PIlot: An Operating System for a Personal Computer
The Pilot operating system provides a single-user,
single-language environment for higher level software
on a powerful personal computer. Its features include
virtual memory, a large "flat" file system, streams,
network communication facilities, and concurrent
programming support. Pilot thus provides ather more
powerful facilities than are normally associated with
personal computers. The exact facilities provided
display interesting similarities to and differences from
corresponding facilities provided in large multi-user
systems. Pilot is implemented entirely in Mesa, a highlevel
system programming language. The
modularization of the implementation displays some
interesting aspects in terms of both the static structure
and dynamic interactions of the various components.
Main Goal :Personal computer os
Design Decision for pilot based on the fact that it was for a PC
- Protection
- single user system, more errors than maliciousness
- everythings runs in a single address space vs each app has its own addr space
- Scheduling
- Resources Sharing
- Files, Storage
Language Support(Feature of Mesa language)
- Object oriented (Pointer not exist)
- Single address space (No H/W protection)
- Strong type check
Design
- single address space
- single language support
- integrated support for network communication
- additional features can be layered
- accept hints from application(eg. When to page out data)
- no longer useful for today, untrusted application developer
- limited features for protection and resource allocation
- Does not secure against malicious process
- language -based protection
- Oracle acquire xxx company therefore it could optimize hardware, os, app together
- Pilot is a kernel on which additional features could be largely built on top of it
Files
- Pilot support files and volumns
- Files are storage container
- Volumes represent the media on which files are stored (virtual, one-to-many, many-to-one)
- Application only sees one volumn, OS decides which physical disk data goes in.
- How the file data accessed?
- RAID
- File Attributes
- 4 attributes
- Can be made “permanent” of “immutable”(can not be modified, changed for protection, ~= WORM)
- Network have address
- Files and volumes are only the “kernel” of the file system, Pilot does not implement FS
Virtual Memory
- Linear address is partitioned into hierarchy memory spaces.
- Allocation
- Swapping: subspace is a unit for swapping, can contain several pages
- Space.Create
- Space is serving as the unit of allocation.
- Space can be created as nest.
- Space.Map
- Virtual memory is the only access path to the contents of files, and files are the only backing store for virtual memory.
- Swapping
- The swapping between primary memory and backing store is performed in the units of spaces.
- The swapping strategy followed is to swap in the lowest (i.e., smallest) space containing the page.
- Space.Activate as a hint to be swapped in asap. Space.Deactivate is the inverse operation.
Implementation
- Circular dependency need to be broken
- Separate policy vs. mechanism
- Manager determines policy, kernel just make it works
- Kernel -> Mechanism Manager -> Policy Kernel: Memory page out, page in. Manager: Decides which page to page out.
Communication
Communications tightly integrated into Pilot
Many of same features and issues of networking support in TCP/Unix
- sockets, listen, datagrams, connections, etc.
Clients on same computer can user network communication to do IPC
General Question
How do the requirements of the Pilot operating system differ from the systems we have read about so far, and how does the design of Pilot reflect those differences?
- First PC
- single user
- single language
- single address space
- no time-sharing
- Defensive protection
Why we still run time sharing machine(UNIX)?
- More protection
- Multi application could run at the same time
- Even we don't have many users, we have so many things/apps running in our laptop.
Design decisions from Pilot that were motivated from the goal (an OS for a personal computer)
- single-language
- single-user system
- with only limited features for protection and resource allocation.
- (OS trust the app hints ,No incentive for lying
What design assumption does not work well for today?
- It assumes that maliciousness is less serious.