Linked by Hadrien Grasland on Sat 5th Feb 2011 10:59 UTC
So you have taken the test and you think you are ready to get started with OS development? At this point, many OS-deving hobbyists are tempted to go looking for a simple step-by-step tutorial which would guide them into making a binary boot, do some text I/O, and other "simple" stuff. The implicit plan is more or less as follow: any time they'll think about something which in their opinion would be cool to implement, they'll implement it. Gradually, feature after feature, their OS would supposedly build up, slowly getting superior to anything out there. This is, in my opinion, not the best way to get somewhere (if getting somewhere is your goal). In this article, I'll try to explain why, and what you should be doing at this stage instead in my opinion.
Thread beginning with comment 461130
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Not always rational
by Alfman on Sun 6th Feb 2011 23:10
in reply to "RE[4]: Not always rational"
Member since:2011-01-28
"That's not what I said."
Sorry, I responded to your post quoting something which was from someone else.
"I've spent hours arguing on this precise subject with moondevil, I won't start over."
Fair enough, but it's not really adequate to dismiss my argument, there isn't even a citation.
"As said before, I'll believe it when I see it."
It doesn't exist yet, therefor you don't believe it could exist?
Neolander, I appreciate your view, but I cannot let you get away with that type of reasoning.
All of today's (major) kernels predate the advent of efficient VMs. With some original out of the box thinking, plus the benefit of the technological progress in the field in the past 15 years, a type safe efficient kernel is not far-fetched at all.
Per usual, the main impediments are political and financial rather than technological.
"Segmentation is disabled in AMD64 and non-existent in most non-x86 architectures, so I'm not sure it has much of a future."
That's exactly what I meant when I called it a legacy feature. However, conceivably the feature might not have been dropped if we had popular microkernels around using it.
"But then hand-crafted machine code and code from other compilers than yours could bypass system security... Unless you would forbid those ?"
You need to either trust your binaries are not malicious, or validate them for compliance somehow.
If we're running malicious kernel modules which are never the less "in spec", then there's not much any kernel can do. In any case, this is not a reason to dismiss a microkernel.
"It is possible to stress-test inter-module/process communication after implementing it and before implementing modules, or even while implementing it."
I am glad we agree here.
RE[6]: Not always rational
by Neolander on Mon 7th Feb 2011 08:25
in reply to "RE[5]: Not always rational"
Member since:2010-03-08
It doesn't exist yet, therefor you don't believe it could exist?
Neolander, I appreciate your view, but I cannot let you get away with that type of reasoning.
All of today's (major) kernels predate the advent of efficient VMs. With some original out of the box thinking, plus the benefit of the technological progress in the field in the past 15 years, a type safe efficient kernel is not far-fetched at all.
Per usual, the main impediments are political and financial rather than technological.
Neolander, I appreciate your view, but I cannot let you get away with that type of reasoning.
All of today's (major) kernels predate the advent of efficient VMs. With some original out of the box thinking, plus the benefit of the technological progress in the field in the past 15 years, a type safe efficient kernel is not far-fetched at all.
Per usual, the main impediments are political and financial rather than technological.
Okay, let's explain my view in more details.
First, let's talk about performance. I've been seeing claims that interpreted, VM-based languages, can replace C/C++ everywhere for some times. That they now are good enough. I've seen papers, stats, and theoretical arguments for this to be true. Yet when I run a Java app, that's not what I see. As of today, I've seen exactly one complex java application which had almost no performance problems on a modern computer : the Revenge of the Titans game. Flash is another good example of popular interpreted language which eats CPU (and now GPU) time for no good reason. It's also fairly easy to reach the limits of Python's performance, in that case I've done it myself with some very simple programs. In short, these languages are good for light tasks, but still not for heavy work, in my experience.
So considering all of that, what I believe now is that either the implementation of current interpreters sucks terribly, or that they only offer the performance they claim to offer when developers use some specific programming practices that increase the interpreter's performance.
If it's the interpreter implementation, then we have a problem. Java has been here for more than 20 years, yet it would still not have reached maturity ? Maybe what this means is that although theoretically feasible, "good" VMs are too complex to actually be implemented in practice.
If it's about devs having to adopt specific coding practices in order to make code which ran perfectly well in C/C++ run reasonably well in Java/Flash/Python... Then I find it quite ironical, for something which is supposed to make developer's life easier. Let's see if the "safe" language clan will one day manage to make everyone adopt these coding practice, I'll believe it when I see it.
Apart from the performance side of things, in our specific case (coding a kernel in a "safe" language that we'll now call X), there's another aspect of things to look at. I'm highly skeptical about the fact that those languages could work well at the OS level AND bring their usual benefits at the same time.
If we only code a minimal VM implementation, ditching all the complex features, what we end up having is a subset of X that is effectively perfectly equivalent to C, albeit maybe with slightly worse performance. Code only a GC implementation, and your interpreter now has to do memory management. Code threads, and it has to manage multitasking and schedule things. Code pointer checks, and all X code which needs lots of pointers see its performance sink. In short, if you get something close the the desktop language X experience, and get all of the usual X benefit in terms of safety, your interpreter ends up becoming a (bloated) C/C++ monolithic kernel in its own right.
Then there are some hybrid solutions, of course. If you want some challenge and want to reduce the amount of C/C++ code you have to a minimal level, you can code memory management with a subset of X that does not have GC yet. You can code pointer-heavy code with a subset of X where pointer checks are disabled. And so on. But except for proving a point, I don't see a major benefit in doing this instead of assuming that said code is dirty by its very nature and just coding it in C/C++ right away.
That's exactly what I meant when I called it a legacy feature. However, conceivably the feature might not have been dropped if we had popular microkernels around using it.
Yes, but you did not answer my question. Why would they have used segmentation instead of flat seg + paging ? What could have segmentation permitted that paging cannot ?
You need to either trust your binaries are not malicious, or validate them for compliance somehow.
If we're running malicious kernel modules which are never the less "in spec", then there's not much any kernel can do. In any case, this is not a reason to dismiss a microkernel.
If we're running malicious kernel modules which are never the less "in spec", then there's not much any kernel can do. In any case, this is not a reason to dismiss a microkernel.
Again, I do not dismiss microkernels. But I do think that forcing a specific, "safe" compiler in the hand of kernel module devs is a bad idea.
Edited 2011-02-07 08:41 UTC
RE[5]: Not always rational
by Kochise on Mon 7th Feb 2011 19:42
in reply to "RE[4]: Not always rational"
Member since:2006-03-03
"In short, I'll believe that it's possible to write a decent desktop OS in a "safe" language when I see it."
http://programatica.cs.pdx.edu/House/
http://web.cecs.pdx.edu/~kennyg/house/
Now bend down and praise the Lords...
Kochise
RE[6]: Not always rational
by Neolander on Mon 7th Feb 2011 20:11
in reply to "RE[5]: Not always rational"
Member since:2010-03-08
This thing has an awful tendency to have one of my CPU cores run amok, I wonder if it uses timer interrupts properly... But indeed, I must admit that apart from that it does work reasonably well.
Now bend down and praise the Lords...
*bends down indeed, impressed by how far people have gone with what looks like a language only suitable for mad mathematicians when browsing code snippets*
However, I wonder : if haskell is a "safe" language, how do they manage to create a pointer targeting a specific memory region, which is required e.g. for VESA VBE ? Or to trigger BIOS interrupts ?
Edited 2011-02-07 20:21 UTC
RE[6]: Not always rational
by renox on Tue 8th Feb 2011 09:50
in reply to "RE[5]: Not always rational"
Member since:2005-07-06
"In short, I'll believe that it's possible to write a decent desktop OS in a "safe" language when I see it."
http://programatica.cs.pdx.edu/House/
http://web.cecs.pdx.edu/~kennyg/house/
Now bend down and praise the Lords...
Kochise
http://programatica.cs.pdx.edu/House/
http://web.cecs.pdx.edu/~kennyg/house/
Now bend down and praise the Lords...
Kochise
Well, I for one, consider that a *decent desktop OS* needs to be able to run:
-an HW accelerated games such as Doom3.
-a fully featured webbrowser
-a fully featured office suite (say LibreOffice).
Wake me up when they reach this point..
And then there is also the issue of hardware support..
News
Linked by Thom Holwerda on 05/20/13 22:43 UTC
The Verge pointed me to a blog post by Leap Motion - which reveals how their Kinect-like motion control works with Windows 8. "From the second you plug in your Leap Motion Controller, you'll be able to browse the web and interact with your computer just by moving your hands and fingers in the air. With Leap Motion technology and Windows, you can do everything that's possible with multi-touch inputs - without actually touching anything. This also means that existing applications in Windows 7 and 8 will respond to your natural hand and finger movements. Soon, we'll show you how Leap Motion will work with Mac OS X." Quite cool.
Linked by Thom Holwerda on 05/20/13 21:50 UTC
PocketNow interviews Marc Dillon, and there's an interesting note about why Jolla is keeping the display properties under wraps: "We're leaving some of those details out because we do understand that there are a lot of really big players in the market and they tend to take certain components in the market and dominate them. We created the ability to actually be able to run Sailfish on multiple hardware displays and be able to swap components, so this is part of the demand and supply planning phase. We are committed to this industrial design which is a 4.5-inch display, an 8 megapixel camera on the back and a front-facing camera at the front, and the exact specs of the display we'll provide when we're close to delivery." Something you rarely hear anything about.
Linked by Thom Holwerda on 05/19/13 23:15 UTC
"This is my NeXTstation Turbo Color booting the Mac System 7.1 Operating System using a hardware add-on called 'Daydream'. The Daydream has a Mac ROM and a few custom ICs in it and hooked up to the NeXTs DSP port. Turns your NeXT into a full fledged 68k powered Mac." So cool.
Linked by Thom Holwerda on 05/19/13 23:11 UTC, submitted by Drumhellar
"The NetBSD Project is pleased to announce NetBSD 6.1, the first feature update of the NetBSD 6 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Please note that all fixes in the prior security/bugfix updates (NetBSD 6.0.1 and 6.0.2) are also in 6.1."
Linked by Thom Holwerda on 05/18/13 21:06 UTC
"At the end of a week in which Electronic Arts confirmed it wasn't developing a thing for the Wii U, one of the software engineers in EA Sports' Canada studio, in a series of since-deleted tweets, disparaged the console as 'crap' and suggested Nintendo should give up on hardware altogether. 'The Wii U is crap. Less powerful than an Xbox 360. Poor online/store. Weird tablet', tweeted Bob Summerwill, listed as a senior software engineer at EA Canada, in a reply to a tweet posting a link about EA's no-Wii U news. 'Nintendo are walking dead at this point'." The Wii U is turning into the 21st century's Virtual Boy.
Linked by Thom Holwerda on 05/18/13 7:37 UTC
"In NixOS, the entire operating system - the kernel, applications, system packages, configuration files, and so on - is built by the Nix package manager from a description in a purely functional build language. The fact that it's purely functional essentially means that building a new configuration cannot overwrite previous configurations. Most of the other features follow from this." Interesting approach. A Linux distribution, sure, but with some very refreshing ideas about system configuration.
Linked by fran on 05/18/13 1:38 UTC
Appfour added, among other features, C/C++ support to its new version of AIDE. From Android-IDE, "Now you can write parts of your app or your whole app in C/C++ on your device. AIDE supports the Standard Android NDK toolchain (GCC 4.6 + Bionic, STL, ...). No changes are necessary if you want to build an app developed on a PC with Eclipse. C/C++ development is fully integrated: Build errors appear in the error list and files can easily be navigated to with Go to file. The editor supports C/C++ syntax highlighting."
Linked by Thom Holwerda on 05/17/13 23:35 UTC, submitted by kragil
Ars nails it: "The answer is that Google did announce what amounts to a fairly substantial Android update yesterday. They simply did it without adding to the update fragmentation problems that continue to plague the platform. By focusing on these changes and not the apparently-waiting-in-the-wings update to the core software, Google is showing us one of the ways in which it's trying to fix the update problem."
Linked by MOS6510 on 05/17/13 22:22 UTC
"It is good for programmers to understand what goes on inside a processor. The CPU is at the heart of our career. What goes on inside the CPU? How long does it take for one instruction to run? What does it mean when a new CPU has a 12-stage pipeline, or 18-stage pipeline, or even a 'deep' 31-stage pipeline? Programs generally treat the CPU as a black box. Instructions go into the box in order, instructions come out of the box in order, and some processing magic happens inside. As a programmer, it is useful to learn what happens inside the box. This is especially true if you will be working on tasks like program optimization. If you don't know what is going on inside the CPU, how can you optimize for it? This article is about what goes on inside the x86 processor's deep pipeline."
Linked by Thom Holwerda on 05/17/13 22:15 UTC, submitted by Tom
"It was the only moment I heard regret slip into Otellini's voice during the several hours of conversations I had with him. 'The lesson I took away from that was, while we like to speak with data around here, so many times in my career I've ended up making decisions with my gut, and I should have followed my gut,' he said. 'My gut told me to say yes.'" The world would've been a much different place - Apple would have been less dependant on Samsung for its chips, which probably would've meant less money for Samsung to develop its Galaxy business.More News »
Sponsored Links
Member since:
2010-03-08
I've spent hours arguing on this precise subject with moondevil, I won't start over. In short, I'll believe that it's possible to write a decent desktop OS in a "safe" language when I see it.
In meantime, microkernels offer the advantage of reducing much the impact of failures and exploits., when there are some. A buggy process can only have the impact it's authorized to have.
That's not what I said. My take on the subject is that microkernels can obviously not have the same performance as a macrokernel (some optimization is only possible when kernel components share a common address space), but that they can have sufficient performance for desktop use.
Then you do not have a microkernel, but a modular monolithic kernel. Putting components in separate processes is afaik a defining characteristic of microkernels.
1. Code could be written in a type safe language under a VM such as Java or Mono. The calls for IPC could be implemented by exchanging data pointers between VMs sharing a common heap or memory space without changing CPU rings. Individual models would never step on each other despite existing in the same memory space.
Not only is this approach plausible, I think it's realistic given the current performance and transparency of JIT compilers.
As said before, I'll believe it when I see it.
Note that microkernels are not incompatible with shared memory regions between processes, though. It's one of the niceties which paging permits. In fact, I believe that they are the key to fast IPC.
Segmentation is disabled in AMD64 and non-existent in most non-x86 architectures, so I'm not sure it has much of a future. Besides... How would you want to use it ? If you prevent each process from peeking in other process' address space, then they need IPC to communicate with each other. But perhaps you had something more subtle in mind ?
But then hand-crafted machine code and code from other compilers than yours could bypass system security... Unless you would forbid those ?
It is possible to stress-test inter-module/process communication after implementing it and before implementing modules, or even while implementing it. The problem is to determine what is good enough performance at this early stage. Better make code as flexible as possible.
Edited 2011-02-06 14:15 UTC