Slashdot Mirror
The Great Microkernel Debate Continues
ficken writes "The great conversation about micro vs. monolithic kernel is still alive and well. Andy Tanenbaum weighs in with another article about the virtues of microkernels. From the article: 'Over the years there have been endless postings on forums such as Slashdot about how microkernels are slow, how microkernels are hard to program, how they aren't in use commercially, and a lot of other nonsense. Virtually all of these postings have come from people who don't have a clue what a microkernel is or what one can do. I think it would raise the level of discussion if people making such postings would first try a microkernel-based operating system and then make postings like "I tried an OS based on a microkernel and I observed X, Y, and Z first hand." Has a lot more credibility.'"
...as flamebait.
"We've not argued about this for a while. Let's have a shouting match...Is crushing a suspect's child's testicles illegal?
John Yoo: "No, [if] the President thinks he needs to do that."
And now, cue thousands of replies from people who have personally created microkernels and have sensible observations to make on their validity as a base for an OS...
(crickets)
stuff |
One of the main issues with microkernels is that of performance, but the trade-off results in reduced stability if you have a bad driver, since there is no notion of memory protection for drivers in a monolithic kernel.
The way I see it, is given the current performance of systems, getting a fast, but slightly less stable kernel counts for a lot, but in the future when the overhead provided a microkernel is deemed insignificant we will see them become the norm. In many ways this is much like when we were all using SCSI CD burners because the processor couldn't keep up, but now we are all using IDE CD burners because CPUs can more than handle the task.
Jumpstart the tartan drive.
Like many other "this vs. that" wars, neither micro- nor monolithic-kernel architectures are best for all tasks.
In many cases the difference for the end-user is small enough that it's not worth doing things "the best way" if the tools and talent available lean the other way.
We didn't go for VHS over Beta because it had better quality video, we went for it because of marketplace and other factors.
We didn't go with a monolithic Linux over the once-Apple-sponsored mkLinux because it was inherently better for every possible task under the sun, we went with it because it was better for some tasks and good enough for others and it had more support from interested parties, i.e. marketplace factors.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Haven't we dealt with this before?
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
I much doubt whether the average user cares (never mind understands) if the kernel is monolithic, microkernel, or heated corn -- and for what we average users tend to use our compueters for (i.e. running our office apps, surfing the Interweb, listening to music, occassionaly watching video or fixing red-eye in pictures of our children) it's not going to be the kernel that dictates user experience or perception of "slow". You db admins, SETI enthusiasts and google administrators may care more. (I turned in my geek card long ago.)
Hmmm....he must be new here ;)
hilarious
Thats great.... the article is dated May 12, 2006. Is it still "news" if its "old news"?
QNX. www.qnx.com. Best OS ever. Very long life support (qnx 4.x last patch was issued 17yrs after it was released). Now it is free for non-commercial use, with source.
The rise of virtualization proves the validity of the microkernel concept, whereby the hypervisor now takes the place of the original "kernel" (note the similarity in block diagrams: microkernel vs. hypervisor designs). Virtual machines are now used instead of function-specific modules in the original microkernel designs, with specialized VMs for performing I/O and to host virtual appliances with just enough user-level code needed to support a particular application.
Nooface
In Search of the Post-PC Interface
I don't see the point in buying QNX. They already have Singularity which seems very interesting to me. Now I don't know much about microkernels but the idea looks nice. Let compiler handle all the nasty IPC stuff at compile time to lower the performance penalty which comes from process context switches and such.
You don't know what you don't know.
But is QNX relevant? I mean, outside the world of embedded devices?
Even agreeing that it is a nice OS, what is its market share as a desktop or server platform? Certainly less than 1/1000th of what Linux or even BSD have.
Although microkernel OSs may be "nicer" from a design point of view, on the practical side the monolithical ones are serving us very well.
NT (like OSX) has a microkernel, but the operating system isn't just the microkernel. Most of OSX (for example) actually runs on UNIX which runs as a single application of the microkernel. NT also has an enormous number of kernel-entry points which means that it too is a monlithic-kernel-based system that happens to run on a microkernel.
A real microkernel-based system will have a lot of the userland facilities designed to take advantage of message passing and will probably look more like HURD or Squeak than it will like NT or NeXT. QNX and VxWorks are the only successful microkernel-based systems that I'm aware of, and frankly both of them are losing big to Linux, so we might have to say were the only successful systems in the future...
I did my senior project in college on this in 1998... At that time I was looking at something from MIT called the exo-kernel and comparing it to some 2.4 version of the linux kernel. Back in 1998 the problem was mainly that nobody had invested in that particular mirco-kernel technology, unlike say mach, because it was a research project. In my conclusion, it was clear I could not do a meaningful comparison of complex applications on both OSes due to its lack of maturity. But there was one thing that was clear, the design philosophy behind the micro kernel allowed a much more flexible way to interact with the hardware.
The time it would take to design an implement a what the equivalent of driver would be were smaller. In the end it puts more flexibility into the hands of the application designer with the kernel taking care of just the bare minimum. The initial work at the time reported a 10x improvement in performance since you could customize so much of how the hardware resources were being used. This of course comes at a price, in addition to developing the application, you need to develop the drivers it uses, possibly increasing the time to write anything significant.
But in the end, flexability was key, and you can see some of the microkernel design philosophies start to seep into the linux kernel. Take a look at kernel modules for example. The code is already being abstracted out, now if it just effectively was designed to run in userspace.
My thoughts are that in the end the microkernel will win do to the fact that I can engineer a more complex OS that is cheaper to change, not because it is faster. Tis is the compromise that was made with compilers vs. machine language programming. In the end I think Tanenbaum will win, linux will become a microkernel out of necessity, and Linus as it turns out would have gotten a good grade from Dr. Tanenbaum. He just would have handed his final project in 40 years late by the time it happens.
BOFH, My model for being a sysadmin :)
I do not doubt they've tried. The interesting information is why it hasn't worked. Unfortunately, people seldom publicise failures of ideas they advocate.
One very obvious impediment is the existance of priviliged instructions. For example, on x86 the HLT instruction (used to trigger powersavings) is priviliged, Ring0. So the idle thread has to be Ring0, in the kernel. Then there is Linus' point to trampling memory spaces.
I strongly suspect a microkernel will suffer in security or additional ring transitions/TLB if Ring1 or Ring2 are used. This modern fast hardware, this might be less noticeable.
... "ficken" in german means to bang, to bonk, to frig, to fuck, to hump, to screw or to shag!
C'mon Andy... Give it up, you're not going to sway someone with your arguments, no more than you swayed the public to run "free GNU on their 200 MIPS, 64M SPARCstation-5". A lot of the stuff Andy stated in the "Tanenbaum-Torvalds" debate turned out to be just plain wrong.
- He asserted that x86 architechture was doomed to extinction. Yet the majority of the -planet- uses an x86 machine of some sort as of 2008.
- He alluded to the Linux kernel being hard to port because of it's ties to x86 architechture, citing how Minix was ported to x86, 680x0, and SPARC. Yet there's hardly a piece of silicon worthy of driving a terminal that Linux hasn't been ported to
- oh... and the whole "Linux is obsolete" thing was a complete pile of rubbish.
Fifty watts per channel, baby cakes.
You are partially correct. The mach kernel is one of the first implementations of microkernels. OS X is derived from this as well as the mklinux experiment of the late 90s. But just like the difference between CISC and RISC processors has been on a collision course, monolithic and microkernels have picked the best features of the other. OS X is based on the XNU kernel. A mach/monolithic hybrid. The performance of pure microkernels was just never up to the task.
The most popular microkernel these days is Xen. It actually has more system calls than classic UNIX, but device drivers and filesystems are all run outside of ring 0 and most of the system calls are direct equivalents to privileged instructions. It implements shared memory for IPC and recommends a lockless ring buffer for message passing.
I am TheRaven on Soylent News
It is very misleading to call OS X microkernel based. It does run on a microkernel, but all of the normal drivers run in kernel mode so it is not a true microkernel.
If you read the article, Tannenbaum reminds everyone of how Microsoft paid Ken Brown to write a book accusing Linus of stealing the Minix microkernel. FTFA:
Kevin Smith on Prince
QNX is relevant. Is it popular on the desktop? Not really but then you could say is BSD relevant? Is it popular on the desktop compared to Windows, MacOS/X or even Linux?
Is Linux relevant on the desktop? If you don't count duel boot machines how many Linux desktops are out there?
"Although microkernel OSs may be "nicer" from a design point of view, on the practical side the monolithical ones are serving us very well."
I have heard that argument before except it was about Unix. MS-DOS was so much faster and used less ram and drive space than Unix did.
To just dismiss microkernels because monolithic kernels are good enough is silly.
Actually Linux is starting to take some ideas from Microkernals. FUSE is a Microkernel idea. Moving more device drivers into userspace is also a very good idea. It means that security issues with a driver are less likely to root the OS or take out the OS with a crash.
Stablity and security are important aren't they?
But back to your comment yes QNX is relevant. It is relevant because it proves that you can have a small, fast, and stable microkernal OS.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I'm guessing that Andy Tannenbaum might want you to take a look at MINIX 3.
That's just a wild stab in the dark, though.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
OS X, strictly speaking, is a hybrid kernel. Essentially, NeXT mashed together Carnegie Mellon's microkernel Mach with BSD (a monolithic kernel) - yielding the overwhelmingly originally named XNU kernel. (X is Not Unix). So in short - yes , OS X is a microkernel based OS, but is just as much a monolithic kernel based OS.
The secret to creativity is knowing how to hide your sources. - Albert Einstein
They do this using:
I believe the use of superior hardware access, and address space separations should die out in favor of an alternative: runtime-level protection.
As more and more systems move to be based on bytecode-running virtual machines and as JIT's and hardware improves, it is becoming clearer that in the future, "static native code" (C/C++ executables and such) will die out to make room for JIT'd native code (Java/.NET).
I believe that this will happen because JIT can and will optimize better than a static compiler running completely before execution. Such languages are also easier to develop with.
Once such runtimes are used, some aspects of reliability/safety are guaranteed (memory overruns cannot occur. References to inaccessible objects cannot be synthesized). By relying on these measures for security, as well, we can eliminate both the need for elevated kernel access, and address space/context switches. This is desirable for several reasons:
Once relying on the runtime for security and reliability, a "kernel" becomes nothing more than a thread scheduler and a hardware abstraction object library.
I believe this is the correct design for future systems, and is my answer to the micro vs monolothic question: Neither!
So perhaps, like with launchd, Apple (who really does have decades of *NIX experience. Think A/UX) has actually come up with a third, and obviously viable, option: XNU.
Therefore, a new question suggests itself: Do we really have to have a three-way debate? Micro v. Mono v. XNU (hybrid)???
Actually, there is no microkernel in OS X. Everything in the operating system runs in the same kernel address space. Although individual subsystems within OS X can talk to each other with Mach messages (and also user space) they can also see each other's memory. Also, the VFS subsystem system and the network stack were lifted direct from BSD (although as of 10.4 they are much modified).
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
I hate when people says "NT/OS X are microkernels but don't work like microkernels", or they call them "hybrid kernels"
Either you're microkernel or not. Either you run filesystems and network stacks in separated, isolated processes and address spaces, or you don't. NT and OS X don't run anything of that as a separated process, which was the whole point of having a microkernel. They run it in the same process space than everything else. Just like like linux, solaris, windows 9x. In other words, they aren't microkernels.
Yes, they have source-level design abstractions inherited from microkernels to make the design more modular. So do Linux, Solaris or any other decent monolithic kernel, even if they didn't inherited it from microkernels. Microkernel people wasted their years saying that a microkernel where needed to achieve "modularity", when the fact is that "modularity" in the design of software is not something that you can achieve only by running things in different process spaces. After 20 years they haven't realized that many parts of linux or solaris are more modular than their equivalents of minix or hurd.
I'm going to disagree with you. This debate's been raging for years, and he's calling for people to try the most available one on the market right now. He's not going to get money from it, all he'll get is maybe some development done for it. Since he's a professor and could just as easily make the development an assignment or extra credit, it's much more likely that he's trying to inject some experience into the debate instead of turning it into some nerdy gladiatorial fight between him and Linus.
The real accusation you should be making is that he's a coward and a chicken because he's really only scared of Linus bringing his wife to the match.
- The client-server paradigm is a good one
Too vague to be a statement. "Good" is undefined.
- Microkernels are the way to go
False unless your only goal is to get papers published. Plan 9's kernel is a fraction of the size of any microkernel we know and offers more functionality and comparable or often better performance.
- UNIX can be successfully run as an application program
`Run' perhaps, `successfully' no. Name a product that succeeds by running UNIX as an application.
- RPC is a good idea to base your system on
Depends on what you mean by RPC. If you predefine the complete set of RPC's, then yes. If you make RPC a paradigm and expectevery application to build its own (c.f. stub compilers), you lose all the discipline you need to make the system comprehensive.
- Atomic group communication (broadcast) is highly useful
Perhaps. We've never used it or felt the need for it.
- Caching at the file server is definitely worth doing
True, but caching anywhere is worthwhile. This statement is like saying 'good algorithms are worth using.'
- File server replication is an idea whose time has come
Perhaps. Simple hardware solutions like disk mirroring solve a lot of the reliability problems much more easily. Also, at least in a stable world, keeping your file server up is a better way to solve the problem.
- Message passing is too primitive for application programmers to use
False.
- Synchronous (blocking) communication is easier to use than asynchronous
They solve different problems. It's pointless to make the distinction based on ease of use. Make the distinction based on which you need.
- New languages are needed for writing distributed/parallel applications
`Needed', no. `Helpful', perhaps. The jury's still out.
- Distributed shared memory in one form or another is a convenient model
Convenient for whom? This one baffles us: distributed shared memory is a lousy model for building systems, yet everyone seems to be doing it. (Try to find a PhD this year on a different topic.)
How about the "CONTROVERSIAL" points? We should weigh in there, too:
- Client caching is a good idea in a system where there are many more nodes than users, and users do not have a "home" machine (e.g., hypercubes)
What?
- Atomic transactions are worth the overhead
Worth the overhead to whom?
- Causal ordering for group communication is good enough
We don't use group communication, so we don't know.
- Threads should be managed by the kernel, not in user space
Better: have a decent process model and avoid this process/thread dichotomy.
Rob Pike
Dave Presotto
Ken Thompson
Phil Winterbottom
The only reason this debate is going on is because CPUs do not have the concept of modules. If they did, then each module would not be able to crash the rest of the modules.
If you wonder how to do modules without sacrificing the flat address space, it's quite easy: In most CPU designs, each page descriptor has a user/supervisor bit which defines if the contents of a page are accessible by the other pages. Instead of this bit, CPUs must use the target address to look up module information from another table. In other words, the CPU must maintain a map of addresses to modules, and use this map to provide security access.
This design is not as slow as it initially might seem. Modern CPUs are very fast, and they already contain many such maps: the Translation Lookaside Buffer, the Global Descriptor Table cache, the Local Descriptor Table cache, Victim Caches, Trace Caches, you name it.
Since the Vrije Universiteit Comp-Sci webserver has buckled under the firepower of the fully armed and operational Slashdot Effect, those who want to RTFA can go to Archive.org's Wayback Machine ...
'cause TFA was written in May 2006.
http://web.archive.org/web/*/http://www.cs.vu.nl/~ast/reliable-os/
o/~ Join us now and share the software
Calling Xen a microkernel is wrong. Yes, it provides "isolation", and it has that in common with microkernel, but isolation is not something that was invented by microkernels, so i don't see why we should call "microkernel" to anything that provides isolation. AFAIK Xen doesn't provide a way to create subprocesses to run functionality on it, it doesn't provive a real "message passing system"...i'd call it "virtual hardware", but not "microkernel".
But yeah, moving stuff out of the kernel is the way forward in terms of security, and that's pretty much the definition of a microkernel architecture.
I'm gonna get tarred and feathered for this but .... this is of course exactly what Vista is doing: "Hey, wouldn't it be better if we stopped letting any odd piece of software talk directly to the hardware in kernel mode? If kernel mode was reserved to ... y'now, ... the kernel?" So instead they exposed a (perfectly reasonable) API instead. And the only cost is that you need a new device driver for any old hardware. Like that 20-year-old joystick.
Oh, it also makes it a lot harder to get around OS restrictions on illegal content access. No "directly-talking-to-the-CD-drive" any more. Which means in /.-land "built-in DRM". Which it isn't, of course, but could certainly be seen that way.
Is it "better" for stuff to get moved out of the kernel? Well, "better" for whom?
We're all born with nothing.
If you die in debt, you're ahead.
umm, wrong....
Loadable modules have nothing to do with micro/monolithic design. In a micro kernel those modules would have their own memory space, their own pid like identifier assigned by the monitor, and be doing all their communication with the rest of the kernel via some IPC process.
When you load a module in Linux, it lives in the same memory space as the rest of the kernel and can freely exchange data with the rest of the kernel via writing directly shared data structures. Modules don't give you a less monolithic kernel, what the do is allow you to determine what the monolith looks like at run time instead of compile time.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
We don't need a microkernel written in any language, especially not C. What we need is a kernel where everything is protected by being typesafe (a 'safe' kernel). Like a kernel written in Java (jxos) or .net (singularity), or limbo (inferno), or maybe D. People forget the original purpose of the "memory management unit" was for swap on mainframes and not for process protection. And anybody who has looked at the mess that is fork, mmap, etc dealing with memory protection in a monolithic system should know it's not good at process protection. It's absurd how much complexity and overhead is caused by this.
... and so on.
A 'safe' kernel sounds slow, because it is probably interpreting bytecodes and has garbage collection. But you get many performance advantages also:
1) idle thread can actually do something, by making programs take less room (compacting gc), offloading some of the work of free(), and optimizing code. So programs respond faster when you switch back to them.
2) lack of data copying. Current systems often copy a *lot* of data from calls to read(2), write(2) and friends, and attempts to reduce this with calls like sendfile or page sharing is very complicated and has a lot of overhead. With a 'safe' kernel you can just give a read-only view, or any number of other very simple methods where no copying takes place.
3) mmu can be used to optimize garbage collection. Only pages written to since the last collection need to be checked for references to new objects, which can improve performance drastically if the instructions inserted to implement a software 'memory barrier' can be removed. It can also help run a gc in parallel since it can easily know if the objects it is looking at have changed during the collection.
4) can eliminate all TLB flushes and stalls from swapping page tables
5) much faster context switch means programs can have smaller time slices, so responsiveness is improved. Meaning less latency in audio (and everything else) without special hacks like magic 'realtime' processes.
6) can run on all hardware, even when lacking memory protection
7) hardware access safer than micro or monolithic kernel, and easier to write drivers
As someone who's done operating system internals work and has written extensively for QNX, I should comment.
Down at the bottom, microkernels are about interprocess communication. The key problem is getting interprocess communication right. Botch that, from a performance or functionality standpoint, and your system will be terrible. In a world where most long-running programs now have interprocess communication, it's amazing that most operating systems still do it so badly.
For interprocess communication, the application usually needs a subroutine call, and the operating system usually gives it read and write. Pipes, sockets, and System V IPC are all queues. So clunky subroutine call systems are built on top of them. Many different clunky subroutine call systems: SOAP, JSON, XMLHttpRequest, CORBA, OpenRPC, MySQL protocol, etc. Plus all Microsoft's stuff, from OLE onward. All of this is a workaround for the mess at the bottom. The performance penalty of those kludges dwarfs that of microkernel-based interprocess communication.
I've recently been writing a web app that involves many long-running processes on a server, and I wish I had QNX messaging. I'm currently using Python, pickle, and pipes, and it is not fun. Most notably, handling all the error cases is much harder than under QNX.
Driver overhead for drivers in user-space isn't that bad. I wrote a FireWire camera driver for QNX, and when sending 640 x 480 x 24 bits x 30 FPS, it used about 3% of a Pentium III, with the uncompressed data going through QNX messaging with one frame per message. So quit worrying about copying cost.
The big problem with microkernels is that the base design is very tough. Mach is generally considered to have been botched (starting from BSD was a mistake). There have been very few good examples anyone could look at. Now that QNX source is open, developers can see how it's done. (The other big success, IBM's VM, is still proprietary.)
Incidentally, there's another key feature a microkernel needs that isn't mentioned much - the ability to load user-space applications and shared libraries during the boot process. This removes the temptation to put stuff in the kernel because it's needed during boot. For example, in QNX, there are no display drivers in the kernel, not even a text mode driver. A driver is usually in the boot image, but it runs in user space. Also, program loading ("exec") is a subroutine in a shared object, not part of the kernel. Networking, disk drivers, and such are all user-level applications but are usually part of the boot image.
Incidentally, the new head of Palm's OS development team comes from QNX, and I think we'll be seeing a more microkernel-oriented system from that direction.
Back in the 1980's, I had a Color Computer 3, which was a pretty anemic machine, but it ran Microware's OS9 Level II. The Color Computer had a 6809b processor, which could only natively map 64K into its address space. Additional hardware allowed OS9 to map any eight of 8K blocks into the processor. Of that 64K, the entire kernel was eight kilobytes. The OS was a real-time multi-user windowing operating system.
/w1 -s=2 0 0 80 24 00 02 02
My old system had 3-1/5 720K disks. The whole operating system fit on one disk. Adding another disk gave you a primitive graphical file manager.
Don't believe me? Here we go!
VCC Emulator:
http://vcc6809.bravehost.com/index.html
You need OS9 Level II Disk Images:
http://vcc6809.bravehost.com/disks/os9l2.zip
Some Quicky Instructions:
The emulator emulates this expansion-slot thing called a Multipak, in which you drop the "502 floppy controller" into, in which you can mount the (360k) disk images, as seen above. From there you can boot, by typing: DOS
You can load/unload commands at will, and load a bunch of merged ones with:
load utilpak1
There is a manual here. Check out the technical section, the whole OS is a re-enterent tree!
http://www.clubltdstudios.com/coco/downunder/OS9/OS9_Level_2.zip
Be careful with the commands deldir (rmdir) dsave (xcopy) os9gen and cobbler...and format too. If you have external floppys the emulator can format them, if so mounted!
A little cramped for virtual-storage? You can install a virtual hard disk controller into the Multipak, and mount this virtual disk image virtual controller.
http://vcc6809.bravehost.com/bin/nitros9.zip
To boot from the virtual hard disk, change the FD-502 disk controller settings to RGBDOS. To boot from the virtual HD, Mount the HDD controller in the multipack which was a slot expansion thing. To boot, type DOS253
But ick, a small 32 column screen. You can fix it by:
wcreate
shell i=/w1&
No change? Press [Home] you just opened another virtual terminal and forked an shell to it. You can press [F11] for fullscreen, [F10] to kill the status line.
There's more disks here:
http://www.clubltdstudios.com/coco/downunder/OS9/
On the OS9 disks, you can find Basic09 and it's runtime RunB. For it's day, Basic09 was arguably the best compiled basic offered anywhere. Basic09/RunB/OS9 allowed dll-style basic programming in the 1980s. Today, you would find its error handling lacking, as actually requiring a line number, and C programmers would miss the case/switch statements.
The asm source code is out there for both OS9 and NitrOS9, which is OS9 modded for the Hitachi 6309.
Enjoy : )
At times I do wonder why the Linux kernal has to be recompiled for hardware changes. The kernel modules are a step in the right direction, but why is everyone still loading Nvidia TNT support? The kernel should be the kernel and that's it, and whatever hardware you have should be abstracted, and at least separable. Linux doesn't have commands like cobbler and OS9 gen to build a bootstrap from compiled modules. While the kernel modules are a good idea, why aren't they used for all devices? Flash drives are still being mounted as SCSI's? Because the kernel isn't modular, and it makes it harder to swap out device support for the end user.
https://www.youtube.com/c/BrendaEM
For little girls, and big fuck-off boxers.
(With pardons to Eddie Izzard.)
Microsoft is to software what Budweiser is to beer.
I know this article is old, but can we agree to this?
First, a couple of background questions... Andy, you believe wholeheartedly in microkernels, right? Do you believe in them more than Minix, or is this merely a shameless plug for your product, Minix?
Based on those two responses, here is my proposal.... Assuming you believe in microkernels more than Minix, why not take a leadership role in GNU/Hurd and get that project going, again? http://www.gnu.org/software/hurd/hurd.html
Perhaps, you can get assistance from the Xen people, too. http://www.xensource.com/
That's my modest proposal....
He mentions them because they meet his design goal: they are highly-reliable operating systems used in mission-critical applications. (Here, "mission" might be, "Bombing the fuck out of people.") He is building his case that it's easier to design a bullet-proof OS using a microkernel, as opposed to a monolithic kernel.
And he's right. If your goal is reliability and security, a microkernel is a better design. Both goals rely on limiting the amount of time (and the amount of code) spent in kernel space. "Process isolation" is the mantra.
NeXTStep was a hybrid kernel. It was *almost* a microkernel (based on Mach). And, it was *highly* usable. It had the most usable UI in the industry, and still does in its current reincarnation as OS-X.
I think microkernels still have legs.
Microsoft is to software what Budweiser is to beer.
At one point, Linux did not have 10% of the features it has now.
Imagine if the people who developed and adopted Linux had said "It doesn't have 10% of the features that my current O/S has. Why should I bother with it?"
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
This debate could use a lot more clarity about what is actually being debated. The truth is there are two separate design strategies that generally go under the term microkernel.
1) The conceptual/syntactic division of the OS code into separate 'servers' interacting through some message passing paradigm. Note that a clever build system could easily smoosh these servers together and optimize away the message passing into local function calls.
2) The division of the compiled code into seperate processes and the running of many integral parts of the OS as user processes.
Note that doing 1 and not 2 is a genuine option. If the analogy is really with object oriented programming then one can do what one does with oop: program in terms of the abstract but emit code that avoids inefficencies. While sysenter/sysexit optimizations for L4 based microkernels (and probably others) have made IPC much cheaper on current hardware there is still a cost for switching in and out of kernel mode. Thus it can make a good deal of sense to just shove all the logical modules into ring0.
--------
This brings us to the other point that needs clarification. What is it that we want to achieve? If we want to build an OS for an ATM, an embedded device or a electric power controller I think there is a much stronger case to be made for microkernels in sense #2. However, in a desktop system it really doesn't matter so much whether the OS can recover from a crash that will leave the applications in an unstable state. If the disk module crashes taking it's buffers with it you don't want your applications to simply continue blithely along so you may as well reboot.
But this is only a question of degree. There is no microkernels wrong macrokernel yes answer or vice versa. It's just that each OS has a different ranking of priorities and should implement isolation of kernel 'servers' to a different degree.
----
The exact same can be said when it comes to dealing with microkernel style development (i.e. #1). Both Linus and Tanenbaum do have a point. Just like OO programming insisting on the abstraction of message passing servers can sometimes serve to improve code quality but also like OOP sometimes sticking religiously to the paradigm can make things less efficent or even more confusing. Also if you have enough developers and testers (like linux does) you might want to sacrifice the prettiness of the abstraction for performance and count on people catching the errors.
However, what baffles me is why Tanenbaum seems to think you can't have the advantages of 1 without really having a microkernel. This is just a matter of code organization. If I want to insist that my disk system only talks to other components via a messaging API I can just do so in my code. I could even mostly do this and only break the abstraction when shared data makes a big difference.
Ultimately though it's like arguing about OOP vs. functional or dynamic vs. static. Yup, they both have some advantages and disadvantages.
If you liked this thought maybe you would find my blog nice too:
What's your problem. I mean saying something is a hybrid kernel communicates what it is. No one who has a clue thinks it means they are split into separate processes or anything.
In fact my big pet peeve is that the microkernel people don't distingush between source level abstractions and process seperation. I mean Tanenbaum's arguments here pretend like the better abstractions of message passing and no shared data structures are an argument for microkernels (in the sense of true process isolation) but they are only really an argument for certain abstractions in the source.
Anyway all kernels use some source abstractions but presumably the reason to call some kernels 'hybrid' is that their abstractions are more robust and more throughly resemble the abstractions you would use in a microkernel. If you don't like the word tell us how we should describe microkernel code that someone stripped the process isolation from?
If you liked this thought maybe you would find my blog nice too:
BTW, why the hell would it be the compiler's job to handle IPC? Shouldn't it the job of whatever is behind the OS API?
The compiler doesn't really handle IPC: what happens is that the compiler (or rather the loader) verifies that the programs are type- and memory-safe before allowing them to run. Then they are all loaded into a single memory space so that IPC is trivial. It's a neat concept, although not the first time it has been implemented (see an OS called 'JX').
Basicly, the microkernel is a horrible example of bondage and discipline programming. In order to solve the low level problem of stray memory references, the professors from academia have come up with a low level solution, using the Memory Management Unit, (MMU) to prevent these errors. Unfortunately, this "solution" does high level collateral damage. By breaking the OS into a lot of little pieces, the u-kernels intoduce inefficiency. By putting constraints on how OSes are designed, ukernels make design, coding, and debugging more difficult. All of this to do checking, that at least in theory, could have been done at design, compile, or link time.
This error is basicly caused by wishfull thinking. The u-kernel advocates wish that Operation Systems design were less difficult. To Quote Torvalds:
Criticism of microkernels is said to be almost unknown in the academic world, where it might be a career limiting move (CLM).In 1992, Tanenbaum said "LINUX is obsolete" and "it is now all over but the shoutin'" and "microkernels have won". It is now 2008, and the micro kernel advocates still have nothing that can compete with LINUX in its own problem space. It is time for micro kernel advocates to stop shouting.
As far as I can make out they are...
- A thread can only send messages to higher priority threads, not to lower priority ones.
- Whereupon a context switch immediately occurs and the high priority thread handles the message.
- Higher priority threads can only send structure free signals. "Hey, look at me" to lower priority threads.
Sounds weird and restrictive, but I bet it creates a far cleaner architecture."On the topic of Minix 3, itself.
It may be a fine instructional OS. Great! That's awesome. I applaud it and have no qualms promoting it in that realm. Beautiful."
Not really Minix 3 isn't trying a microkernel verison of Linux it is trying to be a more secure and reliable POSIX operating system. It uses a microkernel design to achieve things like self healing and security. Adding those features to Linux would a complete rewrite of Linux.
"If my info on GNU/Hurd was invalid, then I stand corrected. I assumed that Hurd was the microkernel with Linux (usually Debian) on top. I should have been clearer about that."
You info is wrong and no it doesn't run Linux on top, and no you can't be clearer because that statment is totally wrong.
"It's conceptually similar, in many ways, to Xen's hypervisor."
No it isn't. Xen is a hypervisor it isn't a microkernel. You could host Hurd and or Minx 3 on Xen but you can't host Xen on Minx 3 or Hurd. You don't take an OS and just run it as a service under an microkernel and a hypervisor by it's self doesn't run applications like a microkernal OS does. The only way that they are similar is that they are small compact bits of code the provide some type of abstraction of the underlining hardware.
"In both cases, Linux isn't the only OS to be hostable on Hurd."
You don't host any OS on Hurd. You can create servers that offer the same services as a specific OS. Much like Wine does under Linux.
"On the other hand, Tanenbaum isn't making apples to apples comparisons, otherwise why not take Vista to task, at the same time? Linux is nothing like Minix, so why compare the two in this way? Why not go after Solaris and others, as well?"
Did you read the article? He wasn't comparing Linux to Minix 3 at all. He didn't go after any one.
And yes he was critical of all current Operating Systems.
"Better yet, make a super cool microkernel for Linux, support Xen-style hypervisors, or something. In other words, don't just complain, do something useful, to help out."
Um.. Gee let's see he is working a POSIX operating system with the goals of making it secure and self healing.... Yea that is so useless. Just for kicks what OS or significant piece of FOSS have you written? How have you helped?
So you have written a lot with NO UNDERSTANDING of what you are talking about.
I want some new options for moderation just for posts like this. +5 Ignorant +5 Arrogant!
Before you start telling Tanenbaum what he should do to be usful you need to learn the difference between a Hypervisor and a Microkernel, the difference between Hurd and Linux, and the difference between someone with an actual education in Computer Science and yourself. Might I suggest you pick up Tanenbaum's text book? It was of great help to Linus.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
And he tries for the flame war trifecta...NO GOOD! Oh, you hate to see that when they work so hard to prepare for the big game.
Still, two flame wars in one sentence is nothing to scoff at, which is why the artistic score will be high. However, the judges really wanted to see some sort of garbage collection vs. malloc/free or even an Intel/AMD mention. That could cost him the gold.
Let's see what the rest of the competitors have to offer.
If moderation could change anything, it would be illegal.