SLK: The Safe Language (No-)Kernel Project

Massimo Dentico
Thu, 26 Aug 1999 19:56:32 +0200

Follow  a quote (emphasis is mine) on a no-kernel OS,  from  CS
department  of Cornell University. Sorry, but I'm incapable  to
review for lack of time (I need much time to write decently  in


SLK: The Safe Language Kernel Project


SLK   relies on the properties of type-safe languages in  order
to  enforce   protection  boundaries between applications   and
the   OS  itself which means that all code can run in a  single
address  space  and at a single hardware privilege  level.  The
first version of SLK is  heavily  Java  based but a significant
part   of  our  research effort  lies in understanding  how  to
host  multiple languages.  For example,  we  plan  to integrate
ML into the family  of  languages supported by SLK.

The  most  fundamental difference between the  Secure  Language
Kernel (SLK)  and  a  traditional operating system is the  fact
that   the entire  system  runs in a single address space   and
at   a   single hardware  protection level. There is no  memory
management   hardware  that  prevents  one   application   from
accessing   another's  memory   and  there   is   no   hardware
privilege mode differentiating instructions executed   in   the
kernel  from those executed in  an  application. Instead,   all
protection   is enforced  by  the  language  system.  Languages
used under SLK must be type safe and the compiler  must provide
enough   information   to   the  run-time   system   to   allow
protection boundaries to be enforced.

The   motivation  for relying on software  for  protection   is
threefold:   light   weight,   seamless   extensibility,    and
flexibility  in  the  form  of fine grain  sharing.  Under  the
assumption that the language system can enforce protection,  it
is  natural to propagate this new property  through the  system
and  eliminate redundant functionality in an attempt to  reduce
complexity  and  improve efficiency. This is also  the  primary
technical  motivation behind Sun's upcoming JavaOS [Mad],   but
unlike  JavaOS, SLK focuses on servers and  fine-grain  sharing
of  data and code across protection boundaries.  In  this sense
it   continues  a decade-long trend in OS  design   in   moving
functionality   into   user-level and generally  blurring   the
user-kernel  boundary. **SLK removes the  user-kernel  boundary


Massimo Dentico