Go! Component-based
Operating System
Go! is a prototype
component-based OS that runs natively on IA32 (Intel 80386+) based
PCs. Go! uses a novel protection mechanism which allows increased
decomposition of the OS, and unrivalled performance.
Component-based OSs aim to
bring the benefits of object-orientation enjoyed by applications to
operating systems. If successful, systems developers, application
developers and users will all benefit. OS designers will benefit
from software engineering techniques such as object orientation
& exceptions, just as application developers have in the last
decade. Application developers should benefit from OS services and
abstractions more appropriate for modern software engineering. Users
will benefit from increased stability,
performance,
configurability,
dynamism
and flexibility.
Why Another Component-Based
Research OS?
The phrases 'component based
operating system' and 'object oriented operating system' have been
around for some time, so what makes this different:
- The temporal overheads of
protection are around 10% of those of the leanest research
systems, and space overheads are about 1%. These overheads are
almost 1,000 times lower than standard commercial operating
systems! The almost negligible overheads of protection mean that
systems can be decomposed at a granularity much finer
than before; most current protection models are too heavyweight,
meaning applications cannot be decomposed too finely for fear of
clobbering performance.
- The novel protection model
allows the OS itself to be decomposed -- that is, there is no
difference between system and user software.
Most systems have a kernel,
defined as the code that executes in a special privileged mode of
the processor. Componentisation is restricted because much of the
OSs functionality must execute in this privileged mode. The purpose
of the privileged and unprivileged modes is to prevent untrusted
components from executing instructions which would compromise system
security (attempted execution of such an instruction in the
unprivileged mode alerts the operating system, usually resulting in
the offending program's termination).
In Go!, all code is executed
with full privileges (i.e. while the processor is in kernel mode).
Untrusted components are prevented from executing privileged
instructions by code-scanning. This simple technique scans
code before it is loaded on the system -- if an untrusted component
is found to contain privileged instructions in its code section, it
is rejected.
|