CS 736 - Spring 2007 - Paper Discussion

Summary:

The paper presents the design and implementation of the Pilot Operating System, a single user, single-language (MESA) environment for personal computers. Pilot has several novel features like memory management based on client program advice and integrates features like virtual memory, large file system, streams, network communication facilities and concurrent programming support.

Problem Addressed:

As digital hardware became less expensive, more powerful Personal computers (PC) could come within reach of the mainstream user base and a different model of operating system could exploit the single-user nature of PCs and the close user/system cooperation. (As compared to monolithic time sharing system). The aim is to provide a feature rich OS with a programmable environment in this setting. Security is considered secondary in such a single-user system.

Contributions:

The hierarchical memory spaces is one of the new ideas the authors propose. Here they involve two concepts, firstly, that demand paging tends to promote thrashing. The other being user-guided memory management using primitives like Space.Activate, Space.Deactivate. Since there is only a single user, the advice idea is very intelligent.
The coupling of the virtual memory map to the file contents is also a very useful idea and lends itself to the usage of advice-taking primitives like Space.Kill.
Space.ForceOut can be used for crash-recovery.
Usage of the concept of sockets and network streams appears to be a new idea of the time. The approach of connecting a network like an I/O device, so that the packet communication protocol becomes part of the OS is used in modern operating systems as well.
File system robustness with reconstructable maps and file scavenger also looks like a precursor to journalling file systems et al.

The Pilot debugger is a significant idea - it provides an isolated environment for debugging and one could run a different version of the Pilot OS in the debugger. This appears to be in the direction of virtualization and process isolation.

Flaws:

Security is not taken care of. The programming complexity of the system appears high as there are no inherent checks to code, instead the debugger is invoked directly in case of an error.
Single programming environment, Mesa also has tight bounds on the programmability of the system. Although shown flexible, it may not be the best environment to do both high level and low level stuff.

SUMMARY

In 'Pilot: an operating system for a personal computer', Redell et al. discuss
design and implementation issues of a modular operating system optimized for
single-user, single-language environment. Main features of the Pilot OS include
virtual memory, concurrent process execution, file system and networking.

................................................................................

PROBLEM

As computers became more affordable, efficient sharing of hardware for a diverse
group of users lost some of its imperetive. Many of the features of traditional
operating systems (for larger computers), such as attempt at total protection of
processes from one another seemed unnecessary in a system with only one user.
The paper discusses the compromises and features thst they think such simplified
operating system should have.

................................................................................

CONTRIBUTIONS

* optimization of an OS for a specific environment (single user in this case)

* view of the operating system as a run-time environment of a language (MESA).
This includes the OS structure reflecting constructs of the language (e.g.
modularity and interface specification, public and private access levels)

* idea of extremently tight coupling of a system and the language used to
implement it

* idea of having defensive, rather than absolute protection. Such approach
protects against obvious defect but is not designed to gurantee protection.

* flat filesystem (no file hierarchy) by assigning each file in the entire space
of Pilot-running systems amongs all used storage a unique id.

* more generally, concept of uniqueness of objects in the entire universe, such
as files or network addresses

* attempt to unify the universe of Pilot-running machines but making it easier
for resources to be shared between machines (e.g. networking and flat filesystem
with unique file ids)

* virtual memory: file-mapped, give user process some control over swapping
behavior

* unified stream interface for IO devices

* networking with unique addressing, concept of sockets/ports, protocol stack,
connection establishment mechanisms, some similarity to Saltzer et al.
"end-to-end arguments".

* High degree of (kernel) MESA language support, including debugging.

* Implementation with the goal to "please" (their term) the MESA programmer.

* Details of implementation and discussion of practical issues of storage system,
virtual memory, processes, filesystem and communication.

................................................................................

FLAWS

The authors seem to contradict themselves when designing a "single-user" OS,
while in fact making it very easy for resources of different machines to be
shared (e.g. via the flat filesystem or networking). Clearly, universal
addressing, either for files or networking, is an overkill if the same user
controls all the computers in the universe. That is, it seems that the authors
made a noble attempt to envision a world where computers cooperate, but
unfortunately their OS by their own design isn't well-suited for such vision.

I think the authors missed the chance to simplify design of multi-user operating
systems. The got rid of some complexity, but replaced it with their own, such
as flat file systems with universal ids, virtual memory that is open to
suggestions, having universally immutable files, swapping controlled by user
process, and sophisticated kernel crash-recovery mechanisms.

In my opinion most of the time the users are their own worst enemies. That is,
the main threat to system stability comes not from malicious ingenuity but from
honest incompetence. Therefore, having a single user on a machine does not
justify having defensive, rather than absolute protection. On the plus side,
the authors did include plenty of crash recovery mechanisms.

The argument while Pilot does not support languages besides MESA and why it is
good is not clear.

................................................................................

RELEVANCE

I think the paper is very relevant because at least once in our lives we grow
annoyed with various operating system features that get in our way, such as
multi-user facilities. This paper puts things in perspective, and, once one
thinks critically about it, indirectly shows that computers even with a single
user do not exist in isolation, and therefore some inconvenience is necessary.

Summary:
The paper presents a design and implementation overview of Pilot OS. The OS provides a rich set of features designed for personal computers.

Problem:
With the introduction of Personal Computers, individual users had a substantial power of computing at their disposal, but had not many OS that were designed for such individual use. Pilot attempts to be one such OS, providing a set of features that are more useful in personal computers, while ignoring, to some extend, typical design issues (such as protection and fair resource sharing) found in time-sharing systems.

Contributions:
- Idea of "logical volumes" in file systems that could span across multiple physical volumes.
- A virtual memory system with no special backing store - any file page could be mapped to memory and vice-versa. The virtual memory system also provides 'advice-like'(hint) primitives to client-driven performance optimization.
- A standardized stream interface, that can be pipelined at runtime using filters.
- full-fledged networking capability including routing.
- Introduction of "manager/kernel" pattern, which is an extension of "policy/mechanism" pattern presented in Hydra.

Flaws:
- The paper underplays the significance of protection and security, despite providing full networking capabilities at system level.
- The file system provides no hierarchy (i.e. cannot group related files) and files are identified with a (64bit?) UID (i.e. hard to remember the file id).
- Designed their own networking standard (based on "Pilot-only" hosts), instead of complying to existing standards.
- Though claims have been made (robustness of file system, for e.g.) no data is given to substantiate the same.

Relevance:
The paper provides a good insight to early development of personal computing OS. Some of the ideas presented (like logical volumes, layered networking support, "hint", etc) are still employed in modern operating systems.

-

Summary:
This paper presents the Pilot operating system, a system designed to be used by one user. It is written in the mesa language, and a key feature of it is the role of a Pilot machine in a network of lots of machines.

Problem:
The problem addressed here is what is needed from an OS that is intended to be used by only 1 user, as opposed to lots and lots of users. At the time this was written, this was a relatively new development that a computer might have only 1 user.

Contributions:
* File/virtual memory unification
* Streams for IO
* Facilities for communications between networks

Flaws:
* Ability to permanently blocking writing to a file seems unnecessary an contrived
* Lack of security features for a computer that exists on a network is a big issue in my opinion
* No built in methods for organizing files

Relevance

I believe that the most relevant part of this paper is the discussion of communication with a larger network. I would be interested in seeing a comparison of the other features of this machine with appledos.

Summary:
This paper describes an outline of a single-user, single-machine, and modularized Operating System “Pilot” which was designed for a personal computer. Since “Pilot” was designed for personal computer, it had a variety of services with simple policies which were strongly related to the implementation language “Mesa”.

Problem:
To enable creating a desired personal computing environment, existing multi-user, multi-processor operating system were too complicated and didn’t fit well. Since it was for single-user operating system, an operating system with more functions than “kernel” and less focus on protection and resource sharing were needed.

Contributions:
“Interface & Implementation”
These two topics were quite interesting. The way they decided to cut the module into interface and implementation enabled the system to be more customizable so that user can pick and use them conveniently and efficiently.
“Device Abstraction”
Pretty similar to the idea above, Pilot can provide a customized access interface to the device by using filter and transducer. This shows that many kind of device could be access from one interface and also several type of abstraction for one device, such as streams.
“Network & Socket”
Not only a single closed machine, Pilot had an internet like view of network as a environment and one of the features. The way they use address and socket is really similar to current system and this might leaded to a world that has personal computing, communication, and collaboration.
“Layer & Modular”
As a whole system, I felt that modularizing and layering the system with high-level language was successful showing a new type of operating system including well organized picture of system overview.

Flaws:
Even though the operating system was designed for personal computer, there could have been a little adjustment done on file system and protection. As some people already mentioned it, a flat file system doesn’t seem to match to Pilot. Personal computing environment might not have multi-user on one machine, but of course the user might have multi-task and jobs so some sort of assistance organizing the file such as hierarchical file system and naming must be useful. I couldn’t agree with that point but at that time it might have been a tradeoff with a robust file-system.
Communication and Collaboration with networking supports the need of readable, convenient naming.
Also, it is clear that the choice using high level language “Mesa” encouraged creating a well structured system but it might have made it difficult to developing and implement the system it’s own because of that.

Relevance:
As a one of the pioneers of PC-OS, I think “Pilot” was well balanced nice system that enabled a single-computer OS and still providing rich service. But also I felt like it might be the beginning of “OS as a part of product”. Pilot was used for famous Xerox “Star” and there are many ideas remaining currently.

Links for Xerox star
http://en.wikipedia.org/wiki/Xerox_Star
http://toastytech.com/guis/star.html

Summary

An operating system is created, in the Mesa high level language, based on a set of standard interfaces that are to be implemented. The system includes a number of novel features, such as stream processing, network layering, and virtual memory.

Problem
Previous operating systems were very complex and designed for time-sharing computers. The authors set out to develop an operating system that is efficient for the highly used functionality of the Personal Computer.

Contributions

• API or interface for system calls. Which led to the idea of drivers. With a driver that satisfies the specified interface any hardware can work with the system.
• Focusing on the most used functionality. This system was very limited in its scope. The system set out to solve a reasonable set of problems to allow the personal computer user to accomplish the majority of their tasks.
• The system included the base of the networking stack and some capable stream manipulation tools.
• Contributed the idea of a socket.

Flaws
The authors did an outstanding job of limiting the scope of the system, but I think the system might have benefited from a little focus on the future. For example the system required a 64-bit Universal Identifier, which is unique across all time and systems. With the 1+ billion computers in use today the uid would have never scaled. Even if they did these would be easily guessable. Security, a hot topic now, was not a priority in the system. “Errors are a more serious problem than maliciousness”. The entire system was run in the same address space. Allowing anyone to modify the operating system. The system was also highly coupled with the Mesa programming language. I imagine that it would be a sizable undertaking to switch languages if Mesa fell out of favor. Hindsight is 20/20 and I am sure these were not evident when the system was created.

Relevance
The authors had the foresight to focus on a system for the masses to be run on a personal computer. Drivers and virtual memory are still used today along with the networking infrastructure.

Summary

This paper presents details about operating system "Pilot" for which provides a single-user, single language environment for software running on a personal computer and is implemented using the Mesa language. The authors talk about the interfaces provided in Pilot like files, virtual memory, streams and I/O devices, communications, and language support. The authors also discuss higher level implementation details of the Pilot operating system.

Problem Description

Personal computers were gaining popularity in late-1970s and early-1980s. At that time all the operating systems were designed and optimized for multi-user systems. As a result they included a lot of features that were not required on a personal computer like extensive protection between files and processes of multiple users. All these features were not required in a single user environment. In this paper, the authors propose an operating system optimized for single user environment by selecting a subset of features implemented in multi-user operating systems.

Contributions

Some of the contributions of this paper are outlined below.
1. The major contribution of this paper is that it provides the idea of having an optimized operating system that can efficiently run on personal computers used by a single user. During the 70s and 80s a lot of research was still focused on multi-user systems. Thus, this paper presents a very unique idea.
2. The authors introduce the concept of virtual memory for personal computers. It should be noted that virtual memory was initially developed in early-1960s at the University of Manchester. The contribution of this paper is that it suggests virtual memory optimized for single-user systems which is superimposed by space machinery. A space is responsible for allocating region of virtual memory, to map the virtual memory to the backing store and to swap pages between primary memory and backing store.
3. Pilot also supports multi-layered access to a device using different layers of filters to convert between different formats. The concept is quite similar to device drivers these days. Clients can write their own filters and transducers by using the standard set of stream components provided by Pilot.
4. The authors also provide detailed discussion on communication features provided by Pilot. In order to support interactions between loosely coupled processes, Pilot provides a packet communication protocol. The authors also present the idea of sockets that can be used to access communication facilities and to transmit and receive inter-network packets. Pilot’s packet communication protocol consists of sets of network-specific drivers, modules that implement sockets, network stream transducer and a router. The router is a software switch which routes packets among sockets, sockets and networks and networks themselves. All the physical layer details of the network controller are abstracted by using the network driver provided by Pilot.
5. An important Mesa-supported facility i.e. an interactive debugger (CoPilot) is implemented as an integral part of Pilot. CoPilot allows programs to exit gracefully in case of any errors.
6. Pilot provides a very robust file system. This robustness is achieved by using reconstructable maps. The file system was designed from the very beginning with the idea of file scavenger (a utility program that can repair a damaged file system) in mind.

Flaws

Some of the flaws of this paper are as follows.
1. The authors suggest that a personal computer deemphasizes the role of monolithic time-sharing. That is why the authors do not talk anything about the scheduler. This is a big flaw in the implementation of Pilot. Time-sharing can result in quite efficient utilization of the processor and other resources. All of the modern operating systems implement time-sharing to achieve higher throughput.
2. Pilot provides very limited protection. The authors claim that in a single-user environment, errors are more serious problems than maliciousness. Pilot supports communication to other systems through interconnected networks. Given that Pilot provides very weak protection, it will be quite easy to hack into the system and access important data.
3. Pilot provides a “flat” file system i.e. there is no directory hierarchy. This means that it will be quite hard to manage files i.e. keeping related files in one folder etc.

Relevance

Even though the Pilot system lacks a lot of features implemented in modern operating systems for personal computers, it forms that basis for all of them. Pilot introduced the concept of supporting inter-network communication using sockets and to implement a software router within the operating system. Although current operating systems do not implement a software router, they very heavily rely on sockets for communication to other computers and networks. The idea of multi-layered filters is quite similar to layered device drivers used these days.

Summary:
The paper describes Pilot, an OS built for a PC and closely tied to the Mesa programming language.

Problem:
The authors wanted a PC operating system, in part designed to be a foundation for network-based distributed systems.

Contributions:
It's hard to know how many of the ideas were new at the time, but there are a number of modern ideas.
* The modularity of the system is reasonably impressive; the separation of implementation and interface is an important part of software design. I'm not sure at what point this really started to become common to think in terms of the two parts though.
* We again see near-uniform treatment of memory and files
* The Pilot debugger is an interesting concept -- supporting debugging as a direct system function allows a richer time debugging because you have more control over interactions with the OS
* Pilot supports both UDP-like and TCP-like sockets. Wikipedia says that the TCP RFC were published in 1981, so it was developing right alongside today's de facto standard. (This may explain why Pilot doesn't use TCP.)
* Pilot's concept of streams seems similar to layered drivers in Windows. Drivers can insert themselves into a device stack and intercept and modify requests going to a device in what sounds like much the same way that Pilot has filters to do transformations.

Flaws:
The really big one in my mind is protection. They don't take much care to protect against malice because it's designed for a single (or few) user system. This in and of itself isn't a huge deal, but the fact that they simultaneously had in mind that it should be specifically designed for communication and connecting different systems makes this, at least in retrospect, a poor decision. It's possible at the time they didn't foresee the degree to which computer systems have to withstand attacks when you start networking them.

Also, the ties to Mesa could be a weakness too if it makes it more difficult to program in other languages.

Relevance:
This paper came pretty early in the development of PCs and PC OSs; MacOS wasn't released until 1984 and Windows 1.0, 1985 (Source: Wikipedia). And even though it was missing some features that we would consider essential, like a hierarchical file system, it also introduced some other features before other OSs. I don't know when MS-DOS or Apple supported sockets, but I bet it was after Pilot. They certainly don't come with a network router built in. (Though the latter could be considered bloat.) It's really only been in the last decade that most PCs have become networked.

Summary
Described is an operating system built to run on a system that is used by an individual user and provides services appropriate for such a task. Facilities to support time-sharing and protection are de-emphasised while the system is designed to be as compact as possible yet supporting the most important set of services to allow for the writing of a large variety of user programs that may interact with many different types of peripherals.

Problems addressed
The authors main objective in the development of the Pilot system seems to have been that of determining an optimal subset of features found in large multi-user computers that would work well together in a single-user environment. The ability that the systems be able to communicate with other systems via a network also was deemed important and the authors attempted to make communication seamless and transparent regardless of whether the communication was within a single system or between systems via the network.

Contributions
Though a number of the ideas used in this paper were not novel at the time the integration of many ideas that were primarily used individually previous to this work seems to have been proved successful. The ideas utilized for communication are very important and are used to this day such as the use of a socket that has an identity only at a particular time and can be reused by many different resources. The layering of a network protocol and a robust file system that can be upgraded easily and can recover from a crash are all very important aspects of a usable system.

Flaws
Since the described system is meant primarily for a single user, protection is de-emphasized and employed only to prevent errors rather then protect against malicious behaviour. However the machine is also built specifically to be incorporated into a networked environment where it communicates with other machines and users. I feel security is lacking since the system will be communicating with other untrusted machines. Also the idea that every file must have a unique uid may be limiting though at the time, when storage systems were much smaller, it may not have seemed like a limitation.

Relevance
The network infrastructure described, in that every machine uses a network address to identify each other, sockets are employed for implementing the communication mechanism and the layered approach that is used are all very relevant to just about every system in use today.

Paper Review: Pilot: An Operating System for a Personal Computer [Redell, et. al.]

Summary:

This paper presents Pilot, an operating system with a number of novel
features.

Problem:

The problem addressed by Pilot was to build a feature-rich operating
system for a high-performance personal workstation that had the right
capabilities for personal computing.

Contributions:

Pilot implemented a seemingly functional unification of file I/O and
virtual memory.

Pilot had logical volumes that can span physical devices, so that
applications could overcome hardware capacity limitations at the time.
Logical volumes introduce a useful layer of virtualization for storage
systems today.

Pilot had the seemingly useful notion of "spaces" that are contiguous
sets of pages, inspired by the thought that a personal computer's
virtual memory will have perhaps a very different workload than a
time-sharing system.

Pilot had a very complete debugging facility via "world-swap" function
that would be ideal for developing an operating system and its
applications as it could save total machine state, switch to it for
debugging and resume the state before.

Pilot employed what the authors called a "manager/kernel pattern" with
facilities implemented at two levels: low-level core functionality that
is then extended by a higher level "manager". This freed the operating
system modules from traditional dependency "levels", allowing components
to inter-rely on each others services.

Flaws:

The operating system had limited features by design, such as protection,
with the expectation that a personal computer would expect errors rather
than malicious activity. They didn't forsee common household
sharing/privacy issues with personal computers nor malicious attacks
from the network.

Pilot implements a fairly primitive environment. Things commonly
expected of an operating system, such as file-system and intelligent
paging, are implemented only at a very low-level with details left to
higher-layer applications or managers that must almost be operating
systems themselves.

Relevance:

Something like Pilot might be a good candidate for a thin client machine
perhaps with local storage. That it was a one language system (Mesa)
seems unnecessarily restrictive and would hinder its use as a general
personal computer operating system given current hindsight of the
software industry.