CSE221 Pilot and wide-address

Andreas Anagnostatos (aanagnos@cs.ucsd.edu)
Tue, 18 Apr 2000 10:20:29 -0700

D. D. Redell, Y. K. Dalal, T. R. Horsley, H. C. Lauer, W. C. Lynch, P.
R. McJones, H. G. Murray, and S. C. Purcell, "Pilot: An Operating System
for a Personal Computer," Communications of the ACM, Vol. 23, No. 2,
February 1980, pp. 81-92.

Pilot is an operating system implemented in the Mesa programming
language for personal computers. The personal computers can be
stand-alone or connected to form networks. Some of its features include
a flat file system, hierarchical virtual memory, support for concurrent
processes, packet communications, streams and support for high-level
programming (Mesa). Protection in Pilot is only loosely enforced as
opposed to the design of large time-sharing systems.

Some interesting features different from modern operating systems are
that memory mapping and swapping as well as storage unit sizes (spaces)
are explicitly defined by the programs instead of the operating system.
In the communications context, processes that have established
connections with other processes on remote computers are again
responsible of terminating the connection gracefully since the system
does not support graceful termination. We see in this paper that in
contrast to modern operating systems which tend to provide every
possible service that a user will need, Pilot only provides a bare-bone
system on which other services such as a hierarchical file system can be

Jeffrey Chase, Henry Levy, Michael Feeley, and Edward Lazowska, "Sharing
and Protection in a Single Address Space Operating System," ACM
Transactions on Computer Systems, November, 1994.

The paper describes Opal, an operating system with single 64-bit wide
virtual space address. The key difference is that virtual addresses are
global and permanent. Protection is applied using protection domains,
which define capabilities to segments of memory independent of
addressing. There is no longer the notion of the private address space.
Processes reference 64-bit memory addresses and the access rights are
determined by the capabilities of its protection domain.

This scheme provides very efficient information sharing between
applications through the use of pointers, without compromising
protection. Besides sharing, Opal provides mechanisms for inter-process
communication, persistence and allows for a bigger variety of data
structures for applications which are not possible using private virtual
address spaces.