Keywan Najafi Tonekaboni
Andrew Tanenbaum's Minix 3
The Free and Open Source Software Conference (FrOSCon) took place on the 23rd and 24th of August at the Bonn-Rhein-Sieg University of Applied Sciences and attracted more than 1200 visitors. The high point of the free software conference was the keynote speech by computer science professor and Minix developer Andrew Tanenbaum. In his presentation, he introduced Minix 3 and discussed problems with modern operating systems. He won over the overflowing auditorium with his humorous presentation and ended up having to sign his textbooks for a queue of fans.
Tanenbaum originally developed Minix in the 1980s as a teaching aid. The latest version, Minix 3, will be an operating system that can be put to productive use, and is highly reliable whilst using few system resources making it usable on limited hardware. The kernel only has 5000 lines of source code, making it significantly more straightforward than other current operating systems, which have several million lines of code. A larger kernel has a higher potential for errors and is the main cause of instability in systems.
Software developer as a modern day Faust
Before Tanenbaum introduced the audience to the inner workings of Minix 3, he discussed basic problems of computer systems. He compared the computer to the television set: While a television operates trouble-free for the next ten years once you plug it into the mains, just getting a computer up and running is a difficult proposition — not to mention the improbability that it will operate trouble-free for any great length of time. Software is overwrought, slow, and full of errors – and, despite hardware's ever-improving performance, it is not noticeably faster.
But in his view, users are more concerned with reliability than speed. "I would take a system anytime that was half as fast, if only it were error-free," Tanenbaum explained. Tanenbaum compared the software developer to Goethe's Faust. If the devil came around promising a performance advantage but with the risk that new errors could occur, programmers would not hesitate to accept the risk. "A user would never take him up on it."
Straightforward, modular, and self-healing
At its core, Minix consists of a microkernel that only has 30 system calls. Everything else, including all drivers, runs in user space and can only cause limited damage to the system. Device drivers are above the kernel layer, with each driver running in its own process, preventing an buggy driver from destabilising the entire system.
In the next layer are the services; a file server – not to be confused with a network file server – coordinates file operations such as copying or reading. Another core service is the reincarnation server, which periodically calls all processes. If a process no longer responds, it is replaced by a new instance. This is performed as transparently as possible, so that the user may not notice the process at all and is disturbed as little as possible by errors. This is why Tanenbaum's Minix 3 is referred to as a self-healing system. Applications are located in the uppermost layer, over the self healing servers.
To make the system more secure, individual components do not have direct access to the kernel or the hardware, but instead communicate through the different layers down to the kernel. The driver for the hard drive passes target addresses and values to be written to the kernel, while the kernel checks then performs the operation. Tanenbaum claims the 500ns execution time of that check is insignificant compared to the overall duration of the operation.
For Tanenbaum, it is very important to keep the source code as brief as possible. Statistical evaluations of software projects have shown that around 5-10 errors occur per 1000 lines of code with a seven fold increase in that rate in drivers. He claims that lean, basic code is not only easier to maintain but it also has fewer bugs. In order to test the reliability of Minix, known bugs, such as infinite loops, were injected into drivers during runtime. At the end of the experiment, after injecting 200,000 errors into the system, the drivers crashed about 18,000 times and were replaced by the reincarnation server. The system itself did not crash once and while the network performance suffered somewhat under the conditions of the experiment, the connection itself was never dropped.
Comeback of the microkernel?
Tanenbaum wants to show that a multi-server based microkernel operating system can work reliably and demonstrate that drivers can, and should, run in user space. The reincarnation server concept shows how applications could be developed to be bug-tolerant. This reincarnation server could be further developed to make it possible to update critical system components during runtime, increasing system up-time.
Currently, Minix 3 can only be run on an x86 PC. Ports of Minix 3 for PowerPC and ARM9 are currently under development with some work being undertaken as part of Google's Summer of Code. Minix 3 can be run from a live CD, USB stick or from the hard drive.
Currently, Minix 3 is a research project at the VU University Amsterdam and is supported by 2.5 million euros from the European Union. Tanenbaum believes that the system is ready be put to productive use, since it is so reliable.
When asked by heise Open whether his view had changed on the distributed development model of Linux, he reacted calmly. Since his famous posting, "Linux is obsolete" in the early days of Linux development, Tanenbaum has repeatedly criticised Linux and its development model.
The Minix developer repeated his view that code has to be centrally maintained in order to ensure reliability. Each change to the Minix source code is fastidiously reviewed before it is incorporated. Tanenbaum doesn't receive much feedback from external developers and he was not aware of who was using Minix 3. He thought that too much changed too fast with Linux; the constant changes to the API meant that the existing drivers were obsolete every time a new version was released. The computer science professor also did not allow himself to be tripped up with claims of the success of Linux. On the desktop at least, according to Tanenbaum, BSD – including Mac OS X – was used more often.