By: Rob Thorpe (robert.thorpe.delete@this.antenova.com), May 17, 2006 12:43 am
Room: Moderated Discussions
rwessel (robertwessel@yahoo.com) on 5/16/06 wrote:
---------------------------
>Rob Thorpe (robert.thorpe@antenova.com) on 5/16/06 wrote:
>---------------------------
>>You could do something like this:
>>
>>* Have a kernel containing the most essential things, scheduler, start-up etc.
>>* Have a small compiler hooked to the kernel capable of compiling from some simple
>>intermediate language into machine code. (Maybe it need not be in the kernel)
>>* Have less core things, like device drivers, and file systems held in intermediate code.
>>
>>When a sub-system is needed it is compiled. To compile it there is a function something like
>>
>>compiler (code_block, allowable_mem_accesses, allowable_io, etc);
>>
>>I.e. the compiler takes as argument what memory and IO the code is permitted to
>>access. It then compiles the code with those limits. Anything it statically verifies
>>are inside the limits is compiled directly, for anything it can't it inserts checks.
>>
>>The compilation could be done for device drivers etc when their memory spaces are
>>known. Which may be boot time or build time or some other time later.
>>
>>
>>This seems a complex way to go about the problem, the compiler would have to be
>>good. But there again most kernels are fairly complex anyway.
>
>
>I can see it now... Device drivers written in Java... ;-)
>
>But seriously, that seems like overkill. Any trustworthy compiler for a type-safe
>language will do the trick. They just have to accept (well typed) pointers to the
>objects they reference. And I/O ports are mostly ignorable - since essentially
>nothing that's performance critical uses them, you can provide access though an
>(checked) API (at least on platforms that actually support I/O port instructions
>- implementations that fake PCI ports with memory mappings are obviously in the original scenario).
I don't think that could quite work.
Lets say a device has a region of memory it uses to communicate with the it's driver. The data in the region is to the language using it untyped, it must be cast into the correct types. e.g. The driver knows that at memory address 56a3fb21 is a struct something_t. This is why I was proposing some method for loosening checking, for a restricted range of memory.
There are two different thing to think about here though:-
* The correctness of types
* Whether the driver can steamroller other code
Even with perfectly checked and verified types it's still possible to address completely the wrong things, write to the wrong places etc.
---------------------------
>Rob Thorpe (robert.thorpe@antenova.com) on 5/16/06 wrote:
>---------------------------
>>You could do something like this:
>>
>>* Have a kernel containing the most essential things, scheduler, start-up etc.
>>* Have a small compiler hooked to the kernel capable of compiling from some simple
>>intermediate language into machine code. (Maybe it need not be in the kernel)
>>* Have less core things, like device drivers, and file systems held in intermediate code.
>>
>>When a sub-system is needed it is compiled. To compile it there is a function something like
>>
>>compiler (code_block, allowable_mem_accesses, allowable_io, etc);
>>
>>I.e. the compiler takes as argument what memory and IO the code is permitted to
>>access. It then compiles the code with those limits. Anything it statically verifies
>>are inside the limits is compiled directly, for anything it can't it inserts checks.
>>
>>The compilation could be done for device drivers etc when their memory spaces are
>>known. Which may be boot time or build time or some other time later.
>>
>>
>>This seems a complex way to go about the problem, the compiler would have to be
>>good. But there again most kernels are fairly complex anyway.
>
>
>I can see it now... Device drivers written in Java... ;-)
>
>But seriously, that seems like overkill. Any trustworthy compiler for a type-safe
>language will do the trick. They just have to accept (well typed) pointers to the
>objects they reference. And I/O ports are mostly ignorable - since essentially
>nothing that's performance critical uses them, you can provide access though an
>(checked) API (at least on platforms that actually support I/O port instructions
>- implementations that fake PCI ports with memory mappings are obviously in the original scenario).
I don't think that could quite work.
Lets say a device has a region of memory it uses to communicate with the it's driver. The data in the region is to the language using it untyped, it must be cast into the correct types. e.g. The driver knows that at memory address 56a3fb21 is a struct something_t. This is why I was proposing some method for loosening checking, for a restricted range of memory.
There are two different thing to think about here though:-
* The correctness of types
* Whether the driver can steamroller other code
Even with perfectly checked and verified types it's still possible to address completely the wrong things, write to the wrong places etc.
| Topic | Posted By | Date |
|---|---|---|
| Hybrid (micro)kernels | Tzvetan Mikov | 05/08/06 04:41 PM |
| Hybrid (micro)kernels | S. Rao | 05/08/06 06:14 PM |
| Hybrid (micro)kernels | Bill Todd | 05/08/06 06:16 PM |
| Hybrid (micro)kernels | Tzvetan Mikov | 05/08/06 07:21 PM |
| Hybrid (micro)kernels | nick | 05/08/06 07:50 PM |
| Hybrid (micro)kernels | Bill Todd | 05/09/06 01:26 AM |
| There aren't enough words... | Rob Thorpe | 05/09/06 02:39 AM |
| There aren't enough words... | Tzvetan Mikov | 05/09/06 03:10 PM |
| There aren't enough words... | Rob Thorpe | 05/15/06 12:25 AM |
| Hybrid (micro)kernels | Tzvetan Mikov | 05/09/06 11:17 AM |
| Hybrid (micro)kernels | Bill Todd | 05/09/06 04:05 PM |
| Hybrid (micro)kernels | rwessel | 05/08/06 11:23 PM |
| Hybrid kernel, not NT | Richard Urich | 05/09/06 06:03 AM |
| Hybrid kernel, not NT | _Arthur | 05/09/06 07:06 AM |
| Hybrid kernel, not NT | Rob Thorpe | 05/09/06 07:40 AM |
| Hybrid kernel, not NT | _Arthur | 05/09/06 08:30 AM |
| Hybrid kernel, not NT | Rob Thorpe | 05/09/06 09:07 AM |
| Hybrid kernel, not NT | _Arthur | 05/09/06 09:36 AM |
| Linux vs MacOSX peformance, debunked | _Arthur | 05/18/06 07:30 AM |
| Linux vs MacOSX peformance, debunked | Rob Thorpe | 05/18/06 08:19 AM |
| Linux vs MacOSX peformance, debunked | Anonymous | 05/18/06 12:31 PM |
| Hybrid kernel, not NT | Linus Torvalds | 05/09/06 08:16 AM |
| Hybrid kernel, not NT | Andi Kleen | 05/09/06 02:32 PM |
| Hybrid kernel, not NT | myself | 05/09/06 03:24 PM |
| Hybrid kernel, not NT | myself | 05/09/06 03:41 PM |
| Hybrid kernel, not NT | Brendan | 05/09/06 05:26 PM |
| Hybrid kernel, not NT | Linus Torvalds | 05/09/06 08:06 PM |
| Hybrid kernel, not NT | Brendan | 05/13/06 01:35 AM |
| Hybrid kernel, not NT | nick | 05/13/06 04:40 AM |
| Hybrid kernel, not NT | Brendan | 05/13/06 09:48 AM |
| Hybrid kernel, not NT | nick | 05/13/06 07:41 PM |
| Hybrid kernel, not NT | Brendan | 05/13/06 09:51 PM |
| Hybrid kernel, not NT | nick | 05/14/06 05:57 PM |
| Hybrid kernel, not NT | Brendan | 05/14/06 10:40 PM |
| Hybrid kernel, not NT | nick | 05/14/06 11:46 PM |
| Hybrid kernel, not NT | Brendan | 05/15/06 04:00 AM |
| Hybrid kernel, not NT | rwessel | 05/15/06 07:21 AM |
| Hybrid kernel, not NT | Brendan | 05/15/06 08:55 AM |
| Hybrid kernel, not NT | Linus Torvalds | 05/15/06 09:49 AM |
| Hybrid kernel, not NT | nick | 05/15/06 04:41 PM |
| Hybrid kernel, not NT | tony roth | 01/31/08 02:20 PM |
| Hybrid kernel, not NT | nick | 05/15/06 06:33 PM |
| Hybrid kernel, not NT | Brendan | 05/16/06 01:39 AM |
| Hybrid kernel, not NT | nick | 05/16/06 02:53 AM |
| Hybrid kernel, not NT | Brendan | 05/16/06 05:37 AM |
| Hybrid kernel, not NT | Anonymous | 05/01/08 10:31 PM |
| Following the structure of the tree | Michael S | 05/02/08 04:19 AM |
| Following the structure of the tree | Dean Kent | 05/02/08 05:31 AM |
| Following the structure of the tree | Michael S | 05/02/08 06:02 AM |
| Following the structure of the tree | David W. Hess | 05/02/08 06:48 AM |
| Following the structure of the tree | Dean Kent | 05/02/08 09:14 AM |
| Following the structure of the tree | David W. Hess | 05/02/08 10:05 AM |
| LOL! | Dean Kent | 05/02/08 10:33 AM |
| Following the structure of the tree | anonymous | 05/02/08 03:04 PM |
| Following the structure of the tree | Dean Kent | 05/02/08 07:52 PM |
| Following the structure of the tree | Foo_ | 05/03/08 02:01 AM |
| Following the structure of the tree | David W. Hess | 05/03/08 06:54 AM |
| Following the structure of the tree | Dean Kent | 05/03/08 10:06 AM |
| Following the structure of the tree | Foo_ | 05/04/08 01:06 AM |
| Following the structure of the tree | Michael S | 05/04/08 01:22 AM |
| Hybrid kernel, not NT | Linus Torvalds | 05/09/06 05:19 PM |
| Microkernel Vs Monolithic Kernel | Kernel_Protector | 05/09/06 09:41 PM |
| Microkernel Vs Monolithic Kernel | David Kanter | 05/09/06 10:30 PM |
| Sigh, Stand back, its slashdotting time. (NT) | Anonymous | 05/09/06 10:44 PM |
| Microkernel Vs Monolithic Kernel | blah | 05/12/06 08:58 PM |
| Microkernel Vs Monolithic Kernel | Rob Thorpe | 05/15/06 01:41 AM |
| Hybrid kernel, not NT | AnalGuy | 05/16/06 03:10 AM |
| Theory versus practice | David Kanter | 05/16/06 12:55 PM |
| Distributed algorithms | Rob Thorpe | 05/17/06 12:53 AM |
| Theory versus practice | Howard Chu | 05/17/06 02:54 AM |
| Theory versus practice | JS | 05/17/06 04:29 AM |
| Play online poker, blackjack !!! | Gamezonex | 08/16/07 01:49 PM |
| Hybrid (micro)kernels | philt | 05/14/06 09:15 PM |
| Hybrid (micro)kernels | Linus Torvalds | 05/15/06 08:20 AM |
| Hybrid (micro)kernels | Linus Torvalds | 05/15/06 11:56 AM |
| Hybrid (micro)kernels | Rob Thorpe | 05/16/06 01:22 AM |
| Hybrid (micro)kernels | rwessel | 05/16/06 11:23 AM |
| Hybrid (micro)kernels | Rob Thorpe | 05/17/06 12:43 AM |
| Hybrid (micro)kernels | rwessel | 05/17/06 01:33 AM |
| Hybrid (micro)kernels | Rob Thorpe | 05/19/06 07:51 AM |
| Hybrid (micro)kernels | rwessel | 05/19/06 12:27 PM |
| Hybrid (micro)kernels | techIperson | 05/15/06 01:25 PM |
| Hybrid (micro)kernels | mas | 05/15/06 05:17 PM |
| Hybrid (micro)kernels | Linus Torvalds | 05/15/06 05:39 PM |
| Hybrid (micro)kernels | Colonel Kernel | 05/15/06 09:17 PM |
| Hybrid (micro)kernels | Wink Saville | 05/15/06 10:31 PM |
| Hybrid (micro)kernels | Linus Torvalds | 05/16/06 10:08 AM |
| Hybrid (micro)kernels | Wink Saville | 05/16/06 09:55 PM |
| Hybrid (micro)kernels | rwessel | 05/16/06 11:31 AM |
| Hybrid (micro)kernels | Linus Torvalds | 05/16/06 12:00 PM |
| Hybrid (micro)kernels | Brendan | 05/16/06 01:36 AM |
| Hybrid (micro)kernels | Paul Elliott | 09/03/06 08:44 AM |
| Hybrid (micro)kernels | Rob Thorpe | 09/04/06 09:25 AM |
| Hybrid (micro)kernels | philt | 05/16/06 12:55 AM |
| Hybrid (micro)kernels | pgerassi | 08/16/07 07:41 PM |
| Another questionable entry on Wikipedia? | Chung Leong | 05/18/06 10:33 AM |
| Hybrid (micro)kernels | israel | 05/20/06 04:25 AM |
| Hybrid (micro)kernels | Rob Thorpe | 05/22/06 08:35 AM |
