From: Greg Green (ggreen_at_cs.washington.edu)
Date: Mon Jan 12 2004 - 15:22:53 PST
This paper discusses the design of a kernel to be used on a multiple
processor machine with shared memory. The set of design principles
used are: 1. A multiprocessor environment. 2. Separation of mechanism
and policy. 3. Integration of design with implementation
methodology. 4. Rejection of strict hierarchical
layering. 5. Protection. 6. Reliability.
The protection design was taken from the last paper we reviewed by
Dennis and Van Horn. On the other hand, they reject the strict
hierarchical layering as proposed by the first paper by Dijkstra.
Since one of the design principles was the separation of policy and
mechanism, the implementation is based on generic resources or
objects. Each object can be referenced by a capability. Each object
has a unique name, a type, and a representation, which is a capability
and data together. The data can be anything needed by the resource the
object is representing, the capability is references to other objects
needed by the object.
Another concept introduced is a LNS which is a context for the process
containing the capabilities. These LNS's can be modified during
run-time giving a different context and capabilities. This seems
similar to Lisp's local environment for each function call.
The LNS and therefore the capabilities are created at run-time with
the CALL mechanism. This constructs the capability lists and then
calls the procedure.
This paper describes a mechanism which seems more likely to be
implementable at the current time than that described in the Dennis
paper. Of course with the proper hardware design, the other design
might be feasible too. It seems quite extensible and general. It is
obviously a research project though. I'm curious how far along they
got in their implementation.
--Greg Green
This archive was generated by hypermail 2.1.6 : Mon Jan 12 2004 - 15:23:11 PST