Embed Size (px)
DESCRIPTION
Over the last six years, Galois has been developing the Haskell Lightweight Virtual Machine, or HaLVM, a lightweight virtual machine that runs directly on the Xen hypervisor. The HaLVM's design is based on a notion of minimalism: Authors of HaLVM domains include only those libraries and features they require, allowing the HaLVM to have a very small initial resource footprint that scales in a very obvious fashion. In doing so, we hope to combine the minimalism and flexibility of a small kernel with an extended set of libraries with the simplicity and reliability of the strongly typed, high-level language Haskell. While initially designed for running operating system design experiments, the HaLVM has grown over time to be a suitable platform for writing simple network appliances with a very narrow resource footprint. This work has been enabled by other Galois projects: a TCP-compliant network stack written in Haskell, and a fairly-complete file system written in Haskell. In the end, because we use Haskell and provide these libraries at the Haskell level, programmers can create complex software structures quickly, easily, and with the added assurance that the Haskell type system provides. In this talk, we will provide an overview of the HaLVM and its design principles - pointing out where the HaLVM shines and where it is weak - and continue with some of our experiences using it over the last six years.
Citation preview
The HaLVMA Simple Platform for Simple Platforms
Adam Wick | XenSummit | August 27th, 2012
© 2012 Galois, Inc. All rights reserved.
The What?
HaLVMHaskell Virtual Machine
Lightweight
A port of the Haskell
programming language
that runs directly atop
the Xen hypervisor
designed to run in minimal environments
© 2012 Galois, Inc. All rights reserved.
Wait, what?
Xen
Linux
top
nethack
httpd
haskellprogram
HaLVM
haskellprogram
© 2012 Galois, Inc. All rights reserved.
Why would you do such a thing?
Strangely enough, we did this because we were doing designwork in microkernel-based operating systems.
Typical component communication graphs for microkernel-based OSes look something like this.
It is very easy to create designs that look good on a white board, but include issues that make the system impossible to boot.
We designed the HaLVM as a quick way to show feasibility.
© 2012 Galois, Inc. All rights reserved.
Simple Testing Apparatus
Xen
main = do block <- openBlockDeviceChannel dev <- openOutputChannel crypto <- openCryptoDeviceChannel print “Encrypted Disk Booted!”
© 2012 Galois, Inc. All rights reserved.
?Interlude
You may be wondering why I’m talking about a tool for doing explorations of component breakdowns for microkernel-
based operating systems during a workshop about developing cloud-based services based on Xen.
OS Dev.Tool
Net Serv.Tool
CloudTool?
© 2012 Galois, Inc. All rights reserved.
How does this happen?
main = do block <- openBlockDeviceChannel dev <- openOutputChannel crypto <- openCryptoDeviceChannel print “Encrypted Disk Booted!”
Nifty, but only checks that boot works in our imagined world.
Fails if we forgot any prerequisites in our design, and low-level details of drivers and OS components are really easy to forget.
main = do block <- openBlockDeviceChannel dev <- openOutputChannel crypto <- openCryptoDevice startServiceLoop reqchan crypto block
So we let each component get more and more detailed …
© 2012 Galois, Inc. All rights reserved.
Focus on Small (and Fast)
We are not kidding on the size of the graphs we wanted to test with. One of our early projects involved 15+ domains.
Space usage and load speed quickly became critical constraints.
15 domains * 10 second boot time = 2½ minutes to start15 domains * 64MB footprint = 960MB basic req.
Focus on quick and fast:→ The HaLVM boots in milliseconds→ The HaLVM uses as little as 4MB
We are typically limited by Xen, not by design.
© 2012 Galois, Inc. All rights reserved.
Abstraction Makes The Heart Grow Fonder
We designed the HaLVM to easily support this expansion by starting with the smallest core implementation possible and then providing the facilities for more complex behavior to be implemented as (layered) libraries.
Low-level Xen Integration
GC, Threading Layer, Etc.
HaLVM Core Library
XenBus Library Communications Library PCI Library
Rendezvous Library Disk Driver NIC Driver TCP/IP
Program Code
© 2012 Galois, Inc. All rights reserved.
Abstraction Makes The Heart Grow Fonder
The nice thing about this methodology is that programs use only the libraries they need, and thus only pay the space and initialization cost of the libraries they need.
Low-level Xen Integration
GC, Threading Layer, Etc.
HaLVM Core Library
XenBus Library Communications Library PCI Library
Rendezvous Library Disk Driver NIC Driver TCP/IP
Program Code
© 2012 Galois, Inc. All rights reserved.
Abstraction Makes The Heart Grow Fonder
The nice thing about this methodology is that programs use only the libraries they need, and thus only pay the space and initialization cost of the libraries they need.
Low-level Xen Integration
GC, Threading Layer, Etc.
HaLVM Core Library
XenBus Library Communications Library PCI Library
Rendezvous Library Disk Driver NIC Driver TCP/IP
Program Code
© 2012 Galois, Inc. All rights reserved.
Abstraction Makes The Heart Grow Fonder
The nice thing about this methodology is that programs use only the libraries they need, and thus only pay the space and initialization cost of the libraries they need.
Low-level Xen Integration
GC, Threading Layer, Etc.
HaLVM Core Library
XenBus Library Communications Library PCI Library
Rendezvous Library Disk Driver NIC Driver TCP/IP
Program Code
© 2012 Galois, Inc. All rights reserved.
Wait, What Did We Just Do?
At some point it occurred to us that we had developed something that was actually useful on its own, rather than a tool for OS design work.
If you can speak Ethernet to a network and write blocks to a disk, then some
interesting possibilities emerge for small software network devices:
HaLVM random number generators, HaLVM traffic monitors, HaLVM alert systems, HaLVM chat servers, HaLVM time
servers, HaLVM encryption servers, HaLVM storage servers …
© 2012 Galois, Inc. All rights reserved.
If only we had …
If you can speak Ethernet to a network and write blocks to a disk, then some
interesting possibilities emerge for small software network devices …
but blocks on a disk quickly becomes a burdensome interface; you really want a file system
and Ethernet is a bit low level for most network programs; you really want a whole TCP/IP stack
© 2012 Galois, Inc. All rights reserved.
We Really Like Haskell
but blocks on a disk quickly becomes a burdensome interface; you really want a file system
and Ethernet is a bit low level for most network programs; you really want a whole TCP/IP stack
Halfs: The Haskell File System
HaNS: The Haskell Network Stack
© 2012 Galois, Inc. All rights reserved.
Wait, what have we built?!
Now armed with a file system and a network stack, we had an interesting little platform for writing lightweight, single-purpose cloud services.
… which works on Xen
… which explains why I’m talking to you right now
OS Dev.Tool
Net Serv.Tool
CloudTool!
© 2012 Galois, Inc. All rights reserved.
… mostly
CloudTool!
This picture made a great little slide addition.
CloudTool?But this picture is probably a bit more honest.
The HaLVM is a work in progress. There are some rough edges – particularly around network stack and file system integration – but the basis is there. It will get better with time, particularly if interested parties contribute.
© 2012 Galois, Inc. All rights reserved.
So, A Cloud Service Framework
Xen
Linux
top
nethack
httpd
haskellprogram
HaLVM
haskellprogram
Remember this picture?
This picture also highlights when and why you would choose to use a HaLVM, rather than a more traditional, Linux-based approach.
big small
© 2012 Galois, Inc. All rights reserved.
Why and Why Not
The HaLVM offers a very lightweight platform for writing simple cloud services, at the cost of more limited functionality and less access to the very highest-speed utilities.
Does your service need a high-speed database server hooked up to fast business logic with a low-latency web server?
Does it need it right now?
top
nethack
httpd
haskellprogram
Linux HaLVM
haskellprogram
© 2012 Galois, Inc. All rights reserved.
Why and Why Not
HaLVM
haskellprogram
top
nethack
httpd
haskellprogram
Linux
Good for small, single-purpose cloud services with limited dependencies.
Good for more complicated systems with many system dependencies.
Saves money on cloud service costs via lowered
memory and disk footprint.
Larger selection of tools and frameworks for developing
your application.
© 2012 Galois, Inc. All rights reserved.
That’s it …
So that is the HaLVM.
A nifty platform for developing simple cloud services.
A nifty platform for creating critical, isolated services.
Oh, and it’s free, and available on GitHub:
Base HaLVM
Network Stack
File System
https://github.com/GaloisInc/HaLVM
https://github.com/GaloisInc/HaNS
https://github.com/GaloisInc/Halfs
© 2012 Galois, Inc. All rights reserved.
… I’m done.
Base HaLVM
Network Stack
File System
https://github.com/GaloisInc/HaLVM
https://github.com/GaloisInc/HaNS
https://github.com/GaloisInc/Halfs
Questions, comments, or suggestions:now or at [email protected]
Also see the HaLVM mailing list athttp://community.galois.com/mailman/listinfo/halvm-devel
