Proceedings of
the Eighth Symposium
on
Operating Systems Principles
14-16 December 1981 Asilomar Conference Grounds Pacific Grove, California
Special Interest Group on Operating Systems (SIGOPS) Association for Computing Machinery (ACM)
Vol. 15 No. 5 December 1981
ACM ORDER NO. 534810 The Association for Computing Machinery, Inc. 1133 Avenue of the Americas New York, New York 10036
Copyright © 1981 by the Association for Computing Machinery, Inc. Copying without fee is permitted provided that the copies are not made or distributed for direct commercial advantage and credit to the source is given. Abstracting with credit is permitted. For other copying of articles that carry a code at the bottom of the first page, copying is permitted provided that the per-copy fee indicated in the code is paid through the Copyright Clearance Center, P.O. Box 765, Schenectady, N.Y. 12301. For permission to republish write to: Director of Publications, Association for Computing Machinery. To copy otherwise, or republish, requires a fee and/or specific permission.
ISBN
0-89791-062-1
Additional copies may be ordered prepaid from:
ACM Order Department Price: P.O. Box 64145 Members $13.00 Baltimore, MD 21264 Non-Members $17.00 ACM Order No. 534810
'ii Eighth Symposium on Operating Systems Principles
General Chairperson
John Howard - IBM Research, San Jose
Program Chairperson
David P. Reed - MIT
Program Committee
David Cheriton - University of British Columbia
Dorothy Denning - Purdue University
Jim Gray- Tandem Computers
John Howard - IBM Research, San Jose
Anita Jones - Carnegie-Mellon University
Butler Lampson - Xerox PARC
Edward Lazowska- University of Washington
Alan Smith - University of California, Berkeley
Local A rrangements
Sara Dake - Registration
Jim Gray - Catering
Gene McDaniel - Wine
iii 8SOSP Referees
Sten Andler Thomas H. Hinke Loretta Reid Greg Andrews Warren Jessop Glenn Ricart J.L. Baer Paul Johnson William Riddle Joel Bartlett Dennis Kafura David Russell A. Bernstein Stephen Kent Jerome Saltzer Andrew Birrell R.B. Kieburtz M. Satyanarayanan Russ Blake Walter Kohler Ashok Saxena Toby Bloom S. Krakowiak Donald Scelza J.C. Browne David Lamb Richard Schantz Roy Campbell Gerard Le Lann Robert Scheifler David Clark Keith Lantz Roger Schell Robert Cook Richard Leblanc Fred Schneider Geoffrey Cooper Roy Levin Michael Schroeder George Cox Henry Levy Karsten Schwans Doug Currie Bruce Lindsay Peter Schwarz Yogen Dalai Steven Lipner A. Shaw Roger Dannenberg Barbara Liskov Mark Sherman J. Demco John Livesey J.F. Shoch Ivor Durham David Lomet A. Silberschatz Malcolm Easton Allen Luniewski Barbara Simons P.H. Enslow Udi Manber Karen Sollins Robert Filman Paul McJones Marvin Solomon Michael Fischer John Metzner Eugene Stark Brett Fleisch Philip Mills Eric Stephenson Harry Forsdick M.F. Mitoma B. Stroustrup Robert Fowler R.M. Needham T.J. Teixeira James Frankel Peter Neumann Doug Terry W.D. Frazer Jerre D, Noe Ken Thompson David Gifford John Ousterhout William E. Weihl R.L. Gordon J. Peterson Maurice Wilkes Wayne Gramlich Wil Plouffe Robin Williams Po Harter Michael Powell Jim Wyllie Andrew Herbert Ram Rao John Zahorjan Maurice Herlihy
iv Foreword
Like its predecessors of the past 14 years, the Eighth Symposium on Operating Systems Principles represents the diversity and vigor of the field. The program speaks for itself. I know that I found that reading the papers was fun -- hardly a tedious task at all.
All in all, 103 papers were submitted. The competition was strong -- only 23 papers were accepted m less than one in four. Of these, six were nominated to be considered for inclusion in a special issue of Communications of the ACM; five of these were accepted by a second refereeing process managed by Anita Jones. Only extended abstracts for those papers appear here.
The refereeing process, conducted under tight timing constraints, went well. Unlike other conferences, SOSP tries to maintain a high standard of refereeing. Most papers were read by four of the program committee members, myself, and two outside referees. Each outside referee who volunteered was given from one to four papers in his/her area. The outside referees often perform a special service that I value highly. They usually provide many helpful comments to the author(s) to aid in revision. However, I have the general impression that the average quality of outside referee reports is decreasing somewhat. This time a larger fraction of the reports received seemed to concentrate on rating the papers only. I hope this is not indicative of a general trend.
Like many conferences, this one could not have been put together without a lot of help. In addition to the referees, I'd like to thank Debra Fagin, whose help has been invaluable.
David P. Reed Program Chairperson October, 1981 Conference Program
14 December 1981 Session I: Verifying Systems Properties Session Leader: John Howard Proving Real-Time Properties of Programs with Temporal Logic 1 Arthur Bernstein, Paul Harter Design and Verification of Secure Systems 12 John Rushby Session I1" Systems Session Leader: Edward Lazowska A NonStop TM Kernel 22 Joel Bartlett Observations on the Development of an Operating System 30 Hugh Lauer Session II1: Remote Data Storage Session Leader: Butler Lampson The FELIX File Server 37 Marek Fridrich, W, Older A Comparison of Two Network-Based File Servers 45 James Mitchell, Jeremy Dion A Reliable Ob/ect-Oriented Repository for a Distributed Computer System 47 Liba Svobodova Session IV: Computer-Computer Communication Session Leader: David Reed Sequencing Computation Steps in a Network 59 Andrew Herbert, Roger Needham Accent: A Communication Oriented Network Operating System Kernel 64 Richard Rashid, George Robertson Performing Remote Operations Efficiently on a Local Computer Network 76 Alfred Specter
vi 15 December 1981 Session V" Memory Management Session Leader: Alan Smith Converting a Swap-Based System to do Paging in an Architecture Lacking Page-Referenced Bits 78 Ozalp Babaoglu, William Joy WSClock -- A Simple and Effective Algorithm for Virtual Memory Management 87 Richard Carr, John Hennessy A Study of File Sizes and Functional Lifetimes £6 M. Satyanarayanan Session Vl: Protection Techniques Session Leader: Dorothy Denning Hierarchical Take-Grant Protection Systems 109 Matt Bishop Cryptographic Sealing for Information Secrecy and Authentication 123 David Gifford Session VII: The iMAX-432 Operating System
Session Leader: Anita Jones A Unified Model and Implementation for Interprocess Communication in a Multiprocessor Environment 125 G. Cox, W. Corwin, K. Lai, F. Pollack iMAX: A Multiprocessor Operating System for an Object- Based Computer 127 K.C. Kahn, W.M. Corwin, T.D. Dennis, H. D'Hooge, D.E. Hubka, L.A. Hutehins, J.T. Montague, F.J. Pollack, M.R. Gifldns The iMAX-432 Object Filing System 137 F. Pollack, K. Kahn, R. Wilkinson
vii 16 December 1981 Session VIII" Distributed Systems Session Leader: David Cheriton The Architecture of the Eden System 148 E. Lazowska, H. Levy, G. Almes, M. Fischer, R. Fowler, S. Vestal A Distributed UNIX System Based on a Virtual Circuit Switch 160 G.W.R. Luderer, H. Che, J.P. Haggerty, P.A. Kirslis, W.T. Marshall LOCUS: A Network Transparent, High Reliability Distributed System 169 G. Popek, B. Walker, J. Chow, D. Edwards, C. Kline, G. Rudisin, G. Thiel Session IX: User-Oriented Systems Session Leader: Jim Gray Grapevine. An Exercise in Distributed Computing 178 Andrew Birrell, Roger Levin, Roger Needham, Michael Schroeder BRUWIN: An Adaptable Design Strategy for Window Manager/Virtual Terminal Systems 180 Norman Meyrowitz, Margaret Moser
viii