Kernel (computer Science) Article Index for
Kernel 		Website Links For
Kernel 		 

Information About

Kernel (computer Science)
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



In computer science, the kernel is the central component of most computer Operating System s (OS). Its responsibilities include managing the system's resources (the communication between Hardware and Software components). As a basic component of an operating system, a kernel provides the lowest-level Abstraction Layer for the resources (especially Memory , Processors and I/O Devices ) that application software must control to perform its function. It typically makes these facilities available to Application Processes through Inter-process Communication mechanisms and System Call s.

These tasks are done differently by different kernels, depending on their design and implementation. While Monolithic Kernel s will try to achieve these goals by executing all the code in the same Address Space to increase the performance of the system, Microkernel s run most of their services in User Space , aiming to improve maintainability and modularity of the codebase.Roch 2004 A range of possibilities exists between these two extremes.


OVERVIEW

as a series of abstraction layers: Hardware , Firmware , Assembler , kernel, Operating System and Applications (see also Tanenbaum 79).]]
On the definition of 'kernel' Jochen Liedtke said that the word is "traditionally used to denote the part of the operating system that is mandatory and common to all other software."Liedtke 95

Most operating systems rely on the kernel concept. The existence of a kernel is a natural consequence of designing a computer system as a series of Abstraction Layer s,Tanenbaum 79, chapter 1 each relying on the functions of layers beneath itself. The kernel, from this viewpoint, is simply the name given to the lowest level of abstraction that is implemented in Software . In order to avoid having a kernel, one would have to design all the software on the system not to use abstraction layers; this would increase the complexity of the design to such a point that only the simplest systems could feasibly be implemented.

While it is today mostly called the ''kernel'', the same part of the operating system has also in the past been known as the ''nucleus'' or '''''core'''''.Deitel 82, p.65-66 cap. 3.9Lorin 81 pp.161-186, Schroeder 77, Shaw 75 pp.245-267Wulf 74 pp.337-345Brinch Hansen 70 pp.238-241 (Note, however, that the term ''core'' has also been used to refer to the primary memory of a computer system, typically because some early computers used a form of memory called Core Memory .)

In most cases, the Boot Loader starts executing the kernel in Supervisor Mode ,The highest privilege level has various names throughout different architectures, such as supervisor mode, kernel mode, CPL0, DPL0, Ring 0, etc. See Ring (computer Security) for more information. The kernel then initializes itself and starts the first process. After this, the kernel does not typically execute directly, only in response to external events (e.g. via system calls used by applications to request services from the kernel, or via Interrupt s used by the hardware to notify the kernel of events). Additionally, the kernel typically provides a loop that is executed whenever no processes are available to run; this is often called the ''idle process''.

Kernel development is considered one of the most complex and difficult tasks in programming. Bona Fide OS Development - Bran's Kernel Development Tutorial , by Brandon Friesen Its central position in an operating system implies the necessity for good performance, which defines the kernel as a critical piece of software and makes its correct design and implementation difficult. For various reasons, a kernel might not even be able to use the Abstraction mechanisms it provides to other software. Such reasons include Memory Management concerns (for example, a user-mode function might rely on memory being subject to Demand Paging , but as the kernel itself provides that facility it cannot use it, because then it might not remain in memory to provide that facility) and lack of Reentrancy , thus making its development even more difficult for software engineers.

A kernel will usually provide features for low-level schedulingfor low level scheduling see Deitel 82, chap.10 pp.249-268 of processes ( Dispatching ), Inter-process Communication , process Synchronization , Context Switch , manipulation of Process Control Block s, Interrupt handling, process creation and destruction, process suspension and resumption (see Process States ).


KERNEL BASIC FACILITIES

The kernel's primary purpose is to manage the computer's resources and allow other programs to run and use these resources. Typically, the resources consist of:
  • The CPU (frequently called the processor). This is the most central part of a computer system, responsible for ''running'' or ''executing'' programs on it. The kernel takes responsibility for deciding at any time which of the many running programs should be allocated to the processor or processors (each of which can usually run only one program at a time)

  • The computer's Memory . Memory is used to store both program instructions and data. Typically, both need to be present in memory in order for a program to execute. Often multiple programs will want access to memory, frequently demanding more memory than the computer has available. The kernel is responsible for deciding which memory each process can use, and determining what to do when not enough is available.

  • Any Input/Output (I/O) devices present in the computer, such as keyboard, mouse, disk drives, printers, displays, etc. The kernel allocates requests from applications to perform I/O to an appropriate device (or subsection of a device, in the case of files on a disk or windows on a display) and provides convenient methods for using the device (typically abstracted to the point where the application does not need to know implementation details of the device)


Key aspects necessary in resource managements are the definition of an execution domain ( Address Space ) and the protection mechanism used to mediate the accesses to the resources within a domain.

Kernels also usually provide methods for Synchronization and Communication between processes (called ''inter-process communication'' or IPC).

A kernel may implement these features itself, or rely on some of the processes it runs to provide the facilities to other processes, although in this case it must provide some means of IPC to allow processes to access the facilities provided by each other.

Finally, a kernel must provide running programs with a method to make requests to access these facilities.


Process management

The main task of a kernel is to allow the execution of applications and support them with features such as hardware abstractions. A process defines which memory portions the application can accessLevy 1984, p.5 (for this introduction, process, application and program are used as synonymous) Kernel Process Management must take into account the hardware built-in equipment for Memory Protection .Needham, R.M., Wilkes, M. V. '' Domains of protection and the management of processes '', Computer Journal, vol. 17, no. 2, May 1974, pp 117-120.

To run an application, a kernel typically sets up an Address Space for the application, loads the file containing the application's code into memory (perhaps via Demand Paging ), sets up a Stack for the program and branches to a given location inside the program, thus starting its execution.Silberschatz 1990

Multi-tasking kernels are able to give the user the illusion that the number of processes being run simultaneously on the computer is higher than the maximum number of processes the computer is physically able to run simultaneously. Typically, the number of processes a system may run simultaneously is equal to the number of CPUs installed (however this may not be the case if the processors support Simultaneous Multithreading ).

In a Pre-emptive Multitasking system, the kernel will give every program a slice of time and switch from process to process so quickly that it will appear to the user as if these processes were being executed simultaneously. The kernel uses Scheduling Algorithm s to determine which process is running next and how much time it will be given. The algorithm chosen may allow for some processes to have higher priority than others. The kernel generally also provides these processes a way to communicate; this is known as Inter-process Communication (IPC) and the main approaches are Shared Memory , Message Passing and Remote Procedure Call s (see Concurrent Computing ).

Other systems (particularly on smaller, less powerful computers) may provide Co-operative Multitasking , where each process is allowed to run uninterrupted until it makes a special request that tells the kernel it may switch to another process. Such requests are known as "yielding", and typically occur in response to requests for interprocess communication, or for waiting for an event to occur. Older versions of Windows and Mac OS both used co-operative multitasking but switched to pre-emptive schemes as the power of the computers to which they were targeted grew.

The operating system might also support Multiprocessing ( SMP or Non-Uniform Memory Access ); in that case, different programs and threads may run on different processors. A kernel for such a system must be designed to be re-entrant, meaning that it may safely run two different parts of its code simultaneously. This typically means providing Synchronization mechanisms (such as Spinlock s) to ensure that no two processors attempt to modify the same data at the same time.


Memory management

The kernel has full access to the system's memory and must allow processes to safely access this memory as they require it. Often the first step in doing this is Virtual Addressing , usually achieved by Paging and/or Segmentation . Virtual addressing allows the kernel to make a given physical address appear to be another address, the virtual address. Virtual address spaces may be different for different processes; the memory that one process accesses at a particular (virtual) address may be different memory from what another process accesses at the same address. This allows every program to behave as if it is the only one (apart from the kernel) running and thus prevents applications from crashing each other.

On many systems, a program's virtual address may refer to data which is not currently in memory. The layer of indirection provided by virtual addressing allows the operating system to use other data stores, like a Hard Drive , to store what would otherwise have to remain in main memory (RAM). As a result, operating systems can allow programs to use more memory than the system has physically available. When a program needs data which is not currently in RAM, the CPU signals to the kernel that this has happened, and the kernel responds by writing the contents of an inactive memory block to disk (if necessary) and replacing it with the data requested by the program. The program can then be resumed from the point where it was stopped. This scheme is generally known as Demand Paging .

Virtual addressing also allows creation of virtual partitions of memory in two disjointed areas, one being reserved for the kernel ( Kernel Space ) and the other for the applications ( User Space ). The applications are not permitted by the processor to address kernel memory, thus preventing an application from damaging the running kernel. This fundamental partition of memory space has contributed much to current designs of actual general-purpose kernels and is almost universal in such systems, although some research kernels (e.g. Singularity ) take other approaches.


Device management

To perform useful functions, processes need access to the Peripheral s connected to the computer, which are controlled by the kernel through Device Driver s. For example, to show the user something on the screen, an application would make a request to the kernel, which would forward the request to its display driver, which is then responsible for actually plotting the character/pixel.

A kernel must maintain a list of available devices. This list may be known in advance (e.g. on an embedded system where the kernel will be rewritten if the available hardware changes), configured by the user (typical on older PCs and on systems that are not designed for personal use) or detected by the operating system at run time (normally called Plug And Play ).

In a plug and play system, a device manager first performs a scan on different Hardware Bus es, such as Peripheral Component Interconnect (PCI) or Universal Serial Bus (USB), to detect installed devices, then searches for the appropriate drivers.

As device management is a very OS-specific topic, these drivers are handled differently by each kind of kernel design, but in every case, the kernel has to provide the I/O to allow drivers to physically access their devices through some port or memory location. Very important decisions have to be made when designing the device management system, as in some designs accesses may involve Context Switch es, making the operation very CPU-intensive and easily causing a significant performance overhead.


System calls


To actually perform useful work, a process must be able to access the services provided by the kernel. This is implemented differently by each kernel, but most provide a C Library or an API , which in turn invoke the related kernel functions.

The method of invoking the kernel function varies from kernel to kernel. If memory isolation is in use, it is impossible for a user process to call the kernel directly, because that would be a violation of the processor's access control rules. A few possibilities are:
  • Using a software-simulated Interrupt . This method is available on most hardware, and is therefore very common.

  • Using a Call Gate . A call gate is a special address which the kernel has added to a list stored in kernel memory and which the processor knows the location of. When the processor detects a call to that location, it instead redirects to the target location without causing an access violation. Requires hardware support, but the hardware for it is quite common.

  • Using a special system call instruction. This technique requires special hardware support, which common architectures (notably, X86 ) may lack. System call instructions have been added to recent models of x86 processors, however, and some (but not all) operating systems for PCs make use of them when available.

  • Using a memory-based queue. An application that makes large numbers of requests but does not need to wait for the result of each may add details of requests to an area of memory that the kernel periodically scans to find requests.



KERNEL DESIGN DECISIONS



Issues of kernel support for protection

An important consideration in the design of a kernel is the support it provides for protection from faults ( Fault Tolerance ) and from malicious behaviors ( Security ). These two aspects are usually not clearly distinguished, and the Adoption Of This Distinction in the kernel design leads to the rejection of a Hierarchical Structure For Protection .

The mechanisms or policies provided by the kernel can be classified according to several criteria, as: static (enforced at Compile Time ) or dynamic (enforced at Runtime ); preemptive or post-detection; according to the protection principles they satisfy (i.e. Denning Denning 1976Swift 2005, p.29 quote: "isolation, resource control, decision verification (checking), and error recovery."); whether they are hardware supported or language based; whether they are more an open mechanism or a binding policy; and many more.


Fault tolerance

A useful measure of the level of fault tolerance of a system is how closely it adheres to the , and is necessary to prevent processes from accessing information without being granted permission.

The two major hardware approachesSwift 2005 p.26 for protection (of sensitive information) are Hierarchical Protection Domains (also called Ring architectures, segment architectures or Supervisor Mode ),Intel Corporation 2002 and Capability-based Addressing .Houdek et al. 1981

s, such as in the X86 , are a common implementation of Hierarchical Protection Domains used in many commercial systems to have some level of fault tolerance.]]
Hierarchical protection domains are much less flexible, as is the case with every kernel with a hierarchical structure assumed as global design criterion. In the case of protection it is not possible to assign different privileges to processes that are at the same privileged level, and therefore is not possible to satisfy Denning's four principles for fault tolerance (particularly the Principle of least privilege). Hierarchical protection domains also have a major performance drawback, since interaction between different levels of protection, when a process has to manipulate a data structure both in 'user mode' and 'supervisor mode', always requires message copying (transmission By Value ).Hansen 73, section 7.3 p.233 "''interactions between different levels of protection require transmission of messages by value''" A kernel based on capabilities, however, is more flexible in assigning privileges, can satisfy Denning's fault tolerance principles,Linden 76 and typically doesn't suffer from the performance issues of copy by value.

Both approaches typically require some hardware or firmware support to be operable and efficient. The hardware support for hierarchical protection domainsSchroeder 72 is typically that of " CPU Modes ." An efficient and simple way to provide hardware support of capabilities is to delegate the MMU the responsibility of checking access-rights for every memory access, a mechanism called Capability-based Addressing . Most commercial computer architectures lack MMU support for capabilities.
An alternative approach is to simulate capabilities using commonly-support hierarchical domains; in this approach, each protected object must reside in an address space that the application does not have access to; the kernel also maintains a list of capabilities in such memory. When an application needs to access an object protected by a capability, it performs a system call and the kernel performs the access for it. The performance cost of address space switching limits the practicality of this approach in systems with complex interactions between objects, but it is used in current operating systems for objects that are not accessed frequently or which are not expected to perform quickly.Stephane Eranian & David Mosberger, Virtual Memory in the IA-64 Linux Kernel , Prentice Hall PTR, 2002Silberschatz & Galvin, Operating System Concepts, 4th ed, pp445 & 446


Security


  The "http://wwwinformationdelightinfo/information/entry/Commodore_International" class="copylinks">Commodore Amiga was released in 1985, and was among the first (and certainly most successful) home computers to feature a microkernel operating system The Amiga's kernel, ''execlibrary'', was small but capable, providing fast pre-emptive multitasking on similar hardware to the cooperatively-multitasked Apple Macintosh, and an advanced Dynamic Linking system that allowed for easy expansion{{cite web