From: Justin Voskuhl (justinv_at_microsoft.com)
Date: Wed Jan 14 2004 - 16:25:51 PST
This paper describes a system which implements a protection scheme that
is not based on different virtual address spaces per process. The
authors argue that because of the immense size of a 64-bit address space
it's time to rethink the way virtual memory works in the OS. All
processes in the Opal system share a single 64-bit address space. This
scheme offers a number of benefits that traditional approaches lack:
- In a traditional OS if you're sharing resources across two
processes, you need to marshal data back and forth since addresses in
one process aren't valid in the space of the other process.
- If you're doing sharing within a process address space then
you don't get the benefits of isolation that you get with a
multi-process scheme.
The system's protection scheme implements a capability-based approach to
accessing segments in the system. You can create protection
environments that are more restrictive and call code that's runs in that
protection environment. This allows you to run code that you don't
trust fully and ensure that it won't overwrite segments that you don't
want it to touch.
The area I found most interesting about this paper is the idea that an
OS can hide the difference between transient data (intermediate
calculations and what-not) and persistent data. If software were highly
reliable, you could imagine that you never really "stop" processes - if
they're unused then they just get paged out and they aren't scheduled
CPU time, but when you need it it's paged back in and scheduled. From
the application perspective the software never really "stopped."
Unfortunately I think most modern applications need to stop regularly to
ensure reliability.
This archive was generated by hypermail 2.1.6 : Wed Jan 14 2004 - 16:25:55 PST