|
== Unjuk kerja ==
Pada sistem berbasis mikrokernel, permintaan atas suatu layanan melalaui IPC sebenarnya membutuhkan sumber daya yang lebih besar dibandingkan pada sistem dengan kernel berbasis monolithic yang hanya menggunakan pemanggilan tunggal secara internal sistem. Dengan demikian unjuk kerja sistem berbasis mikrokernel mungkin menimbulkan potensi masalah, sebagai contoh, unjuk kerja mikrokernel generasi pertama, Mach dan Chorus, menunjukkan hasil yang mengecewakan.<ref name="Chen_Bershad_93">{{cite conference
Obtaining a service is inherently more expensive in a microkernel-based system than a monolithic system.<ref name="Liedtke_96">Previously cited</ref> In the monolithic system, the service is obtained by a single system call, which requires two ''mode switches'' (changes of the processor's [[privilege level]]). In the microkernel-based system, the service is obtained by sending an IPC message to a server, and obtaining the result in another IPC message from the server. This requires a [[context switch]] if the drivers are implemented as processes, or a function call if they are implemented as procedures. In addition, passing actual data to the server and back may incur extra copying overhead, while in a monolithic system the kernel can directly access the data in the client's buffers.
Performance is therefore a potential issue in microkernel systems. Indeed, the experience of first-generation microkernels such as [[Mach (kernel)|Mach]] and Chorus showed that systems based on them performed very poorly.<ref name="Chen_Bershad_93">{{cite conference
| first = Bradley
| last = Chen
| accessdate =
| id =
}}</ref> Namun, Jochen Liedtke menunjukkan bahwa masalah unjuk kerja Mach lebih terkait pada kesalahan disain dan implementasi. Melalui demonstrasi yang ditunjukkannya pada mikrokernel L4, ia berhasil menujukkan bahwa dengan menggunakan disain dan implementasi yang dirancang dengan baik serta konsisten dalam menerapkan prinsip-prinsip minimalitas, permasalahan yang terkait dengan IPC bisa diminimalisir.<ref name="Liedtke_ESHHIJ_97">{{cite conference
}}</ref>
However, [[Jochen Liedtke]] showed that Mach's performance problems were the result of poor design and implementation, and specifically Mach's excessive [[cache]] footprint.<ref name="Liedtke_95">Previously cited</ref>
Liedtke demonstrated with his own [[L4 microkernel]] that through careful design and implementation, and especially by following the minimality principle, IPC costs could be reduced by more than an order of magnitude compared to Mach. L4's IPC performance is still unbeaten across a range of architectures.<ref name="Liedtke_ESHHIJ_97">{{cite conference
| first = Jochen
| last = Liedtke
}}</ref>
While these results demonstrate that the poor performance of systems based on first-generation microkernels is not representative for second-generation kernels such as L4, this constitutes no proof that microkernel-based systems can be built with good performance. It has been shown that a monolithic Linux server ported to L4 exhibits only a few percent overhead over native Linux.<ref name="Hartig_97">{{cite journal | first = Hermann | last = Härtig |
coauthors=Hohmuth, Michael; [[Jochen Liedtke|Liedtke, Jochen]]; Schönberg, Sebastian|title=The performance of µ-kernel-based systems | journal = Proceedings of the sixteenth ACM symposium on Operating systems principles | year=1997 | month = October|id=ISBN 0-89791-916-5 | url = http://portal.acm.org/citation.cfm?id=266660&dl=ACM&coll=&CFID=15151515&CFTOKEN=6184618 | pages=66–77|doi=10.1145/268998.266660 }}</ref>
However, such a single-server system exhibits few, if any, of the advantages microkernels are supposed to provide by structuring operating-system functionality into separate servers.
A number of commercial multi-server systems exist, in particular the [[Real-time operating system|real-time systems]] [[QNX]] and [[Integrity (operating system)| Integrity]]. No comprehensive comparison of performance relative to monolithic systems has been published for those multiserver systems. Furthermore, performance does not seem to be the overriding concern for those commercial systems, which instead emphasize simplicity for the sake of robustness. An attempt to build a high-performance multiserver operating system was the IBM Sawmill Linux project.<ref name="Gefflaut_JPLEUTDR_00">
{{ cite conference
| first = Alain
| last = Gefflaut
| coauthors = Jaeger, Trent; Park, Yoonho; [[Jochen Liedtke|Liedtke, Jochen]]; Elphinstone, Kevin J.; Uhlig, Volkmar; Tidswell, Jonathon E.; Deller, Luke; Reuther, Lars
| title = The Sawmill multiserver approach
| booktitle = 9th ACM SIGOPS European Worshop
| location = Kolding, Denmark
| pages = 109–114
| year = 2000
}}</ref>
However, this project was never completed.
== Keamanan ==
It has been shown in the meantime that user-level device drivers can come close to the performance of in-kernel drivers even for such high-throughput, high-interrupt devices as Gigabit Ethernet.<ref name="Leslie_CFGGMPSEH_05">{{cite journal |last=Leslie |first=Ben |coauthors=Chubb, Peter; FitzRoy-Dale, Nicholas; Götz, Stefan; Gray, Charles; Macpherson, Luke; Potts, Daniel; Shen, Yueting; Elphinstone, Kevin; [[Gernot Heiser|Heiser, Gernot]] |year=2005 |month=September |title=User-level device drivers: achieved performance |journal=Journal of Computer Science and Technology |volume=5 |issue=20 |pages=654–664 |doi=10.1007/s11390-005-0654-4}}</ref> This seems to imply that high-performance multi-server systems are possible.
Manfaat tingkat keamanan yang lebih baik atas pengimplementasian mikrokernel seringkali didiskusikan.<ref>[[Andrew S. Tanenbaum|Tanenbaum, Andrew S.]], [http://www.cs.vu.nl/~ast/reliable-os/ Tanenbaum-Torvalds debate, part II]</ref><ref>Tanenbaum, A., Herder, J. and Bos, H. (May 2006).</ref>
==Security==
The security benefits of microkernels have been frequently discussed.<ref>[[Andrew S. Tanenbaum|Tanenbaum, Andrew S.]], [http://www.cs.vu.nl/~ast/reliable-os/ Tanenbaum-Torvalds debate, part II]</ref><ref>Tanenbaum, A., Herder, J. and Bos, H. (May 2006). </ref> In the context of security the minimality principle of microkernels is a direct consequence of the principle of [[least privilege]], according to which all code should have only the privileges needed to provide required functionality. Minimality requires that a system's [[trusted computing base]] (TCB) should be kept minimal. As the kernel (the code that executes in the privileged mode of the hardware) is always part of the TCB, minimizing it is natural in a security-driven design.
| 