Paper evaluations

Carnevali $ilvio (
Mon, 17 Apr 2000 18:51:12 PDT


The main goal of this paper is presenting the main benefits of using a
Single Address Space OS, which cuts the need for address reusability.
Usign 64-bit addresses both increases the amount of address space available
and takes advantage of new wide-address Processor Designs;
from that point of view the work presented here is new, even though built
upon an existing microkernel.

In Private Address Systems every process is assigned the required range of
virtual addresses it needs independently from other processes,
which means two processes can have overlapping address spaces. In OPAL this
does not happen since every process is assigned an
exclusive address range; thus, data sharing can be defined dynamically with
respect to specific shared addresses with no risk of conflicts.
This approach also solves cache conflict problems, because we know that two
different processes cannot use the same virtual address
(which often causes aliasing in Private Address Space systems). Finally,
there is no more need for pointer translation since procedures can
be always assigned the same address range.
As a direct consequence of those improvements, protection flexibility is
greatly increased since it needs no more be related to a specific address.
The OS thus provides the basic protection tools, while the application has
the freedom to decide how to apply them with a finer granularity. The
concepts of capabilities and Access Control Lists is reused here to provide
the mechanisms for security, even though ACL's were not implemented
in the first version of the system. Special attention is also dedicated to
resource usage; for that reason, reference count manipulation is associated
with capabilities in order to avoid improper utilisation, which may result
in memory waste.

Reading this paper unveiled all the problems related to Private Address
Systems, and how they can be solved or better optimized using a Single
Address Space Approach. Furthermore, the existence of wide-address
processors justifies the existence of an OS exploiting those new features
to their full extent. I think one of the strong points of this system is
it's compatibility to previous systems: OPAL could still use Private
Addresses in
some special cases (over large network domains for example), which proves
it's flexibility. This is probably the reason why there is no future work
mentioned in the paper, which means the system was considered to be complete
for the current needs.


This paper deals with the presentation of a new concept of OS that is
user-oriented, designed to provide the greatest amount of flexibility and
performance to the single user of a Personal Computer. It is interesting to
note that emphasis is not on protection any more, unlike most other
contemporary OSs.

A completely new approach is introduced in the design of the system.
Security is still based on capabilities associated with a file, which is an
old concept, but they are mainly used to provide defensive protection
against errors rather that active protection against external attacks. The
distribution of resources like CPU time also become a secondary issue, since
there is only one user.
The system is designed to provide just the basic features closer to the
hardware, while more complex issues are always left to higher level
For example, there is no directory hierarchy for files, but specific
software can implement such a hierarchy. This is also the case for memory
management: the system provides support for Virtual Memory allocation using
spaces, or allocation entities. If the granularity thus provided is not
sufficient, then extra resolution can be gained through specific
An interesting feature of the system is the ability to make devices
available to clients via procedural interfaces (streams) that make the
transparent. The principle is very similar to the basic C++ stream
definition in that they allow sequential access to data independently of
it's origin.
In Pilot there is ample support for network applications; in fact, the
system can be used for a generic single user system connected to the
network, or just as an internet node that would take care of packet routing
control. It is then interesting to note that security is the main pitfall of
system because all WANs require, by definition, high protection standards
which are not really supported by the system.

Reading this paper helped me understand better how an "unsecure" system is
designed; I still don't understand though why an unsecure system
was so much optimized as a network interface, having the packet
communication protocol directly integrated in it. Future implementations are
suggested, even though it appears that some of the ideas presented have been
later used in other unsecure systems like DOS that also focuses
on performance for single user systems.

Get Your Private, Free Email at