[COFF] Other OSes?

Bakul Shah bakul at bitblocks.com
Tue Jul 10 15:41:08 AEST 2018 

On Sun, 08 Jul 2018 22:51:00 -0400 Dan Cross <crossd at gmail.com> wrote:
>
> On Fri, Jul 6, 2018 at 1:43 AM Bakul Shah <bakul at bitblocks.com> wrote:
>
> > [snip some very interesting and insightful comments]
> > Mill ideas are very much worth exploring.  It will be possible
> > to build highly secure systems with it -- if it ever gets
> > sufficiently funded and built!  IMHO layers of mapping as with
> > virtualization/containerization are not really needed for
> > better security or isolation.
>
> Sure, with emphasis on that "if it ever gets sufficiently funded and
> built!" part. :-) It sounds cool, but what to do on extant hardware?
> Similarly with CHERI: they change nearly everything (including the
> hardware).

There is that!

Mill made me realize per process virtual address space can be
thrown out *without* compromising on security.  This can be a
win if you are building an N-core processor (for some large
N). Extant processor architectures are not going to make
efficient use of available gates for large N-core. And
mulitcore efforts such as Tilera don't seem to do anything re
security. This just seems like something worth experimenting
with.

> > 2. Is mmap() *really* the best we can do for mapping arbitrary resources
> > > into an address space?
> >
> > I think this is fine.  Even remote objects mmapping should
> > work!
> >
>
> Sure, but is it the *best* we can do? Subjectively, the interface is pretty
> ugly, and we're forced into a multi-level store. Maybe that's OK; it sure
> seems like we haven't come up with anything better. But I wonder whether
> that's because we've found some local maxima in our pursuit of
> functionality vs cost, or because we're so stuck in the model of
> multi-level stores and mapping objects into address spaces that we can't
> see beyond it. And it sure would be nice if the ergonomics of the
> programming interface were better.

I was using mmap as a generic term.  See my previous message
for an example -- read/write(fd, buffer, count). Here buffer
is a cap that can be used to map remote data into local addr
space.

More information about the COFF mailing list