- 论坛徽章:
- 0
|
Andrew S. Tanenaum, Jorrit N. Herder, and Herbert Bos
IEEE Computer Society, 2006
Unreliable reasons: huge(more bugs) and poor fault isolation(procedures can affect each other);
[1] shows that 6-16 bugs exist per 1000 lines of executable code;
[2] shows that 2-75 bugs exist per 1000 lines of executable code, depending on the size of a module;
[3] shows that driver code suffers a error rate 3-7 times higher than normal code.
Solutions:
1. Armored OS
Nooks[4] protect monolithic kernels against driver failure by wrapping each driver with a protective layer to check its interactions with the kernel, and recovery it automatically when failing by recording the previous operation on the driver. A driver can only read the address out of its private address space and interact with the kernel by calling functions. But the wrapping layer has to be written manually, which may import new bugs, and the drivers can still execute privileged instructions that they should not.
2. Paravirtual Machines
It's based on the idea that running multiple instances of operating systems on a bare machine, each unware of the existance of the other, could improve the reliability of the system. [5] adapts this concept to protection within a single OS. L4Linux[6] runs multiple slightly modified Linux kernels on a L4[7] micro kernel, the extra overhead of which is about 3%-8%.
3. Multiserver OS(Microkernel OS)
The kernel handles only interrupts, basic process management, interprocess communication, and process scheduling.The use of user mode drivers has an affect on performance decreasing of less than 10%.
4. Language Based Protection
The system is written almost entirely in a type-safe language, running like a Java virtual machine.
References:
[1] V.R. Basili and B.T. Perricone, “Software Errors and Complexity: an Empirical Investigation”” Commun. of the ACM, vol. 27, Jan. 1984, pp. 42-52
[2] T.J. Ostrand and E.J. Weyuker, “The distribution of faults in a large industrial software system”” Proc. Int'l Symp. on Software Testing and Analysis, ACM, 2002, pp. 55-64
[3] A. Chou, J. Yang, B. Chelf, S. Hallem, and D. Engler, “An Empirical Study of Operating System Errors”” Proc. th ACM Symp. on Operating Syst. Prin., ACM, pp. 77-83, 2001.
[4] M. Swift, B. Bershad, and H. Levy, “Improving the Reliablity of Commodity Operating Systems”” ACM Trans. on Operating Systems, vol. 23, pp. 77-110, 2005
[5] J. LeVasseur, V. Uhlig, J. Soess, and Stefan Gotz, “Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines”” Proc. Sixth symp. on Operating System Design and Impl. Pp 17-30, 2004
[6] H. Hartig, H. Hohmuth, J. Liedtke, S. Schonberg, and J. Wolter, “The Performance of Microkernel-Based Systems”Proc. 16th ACM Symp. on Operating Syst. Prin., pp. 66-77, 1997.
[7] J. Liedtke, “On Microkernel Construction,” Proc. 15th ACM Symp. on Operating Syst. Prin., pp. 237-250, 1995.
原贴链接:
http://romeozhu.blogspot.com/200 ... make-operating.html
我的博客:
http://romeozhu.blogspot.com |
|