This article explores memory sharing and protection support in Opal, a single-address-space operating system designed for wide-address (64-bit) architectures. Opal threads execute within protection domains in a single shared virtual address space. Sharing is simplified, because addresses are context independent. There is no loss of protection, because addressability and access are independent; the right to access a segment is determined by the protection domain in which a thread executes. This model enables beneficial code- and data-sharing patterns that are currently prohibitive, due in part to the inherent restrictions of multiple address spaces, and in part to Unix programming style. We have designed and implemented an Opal prototype using the Mach 3.0 microkernel as a base. Our implementation demonstrates how a single-address-space structure can be supported alongside of other environments on a modern microkernel operating system, using modern wide-address architectures. This article justifies the opal model and its goals for sharing and protection, presents the system and its abstractions, describes the prototype implementation,

The appearance of 64-bit address space architectures, such as the DEC Alpha, HP PA-RISC, and MIPS R4000, signals a radical shift in the amount of address space available to operating systems and applications. This shift provides the opportunity to reexamine fundamental operating system structure specifically, to change the way that operating systems use address space. This paper

Recent microprocessor announcements show a trend toward wide-address computers: architectures that support 64 bits of virtual address space. Such architectures facilitate fundamentally new operating system organizations that promote efficient data sharing and cooperation, both between complex applications and between parts of the operating system itself. One such organization is the single address space operating system, in which all processes run within a single global virtual address space; protection is provided not through conventional address space boundaries, but through protection domains that dictate which pages of the global address space a process can reference. This paper focuses on the architectural implications of single address space operating systems, specifically the interaction between the memory system architecture and the operating system's use of addressing and protection. Our purpose is to explore certain architectural opportunities created by single address space ...

Abstract This paper is a survey of the current state of the art in the design and implementation of distributed file systems. It consists of four major parts: an overview of background material, case studies of a number of contemporary file systems, identification of key design techniques, and an examination of current research issues. The systems surveyed are Sun NFS, Apollo Domain, Andrew, IBM AIX DS, AT&T RFS, and Sprite. The coverage of background material includes a taxonomy of file system issues, a brief history of distributed file systems, and a summary of empirical research on file properties. A comprehensive bibliography forms an important of the paper. Copyright (C) 1988,1989 M. Satyanarayanan The author was supported in the writing of this paper by the National Science Foundation (Contract No. CCR-8657907), Defense Advanced Research Projects Agency (Order No. 4976, Contract F33615-84-K-1520) and the IBM Corporation (Faculty Development Award). The views and conclusions in t...

The recent appearance of architectures with flat 64-bit virtual addressing opens an opportunity to reconsider the way our operating systems use virtual address spaces. We are building an operating system called Opal for these wide-address architectures. The key feature of Opal is a single global virtual address space that extends to data on long-term storage and across the network. In this paper we outline the case for the use of a single virtual address space, present the model of addressing and protection used in Opal, and discuss some of the problems and opportunities raised by our approach. 1 Introduction The Opal project is an investigation into the effect of wide-address architectures on the structure of operating systems and applications. Our premise is that the next generation of workstations and servers will use processors with 64-bit data paths, and sparse, flat, 64-bit virtual addressing. The MIPS R4000 [MIP 91] and Digital's Alpha family [Dobberpuhl et al. 92] are recent e...

Abstract. We describe a new network service, the “ticket server”. This service provides “tickets ” that a client can attach to a request for a network service (such as sending email or asking for a stock quote). The recipient of such a request (such as the email recipient or the stockbroker) can use the ticker server to verify that the ticket is valid and that the ticket hasn’t been used before. Clients can acquire tickets ahead of time, independently of the particular network service request. Clients can maintain their stock of tickets either on their own storage, or as a balance recorded by the ticket server. Recipients of a request can tell the ticket server to refund the attached ticket to the original client, thus incrementing the client’s balance at the ticket server. For example, an email recipient might do this if the email wasn’t spam. This paper describes the functions of the ticket server, defines a cryptographic protocol for the ticket server’s operations, and outlines an efficient implementation for the ticket server. 1.

Object-oriented models are a popular basis for supporting uniform sharing of data and services in operating systems, distributed programming systems, and database systems. We term systems that use objects for these purposes object sharing systems. Operating systems in common use have nonuniform addressing models, making the uniform object naming required by object sharing systems expensive and difficult to implement. We argue that emerging 64-bit architectures make it practical to support uniform naming at the virtual addressing level, eliminating a key implementation problem for object sharing systems. We describe facilities for object-based sharing of persistent data and services in Opal, an operating system we are developing for paged 64-bit architectures. The distinctive feature of Opal is that object This paper will appear in identical form in the proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), October 1992. This work w...

The Chare kernel is a run time support system that permits users to write machine independent parallel programs on MIMD multiprocessors without losing efficiency. It supports an explicitly parallel language which helps control the complexity of parallel program design by imposing a separation of concerns between the user program and the system. The programmer is responsible for the dynamic creation of processes and exchanging messages between processes. The kernel assumes responsibility for when and where to execute the processes, dynamic load balancing, and other "low" level features. The language also provides machine-independent abstractions for information sharing which are implemented differently on different types of machines. The language has been implemented on both shared and nonshared memory machines including Sequent Balance and Symmetry, Encore Multimax, Alliant FX/8, Intel iPSC/2, iPSC/860 and NCUBE/2, and is being ported to NUMA (Non Uniform Memory Access) machines like t...

ISIS is a toolkit for building applications consisting of cooperating processes in a distributed system. Group managementand group communication are two basic building blocks provided by ISIS. This approach has proven successful, and ISIS' large user community is putting substantial demands on these mechanisms. To accommodate these demands a complete redesign of the system, called HORUS, is being done to build a simpler and faster system that scales well. Of particular concern is the support and management of hundreds of thousands or more process groups. This paper describes a component of HORUS known as light-weight process groups that addresses this scaling issue. 1 Introduction Much of yesterday's centralized mainframe computing has evolved into the large local area networks of today. This trend has made reliability in the computing environment more complex. Failures within large LANs are quite commonplace. Users treat a networked PC much like a stand-alone machine, turning the mac...

Traditional security models are mostly centralized, coarse grained and static. They are not suitable for large distributed and anonymous environments like Internet. With the increasing importance of Internet and high-speed networking, it is essential to provide a security model that could incorporate application-specific security policies dynamically and efficiently. In this paper we propose a new script-based security and protection model which supports application-specific security policies. Essentially, it extends traditional capabilities with user-definable scripts, called Active Capabilities. This model synthesizes the recent innovations on type-safe scripting languages, extensible operating systems, and software protection. We demonstrated that active capability can support security features difficult to provide in traditional capability-based systems such as revocation, propagation confinement (cascading), access constraint (restriction) and auditing. We show that by shifting the complexity from the system level to the user level, the simple security core can be implemented efficiently. In addition, applications only pay the necessary overhead incurred by their required security functions.