PierrePronchery

pierre@defora.org

2004 Pierre Pronchery Nowadays mainly two conceptions of computing compete: open source and proprietary software. I believe that most software should be available with its source code, as a proof of quality, interoperability, and security, to only quote the most obvious reasons. However, most open source operating systems are based on UNIX. While this can be considered as a mature, stable and portable operating system, its use can be cryptic, and users are often facing technical inner workings of this system. Moreover, most human-computer interfaces, either in text or graphical mode, and even configuration files, are incoherent between each other, and particularly in community open source systems. It is also certainly worth thinking about a technical re-design of the UNIX system. It has been originally designed along with C, with a monokernel approach, on computers where every single character handling avoided counted. Now the power of even 10 years old computers is far beyond this, and researchers are working on micro-kernels, and safe programming languages for instance. Today I think my ideal operating system should be open source, micro-kernel based, usable on pentium-class computers, coherent, connected, and distributed. This paper explains in detail how I would design and implement it. This section contains the major software licenses used in the project, either for application source code, documentation, or any other file contained in the system. The choices of these licenses are explained in the next section of this document. The terms of this license are extracted from the "Open Source Definition", thus it should be compatible with the original terms. DeforaOS project licensing terms -------------------------------- Preamble -------- "the author" in this license is myself, Pierre Pronchery. Introduction ------------ The use of the software distributed as part of the DeforaOS project must comply with the following criteria. The concerned software includes at least the following (unless explictly mentionned by the author): - every software contained in the project "DeforaOS". - every software distributed on the DeforaOS project website, "http://www.defora.org", belonging to the author. 1. Free Redistribution ---------------------- Anyone is free to sell or give away the software, as a component of an aggregate software distribution containing programs from several different sources. Not royalty or any fee is required to do this. 2. Source Code -------------- Distribution of the software is allowed in source code as well as compiled form. Where some form of the product is not distributed with source code, there must be a well-publicized means of obtaining the source code, not exceeding the cost of an average internet download. The preferred form of modification is of source code, via the unified diff format. It is not allowed to obfuscate source code in any way, or to use any intermediate compilation format. 3. Derived Works ---------------- Modifications and derived works are tolerated. They must be distributed according to the terms of this license. Moreover, the author kindly asks anyone working on such modifications or works to keep him informed of these. The aim is to let them benefit to everyone, and keep the best version of the software, and related works, available at the original place (as a matter of global coherence, and ease of use). 4. Integrity Of The Author's Source Code ---------------------------------------- Any modification of the source code, must be distributed as patch files, according to the unified diff format. Distribution of software built from modified source code is allowed. Derived works must carry the same name, and must modify the version number this way: "original.version.number-vendor_name". 5. No Discrimination Against Persons Or Groups ---------------------------------------------- This license doesn't discriminate against any person or group of persons. 6. No Discrimination Against Fields Of Endeavor ----------------------------------------------- This license does not restrict anyone from making use of the software in a specific field of endeavor. 7. Distribution Of License -------------------------- The rights attached to the software apply to all to whom the software is redistributed, without the need for execution of an additional license by those parties. 8. License Must Not Be Specific To A Product -------------------------------------------- The rights attached to the program do not depend of any other licensing rights. 9. License Must Not Restrict Other Software ------------------------------------------- This license does not place restrictions on other software that is distributed along with the licensed software. 10. License Must Be Technology-Neutral -------------------------------------- No provision of the license may be predicated on any individual technology or style or interface. FIXME: not decided yet FIXME: depends if they're already copyrighted or not, etc, else not decided yet FIXME: free software definition, licenses choices, ... FIXME: - advantages: interoperability, security, ... - issues: coherence (in community development) FIXME: - 200 distributions, few major applications per usage - simple concepts - light and flexible historical inheritances within more than 30 years - sophisticated yet flexible and clear setup - appropriate software versions handling - localization ease - things like they are - different development models, including open source... FIXME: - few distributions, 200 major applications per usage - complex concepts - heavy historical inheritances within a few years - registry - DLL hell - localization issues - original terms renamed and appropriated - closed and lazy development where monopoly, aggressive standards conformance policy else (and often buggy too) FIXME: - so few... FIXME: always think like the users, and listen to them... FIXME: a few words, and conceptual screen shots, about it would feel like to use the system... The system will boot with a minimal filesystem image in memory, mounting the system directory from a location hard-coded in the image, or a bootloader parameter. Additional volumes will be directly available in the volumes hierarchy, and eventually mapped to the user defined applications and data files hierarchies. They actually are applications engines, with the appropriate memory mappings and other priviledges necessary in their very purpose. Applications using the drivers connect to them like interfaces usually do. Interface proxy to the filesystems drivers. Knows the filesystems mappings. Maintains the pid/fd mappings. Only interface allowed to connect to the filesystems drivers. Sanitizes all accesses (handles and removes special path like ".", "..", etc). First, I want to avoid as much as possible to use assembly code. This is for obvious portability and readability reasons. I believe the micro-kernel should be coded in both assembly and C, because it has to be written with the computer limits and inner workings in mind. Object abstraction (in the programming language) is not necessary in the case of the kernel to my mind. I am also thinking about using C in the whole base system: Ada: no, but it could be very interesting Assembly: no, long to write, too close to the machine C: yes, simpler to implement (and kind of mandatory anyway), few keywords, total liberty in APIs definitions, even if lacks exceptions, and is too close to the assembly language (then again we can handle the machine limits, ...if we think each time about each possibility) C++: no, bloat, hell to implement C#: no, I still have to look better at it D: no, doesn't look mature yet Java: no (virtual machine, verbosity of the language, classes names, ...) Objective C: no, though certainly interesting, but I find the syntax cryptic Perl: no, interpreter Python: no, interpreter And also, as I care about coherence, the APIs in every language will be directly derived from a common definition, up to the point that every language would stick to its syntax, but could be compiled and linked against objects written in another one. If this is possible of course. Everything helping portability and interoperability will be appreciated. Every application runs inside what's called a "session". They are split in two parts: the application "engine", and the "interface". The end-user interaction should be presented the same way in text mode or graphical mode, possibly via the same API, and using only one binary for both. FIXME FIXME FIXME The applications interfaces may detect the requested toolkit to use according to the availability of an environment variable ("DISPLAY" for instance), or by the result of an equivalent to the POSIX istty() call. Some applications may work with character streams as a fallback, typically like the UNIX filtering applications. FIXME The graphics library would be fully OpenGL compliant. It is not yet known how the clients will communicate with the graphical server. In case of a socket based communication (maybe implemented anyway to run on other OSes), instead of the current kernel based one, the network transparency will be straight-forward. It may not be efficient though... This will be decided later. About the graphical toolkit for applications, I insist that only one library will be supported, and binary compatible with the text mode toolkit. It may be more efficient to implement the toolkit on the server side, this will be decided later too. The filesystem is highly inspired from the UNIX one, but taking in consideration the user only needs to access his files, applications, volumes or shared files most of the time. Consequently, the following directories are available at top level: "Apps", "Data", "System" and "Volumes". The "System" directory could even have been called ".System" to only let the advanced users access it via the common interfaces. It could even be considered that the place of an executable in the filesystem hierarchy could determine its privileges; this can't be a security risk, since when one gains access to the filesystem, then he has already access to the full system. It contains a sub-directory per applications group. In this sub-directory one man find the following directories: Binaries: the applications binaries Engines: the applications' engines binaries Libraries: the shared libraries System: the applications administration binaries Sources: the applications source code (a sub-directory per package) Shared data: documentation, hosted files, ... System hierarchy. Contains the following sub-directories: Apps: system essential applications and libraries, containing a Apps/subdirectory like hierarchy. Devices: equivalent to the /dev Kernel: equivalent to the /proc on Linux Sources: the associated source code (a sub-directory per entity) Hard disks, CD-ROM and DVD-ROM drives, USB keys, etc, that get automatically mounted. To gain read and write access on them, one should have the necessary privileges though. FIXME: think about a DTD for configuration files; Configuration files contain variable names along with their values, nested inside sections. Default variables and values can be set in the global section, which name is "" (empty string). The global section is the default one. Comments are allowed on their own lines. #this is a comment #default session is global variable=value [section] variable=value [another section] #another comment variable=value another variable=value [] #this is global section again variable=value Prefix is "Buffer". new(): Buffer new(Size size): Buffer delete() get_size(): Size set_size(Size size): Bool Prefix is "Config". new(): Config delete() load(File file): Bool save(File file): Bool get(String section, String name): String set(String section, String name, Variable variable): Bool Prefix is "File". new(): File new(String filename): File delete() open(String filename): Bool open(String filename, FileOpenMode mode): Bool close() read(Buffer buffer): Size write(Buffer buffer): Size flush() set_position(Offset offset) set_position(Offset offset, FilePositionFrom) Prefix is "List". new(): List new(ListType type): List delete() get_type(): ListType set_type(ListType type) Prefix is "String". A string can be stored in different encodings, possibly longer than the 7-bit ascii, or 8-bit ascii extensions ones (eg UTF-8). Strings are always properly terminated when manipulated using this interface. new(): String //creates an empty string new(Buffer buffer): String //creates a string from `buffer` using //the default encoding new(Buffer buffer, StringEncoding encoding): String //creates a string from `buffer` encoded //as `encoding` delete() get_size(): Size //get string buffer size set_size(Size size) //set string buffer size to `size` get_length(): Size //get string length set_length(Size size) //set string length to `size` Prefix is "Variable". This type is used for data conversions. new(VariableType type, Buffer data): Variable //creates a `type` variable from `data` delete() get(VariableType type): //get variable as `type` set(VariableType type) //set default type to `type` set(VariableType type, Buffer data) //set variable as `type` from `data` Prefix is "AppEngine". new(): AppEngine delete() Prefix is "AppIface". new(): AppIface delete() Prefix is "G". A list of a possible implementation guidelines follows. a GCanvas is a surface, containing GCanvasItems a GCanvasItem is a graphical primitive GCanvasItems can be grouped inside GCanvasGroups a GWindow contains a GCanvas a GCanvas is a GWidget every GWidget is a GCanvas Consequently, every graphical item on screen is a GCanvasItem, GWidgets are groups of GCanvasItems, and can contain other GWidgets, possibly being GCanvases. This is a big advantage for code reuse. A problem is, it doesn't handle resizing properly as is. Prefix is "Canvas". //FIXME functions applying to GCanvases, but not to GWidgets Prefix is "CanvasItem". delete() //deletes properly, whichever the type show() //shows item hide() //hides item Prefix is "Label". new(): GLabel new(String string): GLabel delete() get_text(): String set_text(String string) Prefix is "Window". new(): GWindow new(String title): GWindow new(GWindowType type): GWindow new(GWindowType type, String title): GWindow delete() get_type(): GWindowType set_type(GWindowType type) get_size(): Size set_size(Size x, Size y) FIXME - decisions - project modifications: APIs, documentations, teams, ... - medias: IRC, mail, mailing-lists, web site, ... FIXME In debugging mode, always assert the contract. FIXME FIXME Function names are lower case. Make it just work Audit Optimize Audit Think about possible features If globally accepted, add selected features Audit It seems reasonable, if not obvious, to determine independant tasks within the huge work described before in this document. There follows a proposal. FIXME FIXME FIXME FIXME FIXME FIXME FIXME These applications only require their application engines. For an easy and safe configuration, or monitoring, they may provide user interfaces though. FIXME Every application that fits on a desktop: file browser, web browser, mail and news reader, messaging application, images viewer, audio and video viewer, and optionaly games, etc. FIXME FIXME FIXME FIXME The only essential part of these services is their application engines. At the moment it is not yet known if the system will be based on, or provide a native POSIX development environment. It may be possible to write an application engine providing the POSIX system and library calls, on which the POSIX utilities would connect as usual application interfaces. We could even imagine them with a graphical interface, which would fallback as the regular UNIX commands if the graphical toolkit is denied (using stdin, stdout and stderr as usual).