EDABlog

At present signals in Sooos are just messages with a type and no data payload.  They are also used for a wide range of subscribable system events.

It remains to be seen how well the lack of priority in messages will work  , we could use other options like an additional priority queue for critical events or  peeking through the whole queue  of all queues  before processing but this would be expensive .  

Note the Service Manager router/load balancer  could peek through messages and handle critical ones first.

So how do we kill  a process ? 

Sendng a message will take some time but we can  stop the process then send a kill to the  service manager who can just reset the app  after clearing its queues . The Service manager will  be a fairly low use service.  .

Sooos uses a form of IPC similar to URPC (User RPC) and attempts to be fully asynchronous , non locking  , deadlock free and non blocking which is not easy...

Lockless

Non locking can be achieved by point to point ring buffers  , the solution is obvious for 2 asyncronous user level applications talking to each other .  The main difference to URPC  is the use of an indirect  tail pointer this prevents the same cache line being accessed by sender and receiver ( and cross CPU hw messages)  . If we limit the queue to 64K we can scan  8 -16 queues (XMM and YMM)  with a single poll to see if there are any changes   , making for a cheap poll . This is important  since it  is likely some services will have hundreds or thousands of queues .

Enhancements / key features here

• Queues collapse or expand according to use
• Active queues are polled , but inactive queues are inserted in a list
• Lazy scehduling for idle tasks they remain on the run list at low priority until the yave received no message for 2 polls
• Indirect tail pointer as mentioned
• The system makes full use of SSE 128 or 256 bit move instructions
• Non temporal moves for large messages and messages constructed from register directly into the buffer to prevent cache polution.
• Receiver peek .  So can process without copying.

Note we dont use interlock which can place a HOLD on the system memory bus .  On some architectures

Non Blocking

The major issues is back pressure  eg consider a task that  reads a file from disk then writes it via a another task    it is possible that the entire file will be in memory before it gets written . A better example is in a typical Synch progam all the printf are buffered and then block on screen IO and as anyone who has done benchmarking knows the time for these blocks is significant. In an asycnhronous system those printf calls simply become cheap asyc calls and the program continues.

The problem is we want to allow as much work to be done without  blocking  but to not generate huge memory pressure. This will assist the scheduler and Service Manager in terms of schduling and spawning more servers to handle hot spots.

several mechanisms are used  to help this these include..

• Grant  prioriy scheduling
• System Buffer allocation ( especially IO) based on priority
• Queue overflow into work queues , which  fires events the client can use to block , yield or sleep.

Grant Priority Scheduling

 We adjust scheduling priorities based on the queue size , eg a task that has a  queue  to another process that hits the high water mark all the time , will have its priority reduced and the priority will be added to the receiving task .  In this case the writer will get higher priority.  In addition on a single core it will yield after adjusting  priorities..

Note the receiver  may spawn more Processes ( STP)  to handle the work but this is done by the Service Manager and independent of scheduling . It will be based on total work from all queues.

System Buffer allocation ( especially IO) based on priority

A worse problem exists in the case of generating large amounts of data and writing it to a slow IO process ag a file system , even with the lowest priority it is likely that large amounts of memory will be used possibly consuming all memory ( though if paging is used it will eventually block on the file system).

To handle this we use buffers similar to fbufs for IO ,  These buffers are out of a global system pool and the amount a process can allocate out of the pool is adjusted by its priority . The amount of buffers allocated can be  increased via a capability if system policy requires a single task doing huge amounts of IO. When a buffer canot be allocated the caller will block. Hence we will block a task that generate huge amounts of memory pressure due to IO  but allow task that do small amounts frequently to never block.

Its important to know that services that create buffers on behalf of a task will use the capability of the original requester. They may also create their own buffers eg a config file but this agains their own quota.

Note while we could send 1K packets through IPC relatively  efficiently the IO buffers allow better  back pressure maangement.

We envisage seperate IO scheduling later but at present it will slave of the system priority.

Queue overflow into work queue

The system has a work queue ( also used for Asynch events for some languages like OCaml)  where messages are placed when an IPC queue is full , this is read by itself  and  fires events allows the app to handle back pressure . Common options 

• Sleep the thread when reading an entry from the queue.
• Sleep with an exponential  after every n size growth in the work queue .

Deadlock free  ( low deadlock count)

We dont allow waiting for a specific message  this prevents many dead locks.  This creates some issues with latency for important messages for single core systems but are mostly mitigated by yielding . A yield allows the remaining time slice to be yielded to an important receiver .

It is worth noting the above system will have few  possible dead locks in the IPC system ..The only possible blocks are in waiting for IO buffers and related to  interactions with the scheduler  

We can reduce most of the buffer ones by never blocking the buffer manager and block IO drivers since these rarely if ever allocate blocks for themselves they shouldnt block in the first place .

We also reduce the chance of dead locks around scheduling since the IPC  is mostly divorced from scheduling.

It is worth restating we are talking about IPC deadlocking programs can still grab locks and deadlock themselves though the IPC architecture should make the frequency of these locks much much lower.

Current IPC benchmarks for inproc and cross proc ( we allow in proc  so asynch messages can be handled like a work queue) .

The current IPC tests use the following

• Point to point pipes
• 16 byte allignment
• ring buffer . 
• Single producer and Consumer thread (which is polled) .
• No locking ,  waithandles or even interlock based stalls.
• SSE uses the more expensive sstore fence.
• 4 byte header written seperately ( and not counted in teh data size)
• Variable message size when message too big to fit in the remaing buffer ( till end) a dummy message was added with the remaining space.
• Ensures head and tail are not in the same cache line.
• The header includes 1 byte type , 1 byte flags and  2 bytes size. We dont need more as sender and receiver are available in the  channel structure.

---------------  star perf test simulate inproc 1 thread work queue ------
size: 0 [B] count: 10000000 lat: 0.027 [us] throughput: 18798370 [msg/s] throughput: 0.000 [Mb/s]
size: 16 [B] count: 10000000 lat: 0.032 [us] throughput: 15432122 [msg/s] throughput: 1975.312 [Mb/s]
size: 48 [B] count: 10000000 lat: 0.044 [us] throughput: 11418001 [msg/s] throughput: 4384.512 [Mb/s]
size: 816 [B] count: 10000000 lat: 0.153 [us] throughput: 3267611 [msg/s] throughput: 21330.965 [Mb/s]
perf test passed
Small size: 16 [B] count: 10000000 lat: 0.013 [us] throughput: 37357341 [msg/s] throughput: 4781.740 [Mb/s]
 small NT  size: 16 [B] count: 10000000 lat: 0.104 [us] throughput: 4804996 [msg/s] throughput: 615.039 [Mb/s]
 small SSE NT size: 16 [B] count: 10000000 lat: 0.115 [us] throughput: 4334197 [msg/s] throughput: 554.777 [Mb/s]
 small SSE size: 16 [B] count: 10000000 lat: 0.104 [us] throughput: 4826410 [msg/s] throughput: 617.780 [Mb/s]
Medium message  size: 48 [B] count: 10000000 lat: 0.018 [us] throughput: 28519604 [msg/s] throughput: 10951.528 [Mb/s]
Medium SSE non temporal  size: 48 [B] count: 10000000 lat: 0.136 [us] throughput: 3681027 [msg/s] throughput: 1413.514 [Mb/s]
Medium SSE size: 48 [B] count: 10000000 lat: 0.015 [us] throughput: 33409283 [msg/s] throughput: 12829.165 [Mb/s]
large MsgPerfTest size: 816 [B] count: 10000000 lat: 0.073 [us] throughput: 6844561 [msg/s] throughput: 44681.294 [Mb/s]
Large Msg Non Temporal SSE size: 816 [B] count: 10000000 lat: 0.222 [us] throughput: 2252333 [msg/s] throughput: 14703.230 [Mb/s]
large  SSE size: 816 [B] count: 10000000 lat: 0.037 [us] throughput: 13474564 [msg/s] throughput: 87961.954 [Mb/s]
---------------  perf message tests passed  ------
---------------  star threaded test simulate 1 producer 1 consumer ------
memcpy test size: 0 [B] count: 10000000 lat: 0.037 [us] throughput: 13508475 [msg/s] throughput: 0.000 [Mb/s]
memcpy test size: 16 [B] count: 10000000 lat: 0.046 [us] throughput: 10894076 [msg/s] throughput: 1394.442 [Mb/s]
memcpy test size: 48 [B] count: 10000000 lat: 0.043 [us] throughput: 11591286 [msg/s] throughput: 4451.054 [Mb/s]
memcpy test size: 816 [B] count: 10000000 lat: 0.146 [us] throughput: 3414547 [msg/s] throughput: 22290.163 [Mb/s]
small msg size: 16 [B] count: 10000000 lat: 0.035 [us] throughput: 14382570 [msg/s] throughput: 1840.969 [Mb/s]
small msg NT size: 16 [B] count: 10000000 lat: 0.096 [us] throughput: 5219727 [msg/s] throughput: 668.125 [Mb/s]
small msg SSE NT size: 16 [B] count: 10000000 lat: 0.089 [us] throughput: 5637598 [msg/s] throughput: 721.613 [Mb/s]
small msg SSE NT B size: 16 [B] count: 10000000 lat: 0.077 [us] throughput: 6528778 [msg/s] throughput: 835.684 [Mb/s]
small msg SSE size: 16 [B] count: 10000000 lat: 0.032 [us] throughput: 15717759 [msg/s] throughput: 2011.873 [Mb/s]
medium msg  size: 48 [B] count: 10000000 lat: 0.038 [us] throughput: 13324272 [msg/s] throughput: 5116.520 [Mb/s]
medium msg SSE size: 48 [B] count: 10000000 lat: 0.036 [us] throughput: 13702459 [msg/s] throughput: 5261.744 [Mb/s]
medium msg SSENT size: 48 [B] count: 10000000 lat: 0.129 [us] throughput: 3863047 [msg/s] throughput: 1483.410 [Mb/s]
large msg  size: 816 [B] count: 10000000 lat: 0.106 [us] throughput: 4724727 [msg/s] throughput: 30843.018 [Mb/s]
large msg SSE size: 816 [B] count: 10000000 lat: 0.060 [us] throughput: 8339525 [msg/s] throughput: 54440.419 [Mb/s]
large msg SSENT size: 816 [B] count: 10000000 lat: 0.224 [us] throughput: 2231304 [msg/s] throughput: 14565.953 [Mb/s]
large msg SSENTB size: 816 [B] count: 10000000 lat: 0.247 [us] throughput: 2022845 [msg/s] throughput: 13205.132 [Mb/s]
---------------  threaded test finished 1 producer 1 consumer ------

Things of note

• Non Temporal instructions killed performance but it should be noted in real live cases which we endeavor to build next , this may not be the case since IPC messages are not that frequent and it would prevent IPC stealing cache from the apps.
• SSE2 is worth it even for small messages.
• Fixed sized messages were of little benefit ( it removes the allignment and dummy messages but the cost of this was small)
• Allignment was not a big performance issue ( tests not shown)  even for 1 byte allignment but SSE requires it.
• Sending 800 bytes via copy increases time compared to a small message by only 66% ( for SSE) . This would indicate using system allocated buffers etc would be a lot more expensive than just copying the data on send unless the data is multiple pages in size..

Next we are

• Testing fixed sized messages  to determine variable size overhead .
• Expanding the test framework  to use different queue implementations
• Modelling scheduler interaction  and communication of work ( eg wait hanldes vs poll or hybrids) and expanding /contracting queues.
• API message pump modelling
• Moving to test real algorithms so we can test removing cache polution on writes.
• We can then address the api issue and how to handle queue full.

Sooos will not be a pure managed OS  , like Cosmos SharpOS or Mosa  , or even Singularity ( which has a small amount of C++ code)...

I still feel that GC technology has some way to go  and at present the performance penalty is too bad for certain functions.   This is especially so for writes as most GCs todate implement a write barrier which can more that half write performance , that said as we go to higher core counts it may be more efficient to remove the write barrier.

In particularly 3D and some mathemetical modelling which need to work over a large mutable space.

However it may be possible in future and we can test a native lib wrapped in a service vs a pure service to see the impact on performance and only have critical services that suffer from GC costs running native .    Anyway Sooos will take a practical approach it will have as much code as it practical type safe and memory safe and will move other performance critical native code when there is comparable managed code.

 The question is a good one as it leads to an interesting discussion what Sooos is trying to do..

Firstly Sooos is probably  more of an independent OS than Android is which is basically linux with a new  Java Run time , GUI and a package manager / security system.

Sooos uses the linux kernel and drivers / services  , as time goes on more and more of them will be replaced but some Linux core will probably remain for a long time since

• - Backward compatibility fo things taht are diffciult to support eg 3D drives/open GL
• - As an extensive boot loader
• - Support for more drivers

The key is all this backward support required a capability  hence we can preffer newer and safer apps.

This gets us to the point what SOOOS is trying to achieve . Its not a new OS but the way we program . . In fact a run time on Windows would be quite possible ( and likely if we get some traction) and similar of HPs research in this direction with Polaris and others like capdesk.  

So what are we trying to achieve in the programming field.

• Make more fo the code base "managed" eg type safe and memory safe without loss of performance..
• Increase reliability by allowing failure and restarts of  parts of an app
• Prevent parts of an app like an add in destroying an app
• Make code more secure by using OO techniques.  eg a priviate field is prvate to the whole machine and a class ( program ) can only touch what it has references ( capabilities to) .. Just like global data in OO we are trying to remove this at the OS level ( eg no ambient file authority for a user)
• Simplify multi  core ( 8+) programming

How does Sooos do this  ?

It is interesting to note one of the most successfull programming models is rarely used by OS . This is the message based system with pump  windows 3.X ran on it without any form of pre-emptive tasking it was cooperative.  Nearly all GUIs use it , most middle ware systems  etc .

The reason they are not used is the bad name micro kernels with bad IPC designs which used messaging  got - however L4 and later QNX debunked all these.  The problem was it came at a critical time when OS were comming up eg ( windows NT and Linux around 1990) .

Now we are approaching another such inflection point  for several reasons

• Hand held computers - Think all the new apple stuff
• Massive amount of cores , the  future is 100+ core CPUs on servers and desktops. Though its likely the desktop will become a home server ( driving TV , security etc ) with multiple clients of varying media formats
• Existing OS are groaning under the historical strain  ( see Linus comments on Linux becomming bloated  and peoples oppinion on windows) . There seems to be desire  outside of niches and corporate shops for change.
• Reliability  , mobility & simplicty seems to be paramount in peoples oppinions even if some features do not make it,  ( web 2.0 only offers 1 of these 3)
• Security - it wont be long before Virus start attacking phones to create bot nets .. People WANT unlocked phones which are secure. There is not much difference between Linux and Windows here - even Multics was far more secure all that time ago.  Whats more people want to allow apps to run but even if tricked they do not want the app to have carte blanche on their machines.
• We are the cusp of abandoing old languages like C. , Java and .NET will continue to catch up in performance with  the roll of C being limited to a few critical libs just like assembly was around 1990.

Now back to how do we do this ..

- We make apps consist of multiple services . By making them more modular we increase reuse of code libs ( services)  but also we get partial degredation from within applications ( eg the add in) . We also get portability as parts of apps can be moved local or remote ( eg distributed OS) as desired . eg Compilation and compression is offloaded to a cloud server or you home server.

- Apps use services  instead of dlls , failure within a service will simply restart the request and / or return an error to the app ( even if the Service has a fatal error) as opposed to the app crashing which we have now. In fact in case of a service crash the OS will fire up an additional copy of a service  , it will process the failed message by itself  and continue the work queue with the other service(s) . If the service crashes a second time , an error is returned to the app and the service has a log of the message that causes the  failure.   As an example of this you could overheat or destroy a core and not just the OS but the applications would continue running as though nothing has happened ( appart from a delay)

- We make the default service single threaded and the OS handles all the multi threaded code / locking . Hence devs have the abbility to use multiple cores without the user writing any multi threaded code!.  ( this probably covers 95% of cases and fits especially well with newer languages like Ocaml , Hascal , Scala etc )

- We implement capabilities for the security model .

See http://www.shanghai-software.com/blog/archive/2010/06/13/why-sooos-will-work.aspx or more details

We benefit from the fact that most GUI code is asyncronous ( even if it runs on 1 thread) and a similar programming model will be used.

Now back to the coding.

How can Sooos possibly get us to change the way we write applications ? For a start most apps need little change , these include web apps and Gui apps. However for the rest .

Stage 1 Because there is a need.

Specifically there are key Niches

- No MMU  Devices. At the moment this is very painful with vendors struggling changing code for devices especially between MMU and non MMU CPUs. With Sooos a single app will run exceedingly well in all environments and you can use first rate desktop development tools like Visual Studio and MonoDev.

- Devices/PC  requiring very high robustness and self healing ( military / space ) .

- Devices/PC requiring high security . This  will include mobile phones in future.

- Devices requiring high performance and security ( core routers , firewalls)  

- Its a high synergy fit for F# / OCaml / Hascell  applications .Often these are scientific and demand high performance . Sooos should deliver better high core count performance for applications written in these languages.

- Teaching OS . Minix is getting dated and Linux is too bloated / complex and not a great example of an OS.

Stage 2 Possible roles but need some established base

- Cloud / Web servers / App servers

With a more established base Sooos can enter the Cloud and Web server markets providing better performance and allow better use of high core count server. The strength here is these apps will just work without changes. The goal of a 100,000 client server is quite possible.

- SOA

With a more established application base ( which are made of sharable services)  Sooos will allow  these services to be easily used by remote users. Any Sooos service can be directly exposed as an SOA service. Allowing more rapid application developmenr and reuse.

- Event based Systems

Sort of goes hand and hand with Embedded no MMU sensor networks or even corporate event driven systems. Sooos pub subscribe system can hook events directly into any service  ( local or remote)  allowing  quick and flexible development with large amounts of reuse.

- High thread count applications

Applications requiring 100,000 threads in traditional environments are much more viable with an event driven style. 

- massive core low cost HW

It is also possible to target something like Intels Terraflop chip which gets around the memory bandwidth limitation of traditional OS ( note Sooos should already be better due to higher use of cache but such a chip with its 5 pipes to adjencent CPU would improve things massively ) . With some established base it may be possible to tune CPUS more suitable to   Sooos  . It is worht remembering that modern CPUs are tuned ( like the cache and memory usage ) for traditional monolithic syncronous Operating Systems.  

 Stage 3 Requires significant market share

- 3D Gaming

While we will have wrapped Open GL and some 3D drivers  ( thx to linux)  , apps are a long way off.  While its possible and will run pretty well it would take a lot for a game house to port the apps. Even phone games will be difficult to port unless run in unsafe mode

- High performance shared memory

Some problems requiring large amouns of CPUs over mutable shared memory . While we can do this the same as existing OS there is no compelling reason to change.

The goal is stage 1 , stage 2 is a bonus. Generally it is likely that Sooos would be used in embedded / hand held devices and back end cloud servers rather than as a GP OS.

It is quite amazing what has been built in the UNIX space , look at Gentoo which will compile the entire system to suite the machine .  That being said i question is it worth it ?  It seems to be that a significant time % of  Unix development is spent on the dev environment.

The patches , the solving make file issues , the wrappers , the hacks , the conflicts  , what works with what etc ?  Compared to the Java and  .NET world you just drop the code /assembly on the machine and it will compile and run regardless , at worst you have to add a new assembly. .

Build environments for most project tend to just be a list of files to compile and where to copy it.  This is rather interesting  , especially on windows where you far more complex installers with user dir , registries , dll registry etc though .NET seems to have taken a step backed and dropped the use of  registry for a simple run environment .

The reason for this is not the compilation etc but mainly because of

• The C conditional compilation changes.
• The increased use of runtime configuration options.
• A reliance on a standard interface ( helped by a huge framework the interface of which doesnt change)
• Denying the caller the chance to change or recompile the lib
• The removal of the static compile concept.
• A cross platform IR representation.

There is no reason Unix development cant adopt the same ideas  eg

• instead of delivering hard to compile code or  single platform binaries you can distribute everything in say LVVM IR  intermediate representation
• Remove nearly all compile options and replace with runtime configuration options
• Remove .configure
• With the above 2 makefiles should be trivial .

t would make Unix development  and deployment significantly easier and you could drop an assembly on any machine and it would compile optimaly for the machine. When enabling certain config option at run time you will be told if they are invalid

 I doubt the above will happen but it would be a massive improvement the best option is probably if this is done through package distribution but the big difficult is pulling the code develiopment out of the dark age or should that be the vi age .

It strikes me as interesting the horror people  exhibit when you tell them you have disabled memory protection and hence the kernel transition.  Lets look at this in more detail.

1) Most oS run with the majority of code with NO protection . In both Linux , OSX and Windows most drivers , services and the kernel exist in a single large domain representing the majority of the code base. Any error in the code can bring a machine down or cause a security issue.

2) Critical software like routers often run on Embedded systems most of which dont have or use an MMU and hence dont have protection.

3) Many servers run a single application. eg SQL server.

So what is bad about running with no protection.

1) Students & Developers on  Time sharing systems . Obviously this is bad... quite a few students have brought machines down even with protection you dont need to make it worse.

2) Security . The whole address space is vissable which creates a security system.

So is it needed or not ?

Not on normal non shared systems , on personal computers or servers . However an extra layer of security is advisable  and moving user apps to a sandbox such as Java or .NET will give protection without the cost..

Is it SOOOS or SOOOS OS  ?

I use both the former is correct but the latter is better for blogs and search engines.

What does SOOOS stand for  ?

Service Oriented Object Operating System.

Does that means its like SOA ?

It is based on services  ( eg autonomous , discoverable and backward comptaible componets ) but they do not use the SOA  soap protocols just a programming interface  . Note however services may be exposed to be SOA services .

Is it a Linux based OS like Android or Chrome OS ?

XX

What platforms are supported ?

We support Arm ( including no mmu varients)  , i386 and  x86_64.  More are easily possible provided Mono  and Linux supports it , else we need a CIL -> native compiler .

What is the target market for SOOOS?

SOOOS has no goals as a desktop replacement. Its key areas are

Embedded systems - these have the issue that to make the environment and port apps is a verry laborious task especially between MMU based and non MMU devices. With Soos you can drop in a CIL assembly and it will work on all platforms and its fast.  We hope to support MIPS64 and Motorola .

Secure systems - ( This includes firewalls and routers) . As a capability system it will be far more secure . The goal is even if a user allows a trojan to run ( as admin* ) it will have minimal abbility to do compromise the system.  

 High performance Application servers -  SOOOS will be able to run .NET and Java server apps  providing a very high speed server. Note it is especially geared for up and comming chips like the Intel Terraflop chip and multi core arms.  

 What languages can SOOOS run?

Sooos will support java all .NET  languages .  C and C++ code is allowed but it provides no protection and must be distributed with the system .

 Why use Linux /Uclinux ?

See SOOOS Managed OS.

  Is it linux ?

Linux will be dominant at the start but components will be replaced quickly . At a 2 Meg overhead this is minimal as it allows the system to be usefull from the start. 

The main purpose of SOOOS is to

• Test Asyncronous IPC .
• Test capabilities
• Develop a new run time .
• Support only user mode drivers , apps and services.
• Allow apps to be broken down to encourage reuse , resiliance and self healing.
• Investigate any issue with software protection system

All the above can be done in a sandbox with NO performance penalty and the hope is eventually all the linux code will be ported at which point we remove features from the Linux kernel. For example

Driver

• Stage 1 Linux driver
• Stage 2 Linux Driver wrapped in a service wrapper ( eg unsafe code wrapped by the new run time)
• Stage 3 Clients use the new driver
• Stage 4 The unsafe code is converted.
• Stage 5 Linux code removed.

  Does it use a MMU / HW protection ?

With a software protection system both are pretty pointless , note with an MMU the system is likely to be significantly slower than Linux though we may be able to do something.

 Will you support swapping ?

Yes we can swap out blocks of memory that are unused though it would be that fine grained as paging , That being said there are advantages to Sequential disk access vs the Random access of paging.

 Will you support 3D or accelerated graphics ?

Yes though this needs more investigation . We may be able to wrap the ATI and Nvidia drivers  , though we may need to hack the exe to convert any calls from fork to vfork.  Opengl lib will be provided.

 What gui / console will you support ?

This needs to be thought about but it is likely there will ne no console (script are compiled )  as it is a crutch and a GUI based on Moonlight ( which will also serve as RDP/ Xwindows replacement)  with a set of consistancy guidelines.