SPIN ==== History: Who is Brian Bershad, Mach, etc. What is motivation for this work? Why are MS-DOS and Windows cited in motivation? What are the goals of SPIN? Extensibility Safety Performance Example applications for SPIN? TCP packet forwarder (e.g., NAT) Video client/server Web server with better caching Key idea: allow apps to put extensions into kernel address space. Use: Co-location Enforced Modularity Logical protection domains Dynamic call binding How does this compare to the approach microkernels and L3 specifically? They claim: microkernels more complicated for applications Cite paper with scheduler activation implementation on Mach Apparently this was hard to do In theory, extensions work. In practice, not done so often. Wny: High-communication overhead -> coarse-granularity of extension (Remember, Bershad is from Mach Liedtke's whole point was to achieve fast IPC to make this workable) Explain related work on protection Hardware capabilities: Hydra (maybe also MULTICS gate segments) (Also Self-authenticating capabilities: Amoeba) Idea: In safe language pointers are effectively capabilities. How so? Use Modula-3. What are important properties of this language? Why not just implement everything in kernel mode using Modula-3? Can you pass capabilities to user-mode code? Go over example in Figure 1: (Work through all three examples) What is the point of Console.InterfaceName? Point is you somehow need to get handles for things, so have name server What is a protection domain? Set of accessible names available to an execution context What is a protection domain in Unix? In plan9? What is it in SPIN? What's a safe object file? E.g., signed by compiler What's "safe by assertion", and why would you want to have such code? What are four methods in Domain interface shown in Figure 2? Resolve - Combine - e.g., SpinPublic What might interface to name server look like? How does access control work. E.g., can anyone call console methods? Exporter can register authorization procedure with name server Called with identity of importer What are Events, Handlers, and Guards? Event = procedure; Handler = call dispatcher with function pointer and arg Dispatcher users dynamic code generation (next week) to optimize So basically an event is just an indirect procedure call Example? Event might be receiving a UDP packet Guard might be checking that destination port is N Handler is code belonging to server on UDP port N Go over Fig. 3 How would you register a page fault handler What is a strand? Go over interface in Figure 4