Minimum set of primitives?

Thu, 19 Mar 1998 23:21:59 -0500 (EST)

On Fri, 20 Mar 1998, Chris Bitmead wrote:
> Yes, I can't see how you can get away from the need for a
> "commit" function, which says to the system that the current
> state is a place that can be recovered from if things crash. Of
> course not all applications will care to use it, but some will
> definitely need it, maybe even most.

KeyKOS got away from it for most applications by simply checkpointing
the entire system periodically -- every couple of minutes.  Wrote the
full contents of memory, the complete states of all processes,
everything.  Then, if the system crashed, it's as if everything between
the last full checkpoint and the reboot never happened -- it's as
though the system never stopped running, from the applications' point
of view.

This is sufficient for most applications.  It potentially has the
problem that, if your OS is buggy or insecure, you can't just reboot --
you must reinstall.  Solution: small, secure kernel.