contributed articles
Doi:1145/1787234.1787253
Safe, modern programming languages let
Microsoft rethink the architectural trade-offs
in its experimental operating system.
By JameS LaRuS anD GaLen hun T
The
Singularity
System
the sInguLARIty pRoJect at Microsoft Research
began by asking what modern operating-system
and application software would look like if it were
designed with modern software-engineering practices
and tools. 9 Answering is important, since almost
every system today shares a common intellectual
heritage with the time-sharing systems developed in
the 1960s and 1970s. Computers and the computing
environment have changed dramatically since then,
but system software has evolved much more slowly,
leaving a wide gap between system requirements and
capabilities.
In the 1960s, computers were limited, expensive
devices used only by small groups of highly trained
experts. Their limited speed, memory capacity,
and storage forced designers and programmers to
be parsimonious with resources. Applications and
systems were generally written in assembly language,
not in high-level programming languages, as they
are today. Extensive sharing of code and data was
essential for efficient use of scarce memory. Moreover,
computer users and uses were also very
different; the small group of people
with access to computers understood
the technology and tolerated its shortcomings. Though computers were increasingly important in business, and
thus operated in secure environments,
they were not central to anyone’s personal life. None of these characteristics
is true today.
Construction of the Singularity
operating system began in 2004 with
three design principles:
Use safe high-level programming languages to the greatest extent possible.
They prevent entire classes of critical
errors (such as those enabling buffer
overrun attacks) while facilitating development and use of accurate and efficient software-development tools;
Software failure should not lead to
system failure. Despite advances in programming languages and tools, perfect software remains a vision for the
future. However, robust system architecture can limit the consequences of a
failure and give a system the ability to
respond and recover without having to
reboot; and
Systems should be self-describing at
all levels of abstraction. Specification
and verification are increasingly common for language features and library
interfaces. However, as systems consist
of many components, most are never
formally described. Introducing specifications at the boundaries of components describes both their dependencies and their contributions to the
system, enabling principled decisions
about system architecture.
key insights
new demands on computer systems
require rethinking assumptions
concerning language, operating system,
and system architecture.
Safe modern programming languages
promise significant benefits for
constructing high-performance
systems.
Systems must be self-describing at
all levels of abstraction for building
automatic tools that verify and validate
their correctness and integrity.
