a no-kernel system
Mike Prince
mprince@crl.com
Tue, 20 Dec 1994 00:58:18 -0800 (PST)
On Tue, 20 Dec 1994, Francois-Rene Rideau wrote:
> Why I'm against any kind of OS "kernel"
> =======================================
[snip]
I think you're being just a liiiittle harsh on microkernels, but we'll
save that for another day.
The more I read your post the more it sounds like a programming language
than an operating system. An operating system provides services with
standardized interfaces (i.e. my dos floppy works on all dos machines,
same with my VGA card, etc). If we say anything goes, haven't we thrown
away the standards that define a particular instance of an OS?
> For What did we end up with ? A world of computing *freedom* indeed,
> where objects are free to interact; and freedom not meaning anarchy, as
> there are regulators, the meta-protocols, that ensure that no object
> is used in despise of its rights, and that all objects respect their
> duties, which is better than any kind of bitmap-based security
> checking. Trivial objects will have trivial security checking, with
> no overhead from such bitmap test, while complex objects will have
> full-fledge security checking, with strong typing and perhaps program
> correctness proof, and no security hole from over-simple bitmap test.
> Without kernel, all objects are able to talk directly each to the
> other, and communicate freely.
Unix has had this problem in a way. It said go ahead and write
specialized programs, now the unix kernel itself is nothing compared to
"standard" suite of applications you expect for a vanilla system.
I guess I'm saying, what are we trying to do? We could create a greate
OO programming environment. But if no two systems are alike due to
customization, then there is little incentive for people to adopt a non
standard. Or by the same token, if every system has to have a multitude
of drivers to deal with the vast number of system permutations people
have good-heartedly introduced, then we have another memory gobbling
monster.
At some point what makes us attractive is the standards we have
established. So what are they?
> What is an OS ? It is a basic set of standard software services, that
> programs may rely upon.
So what are our standard services?
> Now what does such kernel mean ? It means that just *any* communication
> between different system objects must go through the overhead of a kernel
> system call (aka syscall)
Traditionally it may have, but it's not a prerequisite.
> So indeed, the kernel design only brings some useless burden with
> limited functionality, and requiring processes to provide security and
> services themselves.
Kernels DO provide security between processes. How do you suggest we
deal with rogue processes when they are policing themselves?
> Reducing the kernel size (the current trend for "micro-kernel" only
> decreases kernel functionality and explicitly moves responsibilities to
> "users"; but it does not solve anything and kernel is ultimately reduced
> to pure overhead.
Be kind!
> Let's provide services,
> but without any kernel. Let's be completely modular. How can it be ?
> By dynamically linking objects directly each to the other and
> not
> requiring them to pass control to some central dispatcher that only
> wastes space and time.
> Moreover, such method allows linked objects to
> communicate directly
Please describe the mechanism for linking objects. What kind of
performance can we expect when migrating objects. Will migrated objects
leave any tell-tale signs (stubs for instance)? How easy/hard will it be
for processes to do RPC's or is there another twist on that? Is memory
hierarchically arranged with a hierarchy of GC's, or flat, or what? How
much info is provided with each object? Can I inherit an objects
properties from the LLL, or do I need the source?
> the dynamic linker to ensure security, by
> linking together only willing objects that can understand each other,
> and that fulfill each other's conditions.
So the dynamic linker is capable of writing both code and data to any
location in the address space?
> We'll then say that the
> objects use the same protocol, and the way the dynamic linker
> recognizes what object protocols will be called the (well, a)
> meta-protocol.
Please describe the semantics of the meta-protocol (is this one of our
standards?)
> But then, some will argue, the dynamic linker is the actual kernel !
> No, because the dynamic linker is itself some dynamically linked and
> replaceable object, and need not be unique or constant, so anyone can
> use whatever dynamic linker he finds (and is able to use); just being
> intensively used will no more make a kernel out of the standard
> dynamic linker than it will have made one out of the keyboard driver,
> or of the printf (or equivalent) routine.
Please explain the mechanism for field-upgrading a dynamic linker in a
persistent system.
Please forgive me for the barrage of questions, but I had to ask.
Mike