On Thu, 2006-05-11 at 15:36 +0200, Tom Bachmann wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Marcus Brinkmann wrote: > > At Wed, 10 May 2006 08:54:41 -0700, > > Thomas Bushnell wrote: > >> Still, he is essentially right. The conclusion is--dare I say > >> it--right as well. The best computer systems *are* single address > >> space systems. Of this, I have absolutely no doubt. > > > > But this just replaces the war on the best kernel with a war on the > > best memory-safe programming language... > > > > OT: Why implies sasos a memory-safe language?
It does not. However, I don't agree with Thomas. The SASOS idea is a very attractive idea, but its attraction derives from a fundamental abandonment of encapsulation. A SASOS is easier to implement for the kernel developer, but without fully separate address spaces there are interactions between processes that the developer cannot control. Fundamentally, a SASOS abandons the idea of a process-private namespace, and reduces all addresses to global names. Contrast this with the current situation in L4, where an *overwhelming* effort is being made to *eliminate* global names because of severe security issues. > If you have a look at e.g. mungi or nemesis, they show that other > mechanisms (virtual memory) can be used. Yes. They also demonstrate (in both cases) that fault isolation and security are harder to achieve in such a system. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
