freenode/#sicl - IRC Chatlog
Search
15:34:17
beach
I necessary condition for that to happen is maintainable code and good documentation, which would be my main task.
17:08:02
salotz
hi beach, re our brief conversation over at #clim with respect to Genode. Genode doesn't really have a concept of process in the sense you talk about in your CLOSOS whitepaper, meaning a distinct unsharable address space. https://genode.org/documentation/genode-foundations/19.05/architecture/Core_-_the_root_of_the_component_tree.html#Dataspaces
17:11:31
beach
salotz: So, what language is used to write applications, and how do you prevent such an application from reading and writing in the space of some other application?
17:12:10
beach
And how do you prevent an application from having arbitrary access to its control stack?
17:13:44
beach
I guess the answer to the first question is by using page protection per application.
17:13:56
salotz
Its a capability system, caps are protected by the kernel. Its a framework for building the components so you can set the system up so that each component has their own "protection domain"
17:15:38
salotz
I'm still learning myself, your paper is helping me to see the design space more clearly
17:16:26
salotz
your absolutely right about the textbooks explaining processes as if its a necessary thing
17:17:42
beach
No, I mean, if each RPC object has its own page protection, preventing it from accessing pages of other processes, then when the CPU gets to work on a different application, then the page protection must be altered.
17:24:35
salotz
not sure I understand enough to answer the context switching question. Theres a bit of an impedance mismatch in the terminology I will have to clarify
17:25:24
salotz
But I'm kind of getting the impression that you really have the flexibility to do things in a number of ways.
17:26:38
salotz
The reason I brought it up is that I think it could provide a number of the harder things as base services to build CLOSOS on
17:31:57
salotz
I think each component gets a "protection domain" which is an address space, stack area, and linker area. When a component makes threads it allocates to the stack area
17:33:24
beach
And what I mean by context switch is that the MMU page table must be modified when a different application is going to use the CPU.
17:34:06
beach
So one critical idea of CLOSOS is that the application does not have direct access to its control stack. Also, it does not have a kernel.
17:34:53
salotz
thats something I didn't quite understand in the paper. what a "kernel" means actually is a number of different things depending on the kernel in question
17:35:36
salotz
In genode you don't have to give a component it's protection domain/stack area. You could set it up to have a shared one
17:35:36
beach
Usually, it means some kind of monolithic program that handles all the privileged stuff.
17:36:26
salotz
ya in genode its not that. the main thing it does is protect capabilities AFAI understand
17:40:44
beach
I need to go fix dinner for my (admittedly small) family. I'll read your answers later, or tomorrow in the worst case. I should probably try to take time to read more about Genode.
17:41:19
salotz
they provide some filesystem components though for compatibility but you don't have to use them
17:44:35
salotz
thanks for your questions, helps me understand things as well. I'm honestly way over my head with this stuff.