Yang YU (yyu@cs.ucsd.edu)
Mon, 17 Apr 2000 21:50:13 -0700


Opal aims to exploit wide-address architectures "to integrate and to
improve the reliability and performance of complex, cooperating
applications manipulating large persistent data structures."

The paper claims that sharing is simplified because addresses are
context-independent, resolving to the same data regardless of who uses
them. ( Share)
To protect the data ,Opal uses protection domains. The executions
units, threads, can name all of the data in the system, but the threads
access will be limited by the rights in the protection domain. This is
an unusual separation of addressing and protection. ( Protect)

Address Spaces:
Private address Spaces
Increased amount of address space available to all programs.
Hard memory protection boundaries.
Easy cleanup on program exit.
Obstacles to efficient cooperation between protected application
components: Pointers have no meaning outside of the process that
created them.
Pointer problems force different processes to copy large amounts of
data when they wish to share with another process.

Opal shared address spaces

Memory is divided into segment
Threads are the units of execution
protection domains define the context in which threads execute in: a
protection domain specifies which segments a group of threads has
access to capabilities are implemented using 256-bit password
threads (groups?) can attach/detach segments
IPC is done through portals. Portals are referenced through
capabilities and specify a 64-bit entry point

B. Pilot


Small yet sophisticated operating system for a personal computer
Single user, single language (Mesa), protection against errors, but
not malicious attacks
Networking built into OS , concurrent programming supported


Protection based on type safety in Mesa, which is a Modula-2-like
Tight integration with Mesa
Single user, multi process

Integration of filesystem and virtual memory system

files are named by 64-bit globally unique ids (uids)
OS provides flat filesystem namespace, files quantized to pages
immutable files
file access is by mapping files into the VM address space
block on disk are self-describing, in-memory filesystem index data
structures are independent

Virtual memory

subdivided into spaces: contiguous regions of VM
spaces serve for allocation, mapping to files, and swapping units
hints to VM system to control swapping of spaces

I/O streams and network

Stream abstraction for OS: transducers and filters
network integrated into OS, ethernet, non-IP protocols
sockets, unreliable datagram service, relizble network streams
each machine can route packets


reasons for/against "personal operating systems" ?
Java like OS (good or bad)?
Why cannot compete with MSDOS?

Yang Yu
Department of Computer Science and Engineering
University of California, San Diego