Soma-notes - User contributions [en]

Talk:COMP 3000 Essay 2 2010 Question 2

2010-12-03T04:05:38Z

Ymoussou: /* Comments & Discussion */

=Comments & Discussion=

I've added a few paragraphs in the background and the contribution sections including their references. Feel free to edit or add to them
--[[User:Ymoussou|Youcef M.]] 04:05, 3 December 2010 (UTC)

Don't forget your references guys!
--[[User:Ymoussou|Youcef M.]] 00:30, 3 December 2010 (UTC)

I'm adding bits and pieces here and there in most of the sections including references.

--[[User:Ymoussou|Youcef M.]] 22:01, 2 December 2010 (UTC)

--Writing up a critique of the researches evaluation methods for the critique section now

[[User:Atubman|Atubman]] 21:25, 2 December 2010 (UTC)

I've added to the Contribution part of the essay. I've basically explained as much as I thought was pertinent in what the section was asking for but don't be shy to add more!

--[[User:Selliot3|Selliot3]] 14:11, 2 December 2010 (UTC)

IBOS is designed to talk directly to the hardware. That's why they have everything at the lower level. All that extra TCB in other browsers was for all the extra stuff like services, OS components blah blah. I get their drift and how less code is secure but I don't get how they did it! From where do they get the services they claim to have taken out but still operates the same as any other browser. There is a catch somewhere but I can't find it in the paper or maybe I'm blind. I've been reading a lot of text but I got nowhere, its either too complex or not close to what I'm looking for.

--[[User:Ymoussou|Youcef M.]] 04:19, 2 December 2010 (UTC)

Brief description of the research problem below. (Still Needs expanding/fleshing out. can anyone help expand on why exactly shrinking the TCB will be more secure. I'm fuzzy on that)

The IBOS attempts to improve the security of web browsers. The writers argue that the large size of the trusted code bases (TCB) which modern web browsers make use of increases the possibility of a security hole. For example a hijacked window manager could be used to draw a fake phishing website overtop a web browser. The researchers solution is drastically shrinking the size of the TCB. The TCB is shrunk by turning the web browser into an operating system in itself with direct access to hardware abstractions.

Meanwhile, the IBOS must still support existing web applications while maintaining security.

[[User:Atubman|Atubman]] 03:36, 2 December 2010 (UTC)

This is what I understand of the TCB. Basically it is all of the components that are essential to the security of the computer system. Pretty much the stuff inside the kernel that if is compromised is "bad news bears". By removing things like device drivers, you reduce the TCB quite considerably (like probably 10s of thousands of lines of code). The smaller the TCB, the less of a chance that you have of an essential component getting corrupted. I don't know if I'm explaining it right, but maybe someone else can expand on what I've written here.
--[[User:Gsmith6|Gsmith6]] 16:13, 2 December 2010 (UTC)

EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section.

I can work on the background of IBOS

--[[User:Selliot3|Selliot3]] 23:03, 22 November 2010 (UTC)

It seems we only have 5/7 members. We should start splitting up the tasks and assign who gets what. So if everybody writes what section they would like to work on that would be great.

--[[User:Ymoussou|Youcef M.]] 15:19, 20 November 2010 (UTC)

I'll do the contribution section. I'll be reading through the paper thoroughly today and taking notes as I go. I'll post them later on this page as a sort of cheat-sheet/reminder. --[[User:Gsmith6|Gsmith6]] 17:45, 25 November 2010 (UTC)

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

Still in the class, andrewtubman84@gmail.com

[[User:Atubman|Atubman]]

I'm here. I have received an email reply from John Vanden Heuvel as well (he may not see this) gsmith0413@gmail.com
--[[User:Gsmith6|Gsmith6]] 22:31, 15 November 2010 (UTC)

[[User:vviveka2|vG]]

I am here... and replied to the email

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

=Raw Information=

The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. [[User:vviveka2|vG]]

=Extra Resources=
http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1
I found some presentation slides by Shuo Tang, Haohui Mai and Sam King, the authors and developers of IBOS
--[[User:Gsmith6|Gsmith6]] 22:35, 25 November 2010 (UTC)

COMP 3000 Essay 2 2010 Question 2

2010-12-03T04:03:48Z

Ymoussou: /* Security */

==Paper==
'''Trust and Protection in the Illinois Browser Operating System'''

http://www.usenix.org/events/osdi10/tech/full_papers/Tang.pdf

Shuo Tang, Haohui Mai, Samuel T. King

''University of Illinois at Urbana-Champaig''

Presentation slides to go along with the paper: Trust and Protection in the Illinois Browser Operating System. http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1

==Background Concepts==
In the world we are in, the web is everywhere and runs in different operating systems and browsers. The Illinois Browser Operating System (IBOS) is not just a new browser to improve security, it is also a full operating system. It was developed by three graduate students at the University of Illinois. It’s main goal is to expose browser-level abstractions at the lowest possible software layer, reducing the trusted computing base for web browsers. Many websites and web applications have become major targets for attackers and hackers. These attackers are always finding new ways of exploiting even the most secure systems. Just recently, cross-site scripting (XSS) has become the most common security vulnerability over the age old buffer overflow [[#References | [1]]].

Plenty of research has gone in to improving security among the various web browsers on the market today but all browsers still remain susceptible to attacks on the lower layers. Compromised Ethernet drivers can send sensitive HTTP packets to third parties, compromised storage modules can send persistent data to unwanted viewers and compromised window managers can overlay fake interfaces common in phishing attacks [[#References | [1]]]. Common web browsers run on top of commodity operating systems with shared system services and user-mode libraries, increasing the trusted computing base(TCB). IBOS looks to solve this issue by exposing browser-level abstractions rather than just general-purpose abstractions. Important concepts such as cookies, HTTP connections and tabs for displaying pages are all brought into the browser abstraction layer. By moving all of these subsystems, the IBOS system ultimately aims to reduce the computer's TCB.

===Monolithic vs Modular===

The internet today has become an important part of our lives, it is used everywhere and in everyday life. It all started with the user only being allowed to read and browse the content, but today the expansion has led to allow the ability to write our own content and have our own impact on the rest of the world. The introduction of Web 2.0 brought upon an enormous change to the web, as well as introducing the concept of security concerns. Modern web applications are mostly designed to meet a newer modular architecture.

Modularly designed architecture browsers such as Chrome are designed in a way that each browsing instance is assigned to a unique operating system process. It is designed to perform much better in terms of fault-tolerance, accountability, security, memory management and performance. Chrome has the ability to be able to run even when another web program crashes. Memory management in a modular architecture is designed to handle each process at a time and when the program closes the memory space is ready to be used by another program. Scheduling for modular browsers handled at the OS level and web programs are able to run parallel.

Monolithic architectures browser such as Firefox, are monolithic and easy to exploit, since they run in a single address space. It is designed in a way that all the components for the web run in a single process. Disadvantages about monolithic architectures are that if a single web program crashes, then all of the other web browsers also crash. This can cause all of the data to be lost that is currently saved. Memory management is also considered poor in a monolithic architecture because it allocates memory at the beginning of the web program and may contain leaks. This is a major problem, because when the program finishes execution, the memory leak will have grown exponentially.

===TCB===

The TCB is the hardware and software that is critical to the computer's security. It's a combination of kernel and trusted processes made of hardware, firmware, and software that are critical to a computer's security [[#References | [2]]]. In the words of Lampson et al., TCB is defined as:

''"a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security."'' [[#References | [3]]].

Modern operating system-browser combinations have massive TCBs that may have several millions of lines of code. By extracting components such as device drivers from the kernel, one can lower a systems TCB considerably. If a device driver is outside of the TCB and becomes corrupted, the effects would not be too severe, but if the driver is left in the TCB, then the results could be cataclysmic. By removing elements from the TCB, you make it smaller, thereby reducing the risk of having an attack get inside.

==Research Problem==
Modern browsers, such as Google Chrome and Mozilla Firefox, are continuously being revised and updated to keep ahead of the latest attacks, but continuously have hundreds of security vulnerabilities. Most of these attacks are simple, slightly harmful assaults on web applications, but many attacks are on the browser or even the operating system and its libraries. Since the browser runs lower on the shared storage stack, a successful attack on a browser can have horrible repercussions because it gives access to all of the browser data for all of the web application. It also provides the attacker with access to other resources on the system which is being exploited. An attack on the operating system can be disastrous if it is successful and may cause serious damage to the entire system because the attackers can access arbitrary states and events, allowing them to have full control over the system. The focus of this research is to prevent and decrease the attacks on the browser, libraries, operating systems and system services.

==Contribution==

===Architecture and Design===
The authors have developed IBOS to reduce security risks, without compromising speed and efficiency which leads to reduced TCB. One of the ways they have achieved this is through the use of process creation. Essentially there are two types of processes. A web page instance and a traditional process. Any time the user opens a new tab, clicks on a link, or enters a web address in the uniform resource locator(URL) bar, the IBOS kernel creates a new process. Upon creating a web page instance process, the kernel labels it with the originating address of the HTTP request. If a web site such as ''facebook.com'' decides to host an outside script, also known as an iframe, from another website, the kernel creates a new process for the embedded script and labels it appropriately. Traditional processes are every other process that is created for the local machine. These processes are simply labeled as ''localhost''.

An IBOS label contains a protocol, domain and port. By creating unique labels for each web page instance, the kernel can isolate them from one another. This prevents a compromised component from taking control of other processes. Also by labeling where requests come from, the IBOS kernel can ensure that the data it is receiving is in fact from the expected origin.

IBOS has considerably smaller TCB compared to other modern browsers. Where both Chrome and Firefox come in at over 4 million plus lines of code in their trusted computing base, IBOS has only about 42,000. Since IBOS isolates each process, it was also able to prevent between 75-100% of vulnerabilities from affected components on a machine. Using Chrome, the researchers tested 175 known issues on the IBOS kernel which ranged from memory exploits to interface spoofing. Out of all the known issues, IBOS was able to prevent 135 or 77% of the issues whereas Chrome was only able to contain 83 of them. The issue is that Chrome is able to catch exploits in its rendering engine since it is in a sandbox but any exploits that took advantage of the browser kernel could not be prevented. This is not a problem for IBOS because many of the browser components inside the trusted computing base in Chrome have been brought outside of the IBOS TCB limiting what can be done with exploitation. IBOS also contains tabs abstraction which multiplexes the display between different web pages instances. Input devices are programmed to route to a visible tab, which prevents keylogger from hijacking another instance's session.

===Performance===
In terms of performance, IBOS is comparable to the two best performing web browsers currently released: Firefox and Chrome. For websites such as Google Maps and Facebook, IBOS actually performs much better than Firefox while loading pages. This may be due partly to the fact that IBOS was developed with the WebKit engine, which has been optimized to run Google Maps. For Facebook and Wikipedia, sites that use many HTTP requests, IBOS performs slightly slower than the other two browsers, but for the others, where there are only a few HTTP requests, IBOS runs just as quickly as the others.

IBOS have the same functionality as Firefox and Chrome which uses the standard Web kit but it gives better performance.

===Security===
In addition to labels, IBOS has other approaches at reaching their goals in security. Security variants are a way for IBOS to enforce their subsystems to perform their designated functions without interfering with other subsystems. To reach this goal, they designed invariants for different components such as driver, storage, network processes, and UI invariants.

For driver invariants, IBOS insures drivers do not access DMA buffer directly and devices can only access validated DMA buffers. their approach is to separate the the management of device control registers from the use of device buffers. Using this separation, processes can fill device specific buffers for DMA transfers, and the IBOS kernel instructs the driver to enforce the device to use a verified DMA buffer.

In storage invariant IBOS encrypts all objects before passing them to the storage subsystem. That way All of the key-value pairs maintain confidentiality and integrity even if the storage stack itself becomes compromised.

The network process invariants is where the security is focused. The first two invariants are: The kernel must route network requests from web page instances to the proper network process, and the kernel must route Ethernet frames from the NIC to the proper network processes. To enforce all of these invariants, IBOS puts all network processes in their own protection domains. By putting network processes in their own protection domains, the kernel naturally ensures that network requests from web page instances and Ethernet frames from the NIC are routed to the correct network process. The third invariant is that the Ethernet frames from network processes to the NIC must have an IP address and TCP port that matches the origin of the network process. IBOS kernel checks all outgoing Ethernet frames before sending them to the NIC to check the IP address and TCP port against the label of the sending network process. The fourth invariant is HTTP data from network processes to web page instances must adhere to the SOP. The IBOS kernel inspects HTTP
data before forwarding it to the appropriate web page instance and drops any HTML documents from different origins. The last invariant is that network processes for different web page instances must remain isolated by labelling the origin of the web page instance.

As for the UI subsystem, IBOS kernel enforces 3 invariants. The first is the browser and web page content displays are isolated by using a frame buffer video driver and page protections to isolate portions of the screen. The second invariant is that only the current tab can access the screen, mouse, and keyboard by mapping the frame buffer memory region and routing mouse and keyboard events into the currently active web page instance. the final invariant is the URL of the current tab is displayed to the user by using the kernel display area to display the URL.

The IBOS kernel also offers custom security by allowing web sites to specify a server-side policy file that IBOS retrieves to restrict network accesses for a web page instance.

==Critique==

===Structure===
This paper was very well organized and executed. It naturally flows and keeps order in what it is trying to explain without the need to flip back and reference another piece of content in the paper. Starting with the core mechanics of why it is needed to how the kernel is organized and working its way up to many high-level pieces of information it felt like a natural progression of ideas, giving you the information you need to understand upcoming concepts.

===Evaluation===
The evaluation of the IBOS security has some flaws,it is not very thorough and the data set the testing against is potentially confounding.

The IBOS has shown through internal testing that it is able to resist 77% of attacks from a set of 175 security bugs whereas Chrome is only able prevent 46%. The improvement sounds impressive however, the set of security bugs they tested against was obtained from Google “Chrome’s bug tracker”. The fact they are comparing known security flaws in Chrome against the new IBOS makes their improvement of 31% far less impressive.

In addition, Their initial test set contained 217 bugs with duplicates removed, and 42 bugs were omitted because they were denial of service attacks and the IBOS does not protect against that form of attack. It is understandable this is out of the scope of this research. However, that is a big set of flaws which are not addressed.

Furthermore, the researches only compared their results against the Chrome web browser. A comparison which also includes other browsers such as Mozilla Firefox, Internet Explorer and Safari would be much more compelling.

==References==

[1] CVE - Common Vulnerabilities and Exposures (CVE). http://cve.mitre.org.

[2] Rushby, John (1981). "Design and Verification of Secure Systems". 8th ACM Symposium on Operating System Principles. Pacific Grove, California, US. pp. 12–21.

[3] B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems 1992, on page 6.

COMP 3000 Essay 2 2010 Question 2

2010-12-03T04:03:07Z

Ymoussou: /* Security */

==Paper==
'''Trust and Protection in the Illinois Browser Operating System'''

http://www.usenix.org/events/osdi10/tech/full_papers/Tang.pdf

Shuo Tang, Haohui Mai, Samuel T. King

''University of Illinois at Urbana-Champaig''

Presentation slides to go along with the paper: Trust and Protection in the Illinois Browser Operating System. http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1

==Background Concepts==
In the world we are in, the web is everywhere and runs in different operating systems and browsers. The Illinois Browser Operating System (IBOS) is not just a new browser to improve security, it is also a full operating system. It was developed by three graduate students at the University of Illinois. It’s main goal is to expose browser-level abstractions at the lowest possible software layer, reducing the trusted computing base for web browsers. Many websites and web applications have become major targets for attackers and hackers. These attackers are always finding new ways of exploiting even the most secure systems. Just recently, cross-site scripting (XSS) has become the most common security vulnerability over the age old buffer overflow [[#References | [1]]].

Plenty of research has gone in to improving security among the various web browsers on the market today but all browsers still remain susceptible to attacks on the lower layers. Compromised Ethernet drivers can send sensitive HTTP packets to third parties, compromised storage modules can send persistent data to unwanted viewers and compromised window managers can overlay fake interfaces common in phishing attacks [[#References | [1]]]. Common web browsers run on top of commodity operating systems with shared system services and user-mode libraries, increasing the trusted computing base(TCB). IBOS looks to solve this issue by exposing browser-level abstractions rather than just general-purpose abstractions. Important concepts such as cookies, HTTP connections and tabs for displaying pages are all brought into the browser abstraction layer. By moving all of these subsystems, the IBOS system ultimately aims to reduce the computer's TCB.

===Monolithic vs Modular===

The internet today has become an important part of our lives, it is used everywhere and in everyday life. It all started with the user only being allowed to read and browse the content, but today the expansion has led to allow the ability to write our own content and have our own impact on the rest of the world. The introduction of Web 2.0 brought upon an enormous change to the web, as well as introducing the concept of security concerns. Modern web applications are mostly designed to meet a newer modular architecture.

Modularly designed architecture browsers such as Chrome are designed in a way that each browsing instance is assigned to a unique operating system process. It is designed to perform much better in terms of fault-tolerance, accountability, security, memory management and performance. Chrome has the ability to be able to run even when another web program crashes. Memory management in a modular architecture is designed to handle each process at a time and when the program closes the memory space is ready to be used by another program. Scheduling for modular browsers handled at the OS level and web programs are able to run parallel.

Monolithic architectures browser such as Firefox, are monolithic and easy to exploit, since they run in a single address space. It is designed in a way that all the components for the web run in a single process. Disadvantages about monolithic architectures are that if a single web program crashes, then all of the other web browsers also crash. This can cause all of the data to be lost that is currently saved. Memory management is also considered poor in a monolithic architecture because it allocates memory at the beginning of the web program and may contain leaks. This is a major problem, because when the program finishes execution, the memory leak will have grown exponentially.

===TCB===

The TCB is the hardware and software that is critical to the computer's security. It's a combination of kernel and trusted processes made of hardware, firmware, and software that are critical to a computer's security [[#References | [2]]]. In the words of Lampson et al., TCB is defined as:

''"a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security."'' [[#References | [3]]].

Modern operating system-browser combinations have massive TCBs that may have several millions of lines of code. By extracting components such as device drivers from the kernel, one can lower a systems TCB considerably. If a device driver is outside of the TCB and becomes corrupted, the effects would not be too severe, but if the driver is left in the TCB, then the results could be cataclysmic. By removing elements from the TCB, you make it smaller, thereby reducing the risk of having an attack get inside.

==Research Problem==
Modern browsers, such as Google Chrome and Mozilla Firefox, are continuously being revised and updated to keep ahead of the latest attacks, but continuously have hundreds of security vulnerabilities. Most of these attacks are simple, slightly harmful assaults on web applications, but many attacks are on the browser or even the operating system and its libraries. Since the browser runs lower on the shared storage stack, a successful attack on a browser can have horrible repercussions because it gives access to all of the browser data for all of the web application. It also provides the attacker with access to other resources on the system which is being exploited. An attack on the operating system can be disastrous if it is successful and may cause serious damage to the entire system because the attackers can access arbitrary states and events, allowing them to have full control over the system. The focus of this research is to prevent and decrease the attacks on the browser, libraries, operating systems and system services.

==Contribution==

===Architecture and Design===
The authors have developed IBOS to reduce security risks, without compromising speed and efficiency which leads to reduced TCB. One of the ways they have achieved this is through the use of process creation. Essentially there are two types of processes. A web page instance and a traditional process. Any time the user opens a new tab, clicks on a link, or enters a web address in the uniform resource locator(URL) bar, the IBOS kernel creates a new process. Upon creating a web page instance process, the kernel labels it with the originating address of the HTTP request. If a web site such as ''facebook.com'' decides to host an outside script, also known as an iframe, from another website, the kernel creates a new process for the embedded script and labels it appropriately. Traditional processes are every other process that is created for the local machine. These processes are simply labeled as ''localhost''.

An IBOS label contains a protocol, domain and port. By creating unique labels for each web page instance, the kernel can isolate them from one another. This prevents a compromised component from taking control of other processes. Also by labeling where requests come from, the IBOS kernel can ensure that the data it is receiving is in fact from the expected origin.

IBOS has considerably smaller TCB compared to other modern browsers. Where both Chrome and Firefox come in at over 4 million plus lines of code in their trusted computing base, IBOS has only about 42,000. Since IBOS isolates each process, it was also able to prevent between 75-100% of vulnerabilities from affected components on a machine. Using Chrome, the researchers tested 175 known issues on the IBOS kernel which ranged from memory exploits to interface spoofing. Out of all the known issues, IBOS was able to prevent 135 or 77% of the issues whereas Chrome was only able to contain 83 of them. The issue is that Chrome is able to catch exploits in its rendering engine since it is in a sandbox but any exploits that took advantage of the browser kernel could not be prevented. This is not a problem for IBOS because many of the browser components inside the trusted computing base in Chrome have been brought outside of the IBOS TCB limiting what can be done with exploitation. IBOS also contains tabs abstraction which multiplexes the display between different web pages instances. Input devices are programmed to route to a visible tab, which prevents keylogger from hijacking another instance's session.

===Performance===
In terms of performance, IBOS is comparable to the two best performing web browsers currently released: Firefox and Chrome. For websites such as Google Maps and Facebook, IBOS actually performs much better than Firefox while loading pages. This may be due partly to the fact that IBOS was developed with the WebKit engine, which has been optimized to run Google Maps. For Facebook and Wikipedia, sites that use many HTTP requests, IBOS performs slightly slower than the other two browsers, but for the others, where there are only a few HTTP requests, IBOS runs just as quickly as the others.

IBOS have the same functionality as Firefox and Chrome which uses the standard Web kit but it gives better performance.

===Security===
In addition to labels, IBOS has other approaches at reaching their goals in security. Security variants are a way for IBOS to enforce their subsystems to perform their designated functions without interfering with other subsystems. To reach this goal, they designed invariants for different components such as driver, storage, network processes, and UI invariants.

For driver invariants, IBOS insures drivers do not access DMA buffer directly and devices can only access validated DMA buffers. their approach is to separate the the management of device control registers from the use of device buffers. Using this separation, processes can fill device specific buffers for DMA transfers, and the IBOS kernel instructs the driver to enforce the device to use a verified DMA buffer.
In storage invariant IBOS encrypts all objects before passing them to the storage subsystem. That way All of the key-value pairs maintain confidentiality and integrity even if the storage stack itself becomes compromised.
The network process invariants is where the security is focused. The first two invariants are: The kernel must route network requests from web page instances to the proper network process, and the kernel must route Ethernet frames from the NIC to the proper network processes. To enforce all of these invariants, IBOS puts all network processes in their own protection domains. By putting network processes in their own protection domains, the kernel naturally ensures that network requests from web page instances and Ethernet frames from the NIC are routed to the correct network process. The third invariant is that the Ethernet frames from network processes to the NIC must have an IP address and TCP port that matches the origin of the network process. IBOS kernel checks all outgoing Ethernet frames before sending them to the NIC to check the IP address and TCP port against the label of the sending network process. The fourth invariant is HTTP data from network processes to web page instances must adhere to the SOP. The IBOS kernel inspects HTTP
data before forwarding it to the appropriate web page instance and drops any HTML documents from different origins. The last invariant is that network processes for different web page instances must remain isolated by labelling the origin of the web page instance.
As for the UI subsystem, IBOS kernel enforces 3 invariants. The first is the browser and web page content displays are isolated by using a frame buffer video driver and page protections to isolate portions of the screen. The second invariant is that only the current tab can access the screen, mouse, and keyboard by mapping the frame buffer memory region and routing mouse and keyboard events into the currently active web page instance. the final invariant is the URL of the current tab is displayed to the user by using the kernel display area to display the URL.
The IBOS kernel also offers custom security by allowing web sites to specify a server-side policy file that IBOS retrieves to restrict network accesses for a web page instance.

==Critique==

===Structure===
This paper was very well organized and executed. It naturally flows and keeps order in what it is trying to explain without the need to flip back and reference another piece of content in the paper. Starting with the core mechanics of why it is needed to how the kernel is organized and working its way up to many high-level pieces of information it felt like a natural progression of ideas, giving you the information you need to understand upcoming concepts.

===Evaluation===
The evaluation of the IBOS security has some flaws,it is not very thorough and the data set the testing against is potentially confounding.

The IBOS has shown through internal testing that it is able to resist 77% of attacks from a set of 175 security bugs whereas Chrome is only able prevent 46%. The improvement sounds impressive however, the set of security bugs they tested against was obtained from Google “Chrome’s bug tracker”. The fact they are comparing known security flaws in Chrome against the new IBOS makes their improvement of 31% far less impressive.

In addition, Their initial test set contained 217 bugs with duplicates removed, and 42 bugs were omitted because they were denial of service attacks and the IBOS does not protect against that form of attack. It is understandable this is out of the scope of this research. However, that is a big set of flaws which are not addressed.

Furthermore, the researches only compared their results against the Chrome web browser. A comparison which also includes other browsers such as Mozilla Firefox, Internet Explorer and Safari would be much more compelling.

==References==

[1] CVE - Common Vulnerabilities and Exposures (CVE). http://cve.mitre.org.

[2] Rushby, John (1981). "Design and Verification of Secure Systems". 8th ACM Symposium on Operating System Principles. Pacific Grove, California, US. pp. 12–21.

[3] B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems 1992, on page 6.

COMP 3000 Essay 2 2010 Question 2

2010-12-03T03:37:31Z

Ymoussou: /* Contribution */

==Paper==
'''Trust and Protection in the Illinois Browser Operating System'''

http://www.usenix.org/events/osdi10/tech/full_papers/Tang.pdf

Shuo Tang, Haohui Mai, Samuel T. King

''University of Illinois at Urbana-Champaig''

Presentation slides to go along with the paper: Trust and Protection in the Illinois Browser Operating System. http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1

==Background Concepts==
In the world we are in, the web is everywhere and runs in different operating systems and browsers. The Illinois Browser Operating System (IBOS) is not just a new browser to improve security, it is also a full operating system. It was developed by three graduate students at the University of Illinois. It’s main goal is to expose browser-level abstractions at the lowest possible software layer, reducing the trusted computing base for web browsers. Many websites and web applications have become major targets for attackers and hackers. These attackers are always finding new ways of exploiting even the most secure systems. Just recently, cross-site scripting (XSS) has become the most common security vulnerability over the age old buffer overflow [[#References | [1]]].

Plenty of research has gone in to improving security among the various web browsers on the market today but all browsers still remain susceptible to attacks on the lower layers. Compromised Ethernet drivers can send sensitive HTTP packets to third parties, compromised storage modules can send persistent data to unwanted viewers and compromised window managers can overlay fake interfaces common in phishing attacks [[#References | [1]]]. Common web browsers run on top of commodity operating systems with shared system services and user-mode libraries, increasing the trusted computing base(TCB). IBOS looks to solve this issue by exposing browser-level abstractions rather than just general-purpose abstractions. Important concepts such as cookies, HTTP connections and tabs for displaying pages are all brought into the browser abstraction layer. By using all of these methods, the IBOS system ultimately aims to reduce the computer's TCB.

===Monolithic vs Modular===

The internet today has become a important part in our life, it used everywhere and in everyday life. It all started as if the user is allowed to read and browse the content but today the expansion has led to have ability to write our content and have impact on rest of the world. The introduction of web 2.0 application brought greater change to the web and top of that bringing security concerns. Modern web applications are mostly designed to meet the new modular architecture.

Modular designed architecture browser such as Chrome is designed in a way that each browsing instance is assigned to a one operating system process. It is designed to better in terms of fault-tolerance, accountability, security, memory management and performance. Chrome has the ability to be able to run even when other web program crashes. Memory management in modular architecture is designed to handle each process at a time and when the program closes it is ready to be used in a another program. Scheduling for modular browsers handled at the OS level and web programs are able to run parallel.

Monolithic architectures browser such as Firefox, are monolithic and easy to exploit, since they run in a single address space. It is designed in a way that all the components for the web run in a single process. Disadvantage about monolithic architectures are if a single web program crashes all other web browsers crashes which causes the data to be lost which is saved in JavaScript in memory. Memory management is also considered poor in the architecture because it allocates memory at the beginning of the web program and might contain leaks which at the end of the program still be huge.

===TCB===

The TCB is the hardware and software that is critical to the computer's security. It's a combination of kernel and trusted processes made of hardware, firmware, and software that are critical to a computer's security [[#References | [2]]]. In the words of Lampson et al., TCB is defined as:

''"a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security."'' [[#References | [3]]].

Modern operating system-browser combinations have massive TCBs that may have several millions of lines of code. By extracting components such as device drivers from the kernel, one can lower a systems TCB considerably. If a device driver is outside of the TCB and becomes corrupted, the effects would not be too severe, but if the driver is left in the TCB, then the results could be cataclysmic. By removing elements from the TCB, you make it smaller, thereby reducing the risk of having an attack get inside.

==Research Problem==
Modern browsers, such as Google Chrome and Mozilla Firefox, are continuously being revised and updated to keep ahead of the latest attacks, but continuously have hundreds of security vulnerabilities. Most of these attacks are simple, slightly harmful assaults on web applications, but many attacks are on the browser or even the operating system and its libraries. Since the browser runs lower on the shared storage stack, a successful attack on a browser can have horrible repercussions because it gives access to all of the browser data for all of the web application. It also provides the attacker with access to other resources on the system which is being exploited. An attack on the operating system can be disastrous if it is successful and may cause serious damage to the entire system because the attackers can access arbitrary states and events, allowing them to have full control over the system. The focus of this research is to prevent and decrease the attacks on the browser, libraries, operating systems and system services.

==Contribution==

===Architecture and Design===
The authors have developed IBOS to reduce security risks, without compromising speed and efficiency which leads to reduced TCB. One of the ways they have achieved this is through the use of process creation. Essentially there are two types of processes. A web page instance and a traditional process. Any time the user opens a new tab, clicks on a link, or enters a web address in the uniform resource locator(URL) bar, the IBOS kernel creates a new process. Upon creating a web page instance process, the kernel labels it with the originating address of the HTTP request. If a web site such as ''facebook.com'' decides to host an outside script, also known as an iframe, from another website, the kernel creates a new process for the embedded script and labels it appropriately. Traditional processes are every other process that is created for the local machine. These processes are simply labeled as ''localhost''.

An IBOS label contains a protocol, domain and port. By creating unique labels for each web page instance, the kernel can isolate them from one another. This prevents a compromised component from taking control of other processes. Also by labeling where requests come from, the IBOS kernel can ensure that the data it is receiving is in fact from the expected origin.

IBOS has considerably smaller TCB compared to other modern browsers. Where both Chrome and Firefox come in at over 4 million plus lines of code in their trusted computing base, IBOS has only about 42,000. Since IBOS isolates each process, it was also able to prevent between 75-100% of vulnerabilities from affected components on a machine. Using Chrome, the researchers tested 175 known issues on the IBOS kernel which ranged from memory exploits to interface spoofing. Out of all the known issues, IBOS was able to prevent 135 or 77% of the issues whereas Chrome was only able to contain 83 of them. The issue is that Chrome is able to catch exploits in its rendering engine since it is in a sandbox but any exploits that took advantage of the browser kernel could not be prevented. This is not a problem for IBOS because many of the browser components inside the trusted computing base in Chrome have been brought outside of the IBOS TCB limiting what can be done with exploitation. IBOS also contains tabs abstraction which multiplexes the display between different web pages instances. Input devices are programmed to route to a visible tab, which prevents keylogger from hijacking another instance's session.

===Performance===
In terms of performance, IBOS is comparable to the two best performing web browsers currently released: Firefox and Chrome. For websites such as Google Maps and Facebook, IBOS actually performs much better than Firefox while loading pages. This may be due partly to the fact that IBOS was developed with the WebKit engine, which has been optimized to run Google Maps. For Facebook and Wikipedia, sites that use many HTTP requests, IBOS performs slightly slower than the other two browsers, but for the others, where there are only a few HTTP requests, IBOS runs just as quickly as the others.

IBOS have the same functionality as Firefox and Chrome which uses the standard Web kit but it gives better performance.

===Security===
In addition to labels, IBOS has other approaches at reaching their goals in security. Security variants are a way for IBOS to enforce their subsystems to perform their designated functions without interfering with other subsystems. To reach this goal, they designed invariants for different components such as driver, storage, network processes, and UI invariants.

For driver invariants, IBOS insures drivers do not access DMA buffer directly and devices can only access validated DMA buffers. their approach is to separate the the management of device control registers from the use of device buffers. Using this separation, processes can fill device specific buffers for DMA transfers, and the IBOS kernel instructs the driver to enforce the device to use a verified DMA buffer. In storage invariant IBOS encrypts all objects before passing them to the storage subsystem. That way All of our key-value pairs maintain confidentiality and integrity even if the storage stack itself becomes compromised.

==Critique==

===Structure===
This paper was very well organized and executed. It naturally flows and keeps order in what it is trying to explain without the need to flip back and reference another piece of content in the paper. Starting with the core mechanics of why it is needed to how the kernel is organized and working its way up to many high-level pieces of information it felt like a natural progression of ideas, giving you the information you need to understand upcoming concepts.

===Evaluation===
The evaluation of the IBOS security has some flaws,it is not very thorough and the data set the testing against is potentially confounding.

The IBOS has shown through internal testing that it is able to resist 77% of attacks from a set of 175 security bugs whereas Chrome is only able prevent 46%. The improvement sounds impressive however, the set of security bugs they tested against was obtained from Google “Chrome’s bug tracker”. The fact they are comparing known security flaws in Chrome against the new IBOS makes their improvement of 31% far less impressive.

In addition, Their initial test set contained 217 bugs with duplicates removed, and 42 bugs were omitted because they were denial of service attacks and the IBOS does not protect against that form of attack. It is understandable this is out of the scope of this research. However, that is a big set of flaws which are not addressed.

Furthermore, the researches only compared their results against the Chrome web browser. A comparison which also includes other browsers such as Mozilla Firefox, Internet Explorer and Safari would be much more compelling.

==References==

[1] CVE - Common Vulnerabilities and Exposures (CVE). http://cve.mitre.org.

[2] Rushby, John (1981). "Design and Verification of Secure Systems". 8th ACM Symposium on Operating System Principles. Pacific Grove, California, US. pp. 12–21.

[3] B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems 1992, on page 6.

Talk:COMP 3000 Essay 2 2010 Question 2

2010-12-03T00:30:13Z

Ymoussou: /* Comments & Discussion */

=Comments & Discussion=

Don't forget your references guys!
--[[User:Ymoussou|Youcef M.]] 00:30, 3 December 2010 (UTC)

I'm adding bits and pieces here and there in most of the sections including references.

--[[User:Ymoussou|Youcef M.]] 22:01, 2 December 2010 (UTC)

--Writing up a critique of the researches evaluation methods for the critique section now

[[User:Atubman|Atubman]] 21:25, 2 December 2010 (UTC)

I've added to the Contribution part of the essay. I've basically explained as much as I thought was pertinent in what the section was asking for but don't be shy to add more!

--[[User:Selliot3|Selliot3]] 14:11, 2 December 2010 (UTC)

IBOS is designed to talk directly to the hardware. That's why they have everything at the lower level. All that extra TCB in other browsers was for all the extra stuff like services, OS components blah blah. I get their drift and how less code is secure but I don't get how they did it! From where do they get the services they claim to have taken out but still operates the same as any other browser. There is a catch somewhere but I can't find it in the paper or maybe I'm blind. I've been reading a lot of text but I got nowhere, its either too complex or not close to what I'm looking for.

--[[User:Ymoussou|Youcef M.]] 04:19, 2 December 2010 (UTC)

Brief description of the research problem below. (Still Needs expanding/fleshing out. can anyone help expand on why exactly shrinking the TCB will be more secure. I'm fuzzy on that)

The IBOS attempts to improve the security of web browsers. The writers argue that the large size of the trusted code bases (TCB) which modern web browsers make use of increases the possibility of a security hole. For example a hijacked window manager could be used to draw a fake phishing website overtop a web browser. The researchers solution is drastically shrinking the size of the TCB. The TCB is shrunk by turning the web browser into an operating system in itself with direct access to hardware abstractions.

Meanwhile, the IBOS must still support existing web applications while maintaining security.

[[User:Atubman|Atubman]] 03:36, 2 December 2010 (UTC)

This is what I understand of the TCB. Basically it is all of the components that are essential to the security of the computer system. Pretty much the stuff inside the kernel that if is compromised is "bad news bears". By removing things like device drivers, you reduce the TCB quite considerably (like probably 10s of thousands of lines of code). The smaller the TCB, the less of a chance that you have of an essential component getting corrupted. I don't know if I'm explaining it right, but maybe someone else can expand on what I've written here.
--[[User:Gsmith6|Gsmith6]] 16:13, 2 December 2010 (UTC)

EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section.

I can work on the background of IBOS

--[[User:Selliot3|Selliot3]] 23:03, 22 November 2010 (UTC)

It seems we only have 5/7 members. We should start splitting up the tasks and assign who gets what. So if everybody writes what section they would like to work on that would be great.

--[[User:Ymoussou|Youcef M.]] 15:19, 20 November 2010 (UTC)

I'll do the contribution section. I'll be reading through the paper thoroughly today and taking notes as I go. I'll post them later on this page as a sort of cheat-sheet/reminder. --[[User:Gsmith6|Gsmith6]] 17:45, 25 November 2010 (UTC)

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

Still in the class, andrewtubman84@gmail.com

[[User:Atubman|Atubman]]

I'm here. I have received an email reply from John Vanden Heuvel as well (he may not see this) gsmith0413@gmail.com
--[[User:Gsmith6|Gsmith6]] 22:31, 15 November 2010 (UTC)

[[User:vviveka2|vG]]

I am here... and replied to the email

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

=Raw Information=

The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. [[User:vviveka2|vG]]

=Extra Resources=
http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1
I found some presentation slides by Shuo Tang, Haohui Mai and Sam King, the authors and developers of IBOS
--[[User:Gsmith6|Gsmith6]] 22:35, 25 November 2010 (UTC)

COMP 3000 Essay 2 2010 Question 2

2010-12-03T00:27:07Z

Ymoussou: /* References */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T23:55:05Z

Ymoussou: /* Security */

==Paper==
'''Trust and Protection in the Illinois Browser Operating System'''

http://www.usenix.org/events/osdi10/tech/full_papers/Tang.pdf

Shuo Tang, Haohui Mai, Samuel T. King

''University of Illinois at Urbana-Champaig''

Presentation slides to go along with the paper: Trust and Protection in the Illinois Browser Operating System. http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1

==Background Concepts==
In the world we are in, the web is everywhere and runs in different operating systems and browsers. The Illinois Browser Operating System (IBOS) is not just a new browser to improve security, it is also a full operating system. It was developed by three graduate students at the University of Illinois. It’s main goal is to expose browser-level abstractions at the lowest possible software layer, reducing the trusted computing base for web browsers. Many websites and web applications have become major targets for attackers and hackers. These attackers are always finding new ways of exploiting even the most secure systems. Just recently, cross-site scripting (XSS) has become the most common security vulnerability over the age old buffer overflow [[#References | [1]]].

Plenty of research has gone in to improving security among the various web browsers on the market today but all browsers still remain susceptible to attacks on the lower layers. Compromised Ethernet drivers can send sensitive HTTP packets to third parties, compromised storage modules can send persistent data to unwanted viewers and compromised window managers can overlay fake interfaces common in phishing attacks [[#References | [1]]]. Common web browsers run on top of commodity operating systems with shared system services and user-mode libraries, increasing the trusted computing base(TCB). IBOS looks to solve this issue by exposing browser-level abstractions rather than just general-purpose abstractions. Important concepts such as cookies, HTTP connections and tabs for displaying pages are all brought into the browser abstraction layer. By using all of these methods, the IBOS system ultimately aims to reduce the computer's TCB.

===Monolithic vs Modular===

The internet today has become a important part in our life, it used everywhere and in everyday life. It all started as if the user is allowed to read and browse the content but today the expansion has led to have ability to write our content and have impact on rest of the world. The introduction of web 2.0 application brought greater change to the web and top of that bringing security concerns. Modern web applications are mostly designed to meet the new modular architecture.

Web browsers, such as Firefox, are monolithic and easy to exploit, since they run in a single address space. "Secure" web browsers are not enough, since they still have a huge TCB (including the TCP stack, X server, file system, drivers, etc.). A microkernel would be better, but still need to trust all of the system components.

The TCB is the hardware and software that is critical to the computer's security. It's a combination of kernel and trusted processes made of hardware, firmware, and software that are critical to a computer's security [[#References | [2]]]. In the words of Lampson et al., TCB is defined as:

''"a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security."'' [[#References | [3]]].

Modern operating system-browser combinations have massive TCBs that may have several millions of lines of code. By extracting components such as device drivers from the kernel, one can lower a systems TCB considerably. If a device driver is outside of the TCB and becomes corrupted, the effects would not be too severe, but if the driver is left in the TCB, then the results could be cataclysmic. By removing elements from the TCB, you make it smaller, thereby reducing the risk of having an attack get inside.

==Research Problem==
Modern browsers, such as Google Chrome and Mozilla Firefox, are continuously being revised and updated to keep ahead of the latest attacks, but continuously have hundreds of security vulnerabilities. Most of these attacks are simple, slightly harmful assaults on web applications, but many attacks are on the browser or even the operating system and its libraries. Since the browser runs lower on the shared storage stack, a successful attack on a browser can have horrible repercussions because it gives access to all of the browser data for all of the web application. It also provides the attacker with access to other resources on the system which is being exploited. An attack on the operating system can be disastrous if it is successful and may cause serious damage to the entire system because the attackers can access arbitrary states and events, allowing them to have full control over the system. The focus of this research is to prevent and decrease the attacks on the browser, libraries, operating systems and system services.

==Contribution==

===Architecture and Design===
The authors have developed IBOS to reduce security risks, without compromising speed and efficiency. One of the ways they have achieved this is through the use of process creation. Essentially there are two types of processes. A web page instance and a traditional process. Any time the user opens a new tab, clicks on a link, or enters a web address in the uniform resource locator(URL) bar, the IBOS kernel creates a new process. Upon creating a web page instance process, the kernel labels it with the originating address of the HTTP request. If a web site such as ''facebook.com'' decides to host an outside script, also known as an iframe, from another website, the kernel creates a new process for the embedded script and labels it appropriately. Traditional processes are every other process that is created for the local machine. These processes are simply labeled as ''localhost''.

By creating unique labels for each web page instance, the kernel can isolate them from one another. This prevents a compromised component from taking control of other processes. Also by labeling where requests come from, the IBOS kernel can ensure that the data it is receiving is in fact from the expected origin.

IBOS has considerably smaller TCB compared to other modern browsers. Where both Chrome and Firefox come in at over 4 million plus lines of code in their trusted computing base, IBOS has only about 42,000. Since IBOS isolates each process, it was also able to prevent between 75-100% of vulnerabilities from affected components on a machine. Using Chrome, the researchers tested 175 known issues on the IBOS kernel which ranged from memory exploits to interface spoofing. Out of all the known issues, IBOS was able to prevent 135 or 77% of the issues whereas Chrome was only able to contain 83 of them. The issue is that Chrome is able to catch exploits in its rendering engine since it is in a sandbox but any exploits that took advantage of the browser kernel could not be prevented. This is not a problem for IBOS because many of the browser components inside the trusted computing base in Chrome have been brought outside of the IBOS TCB limiting what can be done with exploitation.

===Performance===
In terms of performance, IBOS is comparable to the two best performing web browsers currently released: Firefox and Chrome. For websites such as Google Maps and Facebook, IBOS actually performs much better than Firefox while loading pages. This may be due partly to the fact that IBOS was developed with the WebKit engine, which has been optimized to run Google Maps. For Facebook and Wikipedia, sites that use many HTTP requests, IBOS performs slightly slower than the other two browsers, but for the others, where there are only a few HTTP requests, IBOS runs just as quickly as the others.

==Critique==

===Structure===
This paper was very well organized and executed. It naturally flows and keeps order in what it is trying to explain without the need to flip back and reference another piece of content in the paper. Starting with the core mechanics of why it is needed to how the kernel is organized and working its way up to many high-level pieces of information it felt like a natural progression of ideas, giving you the information you need to understand upcoming concepts.

===Evaluation===
The evaluation of the IBOS security has some flaws,it is not very thorough and the data set the testing against is potentially confounding.

The IBOS has shown through internal testing that it is able to resist 77% of attacks from a set of 175 security bugs whereas Chrome is only able prevent 46%. The improvement sounds impressive however, the set of security bugs they tested against was obtained from Google “Chrome’s bug tracker”. The fact they are comparing known security flaws in Chrome against the new IBOS makes their improvement of 31% far less impressive.

In addition, Their initial test set contained 217 bugs with duplicates removed, and 42 bugs were omitted because they were denial of service attacks and the IBOS does not protect against that form of attack. It is understandable this is out of the scope of this research. However, that is a big set of flaws which are not addressed.

Furthermore, the researches only compared their results against the Chrome web browser. A comparison which also includes other browsers such as Mozilla Firefox, Internet Explorer and Safari would be much more compelling.

==References==
You will almost certainly have to refer to other resources; please cite these resources in the style of citation of the papers assigned (inlined numbered references). Place your bibliographic entries in this section.

[1] CVE - Common Vulnerabilities and Exposures (CVE). http://cve.mitre.org.

[2] Rushby, John (1981). "Design and Verification of Secure Systems". 8th ACM Symposium on Operating System Principles. Pacific Grove, California, US. pp. 12–21.

[3] B. Lampson, M. Abadi, M. Burrows and E. Wobber, Authentication in Distributed Systems: Theory and Practice, ACM Transactions on Computer Systems 1992, on page 6.

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:27:41Z

Ymoussou: /* Background Concepts */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:26:45Z

Ymoussou: /* References */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:25:34Z

Ymoussou: /* Contribution */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:14:08Z

Ymoussou: /* TCB */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:11:52Z

Ymoussou: /* TCB */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:11:08Z

Ymoussou: /* References */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:10:24Z

Ymoussou: /* References */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:09:07Z

Ymoussou: /* TCB */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:08:38Z

Ymoussou: /* TCB */

Talk:COMP 3000 Essay 2 2010 Question 2

2010-12-02T22:01:14Z

Ymoussou: /* Comments & Discussion */

=Comments & Discussion=

I'm adding bits and pieces here and there in most of the sections including references.

--[[User:Ymoussou|Youcef M.]] 22:01, 2 December 2010 (UTC)

--Writing up a critic of the researches evalution methods for the critic section now

[[User:Atubman|Atubman]] 21:25, 2 December 2010 (UTC)

I've added to the Contribution part of the essay. I've basically explained as much as I thought was pertinent in what the section was asking for but don't be shy to add more!

--[[User:Selliot3|Selliot3]] 14:11, 2 December 2010 (UTC)

IBOS is designed to talk directly to the hardware. That's why they have everything at the lower level. All that extra TCB in other browsers was for all the extra stuff like services, OS components blah blah. I get their drift and how less code is secure but I don't get how they did it! From where do they get the services they claim to have taken out but still operates the same as any other browser. There is a catch somewhere but I can't find it in the paper or maybe I'm blind. I've been reading a lot of text but I got nowhere, its either too complex or not close to what I'm looking for.

--[[User:Ymoussou|Youcef M.]] 04:19, 2 December 2010 (UTC)

Brief description of the research problem below. (Still Needs expanding/fleshing out. can anyone help expand on why exactly shrinking the TCB will be more secure. I'm fuzzy on that)

The IBOS attempts to improve the security of web browsers. The writers argue that the large size of the trusted code bases (TCB) which modern web browsers make use of increases the possibility of a security hole. For example a hijacked window manager could be used to draw a fake phishing website overtop a web browser. The researchers solution is drastically shrinking the size of the TCB. The TCB is shrunk by turning the web browser into an operating system in itself with direct access to hardware abstractions.

Meanwhile, the IBOS must still support existing web applications while maintaining security.

[[User:Atubman|Atubman]] 03:36, 2 December 2010 (UTC)

This is what I understand of the TCB. Basically it is all of the components that are essential to the security of the computer system. Pretty much the stuff inside the kernel that if is compromised is "bad news bears". By removing things like device drivers, you reduce the TCB quite considerably (like probably 10s of thousands of lines of code). The smaller the TCB, the less of a chance that you have of an essential component getting corrupted. I don't know if I'm explaining it right, but maybe someone else can expand on what I've written here.
--[[User:Gsmith6|Gsmith6]] 16:13, 2 December 2010 (UTC)

EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section.

I can work on the background of IBOS

--[[User:Selliot3|Selliot3]] 23:03, 22 November 2010 (UTC)

It seems we only have 5/7 members. We should start splitting up the tasks and assign who gets what. So if everybody writes what section they would like to work on that would be great.

--[[User:Ymoussou|Youcef M.]] 15:19, 20 November 2010 (UTC)

I'll do the contribution section. I'll be reading through the paper thoroughly today and taking notes as I go. I'll post them later on this page as a sort of cheat-sheet/reminder. --[[User:Gsmith6|Gsmith6]] 17:45, 25 November 2010 (UTC)

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

Still in the class, andrewtubman84@gmail.com

[[User:Atubman|Atubman]]

I'm here. I have received an email reply from John Vanden Heuvel as well (he may not see this) gsmith0413@gmail.com
--[[User:Gsmith6|Gsmith6]] 22:31, 15 November 2010 (UTC)

[[User:vviveka2|vG]]

I am here... and replied to the email

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

=Raw Information=

The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. [[User:vviveka2|vG]]

=Extra Resources=
http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1
I found some presentation slides by Shuo Tang, Haohui Mai and Sam King, the authors and developers of IBOS
--[[User:Gsmith6|Gsmith6]] 22:35, 25 November 2010 (UTC)

COMP 3000 Essay 2 2010 Question 2

2010-12-02T21:20:42Z

Ymoussou: /* Contribution */

COMP 3000 Essay 2 2010 Question 2

2010-12-02T21:20:27Z

Ymoussou: /* Research Problem */

Talk:COMP 3000 Essay 2 2010 Question 2

2010-12-02T04:20:20Z

Ymoussou: /* Comments & Discussion */

=Comments & Discussion=
IBOS is designed to talk directly to the hardware. That's why they have everything at the lower level. All that extra TCB in other browsers was for all the extra stuff like services, OS components blah blah. I get their drift and how less code is secure but I don't get how they did it! From where do they get the services they claim to have taken out but still operates the same as any other browser. There is a catch somewhere but I can't find it in the paper or maybe I'm blind. I've been reading a lot of text but I got nowhere, its either too complex or not close to what I'm looking for.

--[[User:Ymoussou|Youcef M.]] 04:19, 2 December 2010 (UTC)

Brief description of the research problem below. (Still Needs expanding/fleshing out. can anyone help expand on why exactly shrinking the TCB will be more secure. I'm fuzzy on that)

The IBOS attempts to improve the security of web browsers. The writers argue that the large size of the trusted code bases (TCB) which modern web browsers make use of increases the possibility of a security hole. For example a hijacked window manager could be used to draw a fake phishing website overtop a web browser. The researchers solution is drastically shrinking the size of the TCB. The TCB is shrunk by turning the web browser into an operating system in itself with direct access to hardware abstractions.

[[User:Atubman|Atubman]] 03:36, 2 December 2010 (UTC)

EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section.

I can work on the background of IBOS

--[[User:Selliot3|Selliot3]] 23:03, 22 November 2010 (UTC)

It seems we only have 5/7 members. We should start splitting up the tasks and assign who gets what. So if everybody writes what section they would like to work on that would be great.

--[[User:Ymoussou|Youcef M.]] 15:19, 20 November 2010 (UTC)

I'll do the contribution section. I'll be reading through the paper thoroughly today and taking notes as I go. I'll post them later on this page as a sort of cheat-sheet/reminder. --[[User:Gsmith6|Gsmith6]] 17:45, 25 November 2010 (UTC)

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

Still in the class, andrewtubman84@gmail.com

[[User:Atubman|Atubman]]

I'm here. I have received an email reply from John Vanden Heuvel as well (he may not see this) gsmith0413@gmail.com
--[[User:Gsmith6|Gsmith6]] 22:31, 15 November 2010 (UTC)

[[User:vviveka2|vG]]

I am here... and replied to the email

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

=Raw Information=

The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. [[User:vviveka2|vG]]

=Extra Resources=
http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1
I found some presentation slides by Shuo Tang, Haohui Mai and Sam King, the authors and developers of IBOS
--[[User:Gsmith6|Gsmith6]] 22:35, 25 November 2010 (UTC)

Talk:COMP 3000 Essay 2 2010 Question 2

2010-12-02T04:19:27Z

Ymoussou: /* Comments & Discussion */

=Comments & Discussion=
IBOS is designed to talk directly to the hardware. That's why they have everything at the lower level. All that extra TCB in other browsers was for all the extra stuff like services, OS components blah blah. I get their drift and how less code is secure but I don't get how they did it! From where do they get the services they claim to have taken out but still operates the same as any other browser. I can't find it in the paper or maybe I'm blind. I've been reading a lot of text but I got nowhere, its either too complex or not close to what I'm looking for.

--[[User:Ymoussou|Youcef M.]] 04:19, 2 December 2010 (UTC)

Brief description of the research problem below. (Still Needs expanding/fleshing out. can anyone help expand on why exactly shrinking the TCB will be more secure. I'm fuzzy on that)

The IBOS attempts to improve the security of web browsers. The writers argue that the large size of the trusted code bases (TCB) which modern web browsers make use of increases the possibility of a security hole. For example a hijacked window manager could be used to draw a fake phishing website overtop a web browser. The researchers solution is drastically shrinking the size of the TCB. The TCB is shrunk by turning the web browser into an operating system in itself with direct access to hardware abstractions.

[[User:Atubman|Atubman]] 03:36, 2 December 2010 (UTC)

EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section.

I can work on the background of IBOS

--[[User:Selliot3|Selliot3]] 23:03, 22 November 2010 (UTC)

It seems we only have 5/7 members. We should start splitting up the tasks and assign who gets what. So if everybody writes what section they would like to work on that would be great.

--[[User:Ymoussou|Youcef M.]] 15:19, 20 November 2010 (UTC)

I'll do the contribution section. I'll be reading through the paper thoroughly today and taking notes as I go. I'll post them later on this page as a sort of cheat-sheet/reminder. --[[User:Gsmith6|Gsmith6]] 17:45, 25 November 2010 (UTC)

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

Still in the class, andrewtubman84@gmail.com

[[User:Atubman|Atubman]]

I'm here. I have received an email reply from John Vanden Heuvel as well (he may not see this) gsmith0413@gmail.com
--[[User:Gsmith6|Gsmith6]] 22:31, 15 November 2010 (UTC)

[[User:vviveka2|vG]]

I am here... and replied to the email

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

=Raw Information=

The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. [[User:vviveka2|vG]]

=Extra Resources=
http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1
I found some presentation slides by Shuo Tang, Haohui Mai and Sam King, the authors and developers of IBOS
--[[User:Gsmith6|Gsmith6]] 22:35, 25 November 2010 (UTC)

Talk:COMP 3000 Essay 2 2010 Question 2

2010-12-02T04:19:14Z

Ymoussou: /* Comments & Discussion */

=Comments & Discussion=
IBOS is designed to talk directly to the hardware. That's why they have everything at the lower level. All that extra TCB in other browsers was for all the extra stuff like services, OS components blah blah. I get their drift and how less code is secure but I don't get how they did it! From where do they get the services they claim to have taken out but still operates the same as any other browser. I can't find it in the paper or maybe I'm blind. I've been reading a lot of text but I got nowhere, its either too complex or not close to what I'm looking for.
--[[User:Ymoussou|Youcef M.]] 04:19, 2 December 2010 (UTC)

Brief description of the research problem below. (Still Needs expanding/fleshing out. can anyone help expand on why exactly shrinking the TCB will be more secure. I'm fuzzy on that)

The IBOS attempts to improve the security of web browsers. The writers argue that the large size of the trusted code bases (TCB) which modern web browsers make use of increases the possibility of a security hole. For example a hijacked window manager could be used to draw a fake phishing website overtop a web browser. The researchers solution is drastically shrinking the size of the TCB. The TCB is shrunk by turning the web browser into an operating system in itself with direct access to hardware abstractions.

[[User:Atubman|Atubman]] 03:36, 2 December 2010 (UTC)

EDIT: I've pretty much explained the background concept behind IBOS and I kind of added the way it's executed near the end. Feel free to move that into the research section.

I can work on the background of IBOS

--[[User:Selliot3|Selliot3]] 23:03, 22 November 2010 (UTC)

It seems we only have 5/7 members. We should start splitting up the tasks and assign who gets what. So if everybody writes what section they would like to work on that would be great.

--[[User:Ymoussou|Youcef M.]] 15:19, 20 November 2010 (UTC)

I'll do the contribution section. I'll be reading through the paper thoroughly today and taking notes as I go. I'll post them later on this page as a sort of cheat-sheet/reminder. --[[User:Gsmith6|Gsmith6]] 17:45, 25 November 2010 (UTC)

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

Still in the class, andrewtubman84@gmail.com

[[User:Atubman|Atubman]]

I'm here. I have received an email reply from John Vanden Heuvel as well (he may not see this) gsmith0413@gmail.com
--[[User:Gsmith6|Gsmith6]] 22:31, 15 November 2010 (UTC)

[[User:vviveka2|vG]]

I am here... and replied to the email

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

=Raw Information=

The web itself is ubiquitous which a person can use for communication; banking, business, social networking and it can be useful for other purposes. There are different type of vulnerabilities web applications, browser, OS and library vulnerabilities. Insecure web browsers are monolithic, and they are easy to exploit. Secure web browser such as chrome isolate web applications and it still contain huge trusted computing base (TCB). Browser abstractions as the first-class OS, contains reduced TCB for web browser and it also have protection to withstand attacks to most components. [[User:vviveka2|vG]]

=Extra Resources=
http://www.cs.uiuc.edu/homes/stang6/ibos.html#slide1
I found some presentation slides by Shuo Tang, Haohui Mai and Sam King, the authors and developers of IBOS
--[[User:Gsmith6|Gsmith6]] 22:35, 25 November 2010 (UTC)

Talk:COMP 3000 Essay 2 2010 Question 2

2010-11-20T15:19:39Z

Ymoussou: /* Group Members */

=Comments & Discussion=

It seems we only have 5/7 members. We should start splitting up the tasks and assign who gets what. So if everybody writes what section they would like to work on that would be great.

--[[User:Ymoussou|Youcef M.]] 15:19, 20 November 2010 (UTC)

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

Still in the class, andrewtubman84@gmail.com

[[User:Atubman|Atubman]]

I'm here. I have received an email reply from John Vanden Heuvel as well (he may not see this) gsmith0413@gmail.com
--[[User:Gsmith6|Gsmith6]] 22:31, 15 November 2010 (UTC)

[[User:vviveka2|vG]]

I am here... and replied to the email

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:29:47Z

Ymoussou: /* Paper */

=Paper=
The paper's title, authors, and their affiliations. Include a link to the paper and any particularly helpful supplementary information.

=Background Concepts=
Explain briefly the background concepts and ideas that your fellow classmates will need to know first in order to understand your assigned paper.

=Research problem=
What is the research problem being addressed by the paper? How does this problem relate to past related work?

=Contribution=
What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)

=Critique=
What is good and not-so-good about this paper? You may discuss both the style and content; be sure to ground your discussion with specific references. Simple assertions that something is good or bad is not enough - you must explain why.

=References=
You will almost certainly have to refer to other resources; please cite these resources in the style of citation of the papers assigned (inlined numbered references). Place your bibliographic entries in this section.

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:26:59Z

Ymoussou: /* References */

=Paper=
the paper's title, authors, and their affiliations. Include a link to the paper and any particularly helpful supplementary information.

=Background Concepts=
Explain briefly the background concepts and ideas that your fellow classmates will need to know first in order to understand your assigned paper.

=Research problem=
What is the research problem being addressed by the paper? How does this problem relate to past related work?

=Contribution=
What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)

=Critique=
What is good and not-so-good about this paper? You may discuss both the style and content; be sure to ground your discussion with specific references. Simple assertions that something is good or bad is not enough - you must explain why.

=References=
You will almost certainly have to refer to other resources; please cite these resources in the style of citation of the papers assigned (inlined numbered references). Place your bibliographic entries in this section.

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:26:43Z

Ymoussou: /* Critique */

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:26:28Z

Ymoussou: /* Contribution */

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:26:15Z

Ymoussou: /* Research problem */

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:26:02Z

Ymoussou: /* Background Concepts */

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:25:46Z

Ymoussou: /* Paper */

=Paper=
the paper's title, authors, and their affiliations. Include a link to the paper and any particularly helpful supplementary information.

=Background Concepts=
=Research problem=
=Contribution=
=Critique=
=References=

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:25:09Z

Ymoussou: /* Paper */

=Paper=
=Background Concepts=
=Research problem=
=Contribution=
=Critique=
=References=

Talk:COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:22:54Z

Ymoussou: /* Group Members */

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

Still in the class, andrewtubman84@gmail.com

[[User:Atubman|Atubman]]

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

Talk:COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:18:04Z

Ymoussou: /* Group Members */

=Group Members=

Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

I am alive and still in the class, selliot3@connect.carleton.ca

--[[User:Selliot3|Selliot3]] 18:12, 15 November 2010 (UTC)

=Question 2 members=

Elliott Charles selliot3

Moussoud Youcef ymoussou

Pharand Alexandre apharan2

Smith Geoffrey gsmith6

Tubman Andrew atubman

Vanden Heuvel John jvheuvel

Vivekanandarajah Vijitharan vviveka2

COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:14:24Z

Ymoussou: Created page with "=Paper="

=Paper=

Talk:COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:11:17Z

Ymoussou: /* Group Members */

=Group Members=
Leave your name and e-mail address if you are assigned to this question.

[[User:Ymoussou|Youcef M.]] moussoud@gmail.com

Talk:COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:11:01Z

Ymoussou: /* Group Members */

=Group Members=
Leave your name and e-mail address if you are assigned to this question

[[User:Ymoussou|Youcef M.]] 18:10, 15 November 2010 (UTC) moussoud@gmail.com

Talk:COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:10:43Z

Ymoussou: /* Group Members */

=Group Members=
Leave your name and e-mail address if you are in assigned to this question

[[User:Ymoussou|Youcef M.]] 18:10, 15 November 2010 (UTC) moussoud@gmail.com

Talk:COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:10:17Z

Ymoussou: /* Group Members */

=Group Members=
Leave your name and e-mail address if you are in assigned to this question

Youcef Moussoud - --[[User:Ymoussou|Youcef M.]] 18:10, 15 November 2010 (UTC) - moussoud@gmail.com

Talk:COMP 3000 Essay 2 2010 Question 2

2010-11-15T18:08:50Z

Ymoussou: Created page with "=Group Members= Leave your name and e-mail address if you are in assigned to this question Youcef Moussoud - moussoud@gmail.com"

=Group Members=
Leave your name and e-mail address if you are in assigned to this question

Youcef Moussoud - moussoud@gmail.com

COMP 3000 Essay 1 2010 Question 4

2010-10-14T02:24:56Z

Ymoussou: /* Current Status */

=Question=

What "operating systems" have been implemented in the following languages: LISP, Modula-3, Smalltalk, Java? To what extent do these systems match the capabilities of operating systems implemented in C and C++?

=Team Note (to be removed by delivery date)=

Please use the [[Talk:COMP_3000_Essay_1_2010_Question_4|discussion page]] for any planning and comments.

=Answer=

== Introduction ==

Not so long ago people believed the Earth was a flat world at the center of the universe. This essay addresses a more recent falsehood: that all operating systems are written in assembly language and C. It's not surprising that students of computing in this century would genuflect at the academic altars of Kernighan & Ritchie. After all we grew up with our computer worlds already pre-formed into the conceptual continents of Apple OS, UNIX, and Windows. The more historically curious among us are vaguely aware that other island cultures do exist but they represent civilizations defeated in the marketplace. Explorations into these ancient worlds resemble documentaries about archeologists decoding rediscovered languages etched in stone. But scratch the surface of any of our so-called modern operating systems and you'll find echoes of these ancient languages in our own familiar worlds. Ellen Ullman said it best when she wrote, <blockquote>''We build our computer systems like we build our cities: over time, without a plan, on top of ruins.''</blockquote>

In the sections below we present our explorations into a few truly foundational operating systems. We will also see some brand new ones that prove we stand, as one twelfth century scholar put it, [http://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants on the shoulders of giants].

The following is a short list of operating systems written partially or completely with the given language. We will go into more detail in the language-specific sections below.

{| class="wikitable" style="text-align:center" border="1"
|+ '''Operating Systems By Language'''
|-
!width="15%"|Language
!width="85%"|OS List
|-
! Lisp
| MIT's Lisp Machines, Genera
|-
! Modula-3
| SPIN OS, Oberon
|-
! Smalltalk
| Smalltalk-80 on Xerox Alto, Squeak
|-
! Java
| JavaOS, JNode, JX, Android
|}

==Lisp Based==
===Overview===
Lisp is the second oldest programming languages, established in the late 1960's as a list-processing language. It started out being perfect for math but when it came to programming with it, it left a lot to be desired. Since then there have been a number of different versions of it, from the first Lisp – called “pure Lisp” – to Scheme and Common Lisp. Unlike most object-oriented languages which are focused on classes and instances among other things, Lisp was initially focused more on functions, in which functions call other functions, though later versions of Lisp did eventually add in classes and other typical object-oriented features. It was after this that Genera was created, an operating system written entirely in Lisp, and developed from an earlier operating system on MIT's Lisp Machine.

The Lisp Machine project in began in 1974, where Richard Greenblatt and Thomas Knight, programmers at MIT, designed a computer for general use that was designed for a single user, in which the operating system was programmed entirely in Lisp. It was designed to be completely open to the user, so any changes the user wanted to make could be done during run-time. It was also one of the first systems to be programmed in a 32-bit architecture, making it far more versatile than a number of other operating systems at the time. Despite this, however, the first Lisp Machine was quite basic compared to later iterations, namely Genera.

===Motivation===
Genera is an evolution of the initial Lisp Machine operating system, and as such improved upon many of the basic features of the system. Genera was the first object-oriented operating system, making it stand out among the already well-known Lisp Machines, especially given the fact that it isn't a composition of languages like other operating systems – most using the primary language for the operating system and another language, such as assembly, to deal with hardware directly – but written entirely in Lisp – any of five different dialects of the language – including the lowest levels of the operating system that interact with hardware due to its effective lack of a kernel. Not having to deal with a kernel allows Genera to be very powerful and efficient in certain areas, most especially in the most complex applications such as those dealing with intelligent CAD and graphics, though when given very simple, very routine applications or processes it is much less efficient than other operating systems.

===Achievements===
Another primary difference from other operating systems is that Genera is a fully open system like the first Lisp Machines. Having an open system has its positive and negative aspects. Among the foremost positive aspects is that the user is in control and not left to the whims of the operating system as is common in non-open systems – if the user doesn't like how something is happening, they can simply go in and change it from happening that way again – and allows for very quick prototyping, not needing to wait to compile every little change. Also, due to utilizing very lightweight objects and the fact that everything is in a single address space rather than split across multiple spaces greatly increases efficiency, though again mainly in non-simple tasks.

Like operating systems written in C/C++, Genera has multiple inheritance and automatic garbage collection. Unlike C/C++, however, Genera uses object-oriented memory. This gives Genera a very useful feature that many other systems cannot do, which is that, given a memory address, the system is able to provide the start address, size, and the type of object in that memory location, which increases efficiency. Even the way files are accessed is very different from other operating systems, as it uses a generic file access system; in a generic file access system, rather than following a typical structure of keeping the commands needed for local and networked files different, the commands are the same, meaning that the system essentially acts like a file on a system on the other side of the world is a local file.

===Problems===
Not everything is great with an open system, however, as there are definite security concerns: with an open system, the user can change anything, and programs can interact with other programs and change anything, meaning that if a virus were unleashed on a Genera system it could be catastrophic. To counter this problem Genera systems are protected by a very simple method: keeping the physical system itself out of reach of all but authorized users and behind locked doors. To compare to other operating systems, such as those written in C/C++, it is generally less secure because of the open system, though they are both equally at risk when installing software, as both systems are completely open at that specific junction. Genera also has issues with modularity, as it allows for something to be called even when it is not supposed to be able to be called because, as it is an open system, there is nothing really stopping this from happening. Some versions of Genera and Genera applications are also very well-documented and run quite smoothly, but others are poorly documented and run quite slowly as they are built on top of older versions without any real plan beyond adding on an extra feature here or there over and over again.

===Current Status===
Genera and Lisp Machines, while still being used in a select few locations, are not currently being developed, as their time has passed. Their legacy still lives on, however, in the object-oriented operating systems still in use today.

==Modula-3 Based==
===Overview===

An idea came to mind. A question was proposed. Can an operating system have extensibility, safety, and good performance? A group of computer scientists from Washington University took on this question and tried to come up with an answer. That’s how SPIN operating system was created. SPIN is an operating system that blends the user-level with the kernel level. The main feature is that the kernel can be extended using modules that implement interfaces to meet the applications needs to optimise performance and safety. The programming language used is Modula-3, and the reason for using this language is for its type safe properties like interfaces, extension, and its automatic storage management. The operating system sits on the traditional monolithic kernel. This is because the authors of SPIN argue that microkernels are not extendible due to the massive overhead created from switching in and out of the kernel.

===Motivation===

A poorly matched implementation prevents an
application from working well, while a poorly
matched interface prevents it from working at all.

This is the sole purpose for creating SPIN. The team had to meet three important features to make this work, a Flexible kernel with safe extensions and a good overall performance. Operating systems based on C/C++ are too general that handle many applications. Therefore, some programs may fall through the cracks and suffer the lack of safety and performance. The goal for SPIN however, was to create a specialized operating system that can run a range of applications without sacrificing safety or performance. This system would allow the user programs and applications to manipulate and change the system’s interface to load and access the data or memory needed safely and with a good overall performance. This was possible through the type safe extensions of Modula-3. Unlike C/C++, Modula-3 is considered a safe language; it guarantees the protection of the kernel from dangerous extension by forcing them to interact with the kernel through specific interfaces. Furthermore, the extensions are executed in the virtual address space not the user space.

===Achievements===

SPIN operating system came through with positive results, it actually works. Most of the goals set by the creators were accomplished. SPIN overcame the large overhead of microkernels by enforcing the extensions to be run in the kernel’s address space. The number of switches dropped which actually improved efficiency significantly.
By using Modula-3’s safe interfaces, there was no run-time checking of the code of the extensions. This was a huge advantage over languages like C/C++ due to the fact that a significant overhead was cleared from the execution time. SPIN addressed the latency issue by only allowing code with low latency, which is quite small, to access the system through extensions that access the kernel directly. This is another advantage of using a safe programming language.

===Problems===

Two general issues with extendible systems are adaptability and reliability. Using a safe programming language comes with a price. In SPIN, there is a loss of efficiency when the dynamic checks run for array index bounds. These checks also add a significant overhead to the execution time.
SPIN is written with very few Modula-3 code lines and are much easier to understand compared to other operating systems written in C or C++. However, the kernel of the system is almost entirely written in C and Assembly. These two languages are considered unsafe in contrast to Modula-3. The mix of safe and unsafe code is a huge complication which leads to many bugs, which compromises the safe extensions and interfaces used by applications.

===Current Status===

SPIN, and extendible operating systems in general, is becoming the playground for research. The authors of SPIN at the University of Washington are performing projects and continuing the on-going research of improving extendible operating systems. The solutions they might come up with could greatly influence the operating systems as we see them today.

==Smalltalk Based==
===Overview===

<blockquote>The best way to predict the future is to invent it. -- Alan Kay</blockquote>

If you are reading this paper on a personal computer, and it has a GUI with overlapping windows, desktop icons, and a mouse pointer then you owe a debt to a group of researchers led by Alan Kay at Xerox's Palo Alto Research Center, or Xerox PARC. Many of those ideas had appeared elsewhere in one form or another, but the first time they came together in a demonstrable and portable form was in the early 1970s at Xerox on a machine called the Alto [http://en.wikipedia.org/wiki/Xerox_Alto]. Their example of a working personal computer was to be the inspiration that launched Apple into the history books.

===Motivation===

Searching for operating systems written in Smalltalk is an exercise in recursion. The Smalltalk OS was written in -- what else -- Smalltalk. But Alan Kay's Learning Research Group (LRG) didn't just set out to write a clever new language that could bootstrap its own environment. Not only were they in California but they had also just survived the 1960s. Their goal was to produce an entirely new learning environment to "amplify human reach and bring new ways of thinking to a faltering civilization that desperately needed it." [http://www.smalltalk.org/smalltalk/TheEarlyHistoryOfSmalltalk_III.html]

===Achievements===

They did manage to invent new ways of think about computing. Alan Kay coined the term "object-oriented programming". His inspiration had come from notions of objects already well known in LISP but he wasn't shy about giving credit where it was due. Kay believed his knowledge of LISP helped him think more clearly about computer problems. He felt it contained "great thinking patterns" and "deep beauty" and he vowed to preserve these qualities in the language that would become Smalltalk.

But Kay wasn't just interested the symbolic language at the heart of a system. He incorporated recent studies on learning and cognition from such experts such as Maria Montessori, Jean Piaget, and Jerome Bruner in his goal to form a complete vision of the personal computer. For instance, Bruner's research implied that people learn new thoughts in a loose sequence of translations [http://en.wikipedia.org/wiki/Jerome_Bruner]. First there are actions, or ''enactive'' representations which transform into images or ''iconic'' representations, and finally into language or ''symbolic'' representations. We may take it for granted today, but it was human insights such as these that helped Kay form the basis of graphical user interfaces as channels through which we perceive ideas represented in a computer.

Still the language is no small point. The central idea in Smalltalk (and Smalltalk-80 as an example of a whole system) is that "everything is an object". This includes what we already might think of as objects, such as files, forms, and fields but it also includes transformational methods such as actions, behaviors, and calculations. This places it in distinct contrast with operating systems written in C, and even those written in C++. Gone are such notions as ''process'' and ''semaphore''. In their place are ''messages'' between objects and ''events'' to which interested objects may react.

Another difference in Smalltalk from C-based operating systems is the lack of security. The only means Smalltalk has of protecting anything is through the visibility (private or public) of an object's methods and properties. But if you know how to dig through the system you can modify -- and break -- just about everything. This may be offer a sense of freedom to some. In the networked world this seems more than a bit risky. Yes, Smalltalk has networking.

===Problems===

Performance in Smalltalk-80 wasn't what we expect from our machines today. A later version of the system called Squeak made some attempt to address this issue (and that of portability) by writing a C language generator to create its virtual machine. This was reasonably successful, and you can now run Squeak on a number of platforms including stand-alone inside of VirtualBox.

[[File:Squeak-Hello-Carleton.png]]

Most non-programmers don't know much about Smalltalk-80 or Squeak though it's tempting to speculate what might have happened if Xerox had chosen to keep its secrets from Apple and commercialize the Alto. The decision not to commercialize was one that hurt Alan Kay's team, one of whom in fact seized the moment and went to work for Apple. By the mid-seventies Kay wasn't sure they had completely solved the problems for which they had set. In his disillusionment he sought to burn everything and start over. He was concerned he would be fulfilling both claims of Marshall McLuhan, namely that "our tools reshape us" and "inadequate tools ''still'' reshape us", though presumably not always for the better.

===Current Status===

* Continuing Research
* OLPC

==Java Based==
===Overview===

Java is used on a plethora of devices and systems throughout the industry from cell phones to web applets. With Java being a language that creates a virtual machine for each application, one would think that it is already suited to be an operating system in itself but this is not the case. Java is built to run on top of other operating systems such as Microsoft Windows, Mac OS X and Ubuntu Linux rather than being a standalone system. This section will discuss various operating systems that are written in Java such as JavaOS, Android, JNode and JX.

[http://java.sun.com/developer/products/JavaOS/ JavaOS] is Sun Microsystems very own creation. This system runs on different layers to make a scalable and easily updateable operating system [http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. The first layer is the microkernel which handles the memory architecture, booting, interrupt handling, threading, traps and DMA handling. The Java Virtual Machine is also compiled into native code for the system and is run on top of the microkernel. The second layer consists of the JavaOS for Business software which extends the memory module to optimize for systems with limited memory[http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. All device drivers for the system are written and run in Java and are what the third layer is consisted of. Finally, the fourth layer is a stand-alone JDK runtime environment used to run user applications.

[http://www.android.com/ Android] was created by a very ambitious team at Google for use with cell phones. It is basically an operating system running on top of another minimalistic operating system. At the very lowest end of Android, a Linux 2.6 kernel is what powers it. All device drivers are written and compiled for the native hardware or compiled using Google’s Native Development Kit and core system libraries such as libc, OpenGL | ES and SQLite are dynamically linked in per application [http://developer.android.com/guide/basics/what-is-android.html]. In the Android runtime, the Dalvik Virtual Machine (DVM) controls applications similar to the Java Virtual Machine. Dalvik is similar to the aforementioned JavaOS as it relies on the kernel to manage threading and low-level memory management. Running on top of the DVM are core libraries and application frameworks for the Android operating system. These frameworks include resource management, window management, notification manage just to name a few. Applications are then built on top of these frameworks and are the end result in which the user will actually interact with.

[http://www.jnode.org/ JNode] began as the Java Bootable System (JBS) in 1995. Ewout Prangsma, the creator, was unhappy with the amount of native C and assembly used for the system so he began a new project, JNode. JNode only uses a small amount of assembly code for booting the system now compared to the initial JBS [http://www.jnode.org/node/174]. The rest of the system is completely written in Java including its graphical user interface. Applications in JNode are referred to as plugins [http://www.jnode.org/node/175] including the device drivers, filesystems, networking and user applications.

[http://www4.informatik.uni-erlangen.de/Projects/JX/index.html JX] was created at the University of Erlangen. At it’s base is a microkernel that the basic Java Virtual Machine runs on which is similar to JavaOS. The system runs on the idea of domains where the microkernel runs at domain level zero and subsequent programs run in domain A, B, C, etc. Domains contain their own threads, heap and garbage collector and can communicate with other domains using portals. A portal is essentially the same as inter-process communication but using domains as processes instead [http://www.usenix.org/events/usenix02/full_papers/golm/golm.pdf].

===Motivation===

Java is a powerful language that already contains the code necessary for running on many different platforms. With the concept of virtual machines for each individual application it provides a layer of security that not every operating system has. Each virtual machine has it’s own heap which keeps other processes from accessing and writing over already allocated memory since the kernel manages the memory paging. With the use of just-in-time (JIT) compilers, these operating systems can almost achieve comparable run times when compared to native compiled applications.

Since all Java applications are compiled into the same set of bytecode, third-parties can develop their own implementation of the Java runtime. For example, Google has created the Dalvik Virtual Machine for use with the Android platform so it will run more efficiently on small devices while reducing the memory footprint [http://developer.android.com/guide/basics/what-is-android.html]. Google has just recently released Android 2.2 which includes a new JIT compiler for their Dalvik Virtual Machine which can improve speeds of applications up to 2-5 times [http://android-developers.blogspot.com/2010/05/dalvik-jit.html]. IBM also has their own version of the Java Virtual Machine, J9, that is used in many of their own pieces of software and also includes its own implementation of a JIT compiler.

===Achievements===

Android is probably one of the most well-known and mainstream Java based operating system currently on the market. Even though it’s the youngest of the operating systems discussed, it has become one of the newest standards for smartphones. With over 150 devices and counting, Android continues to grow and develop.

===Problems===

One major issue with using Java for an operating system is completely relying on the operating system and kernel to manage memory. Since Java is a garbage collecting language, developers do not have direct access to the memory and have to rely on the operating system to clean up after any objects have been left behind. This can be an issue with lower memory systems while running multiple applications at the same time.

===Current Status===

Each operating system has been created or worked on in the last ten years but some have either halted development or have not seen a major stable release in quite a while. JavaOS is still being maintained by Oracle after they had purchased Sun Microsystems. JNode has not seen an update in over a year and a half [http://sourceforge.net/projects/jnode/files/]. JX also seems to be at a stand still in development with only a minor update after its 0.1 release [http://www4.informatik.uni-erlangen.de/Projects/JX/download-sources.html]. Finally, Android is the most active with minor or major updates coming out every few months. The current state Android is in is Android 2.2 with Android 3.0 currently being hinted for quarter four of 2010 [http://www.techradar.com/news/phone-and-communications/mobile-phones/android-3-0-details-you-need-to-know-706243].

== References ==

Moon, David A. "Genera Retrospective." ''1991 International Workshop on Object Orientation in Operating Systems'' (1991): 2-8. Print.

Moon, David A., Thomas F. Knight, John T. Holloway, and Richard D. Greenblatt. "A Lisp Machine." ''ACM SIGIR Forum'' 15.2 (1980): 137-38. Print.

Pleszkun, A. R., and M. J. Thazhuthaveetil. "The Architecture of Lisp Machines." ''Computer'' 20.3 (1987): 35-44. Print.

FOR SPIN

B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. Fiuczynski, D. Becker, S. Eggers, and C. Chambers. Extensibility, Safety and Performance in the SPIN Operating System. In the Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP), Copper Mountain, CO, December 1995.

W. C. Hsieh, M. E. Fiuczynski, C. Garrett, S. Savage, D. Becker and B. N. Bershad. Language Support for Extensible Operating Systems. Workshop on Compiler Support for System Software, University of Washington, February 1996.

S. Savage, B. N. Bershad. Issues in the Design of an Extensible Operating System. Proceedings of the First USENIX Symposium on Operatings Systems Design and Implementation (OSDI), November 1994 (Unpublished).

University of Washington, Dept. of Computer Science. The SPIN Operating System. [http://www.cs.washington.edu.html]

Talk:COMP 3000 Essay 1 2010 Question 4

2010-10-14T02:24:22Z

Ymoussou: /* Discussion */

== Discussion ==

I believe I finished the SPIN OS section. Let me know how I did and if anything needs to be added or changed. I posted all the papers that I used in the reference section.

--[[User:Ymoussou|Youcef M.]] 02:24, 14 October 2010 (UTC)

We have an extra day! I thought it was due in the morning. The paper is actually written by 2 authors of the system, I wonder why its not published. Thanks for your help.

--[[User:Ymoussou|Youcef M.]] 22:52, 13 October 2010 (UTC)

9 am Friday, since it's due Thursday night. As for the papers, I seem to recall him saying that we should be using published papers, but if it's non-published and by someone who's clearly an expert (instead of some random blogger or something) that it'd be okay. If you're not sure, though, give him a shout; he's pretty quick at responding.

--[[User:ScottG|ScottG]] 22:37, 13 October 2010 (UTC)

Guys, are we allowed to use unpublished papers? there is this paper in the SPIN website that is really helpful. I'm not sure if I'm allowed to use it for our essay, anybody has an idea?

Anil said something about grading the essays around 9 AM (or was it PM?). Was he talking about thursday or friday?

--[[User:Ymoussou|Youcef M.]] 21:57, 13 October 2010 (UTC)

Okay, I've basically got the Lisp section done. Gonna probably go back and tweak it, but at least it's there. And I added in what I used as references in the References section as per MLA style.

I can take a look at writing up something for the C/C++ part as well, just not sure how much I'll be able to get in the time I've got to spare between other courses right now. But I'll certainly try.

--[[User:ScottG|ScottG]] 15:37, 13 October 2010 (UTC)

Could somebody add a bit in the introduction on what it means to be an operating system written in C/C++? One focus should probably be the notion of process as hinted by Anil. There are probably other distinctions that can be dredged up too.

--[[User:Jjpwilso|Jjpwilso]] 02:57, 13 October 2010 (UTC)

Got some stuff up, rough copy only. Meant to get more done, but family stuff came up. More to come tomorrow.

--[[User:ScottG|ScottG]] 02:26, 13 October 2010 (UTC)

Right then, I'm on it.

--[[User:Mkugler|Mkugler]] 01:19, 13 October 2010 (UTC)

Hi MK, and welcome to the group. Anil mentioned Oberon just today, which is apparently another OS based on a cousin of modula-3. If you could find a way to extend the Modula-3 section with Oberon, perhaps with your own subsection (Youcef has already started with a SPIN section) that should help us round things up nicely. Note the goal is to compare capabilities with C/C++, so feel free to take a global view for thematic consistency too. I'll be doing a bit more in this respect on the Smalltalk section. As Anil said in lecture today, it should hold together as an essay even without the wiki-ish headings.

--[[User:Jjpwilso|Jjpwilso]] 01:07, 13 October 2010 (UTC)

Hey guys. I'm a bit late to the punch on this as I've been preoccupied with a ton of other stuff. I've read through what you've all done thus far and frankly think it's phenomenal, which brings me to my quandry. I wasn't here when you all laid claim to the various components of the essay and am not entirely certain where my efforts should be directed. I noticed that LISP so far is empty, but that it was claimed by ScottG on the 8th.

Is there anywhere in particular where you would like me to work? I'm committed to spending the better part of the next 48 hours entirely on this, so I can put together anything remaining that's needed. If you guys can't get back to me, I'll just expand on whatever I can find more information on.

--[[User:Mkugler|Mkugler]] 23:16, 12 October 2010 (UTC)

The SPIN work is looking good Youcef. Note: please try to put links to your sources in the text so we can see where your ideas are coming from.

--[[User:Jjpwilso|Jjpwilso]] 20:45, 12 October 2010 (UTC)

Anil gave me another clue into how he was thinking of comparisons between these OSes and C/C++. For Smalltalk at least the central theme mentions nothing about processes. Smalltalk is about objects, methods, and messages rather than the traditional C notion of processes manipulating data. This distinction or something similar to it may be useful when looking at other operating systems we're exploring.

--[[User:Jjpwilso|Jjpwilso]] 20:42, 12 October 2010 (UTC)

I've got some small amount of comparison in mine (haven't posted it, since I'm still trying to compile info on MIT's Lisp Machine, but will likely have most of it up tonight), but I would think it would be easier to perhaps do some small comparisons in the individual sections -- I'll be pointing out some differences in Genera and C++ OS's in OO memory, for example -- and then make some more broad strokes in the conclusion encompassing two or more of our chosen OS's and C/C++.

--[[User:ScottG|ScottG]] 19:19, 12 October 2010 (UTC)

Hi all. I'm gradually posting the sections that I finished so far I'd love to hear your thoughts and comments.

Anil also mentioned an important note on our question, we have to compare these operating systems to the ones developed using C and C++. Are we going to do that in the conclusion section? because so far we are not answering the second half of the question.

As for the Oberon, I just did a quick read in Wiki and it says that its written in oberon programming language. But it says its based on a modified version of Modula-2 and they don't mention modula-3, can we still talk about this OS? I cant really start on that today I have a chemistery midterm tomorrow morning, and tomorrow I'm going to finish the rest of SPIN sections.

--[[User:Ymoussou|Youcef M.]] 19:00, 12 October 2010 (UTC)

Thanks for the link Anil! For the group: I asked Anil a couple of questions after class today, and another OS he had in mind was [http://en.wikipedia.org/wiki/Oberon_(operating_system) Oberon], invented by the creator of Modula-3. I don't know if there's more to find about this than there is about SPIN but I've got my hands full for now.

--[[User:Jjpwilso|Jjpwilso]] 18:29, 12 October 2010 (UTC)

Rather than Squeak I was thinking about Smalltalk-80. Here's a [http://portal.acm.org/citation.cfm?id=273&dl=GUIDE,ACM book on Smalltalk] that's available online in the ACM digital library. Just the preface should tell you everything you need to know. [[User:Soma|Anil]] 03:15, 12 October 2010 (UTC)

Great work on the Java section. I might toss in a bit on the problems section about cross-platform compatibility once I get done with my part.

--[[User:Jjpwilso|Jjpwilso]] 23:57, 10 October 2010 (UTC)

I've posted what I have written so far for the Java section, if anyone has any suggestion/corrections feel free to post them.
EDIT: I've added the other sections of the Java based operating system.

--[[User:Selliot3|Selliot3]] 16:50, 10 October 2010 (UTC)

Re: Motivation. I had Smalltalk in mind when I roughed out the headings and it's pretty much what you suggested. But the headings are only a guideline. If you prefer a different structure for your sections feel free to improvise. As for format I am assuming an essay style.

Re: SPIN. The ACM site has some stuff. You'll need your student card handy to get through the Carleton Library proxy.

Here are a couple of links (you can find a TON more if you search for SPIN at the top of the portal):

[http://portal.acm.org.proxy.library.carleton.ca/citation.cfm?id=380921.380940&coll=ACM&dl=ACM&CFID=108110330&CFTOKEN=12401653 Distributed LTL model-checking in SPIN]

[http://portal.acm.org.proxy.library.carleton.ca/citation.cfm?id=380921.380935&coll=ACM&dl=ACM&CFID=108110330&CFTOKEN=12401653 Using SPIN for feature interaction analysis—a case study]

--[[User:Jjpwilso|Jjpwilso]] 16:25, 10 October 2010 (UTC)

This is all I could find on SPIN

SPIN-An extensible microkernel for application-specific operating system devices [http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA293537]

Extensibility, Safety and Performance in the SPIN Operating System [http://cseweb.ucsd.edu/~savage/papers/Sosp95.pdf]

SPIN-Operating System [http://cs-pub.bu.edu/fac/richwest/cs591_w1/notes/spin.pdf]

Lecture 9: SPIN operating system [http://www.youtube.com/watch?v=YE9uztJ_CFg]

--[[User:Ymoussou|Youcef M.]] 16:06, 10 October 2010 (UTC)

What is meant by "Motivation"? Would that be motivation to use the language for an operating system? Also, what format should we be doing this in? I'm pretty much writing in an essay style for the overview to explain all of the operating systems in Java with an introduction and a paragraph for each of the systems. Then, I would fill out a paragraph or two for Motivation, Problems, etc. Does that seem fine?

--[[User:Selliot3|Selliot3]] 15:13, 10 October 2010 (UTC)

Here's a link to the main [http://www-spin.cs.washington.edu/ SPIN website].

--[[User:Jjpwilso|Jjpwilso]] 16:40, 9 October 2010 (UTC)

I'll start right away, but the reference link doesn't work...

--Youcef M. 15:06, 9 October 2010 (UTC)

Welcome, Youcef. It would probably be best if you focused on one operating system for now. Nobody has claimed SPIN yet, the OS in Modula-3. Do you think you could dig into that? There's a good reference below.

--[[User:Jjpwilso|Jjpwilso]] 15:02, 9 October 2010 (UTC)

Hey guys I'm in the group, sorry for not adding something yet. I've been working on a table which has all the operating systems in those languages and comparing them to each other. But it was harder than I thought, I was trying to find where the OS's are similar and where they are different. It got a little bit long and random; I can find a lot of info on one OS but almost none on the other. Do you guys think its worth the trouble to finish it or should just forget about and keep up with you guys?

--Youcef M. 14:41, 9 October 2010 (UTC)

Particular to Squeak: [http://portal.acm.org.proxy.library.carleton.ca/ft_gateway.cfm?id=263754&type=pdf&coll=ACM&dl=ACM&CFID=107940135&CFTOKEN=78771329 Back to the Future - The Story of Squeak, A Practical Smalltalk Written in Itself]

--[[User:Jjpwilso|Jjpwilso]] 13:29, 9 October 2010 (UTC)

From an interview with Alan Kay, founder of Smalltalk, I tracked down a very useful history:
[http://portal.acm.org.proxy.library.carleton.ca/results.cfm?coll=ACM&dl=ACM&CFID=107940135&CFTOKEN=78771329 The Early History of Smalltalk]. There happen to be some important foundational points in here (with references) that relate to other systems as well. For instance he explains how LISP was a vital part of how he came to understand the power of languages. Warning: it's quite long and I don't understand half of it.

--[[User:Jjpwilso|Jjpwilso]] 13:02, 9 October 2010 (UTC)

I'd be fine doing LISP, among throwing out anything good for the other languages I happen to come across.

--[[User:ScottG|ScottG]] 21:27, 8 October 2010 (UTC)

Okay, lets all put down our preferences here and set a reasonable deadline of Saturday at 23:59 for a cutoff. Smalltalk would be my top choice. Of course any contributions to any language will be welcome.

--[[User:Jjpwilso|Jjpwilso]] 16:07, 8 October 2010 (UTC)

I would love to do the Java section. I`ve done quite a bit of development on Android and have also read a complete book on how the Android operating system works. Of course, there are other OS`s to look at but I`m a big fan of Android so I`m always happy to write about it haha.

--[[User:Selliot3|Selliot3]] 15:44, 8 October 2010 (UTC)

I recommend we use the habit of putting more recent comments at the top in case this gets to be a longish list. I've gone ahead and stubbed out a proposed structure. Please comment (thumbs up/down). If we all agree we can start dividing up the parts so we don't do the same work. We're lucky as a team to have such a nicely partitioned essay to write!

--[[User:Jjpwilso|Jjpwilso]] 13:23, 8 October 2010 (UTC)

Genera (LISP) - http://en.wikipedia.org/wiki/Genera_(operating_system) <-- only for a reference for now 
SPIN (Modula) - http://www-spin.cs.washington.edu%2Fexternal%2Foverview.html 
Squeak (SmallTalk) - http://en.wikipedia.org/wiki/Squeak <-- only a reference, says it's a programming language but can be used as an OS 
JavaOS (Java) - http://java.sun.com/developer/products/JavaOS/ 

--[[User:Selliot3|Selliot3]] 00:16, 6 October 2010 (UTC) or Charles

Not a great site, but gives a nice breakdown of the main points of Squeak - http://www.visoracle.com/squeak/overview.html 
And a much longer, more in-depth Squeak page - http://www.cosc.canterbury.ac.nz/wolfgang.kreutzer/cosc205/smalltalk1.html 
A nice breakdown for JavaOS - http://www.operating-system.org/betriebssystem/_english/bs-javaos.htm 
And a very nice PDF for Genera - http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=183015&tag=1 
--[[User:ScottG|ScottG]] 13:08, 6 October 2010 (UTC)

For Java section: [http://developer.android.com/guide/basics/what-is-android.html What is Android] shows the limited role of DVM (Android's JVM). 
--[[User:Jjpwilso|Jjpwilso]] 14:31, 7 October 2010 (UTC)

COMP 3000 Essay 1 2010 Question 4

2010-10-14T02:20:45Z

Ymoussou: /* References */

=Question=

What "operating systems" have been implemented in the following languages: LISP, Modula-3, Smalltalk, Java? To what extent do these systems match the capabilities of operating systems implemented in C and C++?

=Team Note (to be removed by delivery date)=

Please use the [[Talk:COMP_3000_Essay_1_2010_Question_4|discussion page]] for any planning and comments.

=Answer=

== Introduction ==

Not so long ago people believed the Earth was a flat world at the center of the universe. This essay addresses a more recent falsehood: that all operating systems are written in assembly language and C. It's not surprising that students of computing in this century would genuflect at the academic altars of Kernighan & Ritchie. After all we grew up with our computer worlds already pre-formed into the conceptual continents of Apple OS, UNIX, and Windows. The more historically curious among us are vaguely aware that other island cultures do exist but they represent civilizations defeated in the marketplace. Explorations into these ancient worlds resemble documentaries about archeologists decoding rediscovered languages etched in stone. But scratch the surface of any of our so-called modern operating systems and you'll find echoes of these ancient languages in our own familiar worlds. Ellen Ullman said it best when she wrote, <blockquote>''We build our computer systems like we build our cities: over time, without a plan, on top of ruins.''</blockquote>

In the sections below we present our explorations into a few truly foundational operating systems. We will also see some brand new ones that prove we stand, as one twelfth century scholar put it, [http://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants on the shoulders of giants].

The following is a short list of operating systems written partially or completely with the given language. We will go into more detail in the language-specific sections below.

{| class="wikitable" style="text-align:center" border="1"
|+ '''Operating Systems By Language'''
|-
!width="15%"|Language
!width="85%"|OS List
|-
! Lisp
| MIT's Lisp Machines, Genera
|-
! Modula-3
| SPIN OS, Oberon
|-
! Smalltalk
| Smalltalk-80 on Xerox Alto, Squeak
|-
! Java
| JavaOS, JNode, JX, Android
|}

==Lisp Based==
===Overview===
Lisp is the second oldest programming languages, established in the late 1960's as a list-processing language. It started out being perfect for math but when it came to programming with it, it left a lot to be desired. Since then there have been a number of different versions of it, from the first Lisp – called “pure Lisp” – to Scheme and Common Lisp. Unlike most object-oriented languages which are focused on classes and instances among other things, Lisp was initially focused more on functions, in which functions call other functions, though later versions of Lisp did eventually add in classes and other typical object-oriented features. It was after this that Genera was created, an operating system written entirely in Lisp, and developed from an earlier operating system on MIT's Lisp Machine.

The Lisp Machine project in began in 1974, where Richard Greenblatt and Thomas Knight, programmers at MIT, designed a computer for general use that was designed for a single user, in which the operating system was programmed entirely in Lisp. It was designed to be completely open to the user, so any changes the user wanted to make could be done during run-time. It was also one of the first systems to be programmed in a 32-bit architecture, making it far more versatile than a number of other operating systems at the time. Despite this, however, the first Lisp Machine was quite basic compared to later iterations, namely Genera.

===Motivation===
Genera is an evolution of the initial Lisp Machine operating system, and as such improved upon many of the basic features of the system. Genera was the first object-oriented operating system, making it stand out among the already well-known Lisp Machines, especially given the fact that it isn't a composition of languages like other operating systems – most using the primary language for the operating system and another language, such as assembly, to deal with hardware directly – but written entirely in Lisp – any of five different dialects of the language – including the lowest levels of the operating system that interact with hardware due to its effective lack of a kernel. Not having to deal with a kernel allows Genera to be very powerful and efficient in certain areas, most especially in the most complex applications such as those dealing with intelligent CAD and graphics, though when given very simple, very routine applications or processes it is much less efficient than other operating systems.

===Achievements===
Another primary difference from other operating systems is that Genera is a fully open system like the first Lisp Machines. Having an open system has its positive and negative aspects. Among the foremost positive aspects is that the user is in control and not left to the whims of the operating system as is common in non-open systems – if the user doesn't like how something is happening, they can simply go in and change it from happening that way again – and allows for very quick prototyping, not needing to wait to compile every little change. Also, due to utilizing very lightweight objects and the fact that everything is in a single address space rather than split across multiple spaces greatly increases efficiency, though again mainly in non-simple tasks.

Like operating systems written in C/C++, Genera has multiple inheritance and automatic garbage collection. Unlike C/C++, however, Genera uses object-oriented memory. This gives Genera a very useful feature that many other systems cannot do, which is that, given a memory address, the system is able to provide the start address, size, and the type of object in that memory location, which increases efficiency. Even the way files are accessed is very different from other operating systems, as it uses a generic file access system; in a generic file access system, rather than following a typical structure of keeping the commands needed for local and networked files different, the commands are the same, meaning that the system essentially acts like a file on a system on the other side of the world is a local file.

===Problems===
Not everything is great with an open system, however, as there are definite security concerns: with an open system, the user can change anything, and programs can interact with other programs and change anything, meaning that if a virus were unleashed on a Genera system it could be catastrophic. To counter this problem Genera systems are protected by a very simple method: keeping the physical system itself out of reach of all but authorized users and behind locked doors. To compare to other operating systems, such as those written in C/C++, it is generally less secure because of the open system, though they are both equally at risk when installing software, as both systems are completely open at that specific junction. Genera also has issues with modularity, as it allows for something to be called even when it is not supposed to be able to be called because, as it is an open system, there is nothing really stopping this from happening. Some versions of Genera and Genera applications are also very well-documented and run quite smoothly, but others are poorly documented and run quite slowly as they are built on top of older versions without any real plan beyond adding on an extra feature here or there over and over again.

===Current Status===
Genera and Lisp Machines, while still being used in a select few locations, are not currently being developed, as their time has passed. Their legacy still lives on, however, in the object-oriented operating systems still in use today.

==Modula-3 Based==
===Overview===

An idea came to mind. A question was proposed. Can an operating system have extensibility, safety, and good performance? A group of computer scientists from Washington University took on this question and tried to come up with an answer. That’s how SPIN operating system was created. SPIN is an operating system that blends the user-level with the kernel level. The main feature is that the kernel can be extended using modules that implement interfaces to meet the applications needs to optimise performance and safety. The programming language used is Modula-3, and the reason for using this language is for its type safe properties like interfaces, extension, and its automatic storage management. The operating system sits on the traditional monolithic kernel. This is because the authors of SPIN argue that microkernels are not extendible due to the massive overhead created from switching in and out of the kernel.

===Motivation===

A poorly matched implementation prevents an
application from working well, while a poorly
matched interface prevents it from working at all.

This is the sole purpose for creating SPIN. The team had to meet three important features to make this work, a Flexible kernel with safe extensions and a good overall performance. Operating systems based on C/C++ are too general that handle many applications. Therefore, some programs may fall through the cracks and suffer the lack of safety and performance. The goal for SPIN however, was to create a specialized operating system that can run a range of applications without sacrificing safety or performance. This system would allow the user programs and applications to manipulate and change the system’s interface to load and access the data or memory needed safely and with a good overall performance. This was possible through the type safe extensions of Modula-3. Unlike C/C++, Modula-3 is considered a safe language; it guarantees the protection of the kernel from dangerous extension by forcing them to interact with the kernel through specific interfaces. Furthermore, the extensions are executed in the virtual address space not the user space.

===Achievements===

SPIN operating system came through with positive results, it actually works. Most of the goals set by the creators were accomplished. SPIN overcame the large overhead of microkernels by enforcing the extensions to be run in the kernel’s address space. The number of switches dropped which actually improved efficiency significantly.
By using Modula-3’s safe interfaces, there was no run-time checking of the code of the extensions. This was a huge advantage over languages like C/C++ due to the fact that a significant overhead was cleared from the execution time. SPIN addressed the latency issue by only allowing code with low latency, which is quite small, to access the system through extensions that access the kernel directly. This is another advantage of using a safe programming language.

===Problems===

Two general issues with extendible systems are adaptability and reliability. Using a safe programming language comes with a price. In SPIN, there is a loss of efficiency when the dynamic checks run for array index bounds. These checks also add a significant overhead to the execution time.
SPIN is written with very few Modula-3 code lines and are much easier to understand compared to other operating systems written in C or C++. However, the kernel of the system is almost entirely written in C and Assembly. These two languages are considered unsafe in contrast to Modula-3. The mix of safe and unsafe code is a huge complication which leads to many bugs, which compromises the safe extensions and interfaces used by applications.

===Current Status===

SPIN and extendible operating systems in general, is becoming the playground for research. The authors of SPIN at the University of Washington are performing projects and continuing the on-going research of improving extendible operating systems. The solutions they might come up with could greatly influence the operating systems as we see them today.

==Smalltalk Based==
===Overview===

<blockquote>The best way to predict the future is to invent it. -- Alan Kay</blockquote>

If you are reading this paper on a personal computer, and it has a GUI with overlapping windows, desktop icons, and a mouse pointer then you owe a debt to a group of researchers led by Alan Kay at Xerox's Palo Alto Research Center, or Xerox PARC. Many of those ideas had appeared elsewhere in one form or another, but the first time they came together in a demonstrable and portable form was in the early 1970s at Xerox on a machine called the Alto [http://en.wikipedia.org/wiki/Xerox_Alto]. Their example of a working personal computer was to be the inspiration that launched Apple into the history books.

===Motivation===

Searching for operating systems written in Smalltalk is an exercise in recursion. The Smalltalk OS was written in -- what else -- Smalltalk. But Alan Kay's Learning Research Group (LRG) didn't just set out to write a clever new language that could bootstrap its own environment. Not only were they in California but they had also just survived the 1960s. Their goal was to produce an entirely new learning environment to "amplify human reach and bring new ways of thinking to a faltering civilization that desperately needed it." [http://www.smalltalk.org/smalltalk/TheEarlyHistoryOfSmalltalk_III.html]

===Achievements===

They did manage to invent new ways of think about computing. Alan Kay coined the term "object-oriented programming". His inspiration had come from notions of objects already well known in LISP but he wasn't shy about giving credit where it was due. Kay believed his knowledge of LISP helped him think more clearly about computer problems. He felt it contained "great thinking patterns" and "deep beauty" and he vowed to preserve these qualities in the language that would become Smalltalk.

But Kay wasn't just interested the symbolic language at the heart of a system. He incorporated recent studies on learning and cognition from such experts such as Maria Montessori, Jean Piaget, and Jerome Bruner in his goal to form a complete vision of the personal computer. For instance, Bruner's research implied that people learn new thoughts in a loose sequence of translations [http://en.wikipedia.org/wiki/Jerome_Bruner]. First there are actions, or ''enactive'' representations which transform into images or ''iconic'' representations, and finally into language or ''symbolic'' representations. We may take it for granted today, but it was human insights such as these that helped Kay form the basis of graphical user interfaces as channels through which we perceive ideas represented in a computer.

Still the language is no small point. The central idea in Smalltalk (and Smalltalk-80 as an example of a whole system) is that "everything is an object". This includes what we already might think of as objects, such as files, forms, and fields but it also includes transformational methods such as actions, behaviors, and calculations. This places it in distinct contrast with operating systems written in C, and even those written in C++. Gone are such notions as ''process'' and ''semaphore''. In their place are ''messages'' between objects and ''events'' to which interested objects may react.

Another difference in Smalltalk from C-based operating systems is the lack of security. The only means Smalltalk has of protecting anything is through the visibility (private or public) of an object's methods and properties. But if you know how to dig through the system you can modify -- and break -- just about everything. This may be offer a sense of freedom to some. In the networked world this seems more than a bit risky. Yes, Smalltalk has networking.

===Problems===

Performance in Smalltalk-80 wasn't what we expect from our machines today. A later version of the system called Squeak made some attempt to address this issue (and that of portability) by writing a C language generator to create its virtual machine. This was reasonably successful, and you can now run Squeak on a number of platforms including stand-alone inside of VirtualBox.

[[File:Squeak-Hello-Carleton.png]]

Most non-programmers don't know much about Smalltalk-80 or Squeak though it's tempting to speculate what might have happened if Xerox had chosen to keep its secrets from Apple and commercialize the Alto. The decision not to commercialize was one that hurt Alan Kay's team, one of whom in fact seized the moment and went to work for Apple. By the mid-seventies Kay wasn't sure they had completely solved the problems for which they had set. In his disillusionment he sought to burn everything and start over. He was concerned he would be fulfilling both claims of Marshall McLuhan, namely that "our tools reshape us" and "inadequate tools ''still'' reshape us", though presumably not always for the better.

===Current Status===

* Continuing Research
* OLPC

==Java Based==
===Overview===

Java is used on a plethora of devices and systems throughout the industry from cell phones to web applets. With Java being a language that creates a virtual machine for each application, one would think that it is already suited to be an operating system in itself but this is not the case. Java is built to run on top of other operating systems such as Microsoft Windows, Mac OS X and Ubuntu Linux rather than being a standalone system. This section will discuss various operating systems that are written in Java such as JavaOS, Android, JNode and JX.

[http://java.sun.com/developer/products/JavaOS/ JavaOS] is Sun Microsystems very own creation. This system runs on different layers to make a scalable and easily updateable operating system [http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. The first layer is the microkernel which handles the memory architecture, booting, interrupt handling, threading, traps and DMA handling. The Java Virtual Machine is also compiled into native code for the system and is run on top of the microkernel. The second layer consists of the JavaOS for Business software which extends the memory module to optimize for systems with limited memory[http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. All device drivers for the system are written and run in Java and are what the third layer is consisted of. Finally, the fourth layer is a stand-alone JDK runtime environment used to run user applications.

[http://www.android.com/ Android] was created by a very ambitious team at Google for use with cell phones. It is basically an operating system running on top of another minimalistic operating system. At the very lowest end of Android, a Linux 2.6 kernel is what powers it. All device drivers are written and compiled for the native hardware or compiled using Google’s Native Development Kit and core system libraries such as libc, OpenGL | ES and SQLite are dynamically linked in per application [http://developer.android.com/guide/basics/what-is-android.html]. In the Android runtime, the Dalvik Virtual Machine (DVM) controls applications similar to the Java Virtual Machine. Dalvik is similar to the aforementioned JavaOS as it relies on the kernel to manage threading and low-level memory management. Running on top of the DVM are core libraries and application frameworks for the Android operating system. These frameworks include resource management, window management, notification manage just to name a few. Applications are then built on top of these frameworks and are the end result in which the user will actually interact with.

[http://www.jnode.org/ JNode] began as the Java Bootable System (JBS) in 1995. Ewout Prangsma, the creator, was unhappy with the amount of native C and assembly used for the system so he began a new project, JNode. JNode only uses a small amount of assembly code for booting the system now compared to the initial JBS [http://www.jnode.org/node/174]. The rest of the system is completely written in Java including its graphical user interface. Applications in JNode are referred to as plugins [http://www.jnode.org/node/175] including the device drivers, filesystems, networking and user applications.

[http://www4.informatik.uni-erlangen.de/Projects/JX/index.html JX] was created at the University of Erlangen. At it’s base is a microkernel that the basic Java Virtual Machine runs on which is similar to JavaOS. The system runs on the idea of domains where the microkernel runs at domain level zero and subsequent programs run in domain A, B, C, etc. Domains contain their own threads, heap and garbage collector and can communicate with other domains using portals. A portal is essentially the same as inter-process communication but using domains as processes instead [http://www.usenix.org/events/usenix02/full_papers/golm/golm.pdf].

===Motivation===

Java is a powerful language that already contains the code necessary for running on many different platforms. With the concept of virtual machines for each individual application it provides a layer of security that not every operating system has. Each virtual machine has it’s own heap which keeps other processes from accessing and writing over already allocated memory since the kernel manages the memory paging. With the use of just-in-time (JIT) compilers, these operating systems can almost achieve comparable run times when compared to native compiled applications.

Since all Java applications are compiled into the same set of bytecode, third-parties can develop their own implementation of the Java runtime. For example, Google has created the Dalvik Virtual Machine for use with the Android platform so it will run more efficiently on small devices while reducing the memory footprint [http://developer.android.com/guide/basics/what-is-android.html]. Google has just recently released Android 2.2 which includes a new JIT compiler for their Dalvik Virtual Machine which can improve speeds of applications up to 2-5 times [http://android-developers.blogspot.com/2010/05/dalvik-jit.html]. IBM also has their own version of the Java Virtual Machine, J9, that is used in many of their own pieces of software and also includes its own implementation of a JIT compiler.

===Achievements===

Android is probably one of the most well-known and mainstream Java based operating system currently on the market. Even though it’s the youngest of the operating systems discussed, it has become one of the newest standards for smartphones. With over 150 devices and counting, Android continues to grow and develop.

===Problems===

One major issue with using Java for an operating system is completely relying on the operating system and kernel to manage memory. Since Java is a garbage collecting language, developers do not have direct access to the memory and have to rely on the operating system to clean up after any objects have been left behind. This can be an issue with lower memory systems while running multiple applications at the same time.

===Current Status===

Each operating system has been created or worked on in the last ten years but some have either halted development or have not seen a major stable release in quite a while. JavaOS is still being maintained by Oracle after they had purchased Sun Microsystems. JNode has not seen an update in over a year and a half [http://sourceforge.net/projects/jnode/files/]. JX also seems to be at a stand still in development with only a minor update after its 0.1 release [http://www4.informatik.uni-erlangen.de/Projects/JX/download-sources.html]. Finally, Android is the most active with minor or major updates coming out every few months. The current state Android is in is Android 2.2 with Android 3.0 currently being hinted for quarter four of 2010 [http://www.techradar.com/news/phone-and-communications/mobile-phones/android-3-0-details-you-need-to-know-706243].

== References ==

Moon, David A. "Genera Retrospective." ''1991 International Workshop on Object Orientation in Operating Systems'' (1991): 2-8. Print.

Moon, David A., Thomas F. Knight, John T. Holloway, and Richard D. Greenblatt. "A Lisp Machine." ''ACM SIGIR Forum'' 15.2 (1980): 137-38. Print.

Pleszkun, A. R., and M. J. Thazhuthaveetil. "The Architecture of Lisp Machines." ''Computer'' 20.3 (1987): 35-44. Print.

FOR SPIN

B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, M. Fiuczynski, D. Becker, S. Eggers, and C. Chambers. Extensibility, Safety and Performance in the SPIN Operating System. In the Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP), Copper Mountain, CO, December 1995.

W. C. Hsieh, M. E. Fiuczynski, C. Garrett, S. Savage, D. Becker and B. N. Bershad. Language Support for Extensible Operating Systems. Workshop on Compiler Support for System Software, University of Washington, February 1996.

S. Savage, B. N. Bershad. Issues in the Design of an Extensible Operating System. Proceedings of the First USENIX Symposium on Operatings Systems Design and Implementation (OSDI), November 1994 (Unpublished).

University of Washington, Dept. of Computer Science. The SPIN Operating System. [http://www.cs.washington.edu.html]

COMP 3000 Essay 1 2010 Question 4

2010-10-14T02:14:20Z

Ymoussou: /* Current Status */

=Question=

What "operating systems" have been implemented in the following languages: LISP, Modula-3, Smalltalk, Java? To what extent do these systems match the capabilities of operating systems implemented in C and C++?

=Team Note (to be removed by delivery date)=

Please use the [[Talk:COMP_3000_Essay_1_2010_Question_4|discussion page]] for any planning and comments.

=Answer=

== Introduction ==

Not so long ago people believed the Earth was a flat world at the center of the universe. This essay addresses a more recent falsehood: that all operating systems are written in assembly language and C. It's not surprising that students of computing in this century would genuflect at the academic altars of Kernighan & Ritchie. After all we grew up with our computer worlds already pre-formed into the conceptual continents of Apple OS, UNIX, and Windows. The more historically curious among us are vaguely aware that other island cultures do exist but they represent civilizations defeated in the marketplace. Explorations into these ancient worlds resemble documentaries about archeologists decoding rediscovered languages etched in stone. But scratch the surface of any of our so-called modern operating systems and you'll find echoes of these ancient languages in our own familiar worlds. Ellen Ullman said it best when she wrote, <blockquote>''We build our computer systems like we build our cities: over time, without a plan, on top of ruins.''</blockquote>

In the sections below we present our explorations into a few truly foundational operating systems. We will also see some brand new ones that prove we stand, as one twelfth century scholar put it, [http://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants on the shoulders of giants].

The following is a short list of operating systems written partially or completely with the given language. We will go into more detail in the language-specific sections below.

{| class="wikitable" style="text-align:center" border="1"
|+ '''Operating Systems By Language'''
|-
!width="15%"|Language
!width="85%"|OS List
|-
! Lisp
| MIT's Lisp Machines, Genera
|-
! Modula-3
| SPIN OS, Oberon
|-
! Smalltalk
| Smalltalk-80 on Xerox Alto, Squeak
|-
! Java
| JavaOS, JNode, JX, Android
|}

==Lisp Based==
===Overview===
Lisp is the second oldest programming languages, established in the late 1960's as a list-processing language. It started out being perfect for math but when it came to programming with it, it left a lot to be desired. Since then there have been a number of different versions of it, from the first Lisp – called “pure Lisp” – to Scheme and Common Lisp. Unlike most object-oriented languages which are focused on classes and instances among other things, Lisp was initially focused more on functions, in which functions call other functions, though later versions of Lisp did eventually add in classes and other typical object-oriented features. It was after this that Genera was created, an operating system written entirely in Lisp, and developed from an earlier operating system on MIT's Lisp Machine.

The Lisp Machine project in began in 1974, where Richard Greenblatt and Thomas Knight, programmers at MIT, designed a computer for general use that was designed for a single user, in which the operating system was programmed entirely in Lisp. It was designed to be completely open to the user, so any changes the user wanted to make could be done during run-time. It was also one of the first systems to be programmed in a 32-bit architecture, making it far more versatile than a number of other operating systems at the time. Despite this, however, the first Lisp Machine was quite basic compared to later iterations, namely Genera.

===Motivation===
Genera is an evolution of the initial Lisp Machine operating system, and as such improved upon many of the basic features of the system. Genera was the first object-oriented operating system, making it stand out among the already well-known Lisp Machines, especially given the fact that it isn't a composition of languages like other operating systems – most using the primary language for the operating system and another language, such as assembly, to deal with hardware directly – but written entirely in Lisp – any of five different dialects of the language – including the lowest levels of the operating system that interact with hardware due to its effective lack of a kernel. Not having to deal with a kernel allows Genera to be very powerful and efficient in certain areas, most especially in the most complex applications such as those dealing with intelligent CAD and graphics, though when given very simple, very routine applications or processes it is much less efficient than other operating systems.

===Achievements===
Another primary difference from other operating systems is that Genera is a fully open system like the first Lisp Machines. Having an open system has its positive and negative aspects. Among the foremost positive aspects is that the user is in control and not left to the whims of the operating system as is common in non-open systems – if the user doesn't like how something is happening, they can simply go in and change it from happening that way again – and allows for very quick prototyping, not needing to wait to compile every little change. Also, due to utilizing very lightweight objects and the fact that everything is in a single address space rather than split across multiple spaces greatly increases efficiency, though again mainly in non-simple tasks.

Like operating systems written in C/C++, Genera has multiple inheritance and automatic garbage collection. Unlike C/C++, however, Genera uses object-oriented memory. This gives Genera a very useful feature that many other systems cannot do, which is that, given a memory address, the system is able to provide the start address, size, and the type of object in that memory location, which increases efficiency. Even the way files are accessed is very different from other operating systems, as it uses a generic file access system; in a generic file access system, rather than following a typical structure of keeping the commands needed for local and networked files different, the commands are the same, meaning that the system essentially acts like a file on a system on the other side of the world is a local file.

===Problems===
Not everything is great with an open system, however, as there are definite security concerns: with an open system, the user can change anything, and programs can interact with other programs and change anything, meaning that if a virus were unleashed on a Genera system it could be catastrophic. To counter this problem Genera systems are protected by a very simple method: keeping the physical system itself out of reach of all but authorized users and behind locked doors. To compare to other operating systems, such as those written in C/C++, it is generally less secure because of the open system, though they are both equally at risk when installing software, as both systems are completely open at that specific junction. Genera also has issues with modularity, as it allows for something to be called even when it is not supposed to be able to be called because, as it is an open system, there is nothing really stopping this from happening. Some versions of Genera and Genera applications are also very well-documented and run quite smoothly, but others are poorly documented and run quite slowly as they are built on top of older versions without any real plan beyond adding on an extra feature here or there over and over again.

===Current Status===
Genera and Lisp Machines, while still being used in a select few locations, are not currently being developed, as their time has passed. Their legacy still lives on, however, in the object-oriented operating systems still in use today.

==Modula-3 Based==
===Overview===

An idea came to mind. A question was proposed. Can an operating system have extensibility, safety, and good performance? A group of computer scientists from Washington University took on this question and tried to come up with an answer. That’s how SPIN operating system was created. SPIN is an operating system that blends the user-level with the kernel level. The main feature is that the kernel can be extended using modules that implement interfaces to meet the applications needs to optimise performance and safety. The programming language used is Modula-3, and the reason for using this language is for its type safe properties like interfaces, extension, and its automatic storage management. The operating system sits on the traditional monolithic kernel. This is because the authors of SPIN argue that microkernels are not extendible due to the massive overhead created from switching in and out of the kernel.

===Motivation===

A poorly matched implementation prevents an
application from working well, while a poorly
matched interface prevents it from working at all.

This is the sole purpose for creating SPIN. The team had to meet three important features to make this work, a Flexible kernel with safe extensions and a good overall performance. Operating systems based on C/C++ are too general that handle many applications. Therefore, some programs may fall through the cracks and suffer the lack of safety and performance. The goal for SPIN however, was to create a specialized operating system that can run a range of applications without sacrificing safety or performance. This system would allow the user programs and applications to manipulate and change the system’s interface to load and access the data or memory needed safely and with a good overall performance. This was possible through the type safe extensions of Modula-3. Unlike C/C++, Modula-3 is considered a safe language; it guarantees the protection of the kernel from dangerous extension by forcing them to interact with the kernel through specific interfaces. Furthermore, the extensions are executed in the virtual address space not the user space.

===Achievements===

SPIN operating system came through with positive results, it actually works. Most of the goals set by the creators were accomplished. SPIN overcame the large overhead of microkernels by enforcing the extensions to be run in the kernel’s address space. The number of switches dropped which actually improved efficiency significantly.
By using Modula-3’s safe interfaces, there was no run-time checking of the code of the extensions. This was a huge advantage over languages like C/C++ due to the fact that a significant overhead was cleared from the execution time. SPIN addressed the latency issue by only allowing code with low latency, which is quite small, to access the system through extensions that access the kernel directly. This is another advantage of using a safe programming language.

===Problems===

Two general issues with extendible systems are adaptability and reliability. Using a safe programming language comes with a price. In SPIN, there is a loss of efficiency when the dynamic checks run for array index bounds. These checks also add a significant overhead to the execution time.
SPIN is written with very few Modula-3 code lines and are much easier to understand compared to other operating systems written in C or C++. However, the kernel of the system is almost entirely written in C and Assembly. These two languages are considered unsafe in contrast to Modula-3. The mix of safe and unsafe code is a huge complication which leads to many bugs, which compromises the safe extensions and interfaces used by applications.

===Current Status===

SPIN and extendible operating systems in general, is becoming the playground for research. The authors of SPIN at the University of Washington are performing projects and continuing the on-going research of improving extendible operating systems. The solutions they might come up with could greatly influence the operating systems as we see them today.

==Smalltalk Based==
===Overview===

<blockquote>The best way to predict the future is to invent it. -- Alan Kay</blockquote>

If you are reading this paper on a personal computer, and it has a GUI with overlapping windows, desktop icons, and a mouse pointer then you owe a debt to a group of researchers led by Alan Kay at Xerox's Palo Alto Research Center, or Xerox PARC. Many of those ideas had appeared elsewhere in one form or another, but the first time they came together in a demonstrable and portable form was in the early 1970s at Xerox on a machine called the Alto [http://en.wikipedia.org/wiki/Xerox_Alto]. Their example of a working personal computer was to be the inspiration that launched Apple into the history books.

===Motivation===

Searching for operating systems written in Smalltalk is an exercise in recursion. The Smalltalk OS was written in -- what else -- Smalltalk. But Alan Kay's Learning Research Group (LRG) didn't just set out to write a clever new language that could bootstrap its own environment. Not only were they in California but they had also just survived the 1960s. Their goal was to produce an entirely new learning environment to "amplify human reach and bring new ways of thinking to a faltering civilization that desperately needed it." [http://www.smalltalk.org/smalltalk/TheEarlyHistoryOfSmalltalk_III.html]

===Achievements===

They did manage to invent new ways of think about computing. Alan Kay coined the term "object-oriented programming". His inspiration had come from notions of objects already well known in LISP but he wasn't shy about giving credit where it was due. Kay believed his knowledge of LISP helped him think more clearly about computer problems. He felt it contained "great thinking patterns" and "deep beauty" and he vowed to preserve these qualities in the language that would become Smalltalk.

But Kay wasn't just interested the symbolic language at the heart of a system. He incorporated recent studies on learning and cognition from such experts such as Maria Montessori, Jean Piaget, and Jerome Bruner in his goal to form a complete vision of the personal computer. For instance, Bruner's research implied that people learn new thoughts in a loose sequence of translations [http://en.wikipedia.org/wiki/Jerome_Bruner]. First there are actions, or ''enactive'' representations which transform into images or ''iconic'' representations, and finally into language or ''symbolic'' representations. We may take it for granted today, but it was human insights such as these that helped Kay form the basis of graphical user interfaces as channels through which we perceive ideas represented in a computer.

Still the language is no small point. The central idea in Smalltalk (and Smalltalk-80 as an example of a whole system) is that "everything is an object". This includes what we already might think of as objects, such as files, forms, and fields but it also includes transformational methods such as actions, behaviors, and calculations. This places it in distinct contrast with operating systems written in C, and even those written in C++. Gone are such notions as ''process'' and ''semaphore''. In their place are ''messages'' between objects and ''events'' to which interested objects may react.

Another difference in Smalltalk from C-based operating systems is the lack of security. The only means Smalltalk has of protecting anything is through the visibility (private or public) of an object's methods and properties. But if you know how to dig through the system you can modify -- and break -- just about everything. This may be offer a sense of freedom to some. In the networked world this seems more than a bit risky. Yes, Smalltalk has networking.

===Problems===

Performance in Smalltalk-80 wasn't what we expect from our machines today. A later version of the system called Squeak made some attempt to address this issue (and that of portability) by writing a C language generator to create its virtual machine. This was reasonably successful, and you can now run Squeak on a number of platforms including stand-alone inside of VirtualBox.

[[File:Squeak-Hello-Carleton.png]]

Most non-programmers don't know much about Smalltalk-80 or Squeak though it's tempting to speculate what might have happened if Xerox had chosen to keep its secrets from Apple and commercialize the Alto. The decision not to commercialize was one that hurt Alan Kay's team, one of whom in fact seized the moment and went to work for Apple. By the mid-seventies Kay wasn't sure they had completely solved the problems for which they had set. In his disillusionment he sought to burn everything and start over. He was concerned he would be fulfilling both claims of Marshall McLuhan, namely that "our tools reshape us" and "inadequate tools ''still'' reshape us", though presumably not always for the better.

===Current Status===

* Continuing Research
* OLPC

==Java Based==
===Overview===

Java is used on a plethora of devices and systems throughout the industry from cell phones to web applets. With Java being a language that creates a virtual machine for each application, one would think that it is already suited to be an operating system in itself but this is not the case. Java is built to run on top of other operating systems such as Microsoft Windows, Mac OS X and Ubuntu Linux rather than being a standalone system. This section will discuss various operating systems that are written in Java such as JavaOS, Android, JNode and JX.

[http://java.sun.com/developer/products/JavaOS/ JavaOS] is Sun Microsystems very own creation. This system runs on different layers to make a scalable and easily updateable operating system [http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. The first layer is the microkernel which handles the memory architecture, booting, interrupt handling, threading, traps and DMA handling. The Java Virtual Machine is also compiled into native code for the system and is run on top of the microkernel. The second layer consists of the JavaOS for Business software which extends the memory module to optimize for systems with limited memory[http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. All device drivers for the system are written and run in Java and are what the third layer is consisted of. Finally, the fourth layer is a stand-alone JDK runtime environment used to run user applications.

[http://www.android.com/ Android] was created by a very ambitious team at Google for use with cell phones. It is basically an operating system running on top of another minimalistic operating system. At the very lowest end of Android, a Linux 2.6 kernel is what powers it. All device drivers are written and compiled for the native hardware or compiled using Google’s Native Development Kit and core system libraries such as libc, OpenGL | ES and SQLite are dynamically linked in per application [http://developer.android.com/guide/basics/what-is-android.html]. In the Android runtime, the Dalvik Virtual Machine (DVM) controls applications similar to the Java Virtual Machine. Dalvik is similar to the aforementioned JavaOS as it relies on the kernel to manage threading and low-level memory management. Running on top of the DVM are core libraries and application frameworks for the Android operating system. These frameworks include resource management, window management, notification manage just to name a few. Applications are then built on top of these frameworks and are the end result in which the user will actually interact with.

[http://www.jnode.org/ JNode] began as the Java Bootable System (JBS) in 1995. Ewout Prangsma, the creator, was unhappy with the amount of native C and assembly used for the system so he began a new project, JNode. JNode only uses a small amount of assembly code for booting the system now compared to the initial JBS [http://www.jnode.org/node/174]. The rest of the system is completely written in Java including its graphical user interface. Applications in JNode are referred to as plugins [http://www.jnode.org/node/175] including the device drivers, filesystems, networking and user applications.

[http://www4.informatik.uni-erlangen.de/Projects/JX/index.html JX] was created at the University of Erlangen. At it’s base is a microkernel that the basic Java Virtual Machine runs on which is similar to JavaOS. The system runs on the idea of domains where the microkernel runs at domain level zero and subsequent programs run in domain A, B, C, etc. Domains contain their own threads, heap and garbage collector and can communicate with other domains using portals. A portal is essentially the same as inter-process communication but using domains as processes instead [http://www.usenix.org/events/usenix02/full_papers/golm/golm.pdf].

===Motivation===

Java is a powerful language that already contains the code necessary for running on many different platforms. With the concept of virtual machines for each individual application it provides a layer of security that not every operating system has. Each virtual machine has it’s own heap which keeps other processes from accessing and writing over already allocated memory since the kernel manages the memory paging. With the use of just-in-time (JIT) compilers, these operating systems can almost achieve comparable run times when compared to native compiled applications.

Since all Java applications are compiled into the same set of bytecode, third-parties can develop their own implementation of the Java runtime. For example, Google has created the Dalvik Virtual Machine for use with the Android platform so it will run more efficiently on small devices while reducing the memory footprint [http://developer.android.com/guide/basics/what-is-android.html]. Google has just recently released Android 2.2 which includes a new JIT compiler for their Dalvik Virtual Machine which can improve speeds of applications up to 2-5 times [http://android-developers.blogspot.com/2010/05/dalvik-jit.html]. IBM also has their own version of the Java Virtual Machine, J9, that is used in many of their own pieces of software and also includes its own implementation of a JIT compiler.

===Achievements===

Android is probably one of the most well-known and mainstream Java based operating system currently on the market. Even though it’s the youngest of the operating systems discussed, it has become one of the newest standards for smartphones. With over 150 devices and counting, Android continues to grow and develop.

===Problems===

One major issue with using Java for an operating system is completely relying on the operating system and kernel to manage memory. Since Java is a garbage collecting language, developers do not have direct access to the memory and have to rely on the operating system to clean up after any objects have been left behind. This can be an issue with lower memory systems while running multiple applications at the same time.

===Current Status===

Each operating system has been created or worked on in the last ten years but some have either halted development or have not seen a major stable release in quite a while. JavaOS is still being maintained by Oracle after they had purchased Sun Microsystems. JNode has not seen an update in over a year and a half [http://sourceforge.net/projects/jnode/files/]. JX also seems to be at a stand still in development with only a minor update after its 0.1 release [http://www4.informatik.uni-erlangen.de/Projects/JX/download-sources.html]. Finally, Android is the most active with minor or major updates coming out every few months. The current state Android is in is Android 2.2 with Android 3.0 currently being hinted for quarter four of 2010 [http://www.techradar.com/news/phone-and-communications/mobile-phones/android-3-0-details-you-need-to-know-706243].

== References ==

Moon, David A. "Genera Retrospective." ''1991 International Workshop on Object Orientation in Operating Systems'' (1991): 2-8. Print.

Moon, David A., Thomas F. Knight, John T. Holloway, and Richard D. Greenblatt. "A Lisp Machine." ''ACM SIGIR Forum'' 15.2 (1980): 137-38. Print.

Pleszkun, A. R., and M. J. Thazhuthaveetil. "The Architecture of Lisp Machines." ''Computer'' 20.3 (1987): 35-44. Print.

COMP 3000 Essay 1 2010 Question 4

2010-10-14T02:07:45Z

Ymoussou: /* Problems */

=Question=

What "operating systems" have been implemented in the following languages: LISP, Modula-3, Smalltalk, Java? To what extent do these systems match the capabilities of operating systems implemented in C and C++?

=Team Note (to be removed by delivery date)=

Please use the [[Talk:COMP_3000_Essay_1_2010_Question_4|discussion page]] for any planning and comments.

=Answer=

== Introduction ==

Not so long ago people believed the Earth was a flat world at the center of the universe. This essay addresses a more recent falsehood: that all operating systems are written in assembly language and C. It's not surprising that students of computing in this century would genuflect at the academic altars of Kernighan & Ritchie. After all we grew up with our computer worlds already pre-formed into the conceptual continents of Apple OS, UNIX, and Windows. The more historically curious among us are vaguely aware that other island cultures do exist but they represent civilizations defeated in the marketplace. Explorations into these ancient worlds resemble documentaries about archeologists decoding rediscovered languages etched in stone. But scratch the surface of any of our so-called modern operating systems and you'll find echoes of these ancient languages in our own familiar worlds. Ellen Ullman said it best when she wrote, <blockquote>''We build our computer systems like we build our cities: over time, without a plan, on top of ruins.''</blockquote>

In the sections below we present our explorations into a few truly foundational operating systems. We will also see some brand new ones that prove we stand, as one twelfth century scholar put it, [http://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants on the shoulders of giants].

The following is a short list of operating systems written partially or completely with the given language. We will go into more detail in the language-specific sections below.

{| class="wikitable" style="text-align:center" border="1"
|+ '''Operating Systems By Language'''
|-
!width="15%"|Language
!width="85%"|OS List
|-
! Lisp
| MIT's Lisp Machines, Genera
|-
! Modula-3
| SPIN OS, Oberon
|-
! Smalltalk
| Smalltalk-80 on Xerox Alto, Squeak
|-
! Java
| JavaOS, JNode, JX, Android
|}

==Lisp Based==
===Overview===
Lisp is the second oldest programming languages, established in the late 1960's as a list-processing language. It started out being perfect for math but when it came to programming with it, it left a lot to be desired. Since then there have been a number of different versions of it, from the first Lisp – called “pure Lisp” – to Scheme and Common Lisp. Unlike most object-oriented languages which are focused on classes and instances among other things, Lisp was initially focused more on functions, in which functions call other functions, though later versions of Lisp did eventually add in classes and other typical object-oriented features. It was after this that Genera was created, an operating system written entirely in Lisp, and developed from an earlier operating system on MIT's Lisp Machine.

The Lisp Machine project in began in 1974, where Richard Greenblatt and Thomas Knight, programmers at MIT, designed a computer for general use that was designed for a single user, in which the operating system was programmed entirely in Lisp. It was designed to be completely open to the user, so any changes the user wanted to make could be done during run-time. It was also one of the first systems to be programmed in a 32-bit architecture, making it far more versatile than a number of other operating systems at the time. Despite this, however, the first Lisp Machine was quite basic compared to later iterations, namely Genera.

===Motivation===
Genera is an evolution of the initial Lisp Machine operating system, and as such improved upon many of the basic features of the system. Genera was the first object-oriented operating system, making it stand out among the already well-known Lisp Machines, especially given the fact that it isn't a composition of languages like other operating systems – most using the primary language for the operating system and another language, such as assembly, to deal with hardware directly – but written entirely in Lisp – any of five different dialects of the language – including the lowest levels of the operating system that interact with hardware due to its effective lack of a kernel. Not having to deal with a kernel allows Genera to be very powerful and efficient in certain areas, most especially in the most complex applications such as those dealing with intelligent CAD and graphics, though when given very simple, very routine applications or processes it is much less efficient than other operating systems.

===Achievements===
Another primary difference from other operating systems is that Genera is a fully open system like the first Lisp Machines. Having an open system has its positive and negative aspects. Among the foremost positive aspects is that the user is in control and not left to the whims of the operating system as is common in non-open systems – if the user doesn't like how something is happening, they can simply go in and change it from happening that way again – and allows for very quick prototyping, not needing to wait to compile every little change. Also, due to utilizing very lightweight objects and the fact that everything is in a single address space rather than split across multiple spaces greatly increases efficiency, though again mainly in non-simple tasks.

Like operating systems written in C/C++, Genera has multiple inheritance and automatic garbage collection. Unlike C/C++, however, Genera uses object-oriented memory. This gives Genera a very useful feature that many other systems cannot do, which is that, given a memory address, the system is able to provide the start address, size, and the type of object in that memory location, which increases efficiency. Even the way files are accessed is very different from other operating systems, as it uses a generic file access system; in a generic file access system, rather than following a typical structure of keeping the commands needed for local and networked files different, the commands are the same, meaning that the system essentially acts like a file on a system on the other side of the world is a local file.

===Problems===
Not everything is great with an open system, however, as there are definite security concerns: with an open system, the user can change anything, and programs can interact with other programs and change anything, meaning that if a virus were unleashed on a Genera system it could be catastrophic. To counter this problem Genera systems are protected by a very simple method: keeping the physical system itself out of reach of all but authorized users and behind locked doors. To compare to other operating systems, such as those written in C/C++, it is generally less secure because of the open system, though they are both equally at risk when installing software, as both systems are completely open at that specific junction. Genera also has issues with modularity, as it allows for something to be called even when it is not supposed to be able to be called because, as it is an open system, there is nothing really stopping this from happening. Some versions of Genera and Genera applications are also very well-documented and run quite smoothly, but others are poorly documented and run quite slowly as they are built on top of older versions without any real plan beyond adding on an extra feature here or there over and over again.

===Current Status===
Genera and Lisp Machines, while still being used in a select few locations, are not currently being developed, as their time has passed. Their legacy still lives on, however, in the object-oriented operating systems still in use today.

==Modula-3 Based==
===Overview===

An idea came to mind. A question was proposed. Can an operating system have extensibility, safety, and good performance? A group of computer scientists from Washington University took on this question and tried to come up with an answer. That’s how SPIN operating system was created. SPIN is an operating system that blends the user-level with the kernel level. The main feature is that the kernel can be extended using modules that implement interfaces to meet the applications needs to optimise performance and safety. The programming language used is Modula-3, and the reason for using this language is for its type safe properties like interfaces, extension, and its automatic storage management. The operating system sits on the traditional monolithic kernel. This is because the authors of SPIN argue that microkernels are not extendible due to the massive overhead created from switching in and out of the kernel.

===Motivation===

A poorly matched implementation prevents an
application from working well, while a poorly
matched interface prevents it from working at all.

This is the sole purpose for creating SPIN. The team had to meet three important features to make this work, a Flexible kernel with safe extensions and a good overall performance. Operating systems based on C/C++ are too general that handle many applications. Therefore, some programs may fall through the cracks and suffer the lack of safety and performance. The goal for SPIN however, was to create a specialized operating system that can run a range of applications without sacrificing safety or performance. This system would allow the user programs and applications to manipulate and change the system’s interface to load and access the data or memory needed safely and with a good overall performance. This was possible through the type safe extensions of Modula-3. Unlike C/C++, Modula-3 is considered a safe language; it guarantees the protection of the kernel from dangerous extension by forcing them to interact with the kernel through specific interfaces. Furthermore, the extensions are executed in the virtual address space not the user space.

===Achievements===

SPIN operating system came through with positive results, it actually works. Most of the goals set by the creators were accomplished. SPIN overcame the large overhead of microkernels by enforcing the extensions to be run in the kernel’s address space. The number of switches dropped which actually improved efficiency significantly.
By using Modula-3’s safe interfaces, there was no run-time checking of the code of the extensions. This was a huge advantage over languages like C/C++ due to the fact that a significant overhead was cleared from the execution time. SPIN addressed the latency issue by only allowing code with low latency, which is quite small, to access the system through extensions that access the kernel directly. This is another advantage of using a safe programming language.

===Problems===

Two general issues with extendible systems are adaptability and reliability. Using a safe programming language comes with a price. In SPIN, there is a loss of efficiency when the dynamic checks run for array index bounds. These checks also add a significant overhead to the execution time.
SPIN is written with very few Modula-3 code lines and are much easier to understand compared to other operating systems written in C or C++. However, the kernel of the system is almost entirely written in C and Assembly. These two languages are considered unsafe in contrast to Modula-3. The mix of safe and unsafe code is a huge complication which leads to many bugs, which compromises the safe extensions and interfaces used by applications.

===Current Status===

* Still under research

==Smalltalk Based==
===Overview===

<blockquote>The best way to predict the future is to invent it. -- Alan Kay</blockquote>

If you are reading this paper on a personal computer, and it has a GUI with overlapping windows, desktop icons, and a mouse pointer then you owe a debt to a group of researchers led by Alan Kay at Xerox's Palo Alto Research Center, or Xerox PARC. Many of those ideas had appeared elsewhere in one form or another, but the first time they came together in a demonstrable and portable form was in the early 1970s at Xerox on a machine called the Alto [http://en.wikipedia.org/wiki/Xerox_Alto]. Their example of a working personal computer was to be the inspiration that launched Apple into the history books.

===Motivation===

Searching for operating systems written in Smalltalk is an exercise in recursion. The Smalltalk OS was written in -- what else -- Smalltalk. But Alan Kay's Learning Research Group (LRG) didn't just set out to write a clever new language that could bootstrap its own environment. Not only were they in California but they had also just survived the 1960s. Their goal was to produce an entirely new learning environment to "amplify human reach and bring new ways of thinking to a faltering civilization that desperately needed it." [http://www.smalltalk.org/smalltalk/TheEarlyHistoryOfSmalltalk_III.html]

===Achievements===

They did manage to invent new ways of think about computing. Alan Kay coined the term "object-oriented programming". His inspiration had come from notions of objects already well known in LISP but he wasn't shy about giving credit where it was due. Kay believed his knowledge of LISP helped him think more clearly about computer problems. He felt it contained "great thinking patterns" and "deep beauty" and he vowed to preserve these qualities in the language that would become Smalltalk.

But Kay wasn't just interested the symbolic language at the heart of a system. He incorporated recent studies on learning and cognition from such experts such as Maria Montessori, Jean Piaget, and Jerome Bruner in his goal to form a complete vision of the personal computer. For instance, Bruner's research implied that people learn new thoughts in a loose sequence of translations [http://en.wikipedia.org/wiki/Jerome_Bruner]. First there are actions, or ''enactive'' representations which transform into images or ''iconic'' representations, and finally into language or ''symbolic'' representations. We may take it for granted today, but it was human insights such as these that helped Kay form the basis of graphical user interfaces as channels through which we perceive ideas represented in a computer.

Still the language is no small point. The central idea in Smalltalk (and Smalltalk-80 as an example of a whole system) is that "everything is an object". This includes what we already might think of as objects, such as files, forms, and fields but it also includes transformational methods such as actions, behaviors, and calculations. This places it in distinct contrast with operating systems written in C, and even those written in C++. Gone are such notions as ''process'' and ''semaphore''. In their place are ''messages'' between objects and ''events'' to which interested objects may react.

Another difference in Smalltalk from C-based operating systems is the lack of security. The only means Smalltalk has of protecting anything is through the visibility (private or public) of an object's methods and properties. But if you know how to dig through the system you can modify -- and break -- just about everything. This may be offer a sense of freedom to some. In the networked world this seems more than a bit risky. Yes, Smalltalk has networking.

===Problems===

Performance in Smalltalk-80 wasn't what we expect from our machines today. A later version of the system called Squeak made some attempt to address this issue (and that of portability) by writing a C language generator to create its virtual machine. This was reasonably successful, and you can now run Squeak on a number of platforms including stand-alone inside of VirtualBox.

[[File:Squeak-Hello-Carleton.png]]

Most non-programmers don't know much about Smalltalk-80 or Squeak though it's tempting to speculate what might have happened if Xerox had chosen to keep its secrets from Apple and commercialize the Alto. The decision not to commercialize was one that hurt Alan Kay's team, one of whom in fact seized the moment and went to work for Apple. By the mid-seventies Kay wasn't sure they had completely solved the problems for which they had set. In his disillusionment he sought to burn everything and start over. He was concerned he would be fulfilling both claims of Marshall McLuhan, namely that "our tools reshape us" and "inadequate tools ''still'' reshape us", though presumably not always for the better.

===Current Status===

* Continuing Research
* OLPC

==Java Based==
===Overview===

Java is used on a plethora of devices and systems throughout the industry from cell phones to web applets. With Java being a language that creates a virtual machine for each application, one would think that it is already suited to be an operating system in itself but this is not the case. Java is built to run on top of other operating systems such as Microsoft Windows, Mac OS X and Ubuntu Linux rather than being a standalone system. This section will discuss various operating systems that are written in Java such as JavaOS, Android, JNode and JX.

[http://java.sun.com/developer/products/JavaOS/ JavaOS] is Sun Microsystems very own creation. This system runs on different layers to make a scalable and easily updateable operating system [http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. The first layer is the microkernel which handles the memory architecture, booting, interrupt handling, threading, traps and DMA handling. The Java Virtual Machine is also compiled into native code for the system and is run on top of the microkernel. The second layer consists of the JavaOS for Business software which extends the memory module to optimize for systems with limited memory[http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. All device drivers for the system are written and run in Java and are what the third layer is consisted of. Finally, the fourth layer is a stand-alone JDK runtime environment used to run user applications.

[http://www.android.com/ Android] was created by a very ambitious team at Google for use with cell phones. It is basically an operating system running on top of another minimalistic operating system. At the very lowest end of Android, a Linux 2.6 kernel is what powers it. All device drivers are written and compiled for the native hardware or compiled using Google’s Native Development Kit and core system libraries such as libc, OpenGL | ES and SQLite are dynamically linked in per application [http://developer.android.com/guide/basics/what-is-android.html]. In the Android runtime, the Dalvik Virtual Machine (DVM) controls applications similar to the Java Virtual Machine. Dalvik is similar to the aforementioned JavaOS as it relies on the kernel to manage threading and low-level memory management. Running on top of the DVM are core libraries and application frameworks for the Android operating system. These frameworks include resource management, window management, notification manage just to name a few. Applications are then built on top of these frameworks and are the end result in which the user will actually interact with.

[http://www.jnode.org/ JNode] began as the Java Bootable System (JBS) in 1995. Ewout Prangsma, the creator, was unhappy with the amount of native C and assembly used for the system so he began a new project, JNode. JNode only uses a small amount of assembly code for booting the system now compared to the initial JBS [http://www.jnode.org/node/174]. The rest of the system is completely written in Java including its graphical user interface. Applications in JNode are referred to as plugins [http://www.jnode.org/node/175] including the device drivers, filesystems, networking and user applications.

[http://www4.informatik.uni-erlangen.de/Projects/JX/index.html JX] was created at the University of Erlangen. At it’s base is a microkernel that the basic Java Virtual Machine runs on which is similar to JavaOS. The system runs on the idea of domains where the microkernel runs at domain level zero and subsequent programs run in domain A, B, C, etc. Domains contain their own threads, heap and garbage collector and can communicate with other domains using portals. A portal is essentially the same as inter-process communication but using domains as processes instead [http://www.usenix.org/events/usenix02/full_papers/golm/golm.pdf].

===Motivation===

Java is a powerful language that already contains the code necessary for running on many different platforms. With the concept of virtual machines for each individual application it provides a layer of security that not every operating system has. Each virtual machine has it’s own heap which keeps other processes from accessing and writing over already allocated memory since the kernel manages the memory paging. With the use of just-in-time (JIT) compilers, these operating systems can almost achieve comparable run times when compared to native compiled applications.

Since all Java applications are compiled into the same set of bytecode, third-parties can develop their own implementation of the Java runtime. For example, Google has created the Dalvik Virtual Machine for use with the Android platform so it will run more efficiently on small devices while reducing the memory footprint [http://developer.android.com/guide/basics/what-is-android.html]. Google has just recently released Android 2.2 which includes a new JIT compiler for their Dalvik Virtual Machine which can improve speeds of applications up to 2-5 times [http://android-developers.blogspot.com/2010/05/dalvik-jit.html]. IBM also has their own version of the Java Virtual Machine, J9, that is used in many of their own pieces of software and also includes its own implementation of a JIT compiler.

===Achievements===

Android is probably one of the most well-known and mainstream Java based operating system currently on the market. Even though it’s the youngest of the operating systems discussed, it has become one of the newest standards for smartphones. With over 150 devices and counting, Android continues to grow and develop.

===Problems===

One major issue with using Java for an operating system is completely relying on the operating system and kernel to manage memory. Since Java is a garbage collecting language, developers do not have direct access to the memory and have to rely on the operating system to clean up after any objects have been left behind. This can be an issue with lower memory systems while running multiple applications at the same time.

===Current Status===

Each operating system has been created or worked on in the last ten years but some have either halted development or have not seen a major stable release in quite a while. JavaOS is still being maintained by Oracle after they had purchased Sun Microsystems. JNode has not seen an update in over a year and a half [http://sourceforge.net/projects/jnode/files/]. JX also seems to be at a stand still in development with only a minor update after its 0.1 release [http://www4.informatik.uni-erlangen.de/Projects/JX/download-sources.html]. Finally, Android is the most active with minor or major updates coming out every few months. The current state Android is in is Android 2.2 with Android 3.0 currently being hinted for quarter four of 2010 [http://www.techradar.com/news/phone-and-communications/mobile-phones/android-3-0-details-you-need-to-know-706243].

== References ==

Moon, David A. "Genera Retrospective." ''1991 International Workshop on Object Orientation in Operating Systems'' (1991): 2-8. Print.

Moon, David A., Thomas F. Knight, John T. Holloway, and Richard D. Greenblatt. "A Lisp Machine." ''ACM SIGIR Forum'' 15.2 (1980): 137-38. Print.

Pleszkun, A. R., and M. J. Thazhuthaveetil. "The Architecture of Lisp Machines." ''Computer'' 20.3 (1987): 35-44. Print.

COMP 3000 Essay 1 2010 Question 4

2010-10-14T00:25:41Z

Ymoussou: /* Achievements */

=Question=

What "operating systems" have been implemented in the following languages: LISP, Modula-3, Smalltalk, Java? To what extent do these systems match the capabilities of operating systems implemented in C and C++?

=Team Note (to be removed by delivery date)=

Please use the [[Talk:COMP_3000_Essay_1_2010_Question_4|discussion page]] for any planning and comments.

=Answer=

== Introduction ==

Not so long ago people believed the Earth was a flat world at the center of the universe. This essay addresses a more recent falsehood: that all operating systems are written in assembly language and C. It's not surprising that students of computing in this century would genuflect at the academic altars of Kernighan & Ritchie. After all we grew up with our computer worlds already pre-formed into the conceptual continents of Apple OS, UNIX, and Windows. The more historically curious among us are vaguely aware that other island cultures do exist but they represent civilizations defeated in the marketplace. Explorations into these ancient worlds resemble documentaries about archeologists decoding rediscovered languages etched in stone. But scratch the surface of any of our so-called modern operating systems and you'll find echoes of these ancient languages in our own familiar worlds. Ellen Ullman said it best when she wrote, <blockquote>''We build our computer systems like we build our cities: over time, without a plan, on top of ruins.''</blockquote>

In the sections below we present our explorations into a few truly foundational operating systems. We will also see some brand new ones that prove we stand, as one twelfth century scholar put it, [http://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants on the shoulders of giants].

The following is a short list of operating systems written partially or completely with the given language. We will go into more detail in the language-specific sections below.

{| class="wikitable" style="text-align:center" border="1"
|+ '''Operating Systems By Language'''
|-
!width="15%"|Language
!width="85%"|OS List
|-
! Lisp
| MIT's Lisp Machines, Genera
|-
! Modula-3
| SPIN OS, Oberon
|-
! Smalltalk
| Smalltalk-80 on Xerox Alto, Squeak
|-
! Java
| JavaOS, JNode, JX, Android
|}

==Lisp Based==
===Overview===
Lisp is the second oldest programming languages, established in the late 1960's as a list-processing language. It started out being perfect for math but when it came to programming with it, it left a lot to be desired. Since then there have been a number of different versions of it, from the first Lisp – called “pure Lisp” – to Scheme and Common Lisp. Unlike most object-oriented languages which are focused on classes and instances among other things, Lisp was initially focused more on functions, in which functions call other functions, though later versions of Lisp did eventually add in classes and other typical object-oriented features. It was after this that Genera was created, an operating system written entirely in Lisp, and developed from an earlier operating system on MIT's Lisp Machine.

The Lisp Machine project in began in 1974, where Richard Greenblatt and Thomas Knight, programmers at MIT, designed a computer for general use that was designed for a single user, in which the operating system was programmed entirely in Lisp. It was designed to be completely open to the user, so any changes the user wanted to make could be done during run-time. It was also one of the first systems to be programmed in a 32-bit architecture, making it far more versatile than a number of other operating systems at the time. Despite this, however, the first Lisp Machine was quite basic compared to later iterations, namely Genera.

===Motivation===
Genera is an evolution of the initial Lisp Machine operating system, and as such improved upon many of the basic features of the system. Genera was the first object-oriented operating system, making it stand out among the already well-known Lisp Machines, especially given the fact that it isn't a composition of languages like other operating systems – most using the primary language for the operating system and another language, such as assembly, to deal with hardware directly – but written entirely in Lisp – any of five different dialects of the language – including the lowest levels of the operating system that interact with hardware due to its effective lack of a kernel. Not having to deal with a kernel allows Genera to be very powerful and efficient in certain areas, most especially in the most complex applications such as those dealing with intelligent CAD and graphics, though when given very simple, very routine applications or processes it is much less efficient than other operating systems.

===Achievements===
Another primary difference from other operating systems is that Genera is a fully open system like the first Lisp Machines. Having an open system has its positive and negative aspects. Among the foremost positive aspects is that the user is in control and not left to the whims of the operating system as is common in non-open systems – if the user doesn't like how something is happening, they can simply go in and change it from happening that way again – and allows for very quick prototyping, not needing to wait to compile every little change. Also, due to utilizing very lightweight objects and the fact that everything is in a single address space rather than split across multiple spaces greatly increases efficiency, though again mainly in non-simple tasks.

Like operating systems written in C/C++, Genera has multiple inheritance and automatic garbage collection. Unlike C/C++, however, Genera uses object-oriented memory. This gives Genera a very useful feature that many other systems cannot do, which is that, given a memory address, the system is able to provide the start address, size, and the type of object in that memory location, which increases efficiency. Even the way files are accessed is very different from other operating systems, as it uses a generic file access system; in a generic file access system, rather than following a typical structure of keeping the commands needed for local and networked files different, the commands are the same, meaning that the system essentially acts like a file on a system on the other side of the world is a local file.

===Problems===
Not everything is great with an open system, however, as there are definite security concerns: with an open system, the user can change anything, and programs can interact with other programs and change anything, meaning that if a virus were unleashed on a Genera system it could be catastrophic. To counter this problem Genera systems are protected by a very simple method: keeping the physical system itself out of reach of all but authorized users and behind locked doors. To compare to other operating systems, such as those written in C/C++, it is generally less secure because of the open system, though they are both equally at risk when installing software, as both systems are completely open at that specific junction. Genera also has issues with modularity, as it allows for something to be called even when it is not supposed to be able to be called because, as it is an open system, there is nothing really stopping this from happening. Some versions of Genera and Genera applications are also very well-documented and run quite smoothly, but others are poorly documented and run quite slowly as they are built on top of older versions without any real plan beyond adding on an extra feature here or there over and over again.

===Current Status===
Genera and Lisp Machines, while still being used in a select few locations, are not currently being developed, as their time has passed. Their legacy still lives on, however, in the object-oriented operating systems still in use today.

==Modula-3 Based==
===Overview===

An idea came to mind. A question was proposed. Can an operating system have extensibility, safety, and good performance? A group of computer scientists from Washington University took on this question and tried to come up with an answer. That’s how SPIN operating system was created. SPIN is an operating system that blends the user-level with the kernel level. The main feature is that the kernel can be extended using modules that implement interfaces to meet the applications needs to optimise performance and safety. The programming language used is Modula-3, and the reason for using this language is for its type safe properties like interfaces, extension, and its automatic storage management. The operating system sits on the traditional monolithic kernel. This is because the authors of SPIN argue that microkernels are not extendible due to the massive overhead created from switching in and out of the kernel.

===Motivation===

A poorly matched implementation prevents an
application from working well, while a poorly
matched interface prevents it from working at all.

This is the sole purpose for creating SPIN. The team had to meet three important features to make this work, a Flexible kernel with safe extensions and a good overall performance. Operating systems based on C/C++ are too general that handle many applications. Therefore, some programs may fall through the cracks and suffer the lack of safety and performance. The goal for SPIN however, was to create a specialized operating system that can run a range of applications without sacrificing safety or performance. This system would allow the user programs and applications to manipulate and change the system’s interface to load and access the data or memory needed safely and with a good overall performance. This was possible through the type safe extensions of Modula-3. Unlike C/C++, Modula-3 is considered a safe language; it guarantees the protection of the kernel from dangerous extension by forcing them to interact with the kernel through specific interfaces. Furthermore, the extensions are executed in the virtual address space not the user space.

===Achievements===

SPIN operating system came through with positive results, it actually works. Most of the goals set by the creators were accomplished. SPIN overcame the large overhead of microkernels by enforcing the extensions to be run in the kernel’s address space. The number of switches dropped which actually improved efficiency significantly.
By using Modula-3’s safe interfaces, there was no run-time checking of the code of the extensions. This was a huge advantage over languages like C/C++ due to the fact that a significant overhead was cleared from the execution time. SPIN addressed the latency issue by only allowing code with low latency, which is quite small, to access the system through extensions that access the kernel directly. This is another advantage of using a safe programming language.

===Problems===

* Design issues

===Current Status===

* Still under research

==Smalltalk Based==
===Overview===

<blockquote>The best way to predict the future is to invent it. -- Alan Kay</blockquote>

If you are reading this paper on a personal computer, and it has a GUI with overlapping windows, desktop icons, and a mouse pointer then you owe a debt to a group of researchers led by Alan Kay at Xerox's Palo Alto Research Center, or Xerox PARC. Many of those ideas had appeared elsewhere in one form or another, but the first time they came together in a demonstrable and portable form was in the early 1970s at Xerox on a machine called the Alto [http://en.wikipedia.org/wiki/Xerox_Alto]. Their example of a working personal computer was to be the inspiration that launched Apple into the history books.

===Motivation===

Searching for operating systems written in Smalltalk is an exercise in recursion. The Smalltalk OS was written in -- what else -- Smalltalk. But Alan Kay's Learning Research Group (LRG) didn't just set out to write a clever new language that could bootstrap its own environment. Not only were they in California but they had also just survived the 1960s. Their goal was to produce an entirely new learning environment to "amplify human reach and bring new ways of thinking to a faltering civilization that desperately needed it." [http://www.smalltalk.org/smalltalk/TheEarlyHistoryOfSmalltalk_III.html]

===Achievements===

They did manage to invent new ways of think about computing. Alan Kay coined the term "object-oriented programming". His inspiration had come from notions of objects already well known in LISP but he wasn't shy about giving credit where it was due. Kay believed his knowledge of LISP helped him think more clearly about computer problems. He felt it contained "great thinking patterns" and "deep beauty" and he vowed to preserve these qualities in the language that would become Smalltalk.

But Kay wasn't just interested the symbolic language at the heart of a system. He incorporated recent studies on learning and cognition from such experts such as Maria Montessori, Jean Piaget, and Jerome Bruner in his goal to form a complete vision of the personal computer. For instance, Bruner's research implied that people learn new thoughts in a loose sequence of translations [http://en.wikipedia.org/wiki/Jerome_Bruner]. First there are actions, or ''enactive'' representations which transform into images or ''iconic'' representations, and finally into language or ''symbolic'' representations. We may take it for granted today, but it was human insights such as these that helped Kay form the basis of graphical user interfaces as channels through which we perceive ideas represented in a computer.

Still the language is no small point. The central idea in Smalltalk (and Smalltalk-80 as an example of a whole system) is that "everything is an object". This includes what we already might think of as objects, such as files, forms, and fields but it also includes transformational methods such as actions, behaviors, and calculations. This places it in distinct contrast with operating systems written in C, and even those written in C++. Gone are such notions as ''process'' and ''semaphore''. In their place are ''messages'' between objects and ''events'' to which interested objects may react.

Another difference in Smalltalk from C-based operating systems is the lack of security. The only means Smalltalk has of protecting anything is through the visibility (private or public) of an object's methods and properties. But if you know how to dig through the system you can modify -- and break -- just about everything. This may be offer a sense of freedom to some. In the networked world this seems more than a bit risky. Yes, Smalltalk has networking.

===Problems===

Performance in Smalltalk-80 wasn't what we expect from our machines today. A later version of the system called Squeak made some attempt to address this issue (and that of portability) by writing a C language generator to create its virtual machine. This was reasonably successful, and you can now run Squeak on a number of platforms including stand-alone inside of VirtualBox.

[[File:Squeak-Hello-Carleton.png]]

Most non-programmers don't know much about Smalltalk-80 or Squeak though it's tempting to speculate what might have happened if Xerox had chosen to keep its secrets from Apple and commercialize the Alto. The decision not to commercialize was one that hurt Alan Kay's team, one of whom in fact seized the moment and went to work for Apple. By the mid-seventies Kay wasn't sure they had completely solved the problems for which they had set. In his disillusionment he sought to burn everything and start over. He was concerned he would be fulfilling both claims of Marshall McLuhan, namely that "our tools reshape us" and "inadequate tools ''still'' reshape us", though presumably not always for the better.

===Current Status===

* Continuing Research
* OLPC

==Java Based==
===Overview===

Java is used on a plethora of devices and systems throughout the industry from cell phones to web applets. With Java being a language that creates a virtual machine for each application, one would think that it is already suited to be an operating system in itself but this is not the case. Java is built to run on top of other operating systems such as Microsoft Windows, Mac OS X and Ubuntu Linux rather than being a standalone system. This section will discuss various operating systems that are written in Java such as JavaOS, Android, JNode and JX.

[http://java.sun.com/developer/products/JavaOS/ JavaOS] is Sun Microsystems very own creation. This system runs on different layers to make a scalable and easily updateable operating system [http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. The first layer is the microkernel which handles the memory architecture, booting, interrupt handling, threading, traps and DMA handling. The Java Virtual Machine is also compiled into native code for the system and is run on top of the microkernel. The second layer consists of the JavaOS for Business software which extends the memory module to optimize for systems with limited memory[http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. All device drivers for the system are written and run in Java and are what the third layer is consisted of. Finally, the fourth layer is a stand-alone JDK runtime environment used to run user applications.

[http://www.android.com/ Android] was created by a very ambitious team at Google for use with cell phones. It is basically an operating system running on top of another minimalistic operating system. At the very lowest end of Android, a Linux 2.6 kernel is what powers it. All device drivers are written and compiled for the native hardware or compiled using Google’s Native Development Kit and core system libraries such as libc, OpenGL | ES and SQLite are dynamically linked in per application [http://developer.android.com/guide/basics/what-is-android.html]. In the Android runtime, the Dalvik Virtual Machine (DVM) controls applications similar to the Java Virtual Machine. Dalvik is similar to the aforementioned JavaOS as it relies on the kernel to manage threading and low-level memory management. Running on top of the DVM are core libraries and application frameworks for the Android operating system. These frameworks include resource management, window management, notification manage just to name a few. Applications are then built on top of these frameworks and are the end result in which the user will actually interact with.

[http://www.jnode.org/ JNode] began as the Java Bootable System (JBS) in 1995. Ewout Prangsma, the creator, was unhappy with the amount of native C and assembly used for the system so he began a new project, JNode. JNode only uses a small amount of assembly code for booting the system now compared to the initial JBS [http://www.jnode.org/node/174]. The rest of the system is completely written in Java including its graphical user interface. Applications in JNode are referred to as plugins [http://www.jnode.org/node/175] including the device drivers, filesystems, networking and user applications.

[http://www4.informatik.uni-erlangen.de/Projects/JX/index.html JX] was created at the University of Erlangen. At it’s base is a microkernel that the basic Java Virtual Machine runs on which is similar to JavaOS. The system runs on the idea of domains where the microkernel runs at domain level zero and subsequent programs run in domain A, B, C, etc. Domains contain their own threads, heap and garbage collector and can communicate with other domains using portals. A portal is essentially the same as inter-process communication but using domains as processes instead [http://www.usenix.org/events/usenix02/full_papers/golm/golm.pdf].

===Motivation===

Java is a powerful language that already contains the code necessary for running on many different platforms. With the concept of virtual machines for each individual application it provides a layer of security that not every operating system has. Each virtual machine has it’s own heap which keeps other processes from accessing and writing over already allocated memory since the kernel manages the memory paging. With the use of just-in-time (JIT) compilers, these operating systems can almost achieve comparable run times when compared to native compiled applications.

Since all Java applications are compiled into the same set of bytecode, third-parties can develop their own implementation of the Java runtime. For example, Google has created the Dalvik Virtual Machine for use with the Android platform so it will run more efficiently on small devices while reducing the memory footprint [http://developer.android.com/guide/basics/what-is-android.html]. Google has just recently released Android 2.2 which includes a new JIT compiler for their Dalvik Virtual Machine which can improve speeds of applications up to 2-5 times [http://android-developers.blogspot.com/2010/05/dalvik-jit.html]. IBM also has their own version of the Java Virtual Machine, J9, that is used in many of their own pieces of software and also includes its own implementation of a JIT compiler.

===Achievements===

Android is probably one of the most well-known and mainstream Java based operating system currently on the market. Even though it’s the youngest of the operating systems discussed, it has become one of the newest standards for smartphones. With over 150 devices and counting, Android continues to grow and develop.

===Problems===

One major issue with using Java for an operating system is completely relying on the operating system and kernel to manage memory. Since Java is a garbage collecting language, developers do not have direct access to the memory and have to rely on the operating system to clean up after any objects have been left behind. This can be an issue with lower memory systems while running multiple applications at the same time.

===Current Status===

Each operating system has been created or worked on in the last ten years but some have either halted development or have not seen a major stable release in quite a while. JavaOS is still being maintained by Oracle after they had purchased Sun Microsystems. JNode has not seen an update in over a year and a half [http://sourceforge.net/projects/jnode/files/]. JX also seems to be at a stand still in development with only a minor update after its 0.1 release [http://www4.informatik.uni-erlangen.de/Projects/JX/download-sources.html]. Finally, Android is the most active with minor or major updates coming out every few months. The current state Android is in is Android 2.2 with Android 3.0 currently being hinted for quarter four of 2010 [http://www.techradar.com/news/phone-and-communications/mobile-phones/android-3-0-details-you-need-to-know-706243].

== References ==

Moon, David A. "Genera Retrospective." ''1991 International Workshop on Object Orientation in Operating Systems'' (1991): 2-8. Print.

Moon, David A., Thomas F. Knight, John T. Holloway, and Richard D. Greenblatt. "A Lisp Machine." ''ACM SIGIR Forum'' 15.2 (1980): 137-38. Print.

Pleszkun, A. R., and M. J. Thazhuthaveetil. "The Architecture of Lisp Machines." ''Computer'' 20.3 (1987): 35-44. Print.

Talk:COMP 3000 Essay 1 2010 Question 4

2010-10-13T22:53:04Z

Ymoussou: /* Discussion */

== Discussion ==

We have an extra day! I thought it was due in the morning. The paper is actually written by 2 authors of the system, I wonder why its not published. Thanks for your help.

--[[User:Ymoussou|Youcef M.]] 22:52, 13 October 2010 (UTC)

9 am Friday, since it's due Thursday night. As for the papers, I seem to recall him saying that we should be using published papers, but if it's non-published and by someone who's clearly an expert (instead of some random blogger or something) that it'd be okay. If you're not sure, though, give him a shout; he's pretty quick at responding.

--[[User:ScottG|ScottG]] 22:37, 13 October 2010 (UTC)

Guys, are we allowed to use unpublished papers? there is this paper in the SPIN website that is really helpful. I'm not sure if I'm allowed to use it for our essay, anybody has an idea?

Anil said something about grading the essays around 9 AM (or was it PM?). Was he talking about thursday or friday?

--[[User:Ymoussou|Youcef M.]] 21:57, 13 October 2010 (UTC)

Okay, I've basically got the Lisp section done. Gonna probably go back and tweak it, but at least it's there. And I added in what I used as references in the References section as per MLA style.

I can take a look at writing up something for the C/C++ part as well, just not sure how much I'll be able to get in the time I've got to spare between other courses right now. But I'll certainly try.

--[[User:ScottG|ScottG]] 15:37, 13 October 2010 (UTC)

Could somebody add a bit in the introduction on what it means to be an operating system written in C/C++? One focus should probably be the notion of process as hinted by Anil. There are probably other distinctions that can be dredged up too.

--[[User:Jjpwilso|Jjpwilso]] 02:57, 13 October 2010 (UTC)

Got some stuff up, rough copy only. Meant to get more done, but family stuff came up. More to come tomorrow.

--[[User:ScottG|ScottG]] 02:26, 13 October 2010 (UTC)

Right then, I'm on it.

--[[User:Mkugler|Mkugler]] 01:19, 13 October 2010 (UTC)

Hi MK, and welcome to the group. Anil mentioned Oberon just today, which is apparently another OS based on a cousin of modula-3. If you could find a way to extend the Modula-3 section with Oberon, perhaps with your own subsection (Youcef has already started with a SPIN section) that should help us round things up nicely. Note the goal is to compare capabilities with C/C++, so feel free to take a global view for thematic consistency too. I'll be doing a bit more in this respect on the Smalltalk section. As Anil said in lecture today, it should hold together as an essay even without the wiki-ish headings.

--[[User:Jjpwilso|Jjpwilso]] 01:07, 13 October 2010 (UTC)

Hey guys. I'm a bit late to the punch on this as I've been preoccupied with a ton of other stuff. I've read through what you've all done thus far and frankly think it's phenomenal, which brings me to my quandry. I wasn't here when you all laid claim to the various components of the essay and am not entirely certain where my efforts should be directed. I noticed that LISP so far is empty, but that it was claimed by ScottG on the 8th.

Is there anywhere in particular where you would like me to work? I'm committed to spending the better part of the next 48 hours entirely on this, so I can put together anything remaining that's needed. If you guys can't get back to me, I'll just expand on whatever I can find more information on.

--[[User:Mkugler|Mkugler]] 23:16, 12 October 2010 (UTC)

The SPIN work is looking good Youcef. Note: please try to put links to your sources in the text so we can see where your ideas are coming from.

--[[User:Jjpwilso|Jjpwilso]] 20:45, 12 October 2010 (UTC)

Anil gave me another clue into how he was thinking of comparisons between these OSes and C/C++. For Smalltalk at least the central theme mentions nothing about processes. Smalltalk is about objects, methods, and messages rather than the traditional C notion of processes manipulating data. This distinction or something similar to it may be useful when looking at other operating systems we're exploring.

--[[User:Jjpwilso|Jjpwilso]] 20:42, 12 October 2010 (UTC)

I've got some small amount of comparison in mine (haven't posted it, since I'm still trying to compile info on MIT's Lisp Machine, but will likely have most of it up tonight), but I would think it would be easier to perhaps do some small comparisons in the individual sections -- I'll be pointing out some differences in Genera and C++ OS's in OO memory, for example -- and then make some more broad strokes in the conclusion encompassing two or more of our chosen OS's and C/C++.

--[[User:ScottG|ScottG]] 19:19, 12 October 2010 (UTC)

Hi all. I'm gradually posting the sections that I finished so far I'd love to hear your thoughts and comments.

Anil also mentioned an important note on our question, we have to compare these operating systems to the ones developed using C and C++. Are we going to do that in the conclusion section? because so far we are not answering the second half of the question.

As for the Oberon, I just did a quick read in Wiki and it says that its written in oberon programming language. But it says its based on a modified version of Modula-2 and they don't mention modula-3, can we still talk about this OS? I cant really start on that today I have a chemistery midterm tomorrow morning, and tomorrow I'm going to finish the rest of SPIN sections.

--[[User:Ymoussou|Youcef M.]] 19:00, 12 October 2010 (UTC)

Thanks for the link Anil! For the group: I asked Anil a couple of questions after class today, and another OS he had in mind was [http://en.wikipedia.org/wiki/Oberon_(operating_system) Oberon], invented by the creator of Modula-3. I don't know if there's more to find about this than there is about SPIN but I've got my hands full for now.

--[[User:Jjpwilso|Jjpwilso]] 18:29, 12 October 2010 (UTC)

Rather than Squeak I was thinking about Smalltalk-80. Here's a [http://portal.acm.org/citation.cfm?id=273&dl=GUIDE,ACM book on Smalltalk] that's available online in the ACM digital library. Just the preface should tell you everything you need to know. [[User:Soma|Anil]] 03:15, 12 October 2010 (UTC)

Great work on the Java section. I might toss in a bit on the problems section about cross-platform compatibility once I get done with my part.

--[[User:Jjpwilso|Jjpwilso]] 23:57, 10 October 2010 (UTC)

I've posted what I have written so far for the Java section, if anyone has any suggestion/corrections feel free to post them.
EDIT: I've added the other sections of the Java based operating system.

--[[User:Selliot3|Selliot3]] 16:50, 10 October 2010 (UTC)

Re: Motivation. I had Smalltalk in mind when I roughed out the headings and it's pretty much what you suggested. But the headings are only a guideline. If you prefer a different structure for your sections feel free to improvise. As for format I am assuming an essay style.

Re: SPIN. The ACM site has some stuff. You'll need your student card handy to get through the Carleton Library proxy.

Here are a couple of links (you can find a TON more if you search for SPIN at the top of the portal):

[http://portal.acm.org.proxy.library.carleton.ca/citation.cfm?id=380921.380940&coll=ACM&dl=ACM&CFID=108110330&CFTOKEN=12401653 Distributed LTL model-checking in SPIN]

[http://portal.acm.org.proxy.library.carleton.ca/citation.cfm?id=380921.380935&coll=ACM&dl=ACM&CFID=108110330&CFTOKEN=12401653 Using SPIN for feature interaction analysis—a case study]

--[[User:Jjpwilso|Jjpwilso]] 16:25, 10 October 2010 (UTC)

This is all I could find on SPIN

SPIN-An extensible microkernel for application-specific operating system devices [http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA293537]

Extensibility, Safety and Performance in the SPIN Operating System [http://cseweb.ucsd.edu/~savage/papers/Sosp95.pdf]

SPIN-Operating System [http://cs-pub.bu.edu/fac/richwest/cs591_w1/notes/spin.pdf]

Lecture 9: SPIN operating system [http://www.youtube.com/watch?v=YE9uztJ_CFg]

--[[User:Ymoussou|Youcef M.]] 16:06, 10 October 2010 (UTC)

What is meant by "Motivation"? Would that be motivation to use the language for an operating system? Also, what format should we be doing this in? I'm pretty much writing in an essay style for the overview to explain all of the operating systems in Java with an introduction and a paragraph for each of the systems. Then, I would fill out a paragraph or two for Motivation, Problems, etc. Does that seem fine?

--[[User:Selliot3|Selliot3]] 15:13, 10 October 2010 (UTC)

Here's a link to the main [http://www-spin.cs.washington.edu/ SPIN website].

--[[User:Jjpwilso|Jjpwilso]] 16:40, 9 October 2010 (UTC)

I'll start right away, but the reference link doesn't work...

--Youcef M. 15:06, 9 October 2010 (UTC)

Welcome, Youcef. It would probably be best if you focused on one operating system for now. Nobody has claimed SPIN yet, the OS in Modula-3. Do you think you could dig into that? There's a good reference below.

--[[User:Jjpwilso|Jjpwilso]] 15:02, 9 October 2010 (UTC)

Hey guys I'm in the group, sorry for not adding something yet. I've been working on a table which has all the operating systems in those languages and comparing them to each other. But it was harder than I thought, I was trying to find where the OS's are similar and where they are different. It got a little bit long and random; I can find a lot of info on one OS but almost none on the other. Do you guys think its worth the trouble to finish it or should just forget about and keep up with you guys?

--Youcef M. 14:41, 9 October 2010 (UTC)

Particular to Squeak: [http://portal.acm.org.proxy.library.carleton.ca/ft_gateway.cfm?id=263754&type=pdf&coll=ACM&dl=ACM&CFID=107940135&CFTOKEN=78771329 Back to the Future - The Story of Squeak, A Practical Smalltalk Written in Itself]

--[[User:Jjpwilso|Jjpwilso]] 13:29, 9 October 2010 (UTC)

From an interview with Alan Kay, founder of Smalltalk, I tracked down a very useful history:
[http://portal.acm.org.proxy.library.carleton.ca/results.cfm?coll=ACM&dl=ACM&CFID=107940135&CFTOKEN=78771329 The Early History of Smalltalk]. There happen to be some important foundational points in here (with references) that relate to other systems as well. For instance he explains how LISP was a vital part of how he came to understand the power of languages. Warning: it's quite long and I don't understand half of it.

--[[User:Jjpwilso|Jjpwilso]] 13:02, 9 October 2010 (UTC)

I'd be fine doing LISP, among throwing out anything good for the other languages I happen to come across.

--[[User:ScottG|ScottG]] 21:27, 8 October 2010 (UTC)

Okay, lets all put down our preferences here and set a reasonable deadline of Saturday at 23:59 for a cutoff. Smalltalk would be my top choice. Of course any contributions to any language will be welcome.

--[[User:Jjpwilso|Jjpwilso]] 16:07, 8 October 2010 (UTC)

I would love to do the Java section. I`ve done quite a bit of development on Android and have also read a complete book on how the Android operating system works. Of course, there are other OS`s to look at but I`m a big fan of Android so I`m always happy to write about it haha.

--[[User:Selliot3|Selliot3]] 15:44, 8 October 2010 (UTC)

I recommend we use the habit of putting more recent comments at the top in case this gets to be a longish list. I've gone ahead and stubbed out a proposed structure. Please comment (thumbs up/down). If we all agree we can start dividing up the parts so we don't do the same work. We're lucky as a team to have such a nicely partitioned essay to write!

--[[User:Jjpwilso|Jjpwilso]] 13:23, 8 October 2010 (UTC)

Genera (LISP) - http://en.wikipedia.org/wiki/Genera_(operating_system) <-- only for a reference for now 
SPIN (Modula) - http://www-spin.cs.washington.edu%2Fexternal%2Foverview.html 
Squeak (SmallTalk) - http://en.wikipedia.org/wiki/Squeak <-- only a reference, says it's a programming language but can be used as an OS 
JavaOS (Java) - http://java.sun.com/developer/products/JavaOS/ 

--[[User:Selliot3|Selliot3]] 00:16, 6 October 2010 (UTC) or Charles

Not a great site, but gives a nice breakdown of the main points of Squeak - http://www.visoracle.com/squeak/overview.html 
And a much longer, more in-depth Squeak page - http://www.cosc.canterbury.ac.nz/wolfgang.kreutzer/cosc205/smalltalk1.html 
A nice breakdown for JavaOS - http://www.operating-system.org/betriebssystem/_english/bs-javaos.htm 
And a very nice PDF for Genera - http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=183015&tag=1 
--[[User:ScottG|ScottG]] 13:08, 6 October 2010 (UTC)

For Java section: [http://developer.android.com/guide/basics/what-is-android.html What is Android] shows the limited role of DVM (Android's JVM). 
--[[User:Jjpwilso|Jjpwilso]] 14:31, 7 October 2010 (UTC)

Talk:COMP 3000 Essay 1 2010 Question 4

2010-10-13T22:52:46Z

Ymoussou: /* Discussion */

COMP 3000 Essay 1 2010 Question 4

2010-10-13T22:30:14Z

Ymoussou: /* Motivation */

=Question=

What "operating systems" have been implemented in the following languages: LISP, Modula-3, Smalltalk, Java? To what extent do these systems match the capabilities of operating systems implemented in C and C++?

=Team Note (to be removed by delivery date)=

Please use the [[Talk:COMP_3000_Essay_1_2010_Question_4|discussion page]] for any planning and comments.

=Answer=

== Introduction ==

Not so long ago people believed the Earth was a flat world at the center of the universe. This essay addresses a more recent falsehood: that all operating systems are written in assembly language and C. It's not surprising that students of computing in this century would genuflect at the academic altars of Kernighan & Ritchie. After all we grew up with our computer worlds already pre-formed into the conceptual continents of Apple OS, UNIX, and Windows. The more historically curious among us are vaguely aware that other island cultures do exist but they represent civilizations defeated in the marketplace. Explorations into these ancient worlds resemble documentaries about archeologists decoding rediscovered languages etched in stone. But scratch the surface of any of our so-called modern operating systems and you'll find echoes of these ancient languages in our own familiar worlds. Ellen Ullman said it best when she wrote, <blockquote>''We build our computer systems like we build our cities: over time, without a plan, on top of ruins.''</blockquote>

In the sections below we present our explorations into a few truly foundational operating systems. We will also see some brand new ones that prove we stand, as one twelfth century scholar put it, [http://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants on the shoulders of giants].

The following is a short list of operating systems written partially or completely with the given language. We will go into more detail in the language-specific sections below.

{| class="wikitable" style="text-align:center" border="1"
|+ '''Operating Systems By Language'''
|-
!width="15%"|Language
!width="85%"|OS List
|-
! Lisp
| MIT's Lisp Machines, Genera
|-
! Modula-3
| SPIN OS
|-
! Smalltalk
| Smalltalk-80 on Xerox Alto, Squeak
|-
! Java
| JavaOS, JNode, JX, Android
|}

==Lisp Based==
===Overview===
Lisp is the second oldest programming languages, established in the late 1960's as a list-processing language. It started out being perfect for math but when it came to programming with it, it left a lot to be desired. Since then there have been a number of different versions of it, from the first Lisp – called “pure Lisp” – to Scheme and Common Lisp. Unlike most object-oriented languages which are focused on classes and instances among other things, Lisp was initially focused more on functions, in which functions call other functions, though later versions of Lisp did eventually add in classes and other typical object-oriented features. It was after this that Genera was created, an operating system written entirely in Lisp, and developed from an earlier operating system on MIT's Lisp Machine.

The Lisp Machine project in began in 1974, where Richard Greenblatt and Thomas Knight, programmers at MIT, designed a computer for general use that was designed for a single user, in which the operating system was programmed entirely in Lisp. It was designed to be completely open to the user, so any changes the user wanted to make could be done during run-time. It was also one of the first systems to be programmed in a 32-bit architecture, making it far more versatile than a number of other operating systems at the time. Despite this, however, the first Lisp Machine was quite basic compared to later iterations, namely Genera.

===Motivation===
Genera is an evolution of the initial Lisp Machine operating system, and as such improved upon many of the basic features of the system. Genera was the first object-oriented operating system, making it stand out among the already well-known Lisp Machines, especially given the fact that it isn't a composition of languages like other operating systems – most using the primary language for the operating system and another language, such as assembly, to deal with hardware directly – but written entirely in Lisp – any of five different dialects of the language – including the lowest levels of the operating system that interact with hardware due to its effective lack of a kernel. Not having to deal with a kernel allows Genera to be very powerful and efficient in certain areas, most especially in the most complex applications such as those dealing with intelligent CAD and graphics, though when given very simple, very routine applications or processes it is much less efficient than other operating systems.

===Achievements===
Another primary difference from other operating systems is that Genera is a fully open system like the first Lisp Machines. Having an open system has its positive and negative aspects. Among the foremost positive aspects is that the user is in control and not left to the whims of the operating system as is common in non-open systems – if the user doesn't like how something is happening, they can simply go in and change it from happening that way again – and allows for very quick prototyping, not needing to wait to compile every little change. Also, due to utilizing very lightweight objects and the fact that everything is in a single address space rather than split across multiple spaces greatly increases efficiency, though again mainly in non-simple tasks.

Like operating systems written in C/C++, Genera has multiple inheritance and automatic garbage collection. Unlike C/C++, however, Genera uses object-oriented memory. This gives Genera a very useful feature that many other systems cannot do, which is that, given a memory address, the system is able to provide the start address, size, and the type of object in that memory location, which increases efficiency. Even the way files are accessed is very different from other operating systems, as it uses a generic file access system; in a generic file access system, rather than following a typical structure of keeping the commands needed for local and networked files different, the commands are the same, meaning that the system essentially acts like a file on a system on the other side of the world is a local file.

===Problems===
Not everything is great with an open system, however, as there are definite security concerns: with an open system, the user can change anything, and programs can interact with other programs and change anything, meaning that if a virus were unleashed on a Genera system it could be catastrophic. To counter this problem Genera systems are protected by a very simple method: keeping the physical system itself out of reach of all but authorized users and behind locked doors. To compare to other operating systems, such as those written in C/C++, it is generally less secure because of the open system, though they are both equally at risk when installing software, as both systems are completely open at that specific junction. Genera also has issues with modularity, as it allows for something to be called even when it is not supposed to be able to be called because, as it is an open system, there is nothing really stopping this from happening. Some versions of Genera and Genera applications are also very well-documented and run quite smoothly, but others are poorly documented and run quite slowly as they are built on top of older versions without any real plan beyond adding on an extra feature here or there over and over again.

===Current Status===
Genera and Lisp Machines, while still being used in a select few locations, are not currently being developed, as their time has passed. Their legacy still lives on, however, in the object-oriented operating systems still in use today.

==Modula-3 Based==
===Overview===

An idea came to mind. A question was proposed. Can an operating system have extensibility, safety, and good performance? A group of computer scientists from Washington University took on this question and tried to come up with an answer. That’s how SPIN operating system was created. SPIN is an operating system that blends the user-level with the kernel level. The main feature is that the kernel can be extended using modules that implement interfaces to meet the applications needs to optimise performance and safety. The programming language used is Modula-3, and the reason for using this language is for its type safe properties like interfaces, extension, and its automatic storage management. The operating system sits on the traditional monolithic kernel. This is because the authors of SPIN argue that microkernels are not extendible due to the massive overhead created from switching in and out of the kernel.

===Motivation===

A poorly matched implementation prevents an
application from working well, while a poorly
matched interface prevents it from working at all.

This is the sole purpose for creating SPIN. The team had to meet three important features to make this work, a Flexible kernel with safe extensions and a good overall performance. Operating systems based on C/C++ are too general that handle many applications. Therefore, some programs may fall through the cracks and suffer the lack of safety and performance. The goal for SPIN however, was to create a specialized operating system that can run a range of applications without sacrificing safety or performance. This system would allow the user programs and applications to manipulate and change the system’s interface to load and access the data or memory needed safely and with a good overall performance. This was possible through the type safe extensions of Modula-3. Unlike C/C++, Modula-3 is considered a safe language; it guarantees the protection of the kernel from dangerous extension by forcing them to interact with the kernel through specific interfaces. Furthermore, the extensions are executed in the virtual address space not the user space.

===Achievements===

* They pulled it off

===Problems===

* Design issues

===Current Status===

* Still under research

==Smalltalk Based==
===Overview===

<blockquote>The best way to predict the future is to invent it. -- Alan Kay</blockquote>

If you are reading this paper on a personal computer, and it has a GUI with overlapping windows, desktop icons, and a mouse pointer then you owe a debt to a group of researchers led by Alan Kay at Xerox's Palo Alto Research Center, or Xerox PARC. Many of those ideas had appeared elsewhere in one form or another, but the first time they came together in a demonstrable and portable form was in the early 1970s at Xerox on a machine called the Alto [http://en.wikipedia.org/wiki/Xerox_Alto]. Their example of a working personal computer was to be the inspiration that launched Apple into the history books.

===Motivation===

Searching for operating systems written in Smalltalk is an exercise in recursion. The Smalltalk OS was written in -- what else -- Smalltalk. But Alan Kay's Learning Research Group (LRG) didn't just set out to write a clever new language that could bootstrap its own environment. Not only were they in California but they had also just survived the 1960s. Their goal was to produce an entirely new learning environment to "amplify human reach and bring new ways of thinking to a faltering civilization that desperately needed it." [http://www.smalltalk.org/smalltalk/TheEarlyHistoryOfSmalltalk_III.html]

===Achievements===

They did manage to invent new ways of think about computing. Alan Kay coined the term "object-oriented programming". His inspiration had come from notions of objects already well known in LISP but he wasn't shy about giving credit where it was due. Kay believed his knowledge of LISP helped him think more clearly about computer problems. He felt it contained "great thinking patterns" and "deep beauty" and he vowed to preserve these qualities in the language that would become Smalltalk.

But Kay wasn't just interested the symbolic language at the heart of a system. He incorporated recent studies on learning and cognition from such experts such as Maria Montessori, Jean Piaget, and Jerome Bruner in his goal to form a complete vision of the personal computer. For instance, Bruner's research implied that people learn new thoughts in a loose sequence of translations [http://en.wikipedia.org/wiki/Jerome_Bruner]. First there are actions, or ''enactive'' representations which transform into images or ''iconic'' representations, and finally into language or ''symbolic'' representations. We may take it for granted today, but it was human insights such as these that helped Kay form the basis of graphical user interfaces as channels through which we perceive ideas represented in a computer.

Still the language is no small point. The central idea in Smalltalk (and Smalltalk-80 as an example of a whole system) is that "everything is an object". This includes what we already might think of as objects, such as files, forms, and fields but it also includes transformational methods such as actions, behaviors, and calculations. This places it in distinct contrast with operating systems written in C, and even those written in C++. Gone are such notions as ''process'' and ''semaphore''. In their place are ''messages'' between objects and ''events'' to which interested objects may react.

Another difference in Smalltalk from C-based operating systems is the lack of security. The only means Smalltalk has of protecting anything is through the visibility (private or public) of an object's methods and properties. But if you know how to dig through the system you can modify -- and break -- just about everything. This may be offer a sense of freedom to some. In the networked world this seems more than a bit risky. Yes, Smalltalk has networking.

===Problems===

Performance in Smalltalk-80 wasn't what we expect from our machines today. A later version of the system called Squeak made some attempt to address this issue (and that of portability) by writing a C language generator to create its virtual machine. This was reasonably successful, and you can now run Squeak on a number of platforms including stand-alone inside of VirtualBox.

[[File:Squeak-Hello-Carleton.png]]

Most non-programmers don't know much about Smalltalk-80 or Squeak though it's tempting to speculate what might have happened if Xerox had chosen to keep its secrets from Apple and commercialize the Alto. The decision not to commercialize was one that hurt Alan Kay's team, one of whom in fact seized the moment and went to work for Apple. By the mid-seventies Kay wasn't sure they had completely solved the problems for which they had set. In his disillusionment he sought to burn everything and start over. He was concerned he would be fulfilling both claims of Marshall McLuhan, namely that "our tools reshape us" and "inadequate tools ''still'' reshape us", though presumably not always for the better.

===Current Status===

* Continuing Research
* OLPC

==Java Based==
===Overview===

Java is used on a plethora of devices and systems throughout the industry from cell phones to web applets. With Java being a language that creates a virtual machine for each application, one would think that it is already suited to be an operating system in itself but this is not the case. Java is built to run on top of other operating systems such as Microsoft Windows, Mac OS X and Ubuntu Linux rather than being a standalone system. This section will discuss various operating systems that are written in Java such as JavaOS, Android, JNode and JX.

[http://java.sun.com/developer/products/JavaOS/ JavaOS] is Sun Microsystems very own creation. This system runs on different layers to make a scalable and easily updateable operating system [http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. The first layer is the microkernel which handles the memory architecture, booting, interrupt handling, threading, traps and DMA handling. The Java Virtual Machine is also compiled into native code for the system and is run on top of the microkernel. The second layer consists of the JavaOS for Business software which extends the memory module to optimize for systems with limited memory[http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. All device drivers for the system are written and run in Java and are what the third layer is consisted of. Finally, the fourth layer is a stand-alone JDK runtime environment used to run user applications.

[http://www.android.com/ Android] was created by a very ambitious team at Google for use with cell phones. It is basically an operating system running on top of another minimalistic operating system. At the very lowest end of Android, a Linux 2.6 kernel is what powers it. All device drivers are written and compiled for the native hardware or compiled using Google’s Native Development Kit and core system libraries such as libc, OpenGL | ES and SQLite are dynamically linked in per application [http://developer.android.com/guide/basics/what-is-android.html]. In the Android runtime, the Dalvik Virtual Machine (DVM) controls applications similar to the Java Virtual Machine. Dalvik is similar to the aforementioned JavaOS as it relies on the kernel to manage threading and low-level memory management. Running on top of the DVM are core libraries and application frameworks for the Android operating system. These frameworks include resource management, window management, notification manage just to name a few. Applications are then built on top of these frameworks and are the end result in which the user will actually interact with.

[http://www.jnode.org/ JNode] began as the Java Bootable System (JBS) in 1995. Ewout Prangsma, the creator, was unhappy with the amount of native C and assembly used for the system so he began a new project, JNode. JNode only uses a small amount of assembly code for booting the system now compared to the initial JBS [http://www.jnode.org/node/174]. The rest of the system is completely written in Java including its graphical user interface. Applications in JNode are referred to as plugins [http://www.jnode.org/node/175] including the device drivers, filesystems, networking and user applications.

[http://www4.informatik.uni-erlangen.de/Projects/JX/index.html JX] was created at the University of Erlangen. At it’s base is a microkernel that the basic Java Virtual Machine runs on which is similar to JavaOS. The system runs on the idea of domains where the microkernel runs at domain level zero and subsequent programs run in domain A, B, C, etc. Domains contain their own threads, heap and garbage collector and can communicate with other domains using portals. A portal is essentially the same as inter-process communication but using domains as processes instead [http://www.usenix.org/events/usenix02/full_papers/golm/golm.pdf].

===Motivation===

Java is a powerful language that already contains the code necessary for running on many different platforms. With the concept of virtual machines for each individual application it provides a layer of security that not every operating system has. Each virtual machine has it’s own heap which keeps other processes from accessing and writing over already allocated memory since the kernel manages the memory paging. With the use of just-in-time (JIT) compilers, these operating systems can almost achieve comparable run times when compared to native compiled applications.

Since all Java applications are compiled into the same set of bytecode, third-parties can develop their own implementation of the Java runtime. For example, Google has created the Dalvik Virtual Machine for use with the Android platform so it will run more efficiently on small devices while reducing the memory footprint [http://developer.android.com/guide/basics/what-is-android.html]. Google has just recently released Android 2.2 which includes a new JIT compiler for their Dalvik Virtual Machine which can improve speeds of applications up to 2-5 times [http://android-developers.blogspot.com/2010/05/dalvik-jit.html]. IBM also has their own version of the Java Virtual Machine, J9, that is used in many of their own pieces of software and also includes its own implementation of a JIT compiler.

===Achievements===

Android is probably one of the most well-known and mainstream Java based operating system currently on the market. Even though it’s the youngest of the operating systems discussed, it has become one of the newest standards for smartphones. With over 150 devices and counting, Android continues to grow and develop.

===Problems===

One major issue with using Java for an operating system is completely relying on the operating system and kernel to manage memory. Since Java is a garbage collecting language, developers do not have direct access to the memory and have to rely on the operating system to clean up after any objects have been left behind. This can be an issue with lower memory systems while running multiple applications at the same time.

===Current Status===

Each operating system has been created or worked on in the last ten years but some have either halted development or have not seen a major stable release in quite a while. JavaOS is still being maintained by Oracle after they had purchased Sun Microsystems. JNode has not seen an update in over a year and a half [http://sourceforge.net/projects/jnode/files/]. JX also seems to be at a stand still in development with only a minor update after its 0.1 release [http://www4.informatik.uni-erlangen.de/Projects/JX/download-sources.html]. Finally, Android is the most active with minor or major updates coming out every few months. The current state Android is in is Android 2.2 with Android 3.0 currently being hinted for quarter four of 2010 [http://www.techradar.com/news/phone-and-communications/mobile-phones/android-3-0-details-you-need-to-know-706243].

== References ==

Moon, David A. "Genera Retrospective." ''1991 International Workshop on Object Orientation in Operating Systems'' (1991): 2-8. Print.

Moon, David A., Thomas F. Knight, John T. Holloway, and Richard D. Greenblatt. "A Lisp Machine." ''ACM SIGIR Forum'' 15.2 (1980): 137-38. Print.

Pleszkun, A. R., and M. J. Thazhuthaveetil. "The Architecture of Lisp Machines." ''Computer'' 20.3 (1987): 35-44. Print.

COMP 3000 Essay 1 2010 Question 4

2010-10-13T22:14:34Z

Ymoussou: /* Overview */

=Question=

What "operating systems" have been implemented in the following languages: LISP, Modula-3, Smalltalk, Java? To what extent do these systems match the capabilities of operating systems implemented in C and C++?

=Team Note (to be removed by delivery date)=

Please use the [[Talk:COMP_3000_Essay_1_2010_Question_4|discussion page]] for any planning and comments.

=Answer=

== Introduction ==

Not so long ago people believed the Earth was a flat world at the center of the universe. This essay addresses a more recent falsehood: that all operating systems are written in assembly language and C. It's not surprising that students of computing in this century would genuflect at the academic altars of Kernighan & Ritchie. After all we grew up with our computer worlds already pre-formed into the conceptual continents of Apple OS, UNIX, and Windows. The more historically curious among us are vaguely aware that other island cultures do exist but they represent civilizations defeated in the marketplace. Explorations into these ancient worlds resemble documentaries about archeologists decoding rediscovered languages etched in stone. But scratch the surface of any of our so-called modern operating systems and you'll find echoes of these ancient languages in our own familiar worlds. Ellen Ullman said it best when she wrote, <blockquote>''We build our computer systems like we build our cities: over time, without a plan, on top of ruins.''</blockquote>

In the sections below we present our explorations into a few truly foundational operating systems. We will also see some brand new ones that prove we stand, as one twelfth century scholar put it, [http://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants on the shoulders of giants].

The following is a short list of operating systems written partially or completely with the given language. We will go into more detail in the language-specific sections below.

{| class="wikitable" style="text-align:center" border="1"
|+ '''Operating Systems By Language'''
|-
!width="15%"|Language
!width="85%"|OS List
|-
! Lisp
| MIT's Lisp Machines, Genera
|-
! Modula-3
| SPIN OS
|-
! Smalltalk
| Smalltalk-80 on Xerox Alto, Squeak
|-
! Java
| JavaOS, JNode, JX, Android
|}

==Lisp Based==
===Overview===
Lisp is the second oldest programming languages, established in the late 1960's as a list-processing language. It started out being perfect for math but when it came to programming with it, it left a lot to be desired. Since then there have been a number of different versions of it, from the first Lisp – called “pure Lisp” – to Scheme and Common Lisp. Unlike most object-oriented languages which are focused on classes and instances among other things, Lisp was initially focused more on functions, in which functions call other functions, though later versions of Lisp did eventually add in classes and other typical object-oriented features. It was after this that Genera was created, an operating system written entirely in Lisp, and developed from an earlier operating system on MIT's Lisp Machine.

The Lisp Machine project in began in 1974, where Richard Greenblatt and Thomas Knight, programmers at MIT, designed a computer for general use that was designed for a single user, in which the operating system was programmed entirely in Lisp. It was designed to be completely open to the user, so any changes the user wanted to make could be done during run-time. It was also one of the first systems to be programmed in a 32-bit architecture, making it far more versatile than a number of other operating systems at the time. Despite this, however, the first Lisp Machine was quite basic compared to later iterations, namely Genera.

===Motivation===
Genera is an evolution of the initial Lisp Machine operating system, and as such improved upon many of the basic features of the system. Genera was the first object-oriented operating system, making it stand out among the already well-known Lisp Machines, especially given the fact that it isn't a composition of languages like other operating systems – most using the primary language for the operating system and another language, such as assembly, to deal with hardware directly – but written entirely in Lisp – any of five different dialects of the language – including the lowest levels of the operating system that interact with hardware due to its effective lack of a kernel. Not having to deal with a kernel allows Genera to be very powerful and efficient in certain areas, most especially in the most complex applications such as those dealing with intelligent CAD and graphics, though when given very simple, very routine applications or processes it is much less efficient than other operating systems.

===Achievements===
Another primary difference from other operating systems is that Genera is a fully open system like the first Lisp Machines. Having an open system has its positive and negative aspects. Among the foremost positive aspects is that the user is in control and not left to the whims of the operating system as is common in non-open systems – if the user doesn't like how something is happening, they can simply go in and change it from happening that way again – and allows for very quick prototyping, not needing to wait to compile every little change. Also, due to utilizing very lightweight objects and the fact that everything is in a single address space rather than split across multiple spaces greatly increases efficiency, though again mainly in non-simple tasks.

Like operating systems written in C/C++, Genera has multiple inheritance and automatic garbage collection. Unlike C/C++, however, Genera uses object-oriented memory. This gives Genera a very useful feature that many other systems cannot do, which is that, given a memory address, the system is able to provide the start address, size, and the type of object in that memory location, which increases efficiency. Even the way files are accessed is very different from other operating systems, as it uses a generic file access system; in a generic file access system, rather than following a typical structure of keeping the commands needed for local and networked files different, the commands are the same, meaning that the system essentially acts like a file on a system on the other side of the world is a local file.

===Problems===
Not everything is great with an open system, however, as there are definite security concerns: with an open system, the user can change anything, and programs can interact with other programs and change anything, meaning that if a virus were unleashed on a Genera system it could be catastrophic. To counter this problem Genera systems are protected by a very simple method: keeping the physical system itself out of reach of all but authorized users and behind locked doors. To compare to other operating systems, such as those written in C/C++, it is generally less secure because of the open system, though they are both equally at risk when installing software, as both systems are completely open at that specific junction. Genera also has issues with modularity, as it allows for something to be called even when it is not supposed to be able to be called because, as it is an open system, there is nothing really stopping this from happening. Some versions of Genera and Genera applications are also very well-documented and run quite smoothly, but others are poorly documented and run quite slowly as they are built on top of older versions without any real plan beyond adding on an extra feature here or there over and over again.

===Current Status===
Genera and Lisp Machines, while still being used in a select few locations, are not currently being developed, as their time has passed. Their legacy still lives on, however, in the object-oriented operating systems still in use today.

==Modula-3 Based==
===Overview===

An idea came to mind. A question was proposed. Can an operating system have extensibility, safety, and good performance? A group of computer scientists from Washington University took on this question and tried to come up with an answer. That’s how SPIN operating system was created. SPIN is an operating system that blends the user-level with the kernel level. The main feature is that the kernel can be extended using modules that implement interfaces to meet the applications needs to optimise performance and safety. The programming language used is Modula-3, and the reason for using this language is for its type safe properties like interfaces, extension, and its automatic storage management. The operating system sits on the traditional monolithic kernel. This is because the authors of SPIN argue that microkernels are not extendible due to the massive overhead created from switching in and out of the kernel.

===Motivation===

A poorly matched implementation prevents an
application from working well, while a poorly
matched interface prevents it from working at all.

This is the soul purpose for creating SPIN. The team had to meet three important features to make this work, a Flexible kernel with safe extensions and a good overall performance. The goal was to create a specialized operating system that can run a range of applications without sacrificing safety or performance. This system would allow the user programs and applications to manipulate and change the system’s interface to load and access the data or memory needed safely and with a good overall performance. This was possible through the type safe extensions of Modula-3.

===Achievements===

* They pulled it off

===Problems===

* Design issues

===Current Status===

* Still under research

==Smalltalk Based==
===Overview===

<blockquote>The best way to predict the future is to invent it. -- Alan Kay</blockquote>

If you are reading this paper on a personal computer, and it has a GUI with overlapping windows, desktop icons, and a mouse pointer then you owe a debt to a group of researchers led by Alan Kay at Xerox's Palo Alto Research Center, or Xerox PARC. Many of those ideas had appeared elsewhere in one form or another, but the first time they came together in a demonstrable and portable form was in the early 1970s at Xerox on a machine called the Alto [http://en.wikipedia.org/wiki/Xerox_Alto]. Their example of a working personal computer was to be the inspiration that launched Apple into the history books.

===Motivation===

Searching for operating systems written in Smalltalk is an exercise in recursion. The Smalltalk OS was written in -- what else -- Smalltalk. But Alan Kay's Learning Research Group (LRG) didn't just set out to write a clever new language that could bootstrap its own environment. Not only were they in California but they had also just survived the 1960s. Their goal was to produce an entirely new learning environment to "amplify human reach and bring new ways of thinking to a faltering civilization that desperately needed it." [http://www.smalltalk.org/smalltalk/TheEarlyHistoryOfSmalltalk_III.html]

===Achievements===

They did manage to invent new ways of think about computing. Alan Kay coined the term "object-oriented programming". His inspiration had come from notions of objects already well known in LISP but he wasn't shy about giving credit where it was due. Kay believed his knowledge of LISP helped him think more clearly about computer problems. He felt it contained "great thinking patterns" and "deep beauty" and he vowed to preserve these qualities in the language that would become Smalltalk.

But Kay wasn't just interested the symbolic language at the heart of a system. He incorporated recent studies on learning and cognition from such experts such as Maria Montessori, Jean Piaget, and Jerome Bruner in his goal to form a complete vision of the personal computer. For instance, Bruner's research implied that people learn new thoughts in a loose sequence of translations [http://en.wikipedia.org/wiki/Jerome_Bruner]. First there are actions, or ''enactive'' representations which transform into images or ''iconic'' representations, and finally into language or ''symbolic'' representations. We may take it for granted today, but it was human insights such as these that helped Kay form the basis of graphical user interfaces as channels through which we perceive ideas represented in a computer.

Still the language is no small point. The central idea in Smalltalk (and Smalltalk-80 as an example of a whole system) is that "everything is an object". This includes what we already might think of as objects, such as files, forms, and fields but it also includes transformational methods such as actions, behaviors, and calculations. This places it in distinct contrast with operating systems written in C, and even those written in C++. Gone are such notions as ''process'' and ''semaphore''. In their place are ''messages'' between objects and ''events'' to which interested objects may react.

Another difference in Smalltalk from C-based operating systems is the lack of security. The only means Smalltalk has of protecting anything is through the visibility (private or public) of an object's methods and properties. But if you know how to dig through the system you can modify -- and break -- just about everything. This may be offer a sense of freedom to some. In the networked world this seems more than a bit risky. Yes, Smalltalk has networking.

===Problems===

Performance in Smalltalk-80 wasn't what we expect from our machines today. A later version of the system called Squeak made some attempt to address this issue (and that of portability) by writing a C language generator to create its virtual machine. This was reasonably successful, and you can now run Squeak on a number of platforms including stand-alone inside of VirtualBox.

[[File:Squeak-Hello-Carleton.png]]

Most non-programmers don't know much about Smalltalk-80 or Squeak though it's tempting to speculate what might have happened if Xerox had chosen to keep its secrets from Apple and commercialize the Alto. The decision not to commercialize was one that hurt Alan Kay's team, one of whom in fact seized the moment and went to work for Apple. By the mid-seventies Kay wasn't sure they had completely solved the problems for which they had set. In his disillusionment he sought to burn everything and start over. He was concerned he would be fulfilling both claims of Marshall McLuhan, namely that "our tools reshape us" and "inadequate tools ''still'' reshape us", though presumably not always for the better.

===Current Status===

* Continuing Research
* OLPC

==Java Based==
===Overview===

Java is used on a plethora of devices and systems throughout the industry from cell phones to web applets. With Java being a language that creates a virtual machine for each application, one would think that it is already suited to be an operating system in itself but this is not the case. Java is built to run on top of other operating systems such as Microsoft Windows, Mac OS X and Ubuntu Linux rather than being a standalone system. This section will discuss various operating systems that are written in Java such as JavaOS, Android, JNode and JX.

[http://java.sun.com/developer/products/JavaOS/ JavaOS] is Sun Microsystems very own creation. This system runs on different layers to make a scalable and easily updateable operating system [http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. The first layer is the microkernel which handles the memory architecture, booting, interrupt handling, threading, traps and DMA handling. The Java Virtual Machine is also compiled into native code for the system and is run on top of the microkernel. The second layer consists of the JavaOS for Business software which extends the memory module to optimize for systems with limited memory[http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. All device drivers for the system are written and run in Java and are what the third layer is consisted of. Finally, the fourth layer is a stand-alone JDK runtime environment used to run user applications.

[http://www.android.com/ Android] was created by a very ambitious team at Google for use with cell phones. It is basically an operating system running on top of another minimalistic operating system. At the very lowest end of Android, a Linux 2.6 kernel is what powers it. All device drivers are written and compiled for the native hardware or compiled using Google’s Native Development Kit and core system libraries such as libc, OpenGL | ES and SQLite are dynamically linked in per application [http://developer.android.com/guide/basics/what-is-android.html]. In the Android runtime, the Dalvik Virtual Machine (DVM) controls applications similar to the Java Virtual Machine. Dalvik is similar to the aforementioned JavaOS as it relies on the kernel to manage threading and low-level memory management. Running on top of the DVM are core libraries and application frameworks for the Android operating system. These frameworks include resource management, window management, notification manage just to name a few. Applications are then built on top of these frameworks and are the end result in which the user will actually interact with.

[http://www.jnode.org/ JNode] began as the Java Bootable System (JBS) in 1995. Ewout Prangsma, the creator, was unhappy with the amount of native C and assembly used for the system so he began a new project, JNode. JNode only uses a small amount of assembly code for booting the system now compared to the initial JBS [http://www.jnode.org/node/174]. The rest of the system is completely written in Java including its graphical user interface. Applications in JNode are referred to as plugins [http://www.jnode.org/node/175] including the device drivers, filesystems, networking and user applications.

[http://www4.informatik.uni-erlangen.de/Projects/JX/index.html JX] was created at the University of Erlangen. At it’s base is a microkernel that the basic Java Virtual Machine runs on which is similar to JavaOS. The system runs on the idea of domains where the microkernel runs at domain level zero and subsequent programs run in domain A, B, C, etc. Domains contain their own threads, heap and garbage collector and can communicate with other domains using portals. A portal is essentially the same as inter-process communication but using domains as processes instead [http://www.usenix.org/events/usenix02/full_papers/golm/golm.pdf].

===Motivation===

Java is a powerful language that already contains the code necessary for running on many different platforms. With the concept of virtual machines for each individual application it provides a layer of security that not every operating system has. Each virtual machine has it’s own heap which keeps other processes from accessing and writing over already allocated memory since the kernel manages the memory paging. With the use of just-in-time (JIT) compilers, these operating systems can almost achieve comparable run times when compared to native compiled applications.

Since all Java applications are compiled into the same set of bytecode, third-parties can develop their own implementation of the Java runtime. For example, Google has created the Dalvik Virtual Machine for use with the Android platform so it will run more efficiently on small devices while reducing the memory footprint [http://developer.android.com/guide/basics/what-is-android.html]. Google has just recently released Android 2.2 which includes a new JIT compiler for their Dalvik Virtual Machine which can improve speeds of applications up to 2-5 times [http://android-developers.blogspot.com/2010/05/dalvik-jit.html]. IBM also has their own version of the Java Virtual Machine, J9, that is used in many of their own pieces of software and also includes its own implementation of a JIT compiler.

===Achievements===

Android is probably one of the most well-known and mainstream Java based operating system currently on the market. Even though it’s the youngest of the operating systems discussed, it has become one of the newest standards for smartphones. With over 150 devices and counting, Android continues to grow and develop.

===Problems===

One major issue with using Java for an operating system is completely relying on the operating system and kernel to manage memory. Since Java is a garbage collecting language, developers do not have direct access to the memory and have to rely on the operating system to clean up after any objects have been left behind. This can be an issue with lower memory systems while running multiple applications at the same time.

===Current Status===

Each operating system has been created or worked on in the last ten years but some have either halted development or have not seen a major stable release in quite a while. JavaOS is still being maintained by Oracle after they had purchased Sun Microsystems. JNode has not seen an update in over a year and a half [http://sourceforge.net/projects/jnode/files/]. JX also seems to be at a stand still in development with only a minor update after its 0.1 release [http://www4.informatik.uni-erlangen.de/Projects/JX/download-sources.html]. Finally, Android is the most active with minor or major updates coming out every few months. The current state Android is in is Android 2.2 with Android 3.0 currently being hinted for quarter four of 2010 [http://www.techradar.com/news/phone-and-communications/mobile-phones/android-3-0-details-you-need-to-know-706243].

== References ==

Moon, David A. "Genera Retrospective." ''1991 International Workshop on Object Orientation in Operating Systems'' (1991): 2-8. Print.

Moon, David A., Thomas F. Knight, John T. Holloway, and Richard D. Greenblatt. "A Lisp Machine." ''ACM SIGIR Forum'' 15.2 (1980): 137-38. Print.

Pleszkun, A. R., and M. J. Thazhuthaveetil. "The Architecture of Lisp Machines." ''Computer'' 20.3 (1987): 35-44. Print.

COMP 3000 Essay 1 2010 Question 4

2010-10-13T22:13:08Z

Ymoussou: /* Overview */

=Question=

What "operating systems" have been implemented in the following languages: LISP, Modula-3, Smalltalk, Java? To what extent do these systems match the capabilities of operating systems implemented in C and C++?

=Team Note (to be removed by delivery date)=

Please use the [[Talk:COMP_3000_Essay_1_2010_Question_4|discussion page]] for any planning and comments.

=Answer=

== Introduction ==

Not so long ago people believed the Earth was a flat world at the center of the universe. This essay addresses a more recent falsehood: that all operating systems are written in assembly language and C. It's not surprising that students of computing in this century would genuflect at the academic altars of Kernighan & Ritchie. After all we grew up with our computer worlds already pre-formed into the conceptual continents of Apple OS, UNIX, and Windows. The more historically curious among us are vaguely aware that other island cultures do exist but they represent civilizations defeated in the marketplace. Explorations into these ancient worlds resemble documentaries about archeologists decoding rediscovered languages etched in stone. But scratch the surface of any of our so-called modern operating systems and you'll find echoes of these ancient languages in our own familiar worlds. Ellen Ullman said it best when she wrote, <blockquote>''We build our computer systems like we build our cities: over time, without a plan, on top of ruins.''</blockquote>

In the sections below we present our explorations into a few truly foundational operating systems. We will also see some brand new ones that prove we stand, as one twelfth century scholar put it, [http://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants on the shoulders of giants].

The following is a short list of operating systems written partially or completely with the given language. We will go into more detail in the language-specific sections below.

{| class="wikitable" style="text-align:center" border="1"
|+ '''Operating Systems By Language'''
|-
!width="15%"|Language
!width="85%"|OS List
|-
! Lisp
| MIT's Lisp Machines, Genera
|-
! Modula-3
| SPIN OS
|-
! Smalltalk
| Smalltalk-80 on Xerox Alto, Squeak
|-
! Java
| JavaOS, JNode, JX, Android
|}

==Lisp Based==
===Overview===
Lisp is the second oldest programming languages, established in the late 1960's as a list-processing language. It started out being perfect for math but when it came to programming with it, it left a lot to be desired. Since then there have been a number of different versions of it, from the first Lisp – called “pure Lisp” – to Scheme and Common Lisp. Unlike most object-oriented languages which are focused on classes and instances among other things, Lisp was initially focused more on functions, in which functions call other functions, though later versions of Lisp did eventually add in classes and other typical object-oriented features. It was after this that Genera was created, an operating system written entirely in Lisp, and developed from an earlier operating system on MIT's Lisp Machine.

The Lisp Machine project in began in 1974, where Richard Greenblatt and Thomas Knight, programmers at MIT, designed a computer for general use that was designed for a single user, in which the operating system was programmed entirely in Lisp. It was designed to be completely open to the user, so any changes the user wanted to make could be done during run-time. It was also one of the first systems to be programmed in a 32-bit architecture, making it far more versatile than a number of other operating systems at the time. Despite this, however, the first Lisp Machine was quite basic compared to later iterations, namely Genera.

===Motivation===
Genera is an evolution of the initial Lisp Machine operating system, and as such improved upon many of the basic features of the system. Genera was the first object-oriented operating system, making it stand out among the already well-known Lisp Machines, especially given the fact that it isn't a composition of languages like other operating systems – most using the primary language for the operating system and another language, such as assembly, to deal with hardware directly – but written entirely in Lisp – any of five different dialects of the language – including the lowest levels of the operating system that interact with hardware due to its effective lack of a kernel. Not having to deal with a kernel allows Genera to be very powerful and efficient in certain areas, most especially in the most complex applications such as those dealing with intelligent CAD and graphics, though when given very simple, very routine applications or processes it is much less efficient than other operating systems.

===Achievements===
Another primary difference from other operating systems is that Genera is a fully open system like the first Lisp Machines. Having an open system has its positive and negative aspects. Among the foremost positive aspects is that the user is in control and not left to the whims of the operating system as is common in non-open systems – if the user doesn't like how something is happening, they can simply go in and change it from happening that way again – and allows for very quick prototyping, not needing to wait to compile every little change. Also, due to utilizing very lightweight objects and the fact that everything is in a single address space rather than split across multiple spaces greatly increases efficiency, though again mainly in non-simple tasks.

Like operating systems written in C/C++, Genera has multiple inheritance and automatic garbage collection. Unlike C/C++, however, Genera uses object-oriented memory. This gives Genera a very useful feature that many other systems cannot do, which is that, given a memory address, the system is able to provide the start address, size, and the type of object in that memory location, which increases efficiency. Even the way files are accessed is very different from other operating systems, as it uses a generic file access system; in a generic file access system, rather than following a typical structure of keeping the commands needed for local and networked files different, the commands are the same, meaning that the system essentially acts like a file on a system on the other side of the world is a local file.

===Problems===
Not everything is great with an open system, however, as there are definite security concerns: with an open system, the user can change anything, and programs can interact with other programs and change anything, meaning that if a virus were unleashed on a Genera system it could be catastrophic. To counter this problem Genera systems are protected by a very simple method: keeping the physical system itself out of reach of all but authorized users and behind locked doors. To compare to other operating systems, such as those written in C/C++, it is generally less secure because of the open system, though they are both equally at risk when installing software, as both systems are completely open at that specific junction. Genera also has issues with modularity, as it allows for something to be called even when it is not supposed to be able to be called because, as it is an open system, there is nothing really stopping this from happening. Some versions of Genera and Genera applications are also very well-documented and run quite smoothly, but others are poorly documented and run quite slowly as they are built on top of older versions without any real plan beyond adding on an extra feature here or there over and over again.

===Current Status===
Genera and Lisp Machines, while still being used in a select few locations, are not currently being developed, as their time has passed. Their legacy still lives on, however, in the object-oriented operating systems still in use today.

==Modula-3 Based==
===Overview===

An idea came to mind. A question was proposed. Can an operating system have extensibility, safety, and good performance? A group of computer scientists from Washington University took on this question and tried to come up with an answer. That’s how SPIN operating system was created. SPIN is an operating system that blends the user-level with the kernel level. The main feature is that the kernel can be extended using modules that implement interfaces to meet the applications needs to optimise performance and safety. The programming language used is Modula-3, and the reason for using this language is for its type safe properties like interfaces, extension, and its automatic storage management. The operating system sits on the traditional monolithic kernel.This is because the authers of SPIN argues that microkernels are not extendible due to the massive overhead created from switching from in and out of the kernel.

===Motivation===

A poorly matched implementation prevents an
application from working well, while a poorly
matched interface prevents it from working at all.

This is the soul purpose for creating SPIN. The team had to meet three important features to make this work, a Flexible kernel with safe extensions and a good overall performance. The goal was to create a specialized operating system that can run a range of applications without sacrificing safety or performance. This system would allow the user programs and applications to manipulate and change the system’s interface to load and access the data or memory needed safely and with a good overall performance. This was possible through the type safe extensions of Modula-3.

===Achievements===

* They pulled it off

===Problems===

* Design issues

===Current Status===

* Still under research

==Smalltalk Based==
===Overview===

<blockquote>The best way to predict the future is to invent it. -- Alan Kay</blockquote>

If you are reading this paper on a personal computer, and it has a GUI with overlapping windows, desktop icons, and a mouse pointer then you owe a debt to a group of researchers led by Alan Kay at Xerox's Palo Alto Research Center, or Xerox PARC. Many of those ideas had appeared elsewhere in one form or another, but the first time they came together in a demonstrable and portable form was in the early 1970s at Xerox on a machine called the Alto [http://en.wikipedia.org/wiki/Xerox_Alto]. Their example of a working personal computer was to be the inspiration that launched Apple into the history books.

===Motivation===

Searching for operating systems written in Smalltalk is an exercise in recursion. The Smalltalk OS was written in -- what else -- Smalltalk. But Alan Kay's Learning Research Group (LRG) didn't just set out to write a clever new language that could bootstrap its own environment. Not only were they in California but they had also just survived the 1960s. Their goal was to produce an entirely new learning environment to "amplify human reach and bring new ways of thinking to a faltering civilization that desperately needed it." [http://www.smalltalk.org/smalltalk/TheEarlyHistoryOfSmalltalk_III.html]

===Achievements===

They did manage to invent new ways of think about computing. Alan Kay coined the term "object-oriented programming". His inspiration had come from notions of objects already well known in LISP but he wasn't shy about giving credit where it was due. Kay believed his knowledge of LISP helped him think more clearly about computer problems. He felt it contained "great thinking patterns" and "deep beauty" and he vowed to preserve these qualities in the language that would become Smalltalk.

But Kay wasn't just interested the symbolic language at the heart of a system. He incorporated recent studies on learning and cognition from such experts such as Maria Montessori, Jean Piaget, and Jerome Bruner in his goal to form a complete vision of the personal computer. For instance, Bruner's research implied that people learn new thoughts in a loose sequence of translations [http://en.wikipedia.org/wiki/Jerome_Bruner]. First there are actions, or ''enactive'' representations which transform into images or ''iconic'' representations, and finally into language or ''symbolic'' representations. We may take it for granted today, but it was human insights such as these that helped Kay form the basis of graphical user interfaces as channels through which we perceive ideas represented in a computer.

Still the language is no small point. The central idea in Smalltalk (and Smalltalk-80 as an example of a whole system) is that "everything is an object". This includes what we already might think of as objects, such as files, forms, and fields but it also includes transformational methods such as actions, behaviors, and calculations. This places it in distinct contrast with operating systems written in C, and even those written in C++. Gone are such notions as ''process'' and ''semaphore''. In their place are ''messages'' between objects and ''events'' to which interested objects may react.

Another difference in Smalltalk from C-based operating systems is the lack of security. The only means Smalltalk has of protecting anything is through the visibility (private or public) of an object's methods and properties. But if you know how to dig through the system you can modify -- and break -- just about everything. This may be offer a sense of freedom to some. In the networked world this seems more than a bit risky. Yes, Smalltalk has networking.

===Problems===

Performance in Smalltalk-80 wasn't what we expect from our machines today. A later version of the system called Squeak made some attempt to address this issue (and that of portability) by writing a C language generator to create its virtual machine. This was reasonably successful, and you can now run Squeak on a number of platforms including stand-alone inside of VirtualBox.

[[File:Squeak-Hello-Carleton.png]]

Most non-programmers don't know much about Smalltalk-80 or Squeak though it's tempting to speculate what might have happened if Xerox had chosen to keep its secrets from Apple and commercialize the Alto. The decision not to commercialize was one that hurt Alan Kay's team, one of whom in fact seized the moment and went to work for Apple. By the mid-seventies Kay wasn't sure they had completely solved the problems for which they had set. In his disillusionment he sought to burn everything and start over. He was concerned he would be fulfilling both claims of Marshall McLuhan, namely that "our tools reshape us" and "inadequate tools ''still'' reshape us", though presumably not always for the better.

===Current Status===

* Continuing Research
* OLPC

==Java Based==
===Overview===

Java is used on a plethora of devices and systems throughout the industry from cell phones to web applets. With Java being a language that creates a virtual machine for each application, one would think that it is already suited to be an operating system in itself but this is not the case. Java is built to run on top of other operating systems such as Microsoft Windows, Mac OS X and Ubuntu Linux rather than being a standalone system. This section will discuss various operating systems that are written in Java such as JavaOS, Android, JNode and JX.

[http://java.sun.com/developer/products/JavaOS/ JavaOS] is Sun Microsystems very own creation. This system runs on different layers to make a scalable and easily updateable operating system [http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. The first layer is the microkernel which handles the memory architecture, booting, interrupt handling, threading, traps and DMA handling. The Java Virtual Machine is also compiled into native code for the system and is run on top of the microkernel. The second layer consists of the JavaOS for Business software which extends the memory module to optimize for systems with limited memory[http://java.sun.com/developer/products/JavaOS/OverView/index.html ]. All device drivers for the system are written and run in Java and are what the third layer is consisted of. Finally, the fourth layer is a stand-alone JDK runtime environment used to run user applications.

[http://www.android.com/ Android] was created by a very ambitious team at Google for use with cell phones. It is basically an operating system running on top of another minimalistic operating system. At the very lowest end of Android, a Linux 2.6 kernel is what powers it. All device drivers are written and compiled for the native hardware or compiled using Google’s Native Development Kit and core system libraries such as libc, OpenGL | ES and SQLite are dynamically linked in per application [http://developer.android.com/guide/basics/what-is-android.html]. In the Android runtime, the Dalvik Virtual Machine (DVM) controls applications similar to the Java Virtual Machine. Dalvik is similar to the aforementioned JavaOS as it relies on the kernel to manage threading and low-level memory management. Running on top of the DVM are core libraries and application frameworks for the Android operating system. These frameworks include resource management, window management, notification manage just to name a few. Applications are then built on top of these frameworks and are the end result in which the user will actually interact with.

[http://www.jnode.org/ JNode] began as the Java Bootable System (JBS) in 1995. Ewout Prangsma, the creator, was unhappy with the amount of native C and assembly used for the system so he began a new project, JNode. JNode only uses a small amount of assembly code for booting the system now compared to the initial JBS [http://www.jnode.org/node/174]. The rest of the system is completely written in Java including its graphical user interface. Applications in JNode are referred to as plugins [http://www.jnode.org/node/175] including the device drivers, filesystems, networking and user applications.

[http://www4.informatik.uni-erlangen.de/Projects/JX/index.html JX] was created at the University of Erlangen. At it’s base is a microkernel that the basic Java Virtual Machine runs on which is similar to JavaOS. The system runs on the idea of domains where the microkernel runs at domain level zero and subsequent programs run in domain A, B, C, etc. Domains contain their own threads, heap and garbage collector and can communicate with other domains using portals. A portal is essentially the same as inter-process communication but using domains as processes instead [http://www.usenix.org/events/usenix02/full_papers/golm/golm.pdf].

===Motivation===

Java is a powerful language that already contains the code necessary for running on many different platforms. With the concept of virtual machines for each individual application it provides a layer of security that not every operating system has. Each virtual machine has it’s own heap which keeps other processes from accessing and writing over already allocated memory since the kernel manages the memory paging. With the use of just-in-time (JIT) compilers, these operating systems can almost achieve comparable run times when compared to native compiled applications.

Since all Java applications are compiled into the same set of bytecode, third-parties can develop their own implementation of the Java runtime. For example, Google has created the Dalvik Virtual Machine for use with the Android platform so it will run more efficiently on small devices while reducing the memory footprint [http://developer.android.com/guide/basics/what-is-android.html]. Google has just recently released Android 2.2 which includes a new JIT compiler for their Dalvik Virtual Machine which can improve speeds of applications up to 2-5 times [http://android-developers.blogspot.com/2010/05/dalvik-jit.html]. IBM also has their own version of the Java Virtual Machine, J9, that is used in many of their own pieces of software and also includes its own implementation of a JIT compiler.

===Achievements===

Android is probably one of the most well-known and mainstream Java based operating system currently on the market. Even though it’s the youngest of the operating systems discussed, it has become one of the newest standards for smartphones. With over 150 devices and counting, Android continues to grow and develop.

===Problems===

One major issue with using Java for an operating system is completely relying on the operating system and kernel to manage memory. Since Java is a garbage collecting language, developers do not have direct access to the memory and have to rely on the operating system to clean up after any objects have been left behind. This can be an issue with lower memory systems while running multiple applications at the same time.

===Current Status===

Each operating system has been created or worked on in the last ten years but some have either halted development or have not seen a major stable release in quite a while. JavaOS is still being maintained by Oracle after they had purchased Sun Microsystems. JNode has not seen an update in over a year and a half [http://sourceforge.net/projects/jnode/files/]. JX also seems to be at a stand still in development with only a minor update after its 0.1 release [http://www4.informatik.uni-erlangen.de/Projects/JX/download-sources.html]. Finally, Android is the most active with minor or major updates coming out every few months. The current state Android is in is Android 2.2 with Android 3.0 currently being hinted for quarter four of 2010 [http://www.techradar.com/news/phone-and-communications/mobile-phones/android-3-0-details-you-need-to-know-706243].

== References ==

Moon, David A. "Genera Retrospective." ''1991 International Workshop on Object Orientation in Operating Systems'' (1991): 2-8. Print.

Moon, David A., Thomas F. Knight, John T. Holloway, and Richard D. Greenblatt. "A Lisp Machine." ''ACM SIGIR Forum'' 15.2 (1980): 137-38. Print.

Pleszkun, A. R., and M. J. Thazhuthaveetil. "The Architecture of Lisp Machines." ''Computer'' 20.3 (1987): 35-44. Print.