From: Ankur Rawat \(Excell Data Corporation\) (a-arawat_at_microsoft.com)
Date: Mon Jan 12 2004 - 15:59:59 PST
What is it about?
The paper is about the design philosophy and principles chosen and used
to build the kernel Hydra for the c.mmp. Arguments about what should be
and should not be in the kernel of an OS are also presented. The ideas
and the primitives behind the protection mechanisms and their utility in
the kernel are explained in great detail. Generally, the idea behind the
paper is the design of a kernel that will allow different subsystems
built off the same primitive mechanisms that co-exist with each other.
The subsystems could be like file systems, security system etc.
Major ideas and topics in the paper:
Design philosophy behind Hydra and what the author suggests:
* Mechanisms and policy should be distinct. Kernel should provide
mechanisms and let the user choose policy.
* Protection: It should be an integral feature/tool in the design
of the kernel rather than just a restrictive mechanism.
* Reliability: The author does not say how Hydra will provide this
design goal but thinks it is as important to achieve it.
Protection Mechanisms
* Everything is abstracted as a resource/object.
* The protection mechanism is embedded at the object level, which
provides huge flexibility. The authors do not mention this but I think
it also adds performance overhead.
* The idea of Walk primitive is innovative and I think an
advantage of using this protection mechanism.
What I like
* Good insight into protection mechanisms at kernel level in
c.mmp. Advantages of providing protection mechanisms using capabilities
in every object.
* Usefulness of abstracting everything as a resource/object and
providing protection at object level.
* Very good explanation of some low level kernel primitives such
as procedure, LNS, process and capabilities.
* Good illustration of how a capability based system is useful
using the bibliography example.
* The approach of building a system of universal applicability and
absolute reliability.
What I don't like
* Paper's heavy focus on protection mechanism.
* Many important issues such resource allocation, reliability,
performance, memory management etc. missing.
* I could not understand how it is relevant to a multiprocessing
system or how is it different from a single processing system.
* Most design principles are based on what to avoid. No new
methodology or new approach suggested.
* No talk about an actual OS using this kernel.
Thanks
Ankur rawat.
This archive was generated by hypermail 2.1.6 : Mon Jan 12 2004 - 16:00:10 PST