From: Prasanna Kumar Jayapal (prasak_at_winse.microsoft.com)
Date: Mon Jan 12 2004 - 17:10:10 PST
This paper describes the design of the core (kernel) of the operating
system for an early multiprocessor machine. It nicely explains the basic
design concepts and philosophy without going deep into the
implementation details.
It seems Hydra was built with the intention to "separate mechanism and
policy" and not to make it hierarchically layered. Furthermore,
Protection and Reliability were also considered as their design goals.
This allows for a lot of flexibility without compromising on the
security. Also the system administrator can easily customize the system
to
perform the way he desires in more situations.
In the overview section, the author explains the three main object
types: procedures, LNS and processes.
- The procedure object contains some code and some data and contains a
list of references to other objects which must be accessed during the
execution of the code. This list is the list of capabilities, references
to objects that are to be accessed along with some access rights.
- LNS (local name space) is the record of the execution environment of a
procedure when it is called. The LNS contains all capabilities that are
the independent ones with the caller dependent ones that are determined
by the time of the invocation.
- A process is simply a stack of LNS's which represent the cumulative
state of a single sequential task.
The protection mechanism was interesting to read, especially the
following points:
- Rejection of hierarchical system structures and the justification
given to it. This is an interesting idea and was totally contrasting to
the well layered system described in the Dijkstra's paper.
- Everything in Hydra is considered an object (in the abstract notion)
which has a unique name, type part and a representation (capability part
and data part). This kind of gives an object oriented approach in
designing the kernel.
- The capabilities of the object can only be modified by the kernel and
so are safe from
malicious intent from user programs.
- Objects do not have owners. This way no one can force unintended
access to an
object. All access is completely controlled inside the kernel, allowing
a
very tightly locked-down system to be created if so desired.
Overall, it was an interesting paper to read with some contrasting
ideas. And I think this was the beginning of object oriented thinking
with a lot of emphasis on flexibility in the Kernel design.
This archive was generated by hypermail 2.1.6 : Mon Jan 12 2004 - 17:10:05 PST