Qiao XIN (qxin@cs.ucsd.edu)
Tue, 6 Jun 2000 00:07:42 -0700 (PDT)

Qiao Xin

Evaluation of the Paper: Exokernel

Traditional operating systems centralized resource management via a
set of general-purposed abstractions which can not be specialized,
extended, or replaced. These fixed high-level abstractions can not
abstract physical resource that is best for all application;they hide
information from application and make it difficult
for application to implement their own resource management
abstractions. One solution is to allow the traditional abstractions to
be implemented entirely at application level, and Exokernel is
introduced in this paper attempts to solve the above problems.

The exokernel architecture consists of a thin exokernel veneer that
multiplexes and exports physical resources securely through a set of
low-level primitives. Library operating systems, which use the
exokernel interface implement higher-level abstractions and can define
special-purpose implementation that best meets the performance and
functionality goals of applications.

An exokernel separate protection from management to give library
operating systems maximum freedom in managing physical resources while
protecting them from each other. It uses secure binding allowing
library operating systems to be able to securely bind to machine
resources, it uses visible revocation allowing library operating
systems to participate in a resource revocation protocol, and it uses
abort protocol to break secure bindings of uncooperative library
operating systems by force.

Since library operating systems need not multiplex a resource among
applications with different demands, the implementation of
abstractions in library operating systems is simple and
specialized. While not trusted by exokernel, library operating
systems are free to trust applications. Furthermore, library operating
systems can provide as much portability and compatibility, the
extending and specializing of them is also simple.

My question is: what about the reliability?

Evaluation of the Paper: SPIN

This paper describes SPIN operating system which attempts to address
the problem in existing operating systems, namely, system
specialization is a costly and error-prone process. Existing operating
structures are not well-suited for specialization, often requiring a
substantial programming effort to affect even a small change in system
behavior, and changes benefits one class of application often degrades
that of the other. These implies the need of an extensible system that
can be changed dynamically to meet the needs of an application.

SPIN is an extensible system that achieves good performance without
compromising safety. It provides a set of efficient mechanisms for
extending services, as well as a core of extensible services that
manage memory and processor resources. Co-location, enforced
modularity, logical protection domains and dynamic call binding allow
extensions to be dynamically defined and accessed at the granularity
of a procedure call. The protection model supports efficient,
fine-grained access control of resources, while the extension model
provides a controlled communication facility between extensions and
the base system.

SPIN and its extensions are written in the general-purpose programming
language Modula-3 and it depends on the language's safety and
encapsulation mechanisms, specifically interfaces, type safety and
automatic storage management. In contrast with Pilot, SPIN's reliance
on language services applies only to extension code within the kernel.