Introduction to domains

Domains are the actors of KeyKOS. Any event in KeyKOS is the direct and immediate result of an action by some domain. Domains are primitive objects that obey programs and thus assume the role of non-primitive objects.

A domain has sixteen general slots and several special slots. The use of the general slots is determined by the program obeyed by the domain. The keys in the general slots are invoked or included in messages by the explicit direction of the program obeyed by the domain. To say that a program holds a key means only that the key is in some general slot of a domain that obeys the program. The use of the special slots is determined by the domain. Their names and use will be explained below.

As will be seen, domains can act to acquire and hold new keys. Such new keys are said to be accessible. Such actions must be warranted by keys already held.

The domain’s address slot holds the key to its address segment, which provides the domain’s address space. The domain obeys a program found in its address segment. Code designed to be obeyed by a domain is domain code.

The domain interprets the program according to the hardware problem state architecture. The general registers, the floating registers and other status information are included in the domain’s special slots (as degenerate number keys q.v.). Similarly included is hardware specific control information. KeyKOS extends many features of the hardware architecture (for example, providing access control via keys), but achieves good performance and necessary functionality by fully exploiting appropriate features of the architecture.

A gate key designates a domain. A message addressed via a gate key in an invocation of that key is delivered to the domain so that the program obeyed by the domain has complete control over the disposition and interpretation of the message.

KeyKOS was designed with the idea that a domain will typically spend its life obeying just one program. The function of another program may be had by invoking a start key to a domain that obeys the other program. This other domain is almost always thought of as an object by the programmer of the first domain.

KeyKOS systems are generally built of a large number of small objects. Such modularization increases reliability and simplifies maintenance, since programming errors can impact only the objects in which they occur. Such systems are characterized by a large number of context switches over time. The KeyKOS design and implementation makes these context switches very efficient, and allows application/system builders to exploit their advantages. Because small objects are efficient in KeyKOS they can be utilized in the port of operating systems to significantly increase reliability while minimizing port-time by reducing complexity.

In KeyKOS, the dynamic relationship between calling and called domains is represented by a key first held by the called domain. Most other capability systems (see [3] for a survey and bibliography) represent this relationship in some sort of internal stack that may only be implicitly referenced by calling and returning operations. In KeyKOS, the CALL operation, which is primitive, produces a message that contains an implicitly produced resume key to the CALLing domain. The resume key is a form of gate key. To the CALLed domain this is merely another key, conventionally used to return. Alternatively, it may be passed to another domain, stored into an array of keys or anything else that may be done with a key.

Domains are like “tasks” of MVS [4] or Ada [5]. They are like “processes” in UNIX [6] and various other systems.