Tunes originality

Francois-Rene Rideau rideau@nef.ens.fr
Wed, 4 Dec 1996 16:58:29 +0100 (MET)

Previous message: Tunes originality (was: a few queries)
Next message: Build OS features in Software, not Hardware (was Re: Ne
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>: Fare
>: Adam C. Wick

>>   It is a project to implement a frame in which all these
>>could be *independently* developed as modules
>>that would nevertheless work
>>seamlessly, safely, reliably, and efficiently together.
>>   Most people think this is impossible,
>>because many have tried and failed to achieve this result before.
> 
> I'd like to slightly correct this last statement. A lot of systems
> (well, not a lot, but more than a few) are trying to do things like
> what TUNES is trying to do, except that they are sacrificing things
> where you are not and you are sacrificing things they are not.
>
I'd like to know what systems you are talking about;
if there already exist a system that does what I want,
I'll stop this TUNES project immediately!

> For instance, both MIT's exokernel and Stanford's Cache kernel keep
> the no-kernel-type approach to operating system design, where things
> can be uploaded to the kernel when necessary, and the operating 
> system is merely a convenient structure to hold all the different
> things in.
>
Yes, and I have little to add to what the ExoKernel team did,
as for the low-level interface to the system.
Now, none of these bring anything about the way high-level
modules will work together.
The Tunes approach starts from a high-level point of view,
and the way the low-level drivers are managed,
through a no-/exo-/meta-/whatever- kernel approach,
is just a particular case of how all modules are managed:
objects do not interact through a centralized way,
but directly talk to each other, through partial evaluation.

> As for the sacrificing bit, it seems that both the exokernel and the
> Cache kernel fall short of the mark (for instance, both limit the
> extent to which you can control the system) in order to add security
> and speed, while you seem to be sacrificing speed a bit.
>
I don't think I'm sacrificing speed,
in that I don't put any structural limitation on system speed,
like the requirement to test everything everytime.
However, speed is not a priority to me
in that I won't invest in actually optimizing things.
The difference is that anyone should be able to speed things up
fairly easily after the initial implementation, because the design
allows it.

> In my project, which is like yours, I sacrifice security. Since, quite
> frankly, I trust all the programs I write and because I can write the
> programs to make sure they don't do stupid things, I feel no particular
> need to have my operating system thoroughly check everything before it
> runs it.
>
Security is being able to devise arbitrary contracts,
and have the guarantee that if agreed upon,
the contract will be fulfilled.
   Systems that don't allow you to express the contract you want
are stupid unsecure systems.
   Systems that do allow you to express the contract you want,
but have no way to enforce it (e.g. literate programming)
are ineffective unsecure systems.
   Systems that enforce contracts that you don't want
are fascist unfree systems.

> A lot of old-time operating system theorists are now spluttering
> about damaged processes and the like, but really I don't see the need
> to deal with security when I pretty much trust the programs I write
> are valid.
>
Do you have any pointer on those?

> If you're interested in hearing more about my os (which is called
> Quantum currently, but may be changed in the near future), check out
> its home page at:
> 
> http://fr-94-26.forest.indiana.edu/qos.html
>
I'll have a look and put it in the TODO list of my Review/ page.
Please notify me on address change or project releases.


>>   The Descartes project at MIT is the only one in the world
>>to bring partial evaluation in the run-time system for
>>a dynamic language (Scheme).
> 
> I also believe some people at the Fox project at CMU was working on a 
> similar  system, using ML instead of Scheme.
> 
Oh, they must have made a lot of progress since I last
saw them, then. I'll have a look, too...

== Fare' -- rideau@ens.fr -- Franc,ois-Rene' Rideau -- DDa(.ng-Vu~ Ba^n ==
Join the TUNES project for a computing system based on computing freedom !
                TUNES is a Useful, Not Expedient System
URL: "http://www.eleves.ens.fr:8080/home/rideau/Tunes/"

Previous message: Tunes originality (was: a few queries)
Next message: Build OS features in Software, not Hardware (was Re: Ne
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]