"Mike Laskin": EROS Problems we discovered shapj@us.ibm.com
Mon, 26 Apr 1999 12:30:36 -0400

I am forwarding Mike Laskin's original note from his class for the benefit of those who may wish to see it pre-dissected :-)

Jonathan S. Shapiro
IBM T.J. Watson Research Center
Email: shapj@us.ibm.com
Phone: +1 914 784 7085 (Tieline: 863)
Fax: +1 914 784 7595 

12:30 PM ---------------------------

"Jonathan S. Shapiro" <shap@eros.cis.upenn.edu> on 04/23/99 06:56:52 PM

To: Jonathan S Shapiro/Watson/IBM
cc:
Subject: "Mike Laskin": EROS Problems we discovered

Return-Path: laskin@pobox.com
Delivery-Date: Fri Apr 23 18:53:30 1999
Received: from halifax.syncomas.com (localhost [127.0.0.1]) 

     by snocrash.cis.upenn.edu (8.8.7/8.8.7) with ESMTP id SAA06721
     for <shap@localhost>; Fri, 23 Apr 1999 18:53:29 -0400
Received: from mail.earthlink.net
     by halifax.syncomas.com (fetchmail-4.4.4 POP3)
     for <shap/localhost> (single-drop); Fri, 23 Apr 1999 18:53:29 EDT
Received: from smtp2.Stanford.EDU (smtp2.Stanford.EDU [171.64.14.23])
     by toucan.prod.itd.earthlink.net (8.9.3/8.9.3) with ESMTP id IAA11197
     for <jsshapiro@earthlink.net>; Fri, 23 Apr 1999 08:48:53 -0700 (PDT)
Received: from vireo (vireo.Stanford.EDU [171.64.202.104])
     by smtp2.Stanford.EDU (8.9.3/8.9.3/L) with SMTP id IAA03500
     for <jsshapiro@earthlink.net>; Fri, 23 Apr 1999 08:48:53 -0700 (PDT)
Reply-To: <laskin@pobox.com>
From: "Mike Laskin" <laskin@pobox.com>
To: <jsshapiro@earthlink.net>
Subject: EROS Problems we discovered
Date: Fri, 23 Apr 1999 08:46:45 -0700
Message-ID: <001d01be8da0$7d613940$68ca40ab@vireo.stanford.edu> MIME-Version: 1.0
Content-Type: text/plain;

charset="iso-8859-1"
Content-Transfer-Encoding: 7bit 

X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 X-UIDL: 678f13c4ea1a8dd99f097e848627742c

Shap,

Here's a list of pros and cons that we thought EROS had as presented in the Technical report, "EROS: A capability system".

I am sure you are aware of most of these, and some might just plain be wrong. But this is what we got from spending a few hours discussing EROS and reading the programmer's reference, and the overview paper.

Pros:
Microkernel design
- - broken into chunks

Capabilities
- - Opaque to client

Pass capabilities around easily
- - Keys kept over crashes

Checkpoints save entire system state
- - Reduces overhead of starting and stopping programs repeatedly (revocation
vs. domain processors)
- - All but eliminates need for normal named file system

All services occur as atomic actions
- - Provides more reliability (actions have a clear commit point)

Cons:
Different programming model
- - What happens when a buggy program crashes and is then restarted at a point
that lead to a crash?

No standard interface
- - Paper proposed but didn't provide one

Persistent process may complicate common bugs

Paper doesn't describe how common security problems are addressed.
- - Do checkpoints help in 24/7 uptime?

Performance
- - Heavily process-oriented -- lots of context-switching

No real performance metrics given in the paper, compared to other fault-tolerant OS.

100ms checkpoint time for what size system? How long for a large-size system? How's this different than other checkpoint systems out there?

I thought you might be interested to see these.

Take care,
Mike
laskin@pobox.com