Singularity: Rethinking Dependable System Design
Microsoft Research
March 4, 2008 11:00 AM PT

What would software look like if it were designed from scratch with dependability and trustworthiness as the primary goal?

That’s the question Microsoft Research’s Galen Hunt, Jim Larus, and a team of colleagues asked themselves when they embarked on an ambitious research project in 2003. Five years later, they’re ready to propose an answer: It would look like Singularity, a new system-architecture and operating system built on advances in programming languages and tools.

Hunt, a principal researcher and manager of Microsoft Research Redmond’s Operating Systems Group, and Larus, a research-area manager in the Software Improvement Group, aimed to rethink system design in light of many research advances and a changed computing environment. And now that Singularity has reached a useful level of stability and functionality, they think it’s time that other researchers in academia and industry have an opportunity to build on their research.

On March 4, Microsoft Research made the Singularity source code available at no charge for academic, non-commercial use by releasing it to CodePlex, an online portal created in 2006 to foster collaborative software-development projects and to host shared source code. Hunt and Larus hope the research prototype will be used as a laboratory for experimentation and innovation, much as it has been within Microsoft Research. Over the years, more than 40 Microsoft Research researchers and interns have collaborated on the project, which incorporated their ideas on security, programming languages, tools, and operating systems—and accelerated their own research.

Galen Hunt
Galen Hunt

“Our goal was to make Singularity small enough, simple enough, and well-designed enough that you can try out radical new ideas quickly,” Hunt says. “Our thinking is that a researcher with a great new idea for improving operating systems could get from idea to published paper in under a year using Singularity.”

Rethinking 1960s-Era Design Decisions

The Singularity research project began with the idea of building more dependable software. Hunt, who specializes in operating-system development, and Larus, an expert in tools and programming languages, realized that to accomplish this, they would need better tools and a better system architecture.

The status quo that confronted them was the decades-long tradition of designing operating systems and development tools. Contemporary operating systems—including Microsoft Windows, MacOS X, Linux, and UNIX—all trace their lineage back to an operating system called Multics that originated in the mid-1960s. As a result, the researchers reasoned, current systems still are being designed using criteria from 40 years ago, when the world of computing looked much different than it does today.

“We asked ourselves: If we were going to start over, how could we make systems more reliable and robust?” Larus says. “We weren’t under the illusion that we’d make them perfect, but we wanted them to behave more predictably and remain operating longer, and we wanted people to experience fewer interruptions when using them.”

The researchers set out to design a simple, minimalist system. They were clear from the beginning that Singularity would bear no resemblance to a full-fledged operating system such as Windows, nor was it ever intended to replace Windows. They sought to create an operating system for the research environment, structured to embody the design criteria of dependability and robustness, and to demonstrate the practicality of new technologies and architectural decisions.

Technically Speaking, Singularity Is Different

Singularity differs fundamentally from other operating systems in that it is written almost entirely in an extension of C#, a modern, high-level programming language. This enables a more dependable overall computing environment because C# gives Singularity security advantages over operating systems written in lower-level languages such as C or C++. For example, by using C#, the researchers prevented a class of errors known as buffer overruns, thereby eliminating an area of vulnerability typically exploited by worms and viruses.

Jim Larus
Jim Larus

Singularity also incorporates three key architectural features to improve system dependability. First, Singularity pioneers the use of software-isolated processes (SIPs) to help protect programs and system services. SIPs enable programs to be broken down into components that are isolated from other software components running on the same device. This enables pieces of a system to fail without risking a total system failure. Consider this analogy: In a car, the brakes don’t fail if the radio stops working.

“In the past, creating many processes in an operating system was impractical from a cost perspective, largely because they required special support from the hardware,” Hunt says. “Rather than use hardware to build boundaries between processes, we figured out a way to build processes using a software technology called static analysis.”

Static analysis, a large and important research area at Microsoft Research, inspects a program’s source code in advance to make sure a process obeys certain rules that guarantee it’s isolated from the rest of the system. Traditionally, programs were checked at run time, using hardware mechanisms that date to the less-disciplined code of the mid-’60s.

Singularity’s second noteworthy architectural feature relates to the fact that a program’s many SIPs need to communicate and share information because they work toward shared objectives. To avoid miscommunications that can lead to errors and breakdowns, the Singularity researchers developed what they call “contract-based channels” for communications.

“We figured out how to describe the form in which communications should take place between two processes, and using static analysis, we can check the codes of the processes at compile time,” Hunt explains. “So before the code ever runs, we can confirm that the processes communicate correctly.”

Singularity’s third unique architectural feature, called “manifest-based programs,” represents another shift in orientation. Traditionally, operating systems have had no “knowledge” of a program’s composition, its purpose, or the resources it uses. Presented with a set of bits, the operating system would simply run them. Singularity, with its emphasis on overall system dependability, takes a different approach to ensure that a new program won’t “break” the programs already on board.

“We basically say, if you want to install a program to run on a Singularity system, you have to provide some information about it so we can preserve certain properties that make the system more reliable,” Larus explains. “You have to provide a manifest of the program pieces and how they fit together, and we’re going to check it. More important, we reserve the right to say ‘no.’ If a certain program doesn’t follow the rules set down for the system, you can’t install or run it.”

This ability to start with a clean slate and to retool how software is written—from the ground up—is a testament to the spirit of innovation that permeates Microsoft Research, Hunt and Larus say.

“Singularity was only possible because the environment at Microsoft Research allowed us to collect a diverse group of researchers eager to participate in a project to fundamentally rethink a basic part of everyday computing,” Larus says. “Applying everyone’s research perspectives helped us understand and demonstrate a new way to construct software systems.”