementation A highly modular run-time system can support:  Independent certification of components  Configuration/customization of application-specific run-time systems that include only the components that are needed

Resource Management in Haskell: High-level languages are designed to hide low- level implementation details from programmers Example: garbage collection presents the illusion of an infinite memory  Allocate without checking, avoid nasty pointer bugs  GC algorithm quietly identifies & recycles garbage But real computers do have real limits:  Programs cannot run if the heap is exhausted  Separate threads can starve one another by consuming resources

Observations on Resource Management: New language mechanisms, backed by run-time support, are needed:  To enable fine-grained accounting for memory usage  To support dynamic partitioning and reallocation of memory between threads  To provide facilities for detecting and recovering from memory overflow What lessons can we learn from the systems community, where such issues receive much greater attention?

Summary: Developing systems software is challenging Higher-level languages can help programmers to manage the complexity of low-level details while also producing code that is amenable to high-level analysis and verification Critical focus areas for Systems Haskell include:  safe and direct manipulation of low-level structures  run-time system configuration  reflective resource management  performance

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.