CS262B Reading Summary
Extensibility, Safety and Performance in the SPIN
Operating System
Brian N. Bershad, Stefan Savage et al
Feng Zhou
1/25/2004
SPIN is an extensible OS with language-based safety as its
hallmark. Major strengths of the paper are:
- The SPIN kernel is implemented using a "safe" language:
Modula-3. This enables SPIN to support fine-grained and flexible
extensibility without losing safety. Essentially the external
modules are running in the same address space as the kernel but the
compiler ensures that they can neither read or corrupt kernel memory
that they are not supposed to touch, much as what is done in
Java. This is also similar to the Emerald system supporting
fine-grained object mobility. The strength of this is that by
placing all extensions directly into the kernel, the problems of large
communication overhead and scheduling overhead of RPC-based extensions
are gone immediately.
- Using a safe language only achieves safety, not necessarily
extensibility. The extension model, i.e. how the kernel interacts
with the external modules, is what gives extensibility to the
kernel. SPIN uses events as the basic form of communcation.
Communication inside the kernel itself is also done with events.
Thus this enables fine-grained extension by letting external modules
listen to interesting events. The extension model assigns a
default handler to each event. The default handler can programmatically
determine whether a certain event can be handled to a external module.
One major flaw:
In general, memory-safe languages like Modula-3 or Java are more "heavy
weight" than C in which most OS kernels are written. Although raw
arithmetic performance of these languages are nowadays near that of C,
systems written in them are mostly slower. Apart from limited
memory and pointer manipulation functionality, the introduction of
garbage collectors incurs performance penalty and unexpected stalls,
which especially bad for embedded systems.