DOCSLIB.ORG

A VLSI Architecture for Enhancing Software Reliability Kanad Ghose Iowa State University

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A VLSI Architecture for Enhancing Software Reliability Kanad Ghose Iowa State University Iowa State University Capstones, Theses and Retrospective Theses and Dissertations Dissertations 1988 A VLSI architecture for enhancing software reliability Kanad Ghose Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/rtd Part of the Computer Sciences Commons Recommended Citation Ghose, Kanad, "A VLSI architecture for enhancing software reliability " (1988). Retrospective Theses and Dissertations. 9345. https://lib.dr.iastate.edu/rtd/9345 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Retrospective Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. INFORMATION TO USERS The most advanced technology has been used to photo­ graph and reproduce this manuscript from the microfilm master. UMI films the original text directly from the copy submitted. Thus, some dissertation copies are in typewriter face, while others may be from a computer printer. In the unlikely event that the author did not send UMI a complete manuscript and there are missing pages, these will be noted. Also, if unauthorized copyrighted material had to be removed, a note will indicate the deletion. Oversize materials (e.g., maps, drawings, charts) are re­ produced by sectioning the original, beginning at the upper left-hand comer and continuing from left to right in equal sections with small overlaps. Each oversize page is available as one exposure on a standard 35 mm slide or as a 17" x 23" black and white photographic print for an additional charge. Photographs included in the original manuscript have been reproduced xerographically in this copy. 35 mm slides or 6" X 9" black and white photographic prints are available for any photographs or illustrations appearing in this copy for an additional charge. Contact UMI directly to order. Accessing the UMIWorld's Information since 1938 300 Nortti Zeeb Road, Ann Arbor, Ml 48106-1346 USA Order Number 8826305 A VLSI architecture for enhancing software reliability Ghose, Kanad, Ph.D. Iowa State University, 1988 Copyright ©1988 by Ghose, Kanad. All rights reserved. UMI 300N.ZeebRd. Ann Arbor, MI 48106 A VLSI architecture for enhancing software reliability by Kanad Ghose A Dissertation Submitted to the Graduate Faculty in Partial Fulfillment of the Requirements for the Degree of DOCTOR OF PHILOSOPHY Major: Computer Science Approved: Members of the Committee: Signature was redacted for privacy. In Charge of Major Work Signature was redacted for privacy. Signature was redacted for privacy. for the Major Department Signature was redacted for privacy. For (Me flr^ouate College Iowa State University Ames, Iowa 1988 Copyright @ Kanad Ghose, 1988. All rights reserved. TABLE OF CONTENTS Page 1. INTRODUCTION 1 2. CAPABILITY-BASED ADDRESSING 25 3. MAJOR DESIGN DECISIONS 38 4. THE CAPABILITY MECHANISM AND RELATED INSTRUCTIONS 55 5. OTHER ASPECTS OF THE ARCHITECTURE 139 6. ASSESSMENT AND CONCLUSIONS 178 7. REFERENCES 199 8. ACKNOWLEDGEMENTS 205 9. APPENDIX I: SELECTED MICRO PROGRAMS 207 10. APPENDIX n: ABBREVIATIONS AND GLOSSARY 227 1 1. INTRODUCTION The purpose of this dissertation is to propose an architecture which will be instrumental in enhancing the quality of software by incorporating mechanisms for efficiently detecting a wide variety of run-time errors and by providing efficient support for linguistic constructs and system functions that promote software reliability. The proposed architecture is thus one way of combadng the so-called software crisis. In this chapter, we first describe the software crisis and identify the major factor behind this crisis. We then describe the linguistic con­ structs and system functions available for enhancing the quality of software and then proceed on to criticize the support provided, or the lack of support, for such constructs and functions in traditional and innovative architectures. In doing so, we point out some major shortcom­ ings in the traditional and innovative architectures that limit or discourage the use of these linguistic constructs and systems ftmctions. These shortcomings in existing architectures pro­ vide the motivations for designing the architecture proposed in this dissertation. We conclude this chapter by describing the objectives of this dissertation and its organization. 1.1 The Software Crisis Despite advances in programming language design and programming methodologies, software quality assurance continues to be a critical issue [1], [30]. Software is error-prone and likely to be unreliable, thus requiring maintenance over die course of its useful lifetime. Maintenance, in this respect, refers to correcting problems in the original design and 2 specification of the software as bugs are discovered. It also subsumes the act of upgrading the software in order to meet evolving requirements. Today, a significant fraction, typically 75% to 80% [1], of the cost of a software system is for maintaining it. To compound this problem, the software components of a typical system have become increasingly sophisticated and complex during recent years. In clear contrast to this, the cost of hardware components and their failure rates have drastically fallen with the advent of VLSI technology. As a result, the cost of the software components of a typical computer system have dominated the cost of the hardware components. Currently, two-thirds to three-fourths of the cost of a com­ puter system is for its software components [1], [30]. This phenomenon has been referred to as the software crisis [30]. The unreliability of software is therefore a major contributor to the software crisis. This software crisis is undesirable for economic and other practical reasons. One obvi­ ous way of resolving the software crisis is to provide mechanisms that will enhance the relia­ bility of software. 1. 2 Techniques for Enhancing Software Reliability In this section, we take a detailed look at the techniques employed in traditional systems for enhancing software reliabili^. We group these techniques and mechanisms into the fol­ lowing categories: 1. Avoidance techniques, representing mechanisms and strategies employed at program design time, for reducing errors in the program. 3 2. Static analysis, representing techniques and mechanisms applied to the program before it is run, for detecting some potential errors in the program. 3. Dynamic techniques, which are invoked during program execution for detecting and handling potential errors in the program. This category also includes the facilities for program tracing and high-level run-time error reporting. In the following sections, we look at specific techniques/mechanisms in each of these three groups. 1. 2.1 The avoidance techniques The techniques for avoiding programming errors enforce a programming discipline, . either (i) explicitly through appropriate linguistic constructs and/or other mechanisms or (ii) implicitly as good programming style. The enforcement of a programming discipline is expected to reduce programming errors. The important linguistic constructs for enforcing a programming discipline in imperative style programming languages are as follows: a) Use of strong typing in the language. In a strongly-typed language errors related to implicit type conversions (either static or run-time) are absent b) Use of type abstraction. Many programming languages, such as Pascal, Ada (U. S. Department of Defense [63]), Modula (Wirth [65]), incorporate facilities for construct­ ing new types out of already-existing or already-defined types, thus providing a facility for type abstraction. The type abstraction facility lets a programmer define a type tiiat is more appropriate for a particular application. Two common type constructors found 4 in all of the languages mentioned above include the subrange constructor and the enumerated type constructor. The subrange constructor lets the programmer define a type in which values are restricted to a contiguous subrange of values for an already- existing or already-defined type. As an example, in Pascal one can define the following type type int_subrange = 21..200; This defines a new type 'int_subrange', whose corresponding values are a subrange of integer values, between 21 and 200, both inclusive. Typical usage of variables of this type would be as loop counters, array indices, etc. The enumerated type constructor provides a facility for enumerating all possible values corresponding to a type. Again, as a Pascal example, one can define the following: type enum_type = (a,b,cd,ef) This defines a new type 'enum_type', whose corresponding variables are restricted to the values a, b, cd, and ef only. The use of subrange and enumerated types guarantee consistency in data values of these types by signaling occurrences of forbidden values. In some cases, enumerated types also improves program readability. c) Use of control abstraction. Many modem programming languages employ control con­ structs with a higher abstraction level, that lead to well-structured programs. The con­ trol flow constructs of Pascal, (excluding to go to) serves as a particularly good exam­ ple of this philosophy — each control construct is of a sufficiently high-level and features one well-defined entry point and one well-defined exit point. d) Use of Abstract Data Types. The mechanism of data abstraction, as found in languages like
Load more

Recommended publications
  • Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)
    OPERATING SYSTEMS AND VIRTUALISATION SECURITY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Herbert Bos – Vrije Universiteit Amsterdam EDITOR: Andrew Martin – Oxford University REVIEWERS: Chris Dalton – Hewlett Packard David Lie – University of Toronto Gernot Heiser – University of New South Wales Mathias Payer – École Polytechnique Fédérale de Lausanne © Crown Copyright, The National Cyber Security Centre 2019. Following wide community consultation with both academia and industry, 19 Knowledge Areas (KAs) have been identified to form the scope of the CyBOK (see diagram below). The Scope document provides an overview of these top-level KAs and the sub-topics that should be covered under each and can be found on the project website: https://www.cybok.org/. We are seeking comments within the scope of the individual KA; readers should note that important related subjects such as risk or human factors have their own knowledge areas. It should be noted that a fully-collated CyBOK document which includes issue 1.0 of all 19 Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas. Operating Systems and Virtualisation Security Herbert Bos Vrije Universiteit Amsterdam April 2019 INTRODUCTION In this knowledge area, we introduce the principles, primitives and practices for ensuring security at the operating system and hypervisor levels. We shall see that the challenges related to operating system security have evolved over the past few decades, even if the principles have stayed mostly the same. For instance, when few people had their own computers and most computing was done on multiuser (often mainframe-based) computer systems with limited connectivity, security was mostly focused on isolating users or classes of users from each other1.
    [Show full text]
  • Object Management System Concepts: Supporting Integrated Office Workstation Applications
    Object Management System Concepts: Supporting Integrated Office Workstation Applications by Stanley Benjamin Zdonik, Jr. S.B., Massachusetts Institute of Technology (1970) S.M., Massachusetts Institute of Technology (1980) E.E., Massachusetts Institute of Technology (1980) Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy at the Massachusetts Institute of Technology May 1983 © Massachusetts Institute of Technology 1983 Signature of Author............... .. ..... .... Department of Electric~l Eng~neering and Computer Science May 13, 1983 Certified by . .* .* .. Michael Hammer Thesis Supervisor Accepted . ...... .-.----4 p . Arthur C. Smith Chairman, Departmental Committee on Graduate Students Object Management System Concepts: Supporting Integrated Office Workstation Applications by Stanley B. Zdonik, Jr. Submitted to the Department of Electrical Engineering and Computer Science on May 13, 1983, in partial fulfillment of the requirements for the Degree of Doctor of Philosophy Abstract The capabilities of a system for storing and retrieving office style objects are described in this work. Traditional file systems provide facilities for the storage and retrieval of objects that are created in user programs, but the semantics of these objects are not available to the file system. Database management systems provide a means of describing the semantics of objects using a single basic paradigm, the record. This model is inadequate for describing the richer semantics of office objects. An object management system combines the advantages of both a file system and a database management system in that it can store arbitrarily defined programming language objects and at the same time maintain a high-level description of their meaning. This work presents a high-level model of data that can be used to describe office objects more effectively than data processing oriented models.
    [Show full text]
  • CHERI Instruction-Set Architecture
    UCAM-CL-TR-876 Technical Report ISSN 1476-2986 Number 876 Computer Laboratory Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son September 2015 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2015 Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, SRI International Approved for public release; distribution is unlimited. Sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 (“CTSRD”) and FA8750-11-C-0249 (“MRC2”) as part of the DARPA CRASH and DARPA MRC research programs. The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. Additional support was received from St John’s College Cambridge, the SOAAP Google Focused Research Award, the RCUK’s Horizon Digital Economy Research Hub Grant (EP/G065802/1), the EPSRC REMS Programme Grant (EP/K008528/1), the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), and Thales E-Security. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Abstract This technical report describes CHERI ISAv4, the fourth version of the Capability Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA)1 being developed by SRI International and the University of Cambridge.
    [Show full text]
  • Privacy Engineering for Social Networks
    UCAM-CL-TR-825 Technical Report ISSN 1476-2986 Number 825 Computer Laboratory Privacy engineering for social networks Jonathan Anderson December 2012 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2012 Jonathan Anderson This technical report is based on a dissertation submitted July 2012 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Trinity College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Privacy engineering for social networks Jonathan Anderson In this dissertation, I enumerate several privacy problems in online social net- works (OSNs) and describe a system called Footlights that addresses them. Foot- lights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today’s centralised OSNs, but it does not trust centralised infrastructure to en- force security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users’ interactions with OSNs, providing real control over online sharing. I also demonstrate that today’s OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights’ storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year.
    [Show full text]
  • Operating Systems & Virtualisation Security Knowledge Area
    Operating Systems & Virtualisation Security Knowledge Area Issue 1.0 Herbert Bos Vrije Universiteit Amsterdam EDITOR Andrew Martin Oxford University REVIEWERS Chris Dalton Hewlett Packard David Lie University of Toronto Gernot Heiser University of New South Wales Mathias Payer École Polytechnique Fédérale de Lausanne The Cyber Security Body Of Knowledge www.cybok.org COPYRIGHT © Crown Copyright, The National Cyber Security Centre 2019. This information is licensed under the Open Government Licence v3.0. To view this licence, visit: http://www.nationalarchives.gov.uk/doc/open-government-licence/ When you use this information under the Open Government Licence, you should include the following attribution: CyBOK © Crown Copyright, The National Cyber Security Centre 2018, li- censed under the Open Government Licence: http://www.nationalarchives.gov.uk/doc/open- government-licence/. The CyBOK project would like to understand how the CyBOK is being used and its uptake. The project would like organisations using, or intending to use, CyBOK for the purposes of education, training, course development, professional development etc. to contact it at con- [email protected] to let the project know how they are using CyBOK. Issue 1.0 is a stable public release of the Operating Systems & Virtualisation Security Knowl- edge Area. However, it should be noted that a fully-collated CyBOK document which includes all of the Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas KA Operating Systems & Virtualisation Security j October 2019 Page 1 The Cyber Security Body Of Knowledge www.cybok.org INTRODUCTION In this Knowledge Area, we introduce the principles, primitives and practices for ensuring se- curity at the operating system and hypervisor levels.
    [Show full text]
  • Object Capabilities and Isolation of Untrusted Web Applications
    Object Capabilities and Isolation of Untrusted Web Applications Sergio Maffeis John C. Mitchell Ankur Taly Imperial College London Stanford University Stanford University [email protected] [email protected] [email protected] Abstract—A growing number of current web sites combine Intel iAPX423, the Amoeba operating system, and others active content (applications) from untrusted sources, as in (see [10], [11]). The main idea is that code possessing a so-called mashups. The object-capability model provides an capability, such as an unforgeable reference to a file or appealing approach for isolating untrusted content: if separate applications are provided disjoint capabilities, a sound object- system object, is allowed to access the resource by virtue of capability framework should prevent untrusted applications possessing the capability. If a system is capability safe, and from interfering with each other, without preventing interaction a process possesses only the capabilities that it is explicitly with the user or the hosting page. In developing language-based given, then isolation between two untrusted processes may foundations for isolation proofs based on object-capability con- be achieved granting them non-overlapping capabilities. cepts, we identify a more general notion of authority safety that also implies resource isolation. After proving that capability An attractive adaptation to programming language con- safety implies authority safety, we show the applicability of texts is the object-capability model [12], [13], which replaces our framework for a specific class of mashups. In addition the traditional subject-object dichotomy with programming to proving that a JavaScript subset based on Google Caja language objects that are both subjects that initiate access is capability safe, we prove that a more expressive subset of and objects (targets) of regulated actions.
    [Show full text]
  • Secure Foundational Exabyte Hpc Systems for 2020 and Beyond Sv/128 - Risc-V
    SECURE FOUNDATIONAL EXABYTE HPC SYSTEMS FOR 2020 AND BEYOND SV/128 - RISC-V Steven J. Wallach ([email protected]) Presentation Outline • Background Material (Part 1) • Previous efforts/research on protection • Full Proposal (Part 2) • 128 bit logical address • 64 bit Unique Object ID • First implementation (Part 3 & 4) • RISC-V SV128 ([21] Github) • 32 bit Object ID • Programmer Visible State • Hardware 훍-State [19] • Contemporary security issues March 2020 - SV128 - BSC 2 What’s Next • “The end of Moore’s law could be the best thing that has happened in computing since the beginning of Moore’s law. Confronting the end of an epoch should enable a new era of creativity by encouraging computer scientists to invent biologically inspired devices, circuits, and architectures implemented using recently emerging technologies. “ [6] R. Stanley Williams, “The End of Moore’s Law”, Computing in Science & Engineering, IEEE CS and AIP, March/April 2017 March 2020 - SV128 - BSC 3 OBJECTIVES THE BEST BENCHMARK IS THE ONE YOUR COMPETITION CAN NOT RUN • Why a 128 bit address space? • Security • Cluster wide shared virtual address • Heterogeneous Nodes • Time to do something different not just keep adding more bits • Begin the decade of Exascale computing on a scalable technology • Software/OS oriented • Upward Compatible with RV32 and RV64 • Otherwise we will continue to implement and support the sins of our parents/grandparents. • We can now begin to design & build SECURE PROGRAMMABLE EXABYTE (ZETABYTE) distributed memory systems March 2020 - SV128
    [Show full text]
  • Intel 432 System Summary: Manager's Perspective
    INTEL 432 SYSTEM SUMMARY: MANAGER'S PERSPECTIVE Manual Order Number: 171867-001 Copyright © 1981 Intel Corporation Intel Corporation, 3065 Bowers Avenue, Santa Clara, California 95051 Additional copies of this manual or other Intel literature may be obtained from: Literature Department Intel Corporation 3065 Bowers Avenue Santa Clara, CA 95051 The information in this document is subject to change without notice. Intel Corporation makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Intel Corporation assumes no responsibility for any errors that may appear in this document. Intel Corporation makes no commitment to update nor to keep current the information contained in this document. Intel Corporation assumes no responsibility for the use of any circuitry other than circuitry embodied in an Intel product. No other circuit patent licenses are implied. Intel software products are copyrighted by and shall remain the property of Intel Corporation. Use, duplication or disclosure is subject to restrictions stated in Intel's software license, or as defined in ASPR 7-104.9(a)(9). No part of this document may be copied or reproduced in any form or by any means without the prior written consent of Intel Corporation. The following are trademarks of Intel Corporation and its affiliates and may be used only to identify Intel products: BXP Intelevision Micromap CREDIT Intellec Multibus i iRMX Multimodule ICE iSBC Plug-A-Bubble iCS iSBX PROMPT im Library Manager Promware INSITE MCS RMX/80 Intel Megachassis System 2000 Intel Micromainframe UPI pScope and the combination of ICE, iCS, iMMX, iRMX, iSBC, iSBX, MCS, or RMX and a numerical suffix.
    [Show full text]
  • 210620-004 Literature Guide Sep Oct 1984.Pdf
    INTRODUCTiON Welcome to tile intel Ut,~raHm~ Cwcie --- a full·fledged libfilry of ter.hnical support documenta­ tion for today's leadino .nemary ano ITIlcroproC8?sor component and system products. This comprehensive literature selection guide is a tool to help you, the Intel customer, during product selection, desiqn and operation. It is for this reason tha'l we \ieep its contents up to date. THE NEED FOR SUPPORT DOCUMENTATION As systems design becomes mcr'easlngi\! software-dependent, development time and costs will continue to rise. To help reduce, both systems ilnd en9ill8ering costs, Intel will be deslgn- ami manufacturing products Wilich will integrate more and mors software functions into system hardware. ThiS ('I' complex, hlgflly inte9rated product 'will require substantial support clocumentation, Wli! tY' incoi'poraleC) into the Intel Literature, Guilie as !11ese products emerge. - HOW TO ORDER When ordering from Tim; Utera(uP?, GUide. please use ~he order form located at the front of thio; bookiet. To 'facjHtat~} on1t;(, pleas6 tH:: SUit'} to endose H'j8 You \lv~a always receive the editjop (Y: Hny PUhUc2tion you or~jer. to change.) PleaSE} \Ilif:jte (ntt~i's Literatufe Departil~ent JOu[; Bc:vvers /\venue, Santa C1a(8., CA 95051, lol' additionai infonllation. Please note and as.',umes riO r,::!~;pol;:,ib;iity tor Ci~I}' err~)fS wl"lIe!llnay appear in ;i'formCltlon cnntc'iinecl h,~'ein :ntel retain::, thE: nghr tc. make any wirnout notice MUL­ PROMPT, MCS "0 code and i~:, 110t Sci.:::nces Corp0railon Intei ~~:o~poration LITERATURE In addition to the product line Handbooks listed below.
    [Show full text]
  • Great Principles of Computing
    Great Principles of Computing Great Principles of Computing Peter J. Denning and Craig H. Martell The MIT Press Cambridge, Massachusetts London, England © 2015 Massachusetts Institute of Technology All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher. MIT Press books may be purchased at special quantity discounts for business or sales promotional use. For information, please email [email protected]. This book was set in Stone Sans Std and Stone Serif Std by Toppan Best-set Premedia Limited, Hong Kong. Printed and bound in the United States of America. Library of Congress Cataloging-in-Publication Data Denning, Peter J., 1942 – Great principles of computing / Peter J. Denning and Craig H. Martell. pages cm Includes bibliographical references and index. ISBN 978-0-262-52712-5 (pbk. : alk. paper) 1. Computer science. I. Martell, Craig H., 1965– II. Title. QA76.D3483 2015 004 — dc23 2014022598 10 9 8 7 6 5 4 3 2 1 To Dorothy, Anne, and Diana To Chaliya and Katie Contents Foreword by Vint Cerf ix Preface xiii 1 Computing 1 2 Domains 19 3 Information 35 4 Machines 59 5 Programming 83 6 Computation 99 7 Memory 123 8 Parallelism 149 9 Queueing 171 10 Design 195 11 Networking 219 12 Afterword 241 Summary of This Book 249 Notes 257 References 271 Index 287 Foreword Peter Denning and Craig Martell have taken on a monumental topic: iden- tifying and elucidating principles that shape and inform the process of coercing computers to do what we want them to do and struggling with the difference between what they actually do (that is, what we told them) and what we want them to do.
    [Show full text]
  • Capability-Based Computer Systems Capability-Based Computer Systems
    Capability-Based Computer Systems Capability-Based Computer Systems Henry M. Levy BBmoBc1” DIGITAL PRESS Copyright 0 1984 Digital Equipment Corporation All rights reserved. Reproduction of this book, in part or in whole, is strictly prohibited. For copy information contact: Digital Press, 12 Crosby Dr., Bedford, Mass. 01730 Printed in the United States of America 10987654321 Documentation Number: EY-00025-DP ISBN: O-932376-22-3 Library of CongressCataloging in Publication Data Levy, Henry M., 1952- Capability-based computer systems. Bibliography: p. 205 Includes index. 1. Computer architecture. 2. Operating systems (Com- puters) 3. System design. I. Title. QA76.9.A73L48 1983 621.3819’58 83-21029 ISBN O-932376-22-3 Trademarks Bell Laboratories: UNIX. Burroughs Corporation: B5000. Cam- bridge University: CAP. Control Data Corporation: CDC 6400, SCOPE. Digital Equipment Corporation: DEC, LSI-11, PDP-1, PDP-11, TOPS-20. Hewlett-Packard Company: HP 3000. Intel Cor- poration: iAPX 432, iMAX, Intel 8086. IBM: CPF, IBM 370, IBM Systemi38, SWARD. International Computers Ltd.: Basic Language Machine. Plessey Telecommunications Ltd. Plessey System 250. Xerox Corporation: Smalltalk. In Memory of Manny and Sonia Preface The purpose of this book is to provide a single source of infor- mation about capability-based computer systems. Although capability systems have existed for nearly two decades, only recently have they appeared in architecture and operating sys- tem textbooks. Much has been written about capability sys- tems in the technical literature, but finding this information is often difficult. This book is an introduction, a survey, a history, and an evaluation of capability- and object-based computer systems.
    [Show full text]
  • Notes on Virtualization
    Notes on Virtualization Version 9.0 Andrew Herbert 6th October 2015 Introduction The story of virtualization and the important role it has played in Operating Systems over the past 50 years. The systems and papers mentioned in the text are the author’s choice of exemplars for the concepts being discussed, they not an exhaustive list of all related research and products, nor a statement about precedence over other systems. What is “Virtualization”? In broad terms, “virtualization” in the context of operating systems principles relates to operating systems that give the illusion of efficiently running multiple independent computers known as “virtual machines”. Depending upon the specific requirements and means of virtualization, the virtual machines be directly executed by (i.e., exactly mimic) the underlying physical machine, or they may comprise a more abstract system, parts or all of which are simulated by the physical machine. Origins The term “virtual” originated with “(dynamic) virtual memory” to express the abstraction of having a large contiguously addressed store available to programs, implemented by swapping portions of data and program between main store and magnetic drum. Some of the pioneers of operating systems (Maurice Wilkes, Brian Randell, Bob Nelson) have suggested the use of the word “virtual” was inspired by optics, in the sense of “virtual” versus “real” images. The term “virtual” was then extended to include “virtual devices” with the advent of input-output spooling and file systems. A typical virtual device interface would replace the hardware input-output instructions and device interrupt handling structures with a more convenient abstract interface with functions such as OPEN, CLOSE, READ, WRITE, CREATE, and DELETE.
    [Show full text]