Core Abstractions in the o operating system

    (Recursive typed stacks)
    (Compression of metadata)
    (Directed Graphs)
    (MMU page protection as the primary security mechanism)
    (Multiple persistent memory spaces)
    (IPC and RPC through shared memory mechanisms)
    (Run-time code generation)

    Recursive Typed Stacks


  • The primary referential and collective structure in the o operating system is the typed stack.
  • A stack occupies a contiguous memory space.
  • Elements within a stack may be of any size with the granularity of one byte.
  • A stack may not necessarily use all the space allocated to it.
  • The types of items within a stack and their locations in the space used by the stack are described in a meta-stack.
  • An element within a stack may be a meta-stack describing another stack of elements, hence stacks and their meta-stacks may be recursive.
  • Each element within a meta-stack is composed of two processor word size pointers: one pointing to the type of the item and the other pointing to the location of the item in the stack.
  • The lower 3 bits of the type pointer are used to indicate whether or not the location pointer is to a stack item or to the end of the stack or to the end of the space and whether or not the location pointer is absolute or relative to the start of the space for the stack.
  • The recursive stacks form a heirarcy equivalent to the file system structure in traditional operating systems and the environments in dynamic programming languages.

    Compression of Metadata

  • The metadata may be elided if the data is of a regluar nature and if that data contains enough information for code (created to operate on it) to re-create the metadata that would otherwise describe it.
  • The metadata (such as type pointers for elements embedded in the regular data) is not lost but is subsumed into the code that operates on the data.

    Directed Graphs


  • One such regular data structure is the directory node which contains stack descriptors (two-element stacks) pointing either to further directory nodes or to other kinds of data stored in a chunk of memory.
  • Edges are named rather than nodes because two nodes may both reference a third but have different names for it.
  • Because metadata describing data must be kept consistent with the data and because more than one metastack may refer to a stack those metastacks that refer to the same stack are arranged in a circular linked list.
  • Not all items in a directory node must be named.
  • Names for contained stack descriptors may be held in a variable-sized text object after the descriptors.
  • Other formats for directory nodes than the one illustrated above may be used when a simple array of stack descriptors is insufficient (e.g. when a directory node contains tens of thousands of named items.)
  • Other annotations may be applied to items in a directory node (creation date, criticality, security classification, storage class, funkiness, etc.)

    MMU page protection as the primary security mechanism in the o operating system


  • Read, Write, and Execute activity on stored data is not checked using code referring to access control lists or permission bitmaps. Instead hardware memory protection is used to allow or deny reads and/or writes to memory. Data that may not be written to in an execution context shall merely be mapped in read-only. A program may check for write permission by attempting to write. If it can do it then it has permission.
  • If there is data maintained in context A, for example, that should be visible but not changeable from context B then the data should be placed in a page that is mapped read write for A and read only for B.
  • pages (and contained data) in regions marked No Access are mapped in to the context's address space but are only visible from kernel mode (ring 0) and from other contexts where the page is mapped in read write or read only.
  • Memory pages are mapped in at the same logical offsets in each context.
  • Two different physical pages may have the same logical offset in their contexts if they have no contexts in common.
  • A pointer within a page should always point to the data the pointer was created to reference or to a No Access page regardless of the context being used to read the pointer. For this reason a linked list of pointers (a directory path, for example) should transition first to a page that is set No Access for a context before it leaves that context entirely (even if it is all the while accessible from another context.) Otherwise the pointer may point to valid yet nonsensical data mapped into the context at that location for another reason.

    Multiple persistent memory spaces

  • The global context and each of the local contexts have a backing store (swap space) on disk to which all pages are written out on system shutdown and also periodically durring execution (implementing checkpointing.) On restart the pages for the contexts are demand-paged in, starting with the first, root context (which 'owns' the global context.) On restart after system failure the most recent consistent image accross the contexts (because the contexts must remain synchronized) is the set of images demand paged in.
  • Each context implements a 32-bit address space, some of which may be shared with other contexts, the rest of which is independent of other contexts and is stored on disk or other permanent store separately and thereby extends the storage capacity of the system as a whole to an extent unbounded by the processor word size (however the maximum contiguous chunk of data manipulatable by the system is still limited to a little less than the processor word size.)