The Angel system was developed by the Software Architecture Research Center (SARC) at City University, London. It is ``designed as a generic parallel and distributed operating system'', [Angel], and hence has support of distributed shared virtual memory (DSVM) as a major goal. It is based on a microkernel architecture which provides persistent virtual memory and a local RPC mechanism based on shared memory. The initial prototype implementation of Angel was an emulation running under SunOS. I am not aware of any subsequent native implementation.
Opal was developed by the Department of Computer Science, University of Washington. It provides dynamically variable size segments as a basic abstraction, and makes use of password capabilities[Anderson86] for access control. Threads explicitly attach to segments, presenting a capability for validation. Opal makes use of reference counts to automatically delete a segment after the last detach operation. It also supports explicit reference counting via a set of primitives[Chase95, pp. 49-50]. These may be used to prevent automatic deletion and hence provide persistent segments.
An implementation of Opal was produced running as a server task on top of the Mach microkernel. Segments were represented somewhat transparently by Mach memory objects , and a modified version of the Mach default pager was used to provide the backing store.
Mungi is an operating system which has been developed mainly by the School of Computer Science and Engineering at the University of New South Wales, Australia. Its main aim appears to be the support of persistent objects[Elphinstone96]. These are protected via a password capability scheme similar to that used by Opal, although in Mungi capabilities need not be presented explicitly to objects. Instead a cache of capabilities is maintained per task in its active protection domain .
The most recent implementation of Mungi is on top of the L4 microkernel for the Mips R4600 processor[Heiser97]. The Mungi API is represented as an L4 user-level server. Mungi system calls are implemented as lightweight IPC to this server, which can then either perform the system call itself or (in some cases) forward it to the L4 microkernel. This L4 server also incorporates a default pager for all Mungi tasks.
Nemesis is also a single address space operating system, yet its motivation for this is almost entirely orthogonal to that of these other systems:
As there is no built-in support for persistence, there is no need for reference counting to determine if there are outstanding users of a particular stretch. Memory resources allocated to a domain may be explicitly freed at any time, and are implicitly destroyed when the domain exits. This does not preclude the use of user-level stretch driver which maintains its own state on a backing store across reboots. It simply means that there are no assumptions built in regarding the use (or usefulness) or persistent memory mapped objects.
Furthermore, due to the non-distributed nature of the address space, the use of capabilities for access control is unnecessary. Rather than hide the unwieldly nature of explicit capabilities like Mungi, Nemesis does not use them at all. Clearly were a DSVM-style stretch driver to be implemented, it would require some form of authentication and identification mechanism. However this is a problem which should be solved by that particular stretch driver, not by the entire operating system.
Another aspect of the Nemesis memory management system which might be compared with other work is the removal of all paging operations from the kernel. Instead the NTSC is simply responsible for dispatching fault notifications.
At first this may sound rather similar to the ideas pioneered in Mach[Young87] and subsequently used in microkernel systems such as L4[Liedtke95b]. However it is considerably different from such microkernel architectures, or even from ``exokernel'' systems such as Aegis[Engler95]:
The difference between previous approaches and the Nemesis one is illustrated in Figure 9.
The left-hand side on the figure shows the microkernel approach, with an external pager. Three applications are shown, with two of them causing page faults (or, more generally, memory faults). The third application has a server performing work on its behalf, and this server is also causing a memory fault. The kernel notifies the external pager and it must then deal with the three faults.
This causes two problems:
On the right-hand side we once again have three applications, but no servers. Each application is causing a memory fault of some sort, which is trapped by the NTSC. However rather than sending a notification to some external pager, the NTSC simply notifies the faulting domain. Each domain will itself be responsible for handling the fault. Furthermore, the latency with which the fault will be resolved (assuming it is resolvable) is dependent on the guarantees held by that domain.
![\begin{figure}
\centerline{
\includegraphics [width=0.99\textwidth]{figures/nem_v_ukern.eps}
}\end{figure}](img18.gif)