CSE 221: Paper evaluation

Renata C TEIXEIRA (teixeira@cs.ucsd.edu)
Tue, 18 Apr 2000 06:52:57 -0700 (PDT)

Title: "Pilot: An Operating System for a Personal Computer"

Pilot is an operating system designed to be used by a single user
in a personal computer. The system explore this design goal, omitting
some of the features that had been integrated on previous multi-user
systems. For instance, Pilot is not so concerned with security issues
and it uses a unique address space.

Files are used for information storage and are assigned universal
identifiers. The space of files, however, is "flat". The system
provides defensive protection associating files with capabilities.
Protection of the system is also ensured by the use of a single
safe programming language, Mesa.

Files can be accessed implicitly via the virtual memory. In addition,
Pilot allows clients to access I/O devices through low-level procedural
interfaces (no protection required), or through the Pilot stream

Pilot provides an infrastructure for distributed computation, allowing
shared-memory interprocess communication and communication of process
in different machines via a family of packet communication protocols.
There are two different interfaces to use those protocols: Socket,
which provides a datagram service, and NetworkStream, which provides
a reliable connection service.

I think that one strong advantage of this system is the support for
distributed computation. The abstraction provided by the Sockets and
NetworkStream interface allow the programmer to use the network in a
simple way. Another interesting feature is the single address space.
Since the system was designed for a single user only, there was no need
to introduce the overhead of managing separate address spaces.
The main disadvantages of this systems rely on the requirement of using
the Mesa language. First, it is unreasonable to think that all network
nodes will use the same operating system/language. Second, there is
no compatibility with previous systems.


Title: Sharing and Protection in a Single Address Space Operating System

This paper proposes the use of a single address space to allow for
a more efficient cooperation between protected application components.
It separates protection from addressing, thereby achieving a more
flexible protection and a simple shared memory. The system also
allow mapped persistent storage.

Opal uses a single address space allowing threads to share data
easily, at the same time it ensures protection by the use of
capabilities associated with each segment. A protection domain
is an execution context for threads, restricting their access
to a specific set of segments at a particular instant in time.
Having the right capabilities, threads can attach/detach segments
to their protection domain. Two domains can communicate through
portals, which may be local or remote. By being in the same domain,
applications can share components in a simple way, even if the
component is remote.

One disadvantage of this system is that the size of a cluster
(that has a single address space) is limited. In wide-area networks,
like the internet, this limit can be reached easily.
Some interesting features of this system are: protection boundaries
and use of capabilities are transparent to applications; sharing
of data is performed in a simple way without harming protection;
and when executing multiple instances of the same module, the system
shares the code part, thus there is no need to replicate the entire

Renata Teixeira