Re: Writing an Operating System in Ada

["Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>]

On Thu, 14 Jan 2010 12:31:01 +0100, Jean-Pierre Rosen wrote:

> Dmitry A. Kazakov a �crit :
>> I disagree. One could perfectly complement another. If you wanted to create
>> a safe OS you would like to protect system objects at the hardware level
>> independently on whether the language does any checks or not.
>> 
> They claimed that the CPU was "putting Ada on silicon". What I mean is
> that the value of Ada is to check many things at compile time; anything
> that's on silicon will have to wait until execution time.

Well, Ada has a cooperative model of accessing things, i.e. whatever the
compiler has checked, that gives no any guaranty at run time. We could also
imagine a variant of the language that would give such guaranties if
demanded. For example a protected object could be mapped outside the
process's space. When calling an operation on it, the OS would check the
provided object address and execute the protected operation in the kernel
mode. This is how many OSes handle I/O requests. They check the request
parameters for being valid addresses in the process space. They also check
certain types. When you pass a handle to some system object, it is checked
if that is a brush, when used in Paint. That sort of things could be
supported by the hardware reducing the overhead of system calls. Shared
libraries would certainly win from such design too. So there is nothing
wrong in this idea, and it is in no contradiction with static checks.

(What iAPX432 was actually designed for is another story)

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de