On Fri, Jul 6, 2018 at 1:43 AM Bakul Shah <bakul@bitblocks.com> wrote:
[snip some very interesting and insightful comments]
Mill ideas are very much worth exploring.  It will be possible
to build highly secure systems with it -- if it ever gets
sufficiently funded and built!  IMHO layers of mapping as with
virtualization/containerization are not really needed for
better security or isolation.

Sure, with emphasis on that "if it ever gets sufficiently funded and built!" part. :-) It sounds cool, but what to do on extant hardware? Similarly with CHERI: they change nearly everything (including the hardware).

> 2. Is mmap() *really* the best we can do for mapping arbitrary resources
> into an address space?

I think this is fine.  Even remote objects mmapping should
work!

Sure, but is it the *best* we can do? Subjectively, the interface is pretty ugly, and we're forced into a multi-level store. Maybe that's OK; it sure seems like we haven't come up with anything better. But I wonder whether that's because we've found some local maxima in our pursuit of functionality vs cost, or because we're so stuck in the model of multi-level stores and mapping objects into address spaces that we can't see beyond it. And it sure would be nice if the ergonomics of the programming interface were better.

> 3. A more generalized message passing system would be cool. Something where
> you could send a message with a payload somewhere in a synchronous way
> would be nice (perhaps analogous to channels). VMS-style mailboxes would
> have been neat.

Erlang. Carl Hewitt's Actor model has this.

[1] http://tierra.aslab.upm.es/~sanz/cursos/DRTS/AlphaRtDistributedKernel.pdf

I'm going to read that paper, but it's at least a couple of decades old (one of the authors is affiliated with DEC).

        - Dan C.