Amoeba is a distributed OS consisting of a (distributed) kernel and a suite of services.
- Services are accessed using RPC
- OS Controls workstations (which execute processes such as window managers & editors), pool processors (which provide most of the processing power), specialised servers (execute dedicated processes with special resource demands) and gateways (to other Amoeba systems accessible only over WANs).
Objects
Amoeba is object based where an object is defined as a piece of data on which well-defined operations can be performed by authorised users.
Objects are accessed and protected by unique object capabilities, which form a 128-bit wide name space. Capabilities are protected from illegal modification by the inclusion of redundancy and a checksum field.
Each object is accessed by a service port whose ID forms part of the object capability. Objects are managed by severs.
Servers
Servers are lightweight processes that share the object address space. Multiple server processes can jointly manage a group of similar objects providing a service. A server indicates its willingness to accept requests to a service port by using the get_request system call. Clients perform RPC using the do_operation system call containing an object capability and an operation code as parameters. Server processes reply to the RPC using the send_reply system call. Amoeba is RPC blocking.
When the kernel receives a do_operation call the local kernel extracts the service port ID and looks up the server ID in an internal table. It is possible for this look up to fail or for the ID in the table to be incorrect due to server migration. The kernel can broadcast a message seeking the ID of the appropriate server.
The central discovery service shields users from knowledge of binary capabilities by associating them with names. The directory objects support the operations lookup, enter and delete. Arbitrarily complex graph structures of directory objects may be constructed.
File access
The bullet service provides file access. In Amoeba, files are:
- Immutable
- Contiguous (both on disk and in file server cache)
The file server supports the operations read, create and delete. Data consistency for sets of objects (atomicity) is possible through the provision of an atomic update facility in the directory service.
Processes
Amoeba processes may be either running or stunned. Stunning is used for program debugging and process migration. The kernel passes the process state of a stunned process to a handler, which then copes with anomalies such as process exits and exceptions. The capability for a handler is included in the process descriptor for every process.
Process migration is achieved by stunning the process, after which the handler passes the process descriptor to a new host. The new host copies the memory contents relevant to the process and restarts it. The new process capability is passed to the handler, which kills the process at the old host.
Process stunned and process not here replies are sent to processes attempting to communicate with migrated processes.
Addressing
Process address spaces are segmented. Segment mapping operations may be accompanied by a capability. Data may be shared between processes by unmapping and mapping segments.
Security is achieved by using an F-box which implements a one way function to generate a public server ID from a private server ID and similarly public client IDs are generated from private client IDs.
Amoeba: Evaluation
- Provides the abstraction of a single powerful CPU using a pool of lower-power CPUs
- Resource location transparency is provided using service ports as the means of access to service implementations
- Protection and naming transparency are provided by object capabilities
- The F-box prevents a process from masquerading as a server
- Consistency of information and fault tolerance are Amoeba's main weaknesses
- The centralised directory service is a potential source of bottlenecks
