Hi, there are aspects of the goals and the design where I am fairly confident, and aspects where I am less confident, increasingly so as I learn more about operating system design, from you and other people.
One thing that causes me problems in these discussions between you and me is that I often don't know if you are talking about just the kernel or also the user space system when refering to Coyotos. The space bank in particular is logically outside the kernel and part of the user space operating system. But there seem to be some complicated interactions between the kernel design and the way memory is organized in the space bank that I likely do not fully appreciate and which seem to conflate the issues. My confusion in other areas of the design space is also a reflection of the confusion in the research community on these issues. One could also call the confusion an opportunity to make choices. Capability MAP vs COPY, membranes (or not), active/passive objects etc are merely some examples for this. There are also unexpected pitfalls. Take for instance the IPC reliability discussion, which ended with agreement across the board that timeouts or watchdogs are probably the only way to deal with communication failures sensibly. This made me aware of the problem that we might not give sufficient attention to timing issues in the system. Hermann Haertig told me at EuroSys that he thinks it is a mistake to build a system nowadays without consideration to timing. This raised an internal alarm flag for me, which is still raised, waving along until I decide to spend some resources on the issue. Which brings me to the next point: I have hardly spent any thoughts on operating system design in the last half year, and won't spend much thought on it for the next three months for certain. I am wrapping up my math studies in a quite unrelated field (algebra and cryptography). I am sorry that this leaves you waiting (as well as many other people), but it is how it is. I am also emotionally exhausted from the discussions that happened, and need some time to sit back and refocus to be able to take a more constructive approach. I recognize your translucent space bank as a step in that direction, and one that is quite appropriate in the context of the Coyotos system design, but for me this is the second step before the first. I want to think about these issues top-down. Jonathan, you can argue very convincingly from your position, exactly because you have interwoven many aspects of the design into a single coherent picture. All I ask for is to be able to weave my own picture, and let's not preclude the result. I have made the mistake to commit prematurely to a system design once before, disappointing many people. Consider me a burnt child. Thanks, Marcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
