Inferno [9] is a completely new operating system for creating distributed services and applications. It was developed by the Computing Science Research Center and the Inferno Business Unit of Lucent Technologies. Inferno is designed specifically as a commercial product, but it includes a lot of high-end features from the research and development of Bell Labs in operating systems, languages, on-the-fly compilers, networking, and security.
The basic environment for Inferno is the network and networked components, in all varieties. This includes devices like advanced telephones, hand-held devices, TV set-top boxes, network computers, and also traditional computers. The network can be any public data network, including cable television, direct satellite broadcast, the Internet etc.
Because of the variety of different network devices and networks, software developers have to spend a lot of time dealing with the uninteresting low-level details of the implementation, instead of concentrating on the more important features. Various solutions to these problems have already been presented, one of the more well-known being Java, and the forthcoming Java operating system. With Inferno, Lucent Technologies is presenting their view of the future operating system, and it looks very interesting in many ways.
The most important feature of Inferno is its portability across platforms and environments. It supports many popular processor architectures (see Table 1), and it is easily portable to new architectures.
| Vendor | Processor |
|---|---|
| Intel | x86 |
| Sun Microsystems | Sparc |
| Silicon Graphics (MIPS) | MIPS |
| Advances RISC Machines | ARM |
| Hewlett Packard | HP-PA |
| Amdahl | AMD |
In addition to supporting different processor architectures, it also is portable in other aspects; it can run as a stand-alone operating system, and it can also run as a user application under various existing operating systems (see Table 2.)
| Vendor | Platform |
|---|---|
| Various | Standalone |
| Microsoft | Windows 95, Windows NT |
| Silicon Graphics | Irix |
| Sun Microsystems | Solaris |
| Various | Linux |
| IBM | AIX |
| Hewlett Packard | HP/UX |
| Lucent Technologies | Plan 9 |
The hardware requirements are minimal: useful applications can be run stand-alone on machines with 1MB of memory, and memory-mapping hardware is not required. This is a very important aspect of Inferno, because it has to run on very small devices with little memory. In the future, even your toaster or video can be linked up to an in-house network, and these machines are not likely to contain a lot of extra computing power.
The inferno system creates several standard interfaces for the application. These interfaces hide the underlying hardware implementation from the programmer, as he normally is not interested in them. As an example, the network is abstracted for the application, so that there is no need to take know if the underlying network connection is a local area network (LAN) or a modem connection over traditional phone lines.
All of the programs run on top of a consistent virtual machine (Dis), that presents the same interface on all processor architectures. The standard environment includes a lot of library modules that perform services ranging from simple string manipulation to sophisticated, high-level graphics services for text, pictures, and video.
The core of Inferno is written in standard C, which makes it highly portable. The higher-level modules and libraries are written in a new language called Limbo, which was designed specifically for Inferno. The Limbo language is presented in more detail in Chapter 4.
The virtual machine, called Dis, is a simple 3-address machine, with a few specialized operations for handling higher-level data types like arrays and strings. Garbage collection and the scheduling of tasks are handled on a lower level.
When code is loaded into memory for execution, the byte-codes are expanded into a more efficient format for execution (see Figure 3.) An optional on-the-fly compiler can turn a Dis instruction stream into native machine code of the underlying hardware. The resulting code is almost as fast as compiled C, because Dis instructions match well with the instruction-set architecture of modern processors.
The Inferno kernel contains the actual interpreter for the byte-code, the optional on-the-fly compiler, memory management, scheduling, device drivers, and protocol stacks. It also contains the core of the file system, including the name evaluator and the code that maps file system operations into remote procedure calls over communications links. The kernel also contains small internal file systems.
The Inferno virtual machine implements many standard modules internally. The most important one is Sys, which provides the standard system calls and a small library of useful routines (string manipulations, handling of network connections etc.) The Draw module is contains basic graphics operation for handling raster graphics, fonts, and windows. On top of the Draw module comes the Prefab module, which provides structured complexes containing images and text inside of windows, along with a high-level interface to the windows for scrolling and handling selections and changes.
Inferno represents devices much in the same way as Plan 9, that is, transparently. The basic design follows three principles. All resources are named and accessed like files, and the files are arranged hierarchically into file systems, which make up a forest. The disjoint resource hierarchies of the forest are joined together into a single private hierarchial name space. To access these resources, a communication protocall called Styx is used. As with Plan 9, the application does not make a distinction betweel local and remote resources. The Styx protocol works on top of the communications transport layer, and is independent of it. It already runs over TCP/IP, PPP, ATM, and variuos modem transport protocols.
Each device is represented as a file, and device drivers present themselves as directories, that typically contain two files. The first, data, is used for the actual device I/O, and the second, ctl, is used for control and status operations.
System services are also represented by files. One example is the Internet domain name server (DNS), which can reside behind /net/dns for example. To resolve the address of a site, the application writes the name of the site to the DNS file, and reads the corresponding Internet address from the same file.
Depending on the platform Inferno is running on, different kernels and drivers are supplied. This means that on smaller platforms, the kernel configuration can be minimal, and on ordinary computers it can contain all of the device drivers needed. The flexibility is one of the strong points of Inferno, and it can be used by application developers to create dynamic application that work across a wide range of equipment. An interactive shopping catalog can work in text mode over slow modem connections, show still pictures and audio over ISDN, and show real time video clips over a fast digital cable.
The security [10] of Inferno can be divided into three sections: security of communication, resource control, and system integrity.
Security of communication is implemented through (optional) encryption, using standard protocols. Keys are exchanged using standard public-key mechanisms (Diffie-Hellman), and the actual line encryption uses symmetric mechanisms like MD5, SHA, RC4, and DES.
Resource control is implemented through private name spaces for each application, that can be restricted for foreign or otherwise unknown applications. There is no way for an application to access resources outside of the pre-defined name space. For example, if the network resources are missing from the application's name space, the application cannot establish network connections.
System integrity comes through the use of the Dis virtual machine, that provides a controlled environment for running applications, much like the Java virtual machine. In addition, applications and modules can be signed, and the signature can be checked by the system before running the application or module. This is the same mechanism that is used in ActiveX by Microsoft and Java 1.1.
Inferno is currently available for free for evaluation [11] for a number of platforms, including various Unix versions, Windows 95, Windows NT, and Plan 9. The distribution is a binary release, and currently it looks like there will be no source code release. The commercial plans of Inferno are not publicly available yet, other than the marketing hype, but the plan is that Inferno can be licensed, much like Unix.