User Replaceable

Said of some feature of a software platform. Some early timesharing systems were single language systems. The system could understand only one compiler or interpreter, perhaps because that subsystem was counted upon to help maintain system integrity. Such compilers were not user replaceable. Few systems had user replaceable shells before Unix. Shells previously belonged to the TCB. Keykos omits most of classic kernel function from its kernel but provides hooks by which that function can be done outside the kernel. Such function can be shared, or replaced by the individual user.

See segment logic for the tools to implement your own sort of virtual memory. See meters about how to do your own coarse scheduler. See domain theory about how to define your own responses towards programs that suffer traps or issue system calls for other systems.

We consider here how custom security policies can be built to guard our data without impacting protection rules, or the code that implements policies for other data. In particular the factory is ordinary user code, which provides confinement. It is user replaceable! Here we propose removing some obscure function from the Factory thereby making that function user replaceable, at no cost to those who remain with the old function. This is all about how to stand behind a segment to provide all sorts of services that most kernel builders could not afford to consider—safely!