Review of "Sharing and Protection in a single-Address-Space Operating System"

From: Song Xue (speedsx_at_hotmail.com)
Date: Wed Jan 14 2004 - 01:42:19 PST

  • Next message: Cliff Schmidt: "Cliff Schmidt's review of Paper 7: Chase et al. Sharing and Protection in a Single Address Space Operating System"

    The paper titled "Sharing and Protection in a single-Address-Space Operating System" take a radical path of operating system design by having a single-address-space virtual memory. The fundamental principle for the Opal system is that addresses have a unique interpretation, for all applications, for potentially all time. Crucial to the design is the full separation of addressing and protection. The motivation is based on the disadvantage of convention systems that the mechanism for memory protection -- isolating programs within private virtual address spaces -- presents obstacles to efficient cooperation between protected application components.
    The Opal units of storage allocation and protection are segments, which are contiguous extents of virtual pages. The Opal unit of execution are threads. A protection domain is an execution context for threads, which is analogue of a Unix process. All Opal kernel resources are named by capabilities. A name service supports symbolic names for capabilities, with access control lists for protection. Given a segment capability, an executing thread can explicitly attach that segment, thereby permitting threads executing with that domain to access the segment directly. Conversely a thread can explicitly detach a segment to deny access. In Opal, shared memory is the primary form of sharing and communication between threads in different protection domains. Portals are introduced to support this.
    An Opal prototype is implemented on top of the Mach 3.0 microkernel operating system. The prototype is comprised of the Opal kernel, the standard runtime package and a set of custom linking utilities.
    Along with the advantages of single-address-space, there are inherent tradeoffs as private-address-space systems often benefit from the assignment of different meanings to the same address. Segment-based memory management over time may cause the loss of virtual contiguity. Despite the wide-address architecture, one can always argue the conservation of address space. The address space cloning semantics of fork cannot be emulated in a single address space. Copy-on-write appears to be completely incompatible with single-address-space systems. Overall the authors conclude that the tradeoffs of the single-address-space model are reasonable.
    The authors believe that Opal project is significant because it exploits modern 64-bit processors to meet the goals of previous systems in a way that is simple, general, and efficient. Opal also embodies a modern division of responsibilities between the hardware, operating system kernel, system services, and language environment.


  • Next message: Cliff Schmidt: "Cliff Schmidt's review of Paper 7: Chase et al. Sharing and Protection in a Single Address Space Operating System"

    This archive was generated by hypermail 2.1.6 : Wed Jan 14 2004 - 01:42:27 PST