3. THE WORLD HAS CHANGED
Fast computers are affordable and memory has become
cheap
Malicious environment – worms, viruses, etc
Few users understand about computer or software
5. CENTERS OF GRAVITY
Abstract Instruction Set
Unified Extension Mechanism
Strong Process Isolation Architecture
Ubiquitous Metadata Infrastructure
6. SYSTEM ARCHITECTURE
Guest
Code
Kernel/Runtime
Scheduler IPC Manager I/O Manager Virtual PC
Additions
GC & Memory Mgr Metadata Manager Security Manager
HAL Native HAL VM Manager VPC VMM
Processor and other hardware
7. ARCHITECTURAL FOUNDATION
Software-Isolated Processes
Information Hiding and Failure Isolation
Message Passing
Cannot share writable memory
Sealed code spaces
Lesser Overhead
8. ARCHITECTURAL FOUNDATION (CONTD.)
contract NicDevice {
out message DeviceInfo(...);
Contract-Based Channels
in message RegisterForEvents(NicEvents.Exp:READY c);
in message SetParameters(...);
out message InvalidParameters(...);
All communications through Contract Based Channels
out message Success();
in message StartIO();
Ends of channel are not symmetric
in message ConfigureIO();
in message PacketForReceive(byte[] in ExHeap p);
out message BadPacketSize(byte[] in ExHeap p, int m);
in message GetReceivedPacket();
out message ReceivedPacket(Packet * in ExHeap p);
out message NoPacket();
state START: one {
DeviceInfo! → IO_CONFIGURE_BEGIN;
}
state IO_CONFIGURE_BEGIN: one {
RegisterForEvents? →
SetParameters? → IO_CONFIGURE_ACK;
}
state IO_CONFIGURE_ACK: one {
InvalidParameters! → IO_CONFIGURE_BEGIN;
Success! → IO_CONFIGURED;
}
state IO_CONFIGURED: one {
StartIO? → IO_RUNNING;
ConfigureIO? → IO_CONFIGURE_BEGIN;
}
state IO_RUNNING: one {
PacketForReceive? → (Success! or BadPacketSize!) → IO_RUNNING;
GetReceivedPacket? → (ReceivedPacket! or NoPacket!) → IO_RUNNING;
...
}
}
9. ARCHITECTURAL FOUNDATION (CONTD.)
Manifest-Based Programs
MBP is a program defined by a static manifest
Describes code resources, system resources, capabilities and
dependencies
Supports Code Verifiability
