Nemesis - The Kernel

Nemesis is an entirely new operating system, whose design is geared to the support of time-sensitive applications requiring a consistent Quality of Service (QoS), such as those which use multimedia. Nemesis provides fine-grained guaranteed levels of all system resources including CPU, memory, network bandwidth and disk bandwidth.

Moreover, Nemesis has been designed such that these Quality of Service guarantees are meaningful: In a microkernel environment, an application is typically implemented by a number of processes, most of which are servers performing work on behalf of more than one client. This leads to enormous difficulty in accounting for resource usage. In a kernel-based system, multimedia applications spend most of their time in the kernel, leading to similar problems.

The guiding principle in the design of Nemesis was to structure the operating system in such a way that the majority of code could execute in the application process itself. Nemesis therefore has an extremely small lightweight kernel, and performs most operating system functions in shared libraries which execute in the user's process. This leads to a vertically-structured operating system.

The Nemesis kernel consists of a scheduler (one version was less than 250 instructions) and a small amount of code known as the NTSC, used for Inter-Domain Communication (IDC) and to interact with the scheduler. The kernel also includes the minimum code necessary to initialise the processor immediately after booting and handle processor exceptions, memory faults, unaligned accesses, TLB misses and all other low-level processor features.

The term domain is used within Nemesis to refer to an executing program and can be thought of as analogous to a UNIX process - i.e. a domain encapsulates the execution state of a Nemesis application. Each domain has an associated scheduling domain (determining CPU time allocation and guarantees) and protection domain (determining access rights to regions of the virtual address space).

Providing QoS to time-sensitive applications necessarily requires more frequent context-switches. By use of a single address space, Nemesis greatly reduces memory-system related context-switch penalties. The single address space also removes the need to copy high-bandwidth multimedia data. Despite the fact that there is a single system-wide page table mapping virtual addresses to physical addresses, memory protection is still performed on a per-protection domain basis.

Nemesis currently runs on a large number of platforms including Intel Pentium and PPro based PCs (single and multi- processor), DEC Alpha workstations and evaluation boards (21064 and 21164) and StrongARM SA-110 based network computers.

Our SOSP'16 demonstration will show the unique ability of nemesis to provide simultaneous QoS guarantees to demanding applications such as MIDI file playout, adaptive motion JPEG decompression and display, compute intensive tasks and media processing (such video feature tracking).

To find out more about Nemesis, here are a few good starting points: