|"Microsoft Research has published the first details of a wholly new operating system under development called Singularity, designed new from the ground up, built on a new language and designed with emphasis on dependability instead of performance."
Source: Singularity Site http://research.microsoft.com/os/singularity/
One interesting concept is the abstraction of Software Isolated Processes (SIPs).
SIPs provide the strong isolation guarantees of OS processes (isolated object space, separate GCs, separate runtimes) without the overhead of hardware-enforced protection domains. In the current Singularity prototype SIPs are extremely cheap; they run in ring 0 in the kernel’s address space. Singularity uses these advances to build more reliable systems and applications. For example, because SIPs are so cheap to create and enforce, Singularity runs each program, device driver, or system extension in its own SIP. SIPs are not allowed to share memory or modify their own code. As a result, we can make strong reliability guarantees about the code running in a SIP. We can verify much broader properties about a SIP at compile or install time than can be done for code running in traditional OS processes. Boarder application of static verification is critical to predicting system behavior and providing users with strong guarantees about reliability"
From the report we can read that:
* SIPs are the OS processes on Singularity. All code outside the kernel executes in a SIP.
differ from conventional operating system processes in a number of ways:
* SIPs are closed object spaces, not address spaces. Two Singularity processes cannot
simultaneously access an object. Communications between processes transfers exclusive
ownership of data.
* SIPs are closed code spaces. A process cannot dynamically load or generate code.
* SIPs do not rely on memory management hardware for isolation. Multiple SIPs can reside
in a physical or virtual address space.
* Communications between SIPs is through bidirectional, strongly typed, higher-order
channels. A channel specifies its communications protocol as well as the values
transferred, and both aspects are verified.
* SIPs are inexpensive to create and communication between SIPs incurs low overhead.
Low cost makes it practical to use SIPs as a fine-grain isolation and extension
* SIPs are created and terminated by the operating system, so that on termination, a SIP’s
resources can be efficiently reclaimed.
* SIPs executed independently, even to the extent of having different data layouts, run-time
systems, and garbage collectors.
Strong concept, I would like to see it in action to form a better opinion. It appears to me that performance could suffer, but perhaps the goal of a dependable operating system is more important to Microsoft.