[cap-talk] Cap OS question
Jonathan M. Smith
jms at cis.upenn.edu
Sat Aug 1 06:42:33 EDT 2009
I always begin by reading, to mine good ideas and identify mistakes.
Two pieces of work I would point you at
(for different reasons, extracted from your note below) are:
1. Jonathan S. Shapiro, Jonathan M. Smith, and David J. Farber,
‘‘EROS: A Fast Capability
System,’’ in Proceedings, 17th SOSP, Kiawah Island, SC (Dec., 1999),
Paper describes EROS, a capability system for commodity PCs, and some
of the technical
problems it addressed and solved. EROS was the seed from which a good
deal of modern and
continuing capability work, including some on this list, sprung.
2. D. Scott Alexander, Paul B. Menage, Angelos D. Keromytis, William
A. Arbaugh, Kostas
G. Anagnostakis, and Jonathan M. Smith, ‘‘The Price of Safety in an
Journal of Communications and Networks3(1), pp. 5-18 (March 2001).
Don't be deluded by the name active network - the node architecture
addressed many of the
managed issues (code loading, compiler safety (we used Caml) and
context switches) you
bring up below.
A single-address space operating system that is worth a serious look
is Cambridge's "Nemesis".
On Jul 31, 2009, at 11:58 PM, Ben Kloosterman wrote:
> Im working on a open source Managed Capability OS entirely written
> in C#
> ( 100%) and we have our own CIL to native compiler ( actually 2 a
> dirty get it done now and a proper one under development) . However I
> have little experience in a Capability OS and a large amount of
> questions how to do things and how things are done in other
> Capability OS and if an idea is a good idea
> is this list an appropriate place to ask these ?
> Some background
> As a managed OS we have a lot of things that are very different and
> im not really confident enough to go with a pure capability design.
> By managed OS I mean strongly typed with Garbage collection even for
> the kernel . Everything runs in the same priv ring in a shared
> address space. The compiler ensures all references are valid. Note
> all code is compiled to native instructions during installation of
> an application.
> At present it is just a get it done now shell with a compiler ,
> console and some file systems but lacking Memory Management ,
> Garbage Collection(Allocation does work) and scheduling.
> Main issues:
> how does having a single address space and a very cheap context
> switch affect the design ? ( Sycnh vs Asynch , message passing etc)
> How does a OO OS affect the Capability design ? ( Yes I know the
> issues , but the OS is partially educational and I want to be able
> to swap major things easily ( even at run time) which is a pain with
> all static code , even the Memory Manager is an object)
> Pure Benefits vs Hybrid
> How to handle Distributed systems and remote systems based on an ACL.
> Data pages on Diskless persistent devices like Phones and some PDA’s
> with the OS in ROM. What about memory pages as a basic capabilities
> as well as files Directories and URI ( which includes file systems) .
> The value of capability.Invoke vs strongly typed messages ( Im
> using messages at the moment but for many the constructor requires a
> capability and the Capabilities have methods instead of Invoke.
> These methods generate strongly typed messages and call the Minix
> style Kernel SendMessage function and wait for a reply if needed)
> Issues of running existing .NET (Python , C#, VB ,F# etc) and Java
> apps with capabilites ( these are the only apps we will support ,
> but we will support all existing .NET windows apps out of the box) .
> Where to start J
> cap-talk mailing list
> cap-talk at mail.eros-os.org
More information about the cap-talk