MOOSE [fare.02]

Francois Rideau
Fri, 20 May 94 23:48:07 MET DST

[Message number: fare.02]

[Summary of sections]
Each section can be saved as a separate document.

- Reply to Michael's last long message:
- MOOSE Administration:		How to organize work.
- MOOSE People:			Who is currently on MOOSE.
- MOOSE Howto:			How to currently participate in MOOSE.
- MOOSE ToDo:			A ToDo list for MOOSE.
- MOOSE Glossary:		subjects, maintaining.
- MOOSE Specificating tools:	This file format; the language to use.
- MOOSE pre-Specifications:	MOOSE software/hardware requirements.
- MOOSE Manifesto:		A first draft.

[Reply to Michael's last long message]
 I have not found any divergence of opinion from Michael's letter.
I'm just answering some questions. I've cut, pasted and modified some of his
letter in the other sections.

> (1)
> Re irc, (a) I can't make the 7th (I'm on a camp) but can make the 14th.
 An administrative problem (account suspended !) forbid me to 
 connect on the 14th. But I'll be there again on the 21th.

> 	  (b) How does one irc?
see section [MOSE Howto].

> I would prefer to have the questionthe other way around -- are there 
> existing systems that we can build on?
> (see section (3)XXX)
see section [MOOSE pre-Specifications]

>> []
>> (compile-time security can allow limited run-time checking, and require
>>  volontary checking from the user code)
> If you want to be able to run C programs (which is a useful thing to be able
> to do as there's a lot of useful software (eg. TeX, numerous programming
> languages) in C) you have to provide some form of hardware protection.
see section [MOOSE pre-Specifications]

> -------------------------

> (2) Organisation matters
> 	* What happenned to the replies to Dennis' original post?
> 		(the ``what would you put in a dream OS?'')

I kept all the messages I got in a >1 MB text file.
I will make it available by anonymous ftp at
pub/moose, or at least in ~rideau/pub/moose for account ftp. I'll then
add you to my .rhost (tell me your addresses).

> 	* We should put another call for people on comp.os.whatever
Yes, as soon as possible. But I think we should first write some kind of

> 	* Communication *is* our weakness -- unfortunately mails
> 		aren't effective -- long messages are hard to read
> 		and short messages don't explain well.
> 		I don't know how well irc/talk will help.
> 		One possibility is making use of documents -- when you want
> 		to propose something write a document (and mail the 
> 		postscript) that explains it well with examples.
  What we'd need is some tool to edit documents as a database (most of the
time, documents can be decomposed into smaller parts). Editing may be
done both remotely (=large transactions) or with a real-time server (you
can then see each other's modifications in real-time, which is better than
talking). Maybe this should be our first application project.
  As for what we can currently do, I still propose subjects and maintainers

> 	* The role of prototyping --
  I think it's time an entire OS be programmed with complete
high-level specifications _AND_ proof it complies exactly the specs. This
is the idea of many new "formal programming" tools.
  At work, I'm working on "B", such a commercial language, but it somehow
sucks (even if full of darn good ideas) and will be very expensive; There's
also Coq, the prover for CAML, but if very powerful, it seems too
lambda-calculus oriented (no clean support of side-effects); other
Lisp-based provers seem not much different from Coq, and heavier due to Lisp
semantics (just the same as Lisp seen from CAML).
  The idea behind those languages are that you write your programs in such
a way that writing it is at the same time proving that it matches its
specification. Your enter the program and/or the specification, and the
environment produces and/or verifies the proof, or finds a counter-example
for your program (or may even hang indefinitely and/or give up).
  I think if we're using an existing language, it must allow in an internal
way at least a back door to proving its specification, and if possible
integrate this idea deeply. Object orientedness (that unfortunately CAML
lacks), is what allows orthogonal proving of things of orthogonal concerns.
I know of no free OO language that includes proofs in its scope.
  If we're on for a new language, we must at least prepare for such things.
  See the (draft) Manifesto.

> 	* As Fare says, we should maintain a history of our work and 
> 		design decisions.
See section [MOOSE Administration] about subjects and maintainers.

> (2.1) Reuse
> 	Why are we writing an OS from scratch?
> 	If it is possible we could save a lot of time by taking an existing
> 	OS as a basis.

> 	One option that may or may not be possible is to provide objects
> 	by adding a library or a server to an existing OS.
> 	Another option is to get source code for a curent free OS and use 
> 	that as a starting point -- if nothing else we save having to 
> 	write low level device drivers (boring stuff)
Both options should be studied. I don't think we can decide before we have
gathered troops, and all have seen the proposed basis.
But I think in both cases will be the problem of the flat,
unprotected memory model offered by C. See section [MOOSE Specificating tools]
paragraph [MOOSE and "C"] about it.

> 	BTW, have people heard of VSTa? It's a copylefted microkernel that's
> 	small and runs on 386s it provides multiprocessing and virtual memory.
> 	Source is available and is fairly short.
> 	(2700 lines of portable C, 750 lines of 386 specific C, 400 lines
> 		of assembler)
I'll be ftping it.

[MOOSE Administration]

List of official subjects with (current) maintainer
- MOOSE People			Fare		Members & contacts
- MOOSE Manifesto		Fare		Our goals and means
- MOOSE Administration		Fare		How we organize
- MOOSE Specificating tools	Fare		What will we use ?
- MOOSE pre-Specifications	Fare		A first wish/hate list.
- MOOSE Glossary		Fare		Internal vocabulary explained
- MOOSE Howto			Fare		How to reach each other
- MOOSE ToDo			Fare		What next to do
Note: I'd be quite happy to give away as much of this work as possible,
  to anyone else participating.

Proposed mechanism:
>From now on, each subject will have a file, and modifications should be sent
to the maintainer as diff files from the current "official" one, which will
be made available by ftp.
See the Howto section about FTPing.

MOOSE Sites:
Currently:	None
To be:		I'll be asking for a MOOSE account, anonymous ftp, and/or
		mailing list on;
		if you can ask for such services elsewhere, maybe it's better.

	* The archive of the MOOSE mailing list will be available
	 from, in ~rideau/pub/moose
	* Self papers are available from
	* VSTa is available from
	* Linux is available from

[MOOSE People]
Have answered positively:
- Michael Winikoff
- JJ. Lay
- David Garfield
- Fare Rideau (me)
Hey ! That's only three of us !

Have answered negatively:
- Gary D. Duzan (, now uses 386 NetBSD
- Peter Mueller

Have not answered:
- All the others (in particular Dennis 8(

Could not be joined:
- Andreas Arff,
- Rob McKeever,
- Dan Odom

Well, we sure should renew Dennis' call on the news, And re-create a mailing
list ! But I think (tell me if you don't agree) we should first write some
kind of a Manifesto.

[MOOSE Manifesto]

	everything here is first proposed and thus not yet contradicted.
	Later drafts will be divided according to status.

What is an OS
	* An OS is essentially a frame for computer programming semantics.
	* It should ideally provide features so that any high-level
	 construct you use can be directly interpretable inside this frame
	 (else you'll have to build your own intermediate system).

What's basically WRONG about currently widely available OSes
	* Current OSes are all based upon "C", and C's semantics is the frame.
	 This means no protection apart from huge processes, difficult error
	 recovery and parallelization, flat memory model, no easy reflexivity
	 (=producing code from code), no true dynamic (runtime) linking/code
	* The OS also offers standard libraries and tools of code&data that
	 handle common user data. Most of it is dedicated to manage special
	 cases of argument and error verifying and reporting (not even
	 handling !) and I/O multiplexing (which does not save you from
	 doing your own I/O multiplexing as no generic tool is provided).
	* Due to C heaviness, most of current OS is a burdensome multiplexer/
	 demultiplexer and straightforward call translator, that is very
	 difficult to extend.
	* Due to C poor error handling, processes shouldn't be expected to
	 be permanent AND carry important data. Modified data must thus be
	 saved on disk regularly; but disk security and error handling must
	 then be assumed by the user program, and it must rewrite entirely
	 its data saving library as no generic data saving is available.
	 Modified code that was a challenge to produce is a double challenge
	 to save. That means any complicated object persistency is very
	 difficult and heavy to obtain (but not impossible) under these OSes.
	 Databases are heavy and very prudently used applications, whereas
	 the good ol' text editor becomes the tool of choice for everyday
	 small databasing.
	* Due to poor C parallelizability, distributing data (not to talk
	 about code !) on a parallel machine and/or on a network is another
	 kind of challenge, and can't be done directly (doing it IS rewriting
	 an OS layer). That's why we always hear about the centralized
	 "client/server" model as the state-of-the-art technique, whereas it
	 is only the (reliable but) stupid slow straitforward oldest technique
	 available for sharing data.

What is OOness
	* Object-orientedness is a means by which all this multiplexing stuff
	 is done by the language implementing system, not by the program
	* an OO OS will provide a generic multiplexing/demultiplexing
	 interface able to understand all kinds of high-level and low-level
	 calling convention, and that's all.
	* An OO OS is NOT only an OS internally written in an OO language
	 making maintenance simpler but not changing the interface.
	 It's an OS whose entire interface is designed in an OO way; if it's
	 written in an OO language, it must still export the OO facilities
	 dynamically (which means an open language with partial evaluation
	 and/or reflexivity, which C++ is not, for instance).
	* Libraries (purely low-level libraries corresponding to what's
	 called drivers on older OSes) are just objects that can connect to
	 this interface.
	* The interface provide standard nodes to connect on. This
	 actually is a conventional mechanism orthogonal to the interface
	 implementation itself. Standard libraries connect on the other side
	 of these nodes, to provide their standard services.

What is persistency
	* Persistency is having objects survive a session. i.e. when you
	 shut down the system and relaunch it, the object is still here.
	* Code may be persistent as well as any other object: you shutdown
	 the computer, but your computation will automatically go on when
	 you launch the system again. A "save game" option in a game will
	 thus simply consist in saving the running game object (a "save
	 session" option is the same for any software).
	* The system thus behaves like an object-oriented database, that it
	 actually is.

What is secure formal programming
	* Formalization/Prototyping: when designing a program, you put
	 together both the code and some specifications about what it should
	 do. The system constructively verifies that the code complies to the
	* In such a way, the compiler can ensure there will be no run-time
	 failure or bugs (unless both the code AND the specification are
	 jointly buggy) and/or tell exactly where to add error managing.
	* Of course, a danger comes from low-level I/O drivers not being
	 well specified, but we can under-specify them if it suffices to our
	* Underspecifying (telling the computer "trust that code anyway if
	 you can't prove its correctness) is the way we'll use when we don't
	 have time to prove our software.
	* Undercoding (telling the computer "if you can't figure out how to
	 do it, ask the user to do it manually and just verify the result")
	 is the common way to have secure but not completely automatized

MOOSE semantics
	* MOOSE considers interfaced objects. Each such object must abide
	 by the laws of MOOSEing. Other objects don't quite exist for MOOSE.
	* Interfaced objects can be any size, tiny to huge. Of course, it
	 is costly interfacing tiny objects, but you only need interface
	 them 'til they are linked. If they are linked once, just forget
	 the interface; if they are linked very often, the interface is
	 worth its cost.
	* Linking objects one with the other is one function of the OS.
	 Another one is to close existing links. An object that does no
	 more export some information may then be optimized so that this
	 information disappears if not used internally. This process is
	 done automatically and at run-time. That's partial evaluation.
	* Information exported by interfaced objects:
	 - external objects accessed.
	 - internal objects exported.
	 - properties required and or provided by these objects. This allow
	  a proof of object linking correctness, a great concern for
	  reliable software. This is the main entrance of

    Secure formal programming
	* The system will provide standard nodes to verify or produce
	 code and/or specifications that comply to each other.
	* When linking objects, it will ensure the correctness of the
	 linking (whereas the only correctness in current languages is
	 typechecking, which is quite good but just not enough in the
	 general case: it's a formal lossy interpretation, some
	 deterministic hence under- specification).

	* Not only can the system link, but it also can unlink (still)
	 exported objects, and save each object separately on disk.
	* The OS itself provide a way to ensure consistency of the
	 saved data. Data written on permanent media (disks) will not
	 be acknowledged, and older versions not erased, unless it has been
	 marked consistent by the system.
	* It also ensures that data is saved regularly, thus
	 achieving true reliable persistency.

	* Many objects live and evolve at the same time.
	* This means the system is somehow "multitasking" as it simultaneous
	 objects can be computing without waiting for all the others to have
	* ...Garbage collecting...
	* ...sharing context
	* ...extending and overriding one's own context...
	* ...accessing another one's context (if exported)...
	* ...system verified linking preconditions on exports
	  can ensure arbitrarily secure exports, not only
	  stupid sstrwxrwxrwx rights...

[MOOSE pre-Specifications]

Agreed:	(not contradicted, defended by both Michael and I)
======	(must be voted again in next meeting to become official)

Destination Platform:
	* Portable,
	* but initially concentrate on 386/486 with view to later porting.
	* A virtual memory protection mechanism is assumed
	 (or will be software emulated _yeech_)

Copyright policy:
	* Copyrighted, but Free
	 (well at least to any not-for-profit person or institution; we may
	 delay our choice about distributing MOOSE to companies).

	See the MOOSE Manifesto

	* To be able to reuse existing software we want software compatability.
	* Any compatibility is wishful for a wide acceptancy by the public;
	 but it should NOT be a priority by any means.
	* Unix compatability can be provided with a library that maps
	 unix calls to Moose system calls.
	* DOS compability requires simulating a DOS machine hardware since
	 DOS programs will make hardware access.
	* If any compatibility is to be implemented, we should begin with
	 limited Unix compatibility (perhaps the same part as used by
	 documented no-hacking DOS, so that using roughly the same call
	 mapping will serve us in using DOS no-IO programs like TASM !).
	* In any way, multiple libraries and/or compiler modules can later
	 provide compatibility with any OS (which is now called

	* Not yet discussed

User Interface:
	* Not deemed important for the moment;
	* can be designed later.

Proposed:	(not contradicted, will be agreed after next meeting)

Idea [mike-001]:
	 At least for a first implementation,
	"I suggest we start with an existing OS (possibly VSTa) and add
	class/object support either at the kernel level or as a server."

	* we don't have the resources to create	everything.
	 We should reuse existing work -- I'll
 		expand on this below.
(I just add)
	* And even if we have, it's stupid not to concentrate
	 on the essential, i.e. the MOOSE semantics, not device drivers.

discussed:	(multiple options are proposed, we'll have to choose
=========	 or delay choice on next meeting)

Existing OS to use as a basis to our work:	(NOT cross-devlpt platform)

(I)	Use plain DOS and use a DPMI DOS extender
Status:	None for, all against. Will be rejected.
PROs:	* widely available platform
	* easy to convince people trying it.
CONs:	* Unix is more available.
	* living together with DOS is a pain in the a*s.

(II)	Use plain BIOS and use real mode for I/O.
Status:	None for, all against. Will be rejected.
PROs:	* we don't rewrite the most basic I/O.
	* No DOS to let live as with (I)
	* We can choose our own memory model, not pure unprotected flat.
CONs:	* We rewrite all specific I/O but disk I/O.
	* We must live with the BIOS (easier than the DOS, though).
	* no local I/O drivers as with (I).
	* (III) seems easier and better.

(III)	Modify VSTa
Status:	not discussed enough (only Michael saw it)
PROs:	* No I/O to rewrite
CONs:	? Are we still able to choose our memory model ?

(IV)	Use POSIX-compliant software (i.e. Linux, SunOS, etc) as a platform
Status:	not discussed enough
PROs:	* Most widely available platform (on the PC's, use Linux or perhaps
CONs:	* we must REinterface all the huge U**x C library for our needs.
	 particularly the terminal and/or (later) graphical library; and
	 all these have VERY complicated semantics.
	* we must abide by C's semantics (especially the flat unprotected
	 memory model -- or can you handle page faults resulting from
	 mmap() ???)

Object file format:
	* Our object file format must be full-featured for saving
	 persistent object-oriented stuff in a hardware independent
	* Using SOM (IBM's OO specification stuff) as an OO interface and
	 object file format.
	 [find the specifications by ftp on]
	* Use Meme as an object file format. Meme is a hardware
	 independant FORTH-based file format originally designed for
	 networking real-time Virtual Reality (4D graphics) software.
	 The 4D-graphics is copyrighted, but the object file format may
	 not be. Contact the author on comp.lang.forth (I have his address

[MOOSE Specificating tools]

THE BIG QUESTION, always discussed, and not agreed upon already:
  Of course, we must use some high-level tools to build MOOSE
(we're not going to program it directly in hexadecimal as in the
early Apple ][ days !). So,


The language issue is central in the OS.
All the OS' semantics will depend on the choice of the language.

Ideally, the semantics of the two should be equivalent: that is, any
 construct made available by one must be directly mappable on the constructs
 of the other (that it will actually be thus mapped is another question).

	* Of course any existing language may be implemented over the
	 system (it's Turing-equivalent, and offers the usual IO facilities).
	* The problem is which language will match the OS' semantics.
	* It appears that the language should be open, offer partial
	 evaluation, admit side-effects and parallel processing, object
	 annotation. It should rely on primitives simple enough so that
	 program specifications are a feasible thing, yet offer a back door
	 to unsafe programming (unless we're specifying the whole hardware
	 before we write anything in the language using the given hardware).

Big Questions:
Q1	* What kind of interface and functionality do we want/need?
A1 (partial answer)
	* NEED: None; a turing machine (what current OSes already provide)
	 is enough for all possible computing in the world.
	* WANT: hey, that's the point. We're so free we must restrict
	 oneselves. We can choose our own bounds.

Q2	How does adding classes/objects to the system work?
R2	That's what we'll be discussing below.

Features thrown out:

(temp. note: I've put there text from Michael's letter, and almost all the
		4.3 from my previous letter)

*** Door to a secure parallel execution in an OO language *** [first proposed]
Michael original: (not contradicted, enhanced by Fare next)
	* We need memory management and memory protection.
	* We want multitasking.
	* A simple kernel would support these standard things and in
	 addition would recognize ``objects'' and ``classes''

Fare's Proposed enhancement: (not contradicted; to be agreed upon on next
	* why not have multitasking, memory management and protection
	 as objects among others (well, with a low-level implementation,
	 but the same interface to the kernel) ?
	* Our kernel would just be the object/class calling convention.
	 All other features will be considered the run-time library.
	* There will be objects to manage tasks and memory management.
	 The kernel itself may not even be conscious of these, only knowing
	 about how to call other objects !

PROs:	* We need the language to be parallel-execution aware, as if we
	 want multitasking, we should be able to declare in a simple way
	 what objects are shared (C's shared memory segments: _yeech_, and

*** Low-level ability *** [proposed twice]
	* low-level things cannot be banned from the system.
	 On the opposite, this means a same high-level concepts can have
	 plenty of different low-level realization,
	 and not only one as on older low-level languages;
	 efficiency details can be thought of afterwards and
	 separately in each particularization.

*** High-level -> low-level mapping *** [proposed twice]
	* This means the language, should not enforce its own
	 implementation for abstract types, but rather let the user
	 implement his own.
	* Again, this does not mean you will have to write each time
	 both the high-level definition and the low-level
	 implementation each time you define a new object (as current
	 OO languages want you to do), as the language system
	 (interpreter/compiler/whatever) can automatically provide one
	 straightforwardly (or subtlely :) computed for you.
	* This works by annotating an object by several functionally
	 equivalent versions, though not as efficient according to
	 the particularization you want to give it. An "equivalence"
	 constructor is a very important construct in the language.
	 Thus you can equate an object to its implementation in
	 several different languages (or many times the same in
	 different ways), not all of which may be understandable by
	 the version of the system you're working on (e.g. an equate
	 of a function in english gives a good documentation, even
	 if ununderstandable by any computer system yet).
	* Of course, such equates can or not be automatically generated
	 and/or modified by the language system.
	* we stress that [4.3.1] must be understood so that not only the
	 implementation language and algorithm, but also the
	 abstract-object/implementation-realization correspondance,
	 i.e. the calling convention, can change. Thus, proposed
	 implementations in libraries/precompiled versions of objects
	 will have been optimized internally, and the linker will
	 automatically generate the code to call an imported function.

*** Security *** [proposed twice]
	* Mutual protection of objects from others can be done both
	 at run-time and compile time. Removing run-time checking
	 is a great factor of speed and space optimization. Thus,
	 Running objects without (or with limited) run-time protection
	 is an important feature to provide to the loader.
	* Again this can be done by annotating objects by property they
	 do or should have, then relying on properties they have been
	 *proved* to have to eliminate checks when implementing them.
	* A super-user is someone the computer trusts enough to consider
	 that some property is proved just because the super-user told him
	 so insistently.

*** Partial evaluation ***
	* More general than a linker is a code specializer (partial
	 evaluator), that also contains the "optimizing" module: it
	 takes a generic object and some additional bindings, and
	 returns a new version of the object specialized with those
	* A dynamic compiler/linker is the true heart of the system, while
	 the traditional service-providing "kernel" is only a (basic,
	 necessary) library, a replaceable extension to the system.

*** Annotations ***
	* We saw that all these features could be implemented on a kernel
	 that only manages ANNOTATIONS: you annotate an object by how to
	 use it, what properties it has, etc.
	* You may almost freely add annotations to any object you are given
	 access, and modify them in a *LOCAL* scope. Accessing a more global
	 scope is done by using objects exporting side-effects.

Objects & Classes:
  What is an class? From the point of view of the kernel,
 it's a piece of code with
	(a) multiple entry points
	(b) An attached description of these entry points and their types.
	(c) An indication of inheritance (more thought needed on this one)
  What is an object? From the point of view of the kernel it's a data region
 with an associated class.
  The kernel lets us install new classes into the inheritance hierarchy.
  The kernel lets us create objects (instances of classes)
  The kernel lets us call the methods of objects.

 To be more general,
	* A class is a standardized interface to services.
	* The kernel IS exactly the mechanism that given an object and a class,
	 allows one to access the services for the object.
	* Those services may be extensions to an existing class' services.
	 That's "Inheritance".
	* More generally, one of those services may return another standard
	 interface, i.e. another "class". This exported class is embedded in
	 the first one.
	* A class may embed zero, one, or more other classes; it may even
	 embed the same class in different ways (e.g. a Double Queue can embed
	 a queue in one direction and a queue in the other).
	* Having classes and objects dynamically appearing in the system is
	 equivalent to our language being reflexive: you can write code from
	 inside the language; there is a class describing classes, and so on.


	* if the language appears to be the central step forward in MOOSE,
	proposed by Michael, 100% backed by me (Fare)
	* we can even just design a language, a programming environment
	 and a shared library so that programs written in our language
	 would be nice and have all the facilities the OS should be
	* by writing it on a common powerful platform (e.g. some Unix).
	* This implementation wouldn't need to worry about
	(e.g.) handling other languages and could be relatively portable.
	* Using an existing platform means we do not control all the hardware
	 and particularly memory mapping and error catching.
	* It also means all kind of clumsiness while remapping MOOSE calls
	 into the host system calls, but that's the price to pay.
	* designing a language would take longer than learning an existing one.

*** If we decide that the language is not central to our project we should
*** try hard to use an existing language.

Idea:	Write all the OS in plain "C"
Status:	no one supports it. I (Fare) am 100% against it.
PROs:	* We do not have to design or even learn a new language
	* C already exists and is widely available, and even quite "portable".
CONs:	* C's semantics are completely different from OO, parallel,
	 error-aware, persistent, annotated, specifiable, partial-evaluation
	* Interfacing our C code in an such a way will be a pain in the
	 ass, while what are we going to interface it to ? Are we writing
	 an OS without client ?
	* If we stick to C's semantics, we are not likely to do better than
	* Available "C"s are huge (see GCC).

Idea:	* Write all the OS using "CAML-light"
	* CAML-light is a language based on typed lambda calculus, with
	 full support for side effects, and support for modules being
	* Any CAML-light program is secure (but perhaps for memory
	 overflow ?) (unless you load code manually from disk...).
	* It works on any 32 or 64 bit Unix system, and even on 16-bit
	 DOS or with 32-bit DOS extender, as it's written in C and CAML.
	* See caml-light 0.6 on

Status:	proposed by Fare, just in case it may interest someone
PROs:	* There are (small) doors to allow persistency (any object can be
	 saved on disk) and parallelism (there exist some multi-threading
	 patch somewhere), partial evaluation (though not lazy evaluation)
	 with lambda-calculus, etc.
	* Libraries to access system calls are available; you can link
	 (specially written) C code with CAML code. Interface to system
	 calls already exist.
	* Two CAML->C compilers exist, so the code may be efficient anyway.
CONs:	* CAML's OOness is very clumsy (currently being developped) at the
	* Security is good, but may be VERY hard to enhance (or we may
	 add it in the CAML machine itself)
	* Annotating objects is possible, must be declared with the object.
	* CAML is far from the low-level.
	* CAML's semantic is good, but not exactly what we need, so either
	 we use plain CAML, and there's some inadaptation, or we write another
	 language on top of CAML, and that's somehow inefficient, or we take
	 CAML and modify it, but that's difficult.

Status:	Proposed by Michael
PROs/CONs:	Can you send me your PRO's and CON's, please Michael ?
		What do current SELF implementation rely upon ?
		How does it match our requirements ?
		What does it look like ?
Michael's Suggestion:
	* Look at Self (OOPSLA '87, Sigplan 22:12 -- I think it's FTPable)
		Self is an OO language that uses a simpler alternative to

Low level language tool used to implement the low level part of the OS:
	We're not already using a language on an existing platform.

Using TASM at first
	if we happen to use the i386 as a basis on the assembly level;
	we write some important part of the system in assembly and/or we
	use a memory model other than pure flat memory model.
	I think we can use TASM (Turbo Assembler, by Borland),
	and replace it later by our own integrated OO assembler library.
	first proposed, not yet contradicted; prerequisite in discussion.
	* TASM is a powerful assembler for the lowest level part of MOOSE
	 on i386 (both real mode and protected mode), whose high-level
	 features are unique among existing low-level-able assemblers
	 (*arbitrary multiple segments*, powerful macros among which
	 I've written @IF @THEN @ELSE @ENDIF, Print "hello", for runtime,
	* If we can skip its features hopefully, we can replace it by as86
	 for real mode and gas for protected mode (flat model only). but I
	 don't think this is much feasible, unless the assembly part is
	 minimal, which surely means we use an existing language with its
	 own memory management (which surely is not easy to use in a
	 secure multithreading way).
	* MASM (Microsoft Macro assembler) may be more used among us, and
	 as TASM has a MASM-compatible mode, we may prefer to use MASM.
	* The main problem is it's commercial software. That it runs under
	 DOS should not be a problem. It's real-mode only (at least for older
	 versions) with no direct I/O, so should work under any DOS emulator.

A FORTH-like thing
Idea:	* Use a (32 bit)word-aligned direct threaded language as a basis. This
	 reduces underlying hardware dependencies and need for a powerful
	 assembler (or even for an assembler at all, outside quick interrupt
	 driven I/O loops).
Status:	* first proposed, not yet contradicted.
PROs:	* It's quick and cheap to write, easily extensible, and nobody
	 forbids writing a compiler that'll produce machine code from our
	 language later.
	* The threaded code can point to "C" void(void) code or code written
	 in any language (use of global variables as the machine' state).
	* We're not stuck with C's limited semantics as of parallel
	 programming & error recovery, etc.
CONs:	* Speed may be reduced as compared as using a existing "optimizing"
	 compiler for a common language (e.g. GCC).

Using "C"
Idea:	* Implementing the language completely in C.
Status:	* Put there so that we do not forget any solution.
PROs:	* The produced code is somehow faster than if using threaded code.
CONs:	* difficult to maintain, port, or retranslate in our
	language as C's semantics is so different from our own.
	* the threaded code may be more usable afterwards, and we
	 may compile it one day, whereas all effort put in C will
	 be lost.


More or less in the order:
* See that we do agree on something useful.
* Write a Manifesto.
* Contact people on the net.
* Decide the platform/basis to use for MOOSE.
* Produce a standard for formatting internal documents.
* Fully Design our language and/or OO interface.
* Write a sample application using it
 (a multi-simultaneous-user editor and/or database ?)
* Write it.

[MOOSE Howto]

  E-Mail means electronic mail.
  We assume here you're on the Internet.
  There used to be an automatic list, but it doesn't
seem to work anymore.
  So here are the (hopefully) connected ones (only the first three answer):,,,,,,

  One way to join MOOSE is to use the Internet Relay Chat system.
Please man irc (or take it from an ftp site, like
  Well, first check if an irc executable is available on your site
(it must be irc or ircii). If it is, just launch it. Change your IRC
nickname with command nick (e.g. /nick Fare) or change the variable
IRCNAME. Then, join the MOOSE channel (e.g. /join #_MOOSE) and when
you're done, quit (/quit). If I'm not on #_MOOSE, I may be on #Linux.
Beware ! There's already some bizarre hacker periodically using and
*blocking* #MOOSE (his nickname is Moose), so we shouldn't use it.
If anyone has any other channel name to propose, tell it.
Try /whois Fare to see if I'm here, and /msg Fare Hello ! to attract
my attention. /help may be a useful command for beginners.

[MOOSE Glossary]

The MOOSE project is divided into subjects.
Each subject is managed by a maintainer, who must regularly (at least
after & before each meeting) update a database of all that's been said,
unsaid, decided, undecided, settled or projected about the subject. He
must tell what's been definitely decided; he must show as objectively as
possible each one's arguments pro and con each topic discussed; he must
point to history of each change or decision; he must collaborate with the
ToDo list to make know the status of his subject.
Maintaining is writing such

Idea status
Some idea in the MOOSE project can have several status:
* finished/(well)implemented
	Not only is the idea in the specifications,
	but it also has been implemented !
* defined
	The idea has been agreed and has found its path in
	the official MOOSE specifications.
* agreed
	The idea was voted and accepted, or not contradicted for
	enough time.
* proposed
	was proposed and not contradicted.
	After next meeting, if still not contradicted, agreed.
* discussed
	was proposed, and discussed.
	must be voted or its decision delayed at next meeting
* rejected
	The idea was voted, and rejected.
* not defined yet:
	Nobody has talked about such a thing being or not in the project.
	of course, we're not maintaining a list of such ideas 8)
* defined not to be
	The official specifications reject such an idea.

Idea Number
The originator of the idea give it a unique absolute number for further
discussion and vote (the net is slow enough so that saving many sentences
for one reference is good !). Further comments are added under the idea and
given a paragraph number under the idea.


Well, please excuse me for the extended delay (my account has been
momentarily suspended, then I added my own delay 8-( ).
Mail really is too slow.
Really, that's a long message.
Well, whatever happens, good luck to you all !

could everyone of you upload all his references to ~rideau/pub/moose in ? I'll (momentarily) set my passwd to MoOsE,
so that you can all login. I'll try to open an official MOOSE account there.
Please, do not make me fired of this account 8-?

--    ,        	                                ,           _ v    ~  ^  --
-- Fare -- -- Francois-Rene Rideau -- +)ang-Vu Ban --
--                                      '                   / .          --
MOOSE project member. OSL developper.                     |   |   /
Dreams about The Universal (Distributed) Database.       --- --- //
Snail mail: 6, rue Augustin Thierry 75019 PARIS FRANCE   /|\ /|\ //
Phone: 033 1 42026735                                    /|\ /|\ /