What’s in a Domain

The Domain

A domain is a sort of object, defined by kernel code, that obeys user mode machine code. They thereby become objects defined by that user mode code. For the purposes of the Synergy discussion few details about domains are significant. There is a detailed description of domains from Keykos, but all you need to know is here:

There are several possible keys to a particular domain. The main key is the domain service key. One invocation on the domain service key, passing an 8 bit number, returns one of the 256 start keys to that domain. The meaning of invocations of start keys is defined by the code that the domain obeys.

We excerpt and paraphrase some design notes in the Gnosis manual on the role of domains. These architectural decisions largely determine the nature of Keykos.

Instantiation

The normal way for a program that serves many clients to distinguish among its clients is to have a domain per client. The domain’s address space is divided into a read-only portion that holds the program and that portion is shared among all such domains. Another portion is not shared and holds data that codes the state of the particular object that serves a particular client.

We say that each of these domains is a different object but these objects are of the same type. A particular client holds only the start key to his own object and thus the program needs no programmed logic to distinguish between its clients upon invocation.

Some multi client programs behave towards one client according to state that is effected by actions of other clients. In this case the domains may share either a mutable portion of address space where the common state is expressed, or a key to a deeper object that holds the common state is shared between the domains that obey the program.

Multi-programming, or multi-tasking

Domains are independently scheduled. A Keykos domain serves the role of a Unix thread; distinct domains can share an entire address space if that is convenient. A CPU in user mode is executing some domain and no other CPU is executing that domain. The ready queue is a set of domains.

System Modularization {Subroutines, Information Hiding, Isolation {Clean room}}

Large software systems must be segmented into functional units. The domain is suitable for most such units. Several domains are used if the unit involves several processes. The domain architecture can enforce the data hiding and abstraction that is favored in modern system segmentation theories.

Locks

Domains act for just one thread at a time. They can thus be used to house critical code. Data accessed solely by one domain will be acted upon by the domain’s code one thread at a time.

The kernel’s stalling mechanism provides efficient management of the queue of those processes waiting for the resource.

Limiting a program

The domain that obeys a program is the site of the capabilities that the program wields. Its authority is thus limited by the capabilities in the domains that obey it.

Mailbox (or lack thereof)

When a message is sent across a trust boundary to be interpreted by user mode code, the sender determines the recipient of the message by selecting a start key that the sender holds. The start key selects a domain, not a mailbox. One might then say that the domain plays the role of a mailbox in Keykos.

Here is what happens when a domain obeys a program that traps.