In the GMS implementation described in the paper, only "clean" pages are written to global memory ("dirty" pages must be written to disk before they can participate in the GMS pool).
Similarly, it is assumed that all nodes in the GMS workstation cluster are trusted.
Butler Lampson once gave a set of principles for system design. Among these, he gave two conflicting pieces of advice on the nature of implementations. He said, "Keep secrets of the implementation. Secrets are assumptions about an implementation that client programs are not allowed to make... Obviously, it is easier to program and modify a system if its parts make fewer assumptions about each other." And yet, "One way to improve performance is to increase the number of assumptions that one part of a system makes about another; the additional assumptions often allow less work to be done, sometimes a lot less." That is, on the one hand we should hide an implementation for ease of development, and, on the other, we should expose our implementations for speed. For example, Xen's paravirtualized x86 interface exposed the implementation of the hypervisor to its guest OSes, largely for speed, while Sprite's process migration took advantage of secrets in hiding the distributed nature of its implementation from processes subject to migration.
Exokernel and Grapevine are two more systems which exemplified this advice. For these two systems, explain:
For each of the three systems, consider the path a network packet containing an HTTP request takes as it travels from the network interface card to a Web server process running at user level:
For example, if the system were standard monolithic Linux, the protection domains would be the kernel and the Web server process with its address space. The kernel is privileged, and the server process unprivileged.
For example, if the system were standard monolithic Linux, the CPU would raise an interrupt, halting the Web server process, and vector to a Linux kernel interrupt handler for page faults. The page fault handler would allocate a physical page from Linux's free physical page list and update the page table entry with the valid mapping. The Linux kernel would then return from the interrupt.