Michael Hiemstra tipped me off about the latest in the distinguished Lecture Series at the University of Waterloo: a talk by Andrew Tanenbaum on MINIX 3. Michael was unfortunately not able to make it, so I thought I’d write him a brief summary.
He didn’t veer much from what you can find on MINIX 3 website.
He began by saying that the current crop of popular operating systems (Windows, Linux, FreeBSD, etc) is miserably unreliable. And it’s no wonder. Their kernels contain millions of lines of source code, which, if we are to believe most studies, contain bugs at a rate of about 6-16 per thousand lines of code. What’s more, the buggiest part of these operating systems, the hardware drivers, operate at the kernel level, leading any bug in any driver to crash the entire system. He likened this design to an aircraft carrier where every time a toilet backs up, it launches some missiles.
MINIX aims to be a reliable operating system. It accomplishes this by having a very small kernel (~4000 lines of code) whose primary responsibility is interprocess communication. Drivers run as user processes so that when they crash, they don’t bring down the entire system. In fact, another service (called the reincarnation service) monitors all the drivers and restarts any that have crashed or no longer respond to pings.
It is a layered operating system. Applications utilize services that utilize drivers that utilize the kernel. Communication between the various layers is conducted via fixed-length messages. Because the messages are fixed length and because data and instructions are kept separate in the runtime image, the potential for buffer overflow vulnerabilities is greatly reduced.
He put up some performance benchmarks that show that by running the drivers in user space, the system is slightly slower than the traditional monolithic kernel approach, but not enough to keep any reasonable person from using it (~12% on average), especially given the higher reliability.
It was an entertaining talk, and well worth the trip. They even handed out bootable CDs with MINIX on it. It’s a shame Michael couldn’t make it. I think he would have enjoyed it.
Ken Dyck 