Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Release of MINIX 3 For x86 and ARM Is NetBSD Compatible

Posted by timothy on from the big-and-fancy dept.

An anonymous reader writes MINIX 3 is a small POSIX-compliant operating system aimed at high reliability (embedded) applications. A major new version of MINIX 3 (3.3.0) is now available for download at www.minix3.org. In addition to the x86, the ARM Cortex A8 is now supported, with ports to the BeagleBoard and BeagleBones available. Finally, the entire userland has been redone in 3.3.0 to make it NetBSD compatible, with thousands of NetBSD packages available out of the box. MINIX 3 is based on a tiny (13 KLoC) microkernel with the operating system running as a set of protected user-mode processes. Each device driver is also a separate process. If a driver fails, it is automatically and transparently restarted without rebooting and without applications even noticing, making the system self-healing. The full announcement, with links to the release notes and notes on installation, can be found at the Minix Google Groups page.

9 of 93 comments (clear)

  1. Re:High reliability? by DarkOx · · Score: 4, Insightful

    Its not novel but its simple and clean. Minix is really an education tool more than a production ready OS.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  2. Re:High reliability? by bluefoxlucid · · Score: 5, Interesting

    The novel approach is that Tanenbaum invented the fucking thing. The specific current advantage is low-latency IPC--on ARM, Minix IPC doesn't even have a measurable cost (the context switch time required is under 20 microseconds), while on x86 IPC is more than 10 times faster than L4.

    Monoliths, e.g. Linux, don't have IPC latency because they don't context switch when making calls between major kernel functional units. Of course, if your network driver crashes, your whole system gets fucked up and dies; whereas Minix tries to take a state snapshot, reconstruct something workable, load it into a fresh run of the network driver, and continue without a hickup. This works extremely well with the disk and FS drivers. Ideally, we want this without paying for it.

    --
    Support my political activism on Patreon.
  3. Re:Drivers as processes? by bluefoxlucid · · Score: 5, Informative

    The file system write or read request doesn't return anything, the driver is detected as dead (heartbeat?), it's killed, resurrected, journals are replayed, and the request is resubmitted to the FS driver.

    It'll work. The program might notice a small pause, as if the disk was busy or the kernel yielded schedule to an interrupt handler.

    --
    Support my political activism on Patreon.
  4. Re:Drivers as processes? by bluefoxlucid · · Score: 5, Interesting

    You can reconstruct state. A read request from hard disk will work the same way, repeatedly; a write request to a file system will write to a journal or the same blocks in a file or inode, while a write to a hard drive sector is isometric. Keeping the request buffer, resubmitting the request, and so on lets you reconstruct state. Even a network driver theoretically could read state from the network: it could request DMA from the NIC to a buffered memory area with a control structure of known layout, and the resurrection server could provide the control structure and buffered memory areas back to the driver if it needs to restart.

    The remainder of the driver state can be discarded. Bringing in new network frames, new writes to file systems, or the like shouldn't depend on the driver's internal state. Repeated crashing--for example, reloading the network driver as above and having the control structure point to a buffer of unmapped memory--could signal the OS to simply drop state and start fresh. Recovery is possible in many cases: TCP/IP, as a separate driver, would simply experience a dropped frame (lost packet), handling a state-reset network driver the same way as any other faulty media; a failed hard drive write would signal the FS driver to resubmit its write; and a failed file system operation could go so far as to reload the driver and run a journal replay or file system check (non-journaled file systems could use an in-memory journal to facilitate file system driver recovery).

    Consider state as a collection of significant and insignificant states. My Web browser right now has a lot of stuff in memory, a lot of things rendered on the screen, a state of how far down I've scrolled, and state describing where in memory all these things are--and where this text I'm typing is stored. If we unload the browser and then re-launch, the only state I need restored to post this message is a copy of this message, dumped anywhere in RAM, with a specific pointer somewhere referencing that buffer as the context of this particular textbox on this Web site. The browser's state may be completely different, yet only that piece of information is important; I can recover the rest by coming to this page and hitting "Reply To This".

    From that view, it's not hard to recover discrete processes in an OS. File system separate from disk driver means the FS can handle a disk driver crash and reload; user prorgrams won't notice a file system driver crash if the system just waits for the FS driver to reload and replay a journal or such to return state to sanity. The task entry for the user program tracks all the file handles. All of these things are separate, can communicate between mediators, or can mediate their own communications.

    --
    Support my political activism on Patreon.
  5. Does Minix have much real-time capability? by SkOink · · Score: 5, Insightful

    As an embedded-systems guy, I'd _love_ to have a Unix-like where I could schedule events that were guaranteed-by-design to fire within some deadline of when they were scheduled. Then I could host my once-per-kHz hardware service routines on the same processor that was also running my device's web-server.

    Minix's microkernel architecture seems like an ideal fit for that kind of use case. If there are any Minix devs reading this thread, how easy would it be for me to make a system like that using Minix?

    --
    ---- I'll take you in a Hunt deathmatch any day.
    1. Re:Does Minix have much real-time capability? by SkOink · · Score: 4, Informative

      VxWorks?

      VxWorks is a great product. It's also waaaayyy outside of the price range of a hobbyist developer. Getting up and running with the VxWorks suite of tools can easily cost 20k (USD), and the recurring license fees are pretty significant as well. I would also bet that auditing the VxWorks source code (or trying to get custom patches in) would cost significantly more.

      --
      ---- I'll take you in a Hunt deathmatch any day.
  6. Re:Linux clone by bluefoxlucid · · Score: 4, Informative

    From what I've seen, Minix is fast. It's built for speed, avoiding many costs of IPC the same way Linux does.

    In Linux, the address space is split. IA-32 4G/4G causes a full TLB and cache flush at syscall entry and return, creating massive slowness. IA-32 normal 3G/1G operation puts 1G at the top for kernel mappings and 3G at the bottom, while x86-64 puts 128TB at the top and 128TB at the bottom. In both cases for split address space, there's no TLB or cache flush when syscalling into the kernel; and returning to user space requires only selective cache and TLB invalidation, removing kernel-private data and leaving userspace data in tact. This greatly improves cache utilization and reduces expensive pagefaults by completely avoiding the kernel/user context switch, replacing it with a simple mode switch.

    In Minix, the many kernel contexts make all the same mappings, but lock access to the specific service. It's the same as Linux's split mapping, but with parts of the kernel unable to access other parts; IPC involves a few TLB and cache invalidations in each direction. This strategy lets you run an entire round trip call in under 100nS. It's about as long each way as a CALL and RET, so it's about the overhead of adding a function call along the code path.

    --
    Support my political activism on Patreon.
  7. Re:A microkernel-based OS that 'just works' by Megol · · Score: 5, Insightful

    Magic bullet? There never are any magic bullet for complex systems.
    A microkernel is the realization of best practices for security systems and - dare I say it - follows the original Unix philosophy.

    Do one thing (IPC) and do it well (ensure security guarantees are kept). Keeping the critical code small makes it easier to verify code in both the practical and mathematical sense.

  8. Re:Linux clone by bluefoxlucid · · Score: 4, Informative

    It has a 2% to 4% penalty for IPC, specifically. This is like when Theo de Raadt chose to argue with me that position-independent executables were "very expensive" and had "high performance overhead," and I pulled out oprofile and found that 0.2% of the execution time occurred in the main executable--which was 6% slower (when including -fomit-frame-pointer no longer providing a 5% boost), giving a total overhead of 0.012% total system slowdown--a few seconds lost per day.

    The difference is I was doing that back then, and not referencing shit I did 10 years ago.

    Minix's overhead is small. Minix uses fixed-length buffers, zero-copy strategies, mode switching, and the like to avoid doing any real work for IPC. It's like adding a function call to your code paths--like if you called get_fs_handle() and it called __real_get_fs_handle() without inlining it.

    --
    Support my political activism on Patreon.