freenode/#sicl - IRC Chatlog
Search
4:49:13
beach
I have been reading a bit more about Genode. It looks like a fine system, and I am sure it could be used as a basis for some kind of LispOS. However, the philosophy seems very different from what I imagine with CLOSOS, and I don't think a CLOSOS-like system could be built on top of Genode.
4:51:17
beach
If I understand the documentation for Genode right, an individual component still has its own address space. A capability is very similar to a Unix file descriptor in that it is meaningless as a pointer, and requires the kernel to access the associated object.
4:52:30
beach
A remote procedure call is not a simple function call. It transits by the kernel, and the caller and the callee are in different protection domains, using different stacks, and even different threads.
4:53:22
beach
This organization is a requirement when application code has full access to its address space, as is the case with most traditional systems.
4:54:01
beach
CLOSOS, on the other hand, does not give an application access to its address space, so all applications share the same address space.
4:55:51
beach
Genode must require context switches to accomplish remote procedure calls, and context switches are expensive. In CLOSOS, there is no context switch, and the system is permanently in supervisor mode.
5:15:29
beach
As I write in some documents, I find it amusing that we still want people to program as if they have access to the bare machine.
5:16:40
beach
We present a model where each program lives in an address space that starts at address 0, that contains all its application objects, and especially its control stack.
5:17:39
beach
As long as we present such a model, we need to have context switches in order to prevent one program from destroying the data of another program, or of the system itself.
5:18:45
beach
And we need to have capabilities that are meaningless as pointers. In Unix, they are called file descriptors and they are just small integers that only the operating system knows what to do with.
5:23:26
beach
Chapter 3 of the Genode document shows capabilities as small integers. Furthermore, those integers are different in each component, and only the system can connect them to the corresponding objects.
5:24:14
beach
So, to summarize my impression of Gnode, I think the designers worked very hard to get a secure system, given that they wanted to preserve the traditional programming model.