From: Song Xue (songxue_at_microsoft.com)
Date: Mon Jan 12 2004 - 11:25:57 PST
This paper titled "HYDRA: The Kernel of a Multiprocessor Operating
System" describes the design philosophy of HYDRA - the kernel of an
operating system for C.mmp, the Carnegie-Mellon Multi-Mini-Processor.
The paper focuses on the kernel of the operating system rather than the
systems that are built around it. It describes the kernel from
philosophical rather than implementation standpoint. For example, the
authors define what should and should not be included in the kernel and
why at an abstract level rather than enumerating the specific types of
resources and operations associated with them.
The authors set out to design a system that provides an environment for
effective utilization of the hardware resources and facilitates the
construction of such environments. With those in mind 6 more specific
considerations are listed. One is "Rejection of strict hierachical
layering" that has been popularized by Dijkstra in the THE system. The
authors argued against it because it severely limits the flexibility
available to high-level users. relates to a previous paper reviewed.
Another consideration is "Protection", which goes beyond the traditional
read, write, execute capabilities that exist in the original UNIX
system.
The authors then describe in details the interrelationships of three
object types: procedure, LNS and process, which are primitive objects
provided by the kernel for the purpose of creating and manipulating an
execution environment. A procedure is a static entity that is an
abstraction of the intuitive notion of procedure or subroutine. An LNS
is the record of the execution environment of a procedure when that
procedure is invoded. A process is a precise record of changes of
environment induced by a sequence of calls.
Protection merits special elaboration as it is at the heart of the HYDRA
design. Instead of security policies, HYDRA provides protection
mechanisms that security policies can be built upon. This yields power
and flexibility. Every piece of resource in HYDRA has a capability
associated with it, which describes the access rights of that resource.
The representation of the resource is not interesting to the kernel.
However, the capability can only be manipulated by kernel.
This archive was generated by hypermail 2.1.6 : Mon Jan 12 2004 - 11:26:02 PST