Persistence has long been difficult to integrate into operating systems. The main problem is that pointers lose their meaning once they are taken out of their address-space. We present a distributed system which has a single address-space encompassing all virtual memory of every node in the system. This design has become possible (and practicable) with the advent of 64-bit microprocessors. In our system

In this paper, we propose a method of reducing the latency of cross-domain remote procedure call (RPC). Traditional systems use separate address spaces to provide memory protection between separate processes, but even with a highly optimized RPC system, the cost of switching between address spaces can make cross-domain RPC's prohibitively expensive. Our approach is to use anonymity instead of hardware page tables for protection. Logically independent memory segments are placed at random locations in the same address space and protection domain. With 64-bit virtual addresses, it is unlikely that a process will be able to locate any other segment by accidental or malicious memory probes; it impossible to corrupt a segment without knowing its location. The benefit is that a cross-domain RPC need not involve a hardware context switch. Measurements of our prototype implementation show that a round-trip null RPC takes only 7.7μs on an Intel 486-33.

Operating Systems Review, 29(1):87-90, January 1995 modified version of a paper presented at 6th SIGOPS European Workshop 12th-14th September 1994, Schlo Dagstuhl, Germany To fully exploit the potential of large address spaces, e.g. 2 64 -byte, the sparsity problem has to be solved in an efficient manner. Current address translation schemes either cause enormous space overhead (page table trees) or do not support address space structuring, object grouping and mixed page sizes (inverted page tables). Furthermore, an essential handicap of current virtual address spaces is their coarse granularity. It restricts the concept's relevance to low level OS technology. Without this constraint, mapping could be a vertically integrating paradigm, useful on all levels from hardware up to application programming. Guarded page tables help solving both problems. They permit significant extensions of the current programming model without performance degradation: sparse occupation and coarse-grain...

... This paper analyzes several programs and pro-gramming techniques to understand the performance implications of different pointer sizes. Many (but not all) programs show small but definite performance consequences, primarily due to cache and paging effects.

It is possible to distinguish between policy and mechanism in operating system design. There is a trend to move policy out of the operating system kernel and into the user-level. This trend is described with respect to example operating system types. A system is proposed which takes this policy/mechanism split to the extreme of having the operating system kernel reduced to a hardware object which provides a low-level but abstract view of the actual hardware. Such a system would be flexible enough to allow investigation of dynamic, user-level, provision of policy. 1 Introduction The conventional operating system maps user programs to the resources of the machine largely by means of the `process' abstraction -- the program in execution. It ensures that user processes are protected from each other whilst allowing sharing between processes in a controlled way. Resources can be shared in a time-sliced fashion on general-purpose time-share machines, or in a distributed fashion on parallel m...

Modern operating systems must support a wide variety of services for a diverse set of users. Designers of these systems face a tradeoff between functionality and performance. Systems like Mach provide a set of general abstractions and attempt to handle every situation, which can lead to poor performance for common cases. Other systems, such as Unix, provide a small set of abstractions that can be made very efficient, at the expense of functionality. We are implementing a flexible system building tool, FLEX, that allows us to support a powerful operating systems interface efficiently by constructing specialized module implementations at runtime. FLEX improves the performance of existing systems by optimizing interprocess communications paths and relocating servers and clients to reduce communications overhead. These facilities improve the performance of Unix system calls on Mach from 20-400%. Furthermore, FLEX can dynamically extend the kernel in a controlled fashion, which gives user...

A single address-space encompassing all virtual memory of a distributed computer system is an ideal environment for a persistent system. The issue of providing effective and efficient protection of objects in such an environment has, however, not been addressed satisfactorily. We propose a system which is based on password capabilities. A system-maintained data structure called the capability tree is used for long-term storage of capabilities, and reflects the hierarchical structure of object privacy. A second system data structure, the active protection domain, allows the system to find capabilities quickly when validating memory accesses. The proposal supports inheritance of protection domains, as well as temporary extension of protection domains to support privileged procedures. Untrusted programs can be confined to run in a restricted protection domain. The protection system performs efficiently on conventional architectures, and is simple enough that most programs do not need to be aware of its operation.