From: Gang Zhao (galaxy_at_cs.washington.edu)
Date: Sun Jan 11 2004 - 23:14:01 PST
As with most OS papers that we have read the Hydra paper begins by discussing design methodology. But the Hydra paper has some meta-principles including that "the structure of extant operating systems bears a remarkable resemblance to that of the organization which created them." The hydra paper dispenses with the strict levels that Dijkstra discussed. However as we saw in the Dijkstra paper, his levels weren't quite as strict as they initially sounded.
The paper talks about implementation of more general protection methods that were dismissed by the Multics paper.
The Hydra papers tries to define what an operating system should do, and comes up with two items: "an operating system defines an "abstract machine" by providing facilities, or resources, which are more convenient than those provided by the "bare" hardware; and an operating system allocates (hardware) resources in such a way as to most effectively utilize them.
The article describes the notion of a procedure. It differs from the current definition in a number of ways. It is called indirectly through the kernel in a local name space. A procedure must also declare upfront the resources that it will need to access during the call.
Hydra defines a process as "the smallest entity which can be independently scheduled for execution". This is much closer to the contemporary definition of a thread. The OS provides some message passing and synchronization routines.
Security in hydra is provided on objects with an object, which "has a unique name, a type part, and a representation" The unique naming of object "distinguishes the object not only from all other extant objects, but from all objects which have existed or will exist". This is getting very close to the concept of a GUID.
Objects are reference counted and can reference other objects. Procedure calls may have templated capabilities requirements. This is essentially just a capability passed as a parameter checked at execution time for type and rights. The parameter resource may also declare whether or not various procedures may be called on it. This appears to be new and exciting.
This archive was generated by hypermail 2.1.6 : Sun Jan 11 2004 - 23:14:06 PST