Disk: The Disk component provides a uniform interface to the attached disk drives. It provides low-level facialities for investigating the state and configuration of each drive, and for performing page-level input/output operations between specified disk addresses and physical memory locations. (or does it use the map but blow up if page faults occur? Don't know.) The Disk routines support concurrent operations by different processes, providing any needed synchronization among simultaneous requests.

Virtual Memory: The Cedar virtual memory (VM) differs in philosophy from its most recent ancestor, Pilot [19]. Pilot was designed for processors that had relatively small physical memories and disk capacities. This required a space-efficient but complex implementation based on mapping regions of virtual memory to named disk files. Cedar, intended for larger machines, has been able to abandon this approach in favor of a simpler, more time-efficient scheme reminiscent of earlier VM systems [27]. Cedar represents virtual memory as a single backing file, employing a resident page map. File input/output must be accomplished by explicit operations, rather than as VM mapping actions. The performance improvements, both for code swapping and for files access, have been significant. Perhaps more importantly, this design permits the virtual memory implementation to occupy a position quite low in the Cedar level structure; only the Cedar machine implementation, the Disk component, and the VM implementation itself need to deal with physical memory addresses. The preponderance of the Cedar system can operate in the virtual memory environment.

SafeStorage: The safe storage extensions to the Cedar language are supported by a runtime type system, a storage allocator, and a combination of garbage collection techniques derived from earlier designs by Deutsch and Bobrow [5], then later revised. A full description of these algorithms appears in Rovner's recent paper [20].

File: The local file system underlying Cedar is straightforward. It manages the configuration of one or physical disk volumes, and their subdivision into logical volumes. Within volumes, it manages the page-level allocation, deletion, reading, and writing of disk files. The file allocation methods borrow heavily from earlier Xerox systems [28],[19]: redundant information stored with each file page permits recovery if portions of files or directories are damaged. Only primitive locking facilities are provided, based on many-reader, one-writer write locks.

FS: The Cedar file management and directory package (FS) represents a major improvement over our previous programming environments. FS supports the appearance of a uniform file naming system spanning the user's local disk and the set of shared file servers available through the attached communication network. FS provides its facilities by maintaining two directories: the local file directory and a local cache directory.

IO: The IO interface defines generic procedures for creating and using streams of characters or words, including handy input scanning and output formatting routines. The Cedar IO package contains specific implementations supporting several sources and destinations, among them disk files, the keyboard and display, the Ethernet, and pipes (objects that provide the buffering and synchronization needed to connect an output stream from one process directly to the input stream of another [30]).

Communications: Network communications require substantial software support beyond the low-level device drivers. Cedar includes a complete implementation of the experimental "Pup" internetwork protocols described by Boggs et al in [29]. Lower levels of the Pup package provide a basic datagram (packet-level) service. Higher levels perform asynchronous terminal emulation, file transfer, a remote procedure call facility, and a range of information utilities, such as time and name lookup services.

Terminal: Most Cedar applications are content with the display-management and user input facilities supplied by Viewers (section 2.4.5) and TIP (section 2.4.2). Viewers allow applications to share regions of a single screen view, and to sort out the user actions that are intended for them. However, more radical applications may need to use the display screen or input devices in a conflicting way -- to try out a new or heavily-modified window package, for example. The Terminal interface is a clean abstraction to the display, keyboard, and mouse. There may be several instances of Terminal, each with its own full-screen bitmap. Operations are available to switch the use of the physical hardware (and thus the entire screen view) among the Terminal instances. The standard Cedar view is obtained through the use of just one Terminal instance; another is employed to drive a much simpler user interface when the system is being loaded.

Running programs. At the "top" of the Nucleus are two final components. The Loader provides the capability to load additional components into a running Cedar environment. (The Nucleus is loaded and initialized using booting methods outside the scope of this paper.) The Checkpoint/Rollback component permits the user to save the present Cedar environment (that is, the contents of virtual memory) in a checkpoint file, as well as to restore ("roll back") a machine to the state represented by such a file. Checkpoints can be used to preserve desired a standard system configuration for rapid restarts, or to save the evidence after a crash.

Useful Packages: During the implementation of Cedar, many packages have been produced that have proved generally useful. A number of them are included as part of the standard life support system of Cedar. Examples include packages for sorting arbitrary values, for maintaining symbol tables, and for managing queues of user-invoked commands. These packages might be thought of as extensions of the basic "Cedar machine." As their numbers increase,they will make programming in Cedar increasingly convenient.

JaM? TIP and later Tioga make extensive use of JaM. So does Cedar Graphics. We should probably mention it explicitly and then sprinkle references to it here and there. Too bad JaM was never published separately -- or was it?

The Inscript and TIP Tables: The user communicates with Cedar by typing, by moving the mouse, and by clicking mouse buttons. The Inscript package buffers time-stamped versions of these input events. If an application has special high-performance user input requirements, such as the need to react in real time to the trajectory of the mouse-driven cursor, it can use the inscript package directly and independently to extract the input events from the buffered stream. This technique is usually superior to the direct sampling of the hardware by individual applications because the system collects and timestamps the events regularly, using a high-priority process; it is therefore less likely that events will be missed or that confusion about the intervals between events will occur. Each application must determine which of the input events are intended for it and what their semantics are, rejecting those that are intended for other applications that are sharing the screen.

The Cedar Abstract Machine: An original goal for Cedar was to combine a compiled, strongly-typed language with the interpretive symbolic power of Interlisp or Smalltalk. The Abstract Machine (AM) is a step in this direction. It is based on the following concepts:

Graphics: Cedar runs on a powerful personal workstations that relies heavily on the power and flexibility of high-resolution bit-mapped display terminals. In earlier Xerox systems, the programmer was provided only with low-level bit map operations, such as the RasterOp function described by [who] in [what], that did not provide very convenient graphical abstractions for applications programmers. While it is possible to manipulate bit maps directly in Cedar, virtually all existing applications instead make use of the Cedar Graphics package, which provides support for the presentation of such graphical entities as multiple-font text, lines, curves, closed outlines, and sampled images. Most of these images can be scaled, rotated, translated, and clipped to arbitrary rectangular boundaries simply by providing the package with simple specifications. Images can be rendered in a device-independent fashion on color or black and white display devices, or on a variety of laser printers.

Viewers: Most applications are intended to be used in a cooperative fashion, sharing the display real estate with concurrent applications. They do this using Viewers. Viewers are Cedar's display windows— non-overlapping rectangular regions whose positions and overall sizes are managed by the Viewers package, but whose contents are the business of the individual applications that create them. Clients can also register TIP tables and their associated semantic routines with individual viewers in order to provide specialize user interfaces. The Viewers package manages the allocation of viewers to the available real estate, "painting" the contents of each viewer based on client-supplied specifications, allocating and painting iconic versions of "closed" viewers, etc. (Other widely-used user interface facilities, such as menu buttons, are also implemented by packages in Life Support.)

Tioga: The components in the upper levels of the Cedar Life Support division resemble user applications more than components of an operating system, in that they are quite large and they provide functions directly to Cedar users. However, because their functionality is vital to providing a complete, working environment for users, they are included in the Life Support division.

Compiler, Binder, Loader: The Cedar compiler runs as a multiple-pass (non-interactive) program. The binder, also a separate batch application, produces larger configurations of modules from individually-compiled modules and previously-bound configurations. During this process, it extends Mesa's strong type checking by ensuring that the names and time-stamps of exported interfaces match those specified by the components that import them. Some of the binder's capabilities reappear in the Cedar loader program, which loads modules and bound configurations into a running system, resolving the remaining imported references. The loader can be called by a program or invoked by explicit user commands. {Loader is funny. Belongs here functionally, but obviously is situated lower in the structure. Wanted to get the relationship in.}

Command Tool: Cedar Life Support includes a conventional command interpreter in the form of a viewer into which the user and results of user-invoked commands type alternately. The command syntax, an amalgam derived both from UNIX [31] and earlier Xerox systems, includes provisions for redirecting command output to another destination (usually a file or a pipe to a process executing a concurrent command), or for accepting command input from another source (also usually a file or a pipe).

Source-Level Debugging: The Abstract Machine forms the basis for a number of standard tools that collectively enable interactive source-level debugging: an interpreter for expressions in the Cedar language, which can be called from a program or driven directly by the user (for instance, in response to a breakpoint); a tool for exhibiting the state of all the running processes; commands for setting and clearing breakpoints; and so on. In addition, specialized diagnostic routines can be built for specific purposes, calling on the facilities of the Abstract Machine.

Package Management: {help, please!} Even with conventional timesharing systems, existing file directories do not provide adequate support for the maintaining consistent versions of software packages and applications. Component developers often find that they are working with inconsistent sets of sources and imported object files; component users discover inconsistencies in the files they need to run them. These problems get worse in a distributed system like Cedar, where one works with local file copies.