Editing Multics (section)

==Novel ideas==
[[File:Multics-book.png|thumb|upright|Multics Commands reference manual]]Multics implements a [[single-level store]] for data access, discarding the clear distinction between [[computer file|file]]s (called ''segments'' in Multics) and ''[[computer process|process]] [[computer memory|memory]]''. The memory of a process consists solely of segments that were mapped into its [[address space]]. To read or write to them, the process simply uses normal [[central processing unit]] (CPU) instructions, and the operating system takes care of making sure that all the modifications were saved to [[disk storage|disk]]. In [[POSIX]] terminology, it is as if every file were <code>[[mmap]]()</code>ed; however, in Multics there is no concept of ''process memory'', separate from the memory used to hold mapped-in files, as [[Unix]] has. ''All'' memory in the system is part of ''some'' segment, which appears in the [[file system]]; this includes the temporary scratch memory of the process, its kernel stack, etc.

Segments are limited to 256 [[kiloword]]s, just over 1&nbsp;[[megabyte|MB]], because Multics hardware had 18-bit word addresses for the content of a segment. Larger files are "multisegment files" and are handled differently. The 256&nbsp;kiloword limit was rarely encountered in practice, because at the time, one megabyte of memory was prohibitively expensive.

Another major new idea of Multics was [[shared library|dynamic linking]], in which a running process can make external routines available by adding the segments containing them to its address space. This allows applications to always use the latest version of any external routine, since those routines are kept in other segments, which are dynamically linked only when a process first attempts to begin execution in them. Since different processes can use different [[PATH (variable)|search rules]], different users can end up using different versions of external routines. Equally importantly, with the appropriate settings in the Multics security facilities, the code in the other segment can gain access to data structures maintained in a different process. Dynamic linking in Multics does not require special [[Dynamic-link library|dynamic-link libraries (DLLs)]]; a program can dynamically link to any executable segment to which it has access rights.

Thus, to interact with an application running in part as a [[daemon (computing)|daemon]] (in another process), a user's process simply performs a normal [[procedure call|procedure-call]] instruction to a code segment to which it had dynamically linked (a code segment that implemented some operation associated with the daemon). The code in that segment can then modify data maintained and used in the daemon. When the action necessary to commence the request is completed, a simple procedure return instruction returns control of the user's process to the user's code.

Multics also supports extremely aggressive [[hot-swapping|on-line reconfiguration]]: [[central processing unit]]s, memory banks, disk drives, etc. can be added and removed while the system continues operating. At the MIT system, where most early software development was done, it was common practice to split the [[multiprocessor]] system into two separate systems during off-hours by incrementally removing enough components to form a second working system, leaving the rest still running for the original logged-in users. System software development testing could be done on the second system, then the components of the second system were added back to the main user system, without ever having shut it down. Multics is one of the earliest multiprocessor systems.

Multics is the first major operating system to be designed as a [[computer security|secure system]] from the outset.<ref name="JHSProt">{{cite report |chapter-url=https://web.mit.edu/Saltzer/www/publications/TRs+TMs/Multics/TR-123.pdf |title=Introduction to Multics", MAC TR-123 |last=Saltzer |first=Jerome H. |date=February 1974 |chapter=Protection and the Control of Information Sharing in Multics |pages=2–41 |publisher=Massachusetts Institute of Technology and Honeywell Information Systems Inc. |location=Cambridge, MA |access-date=March 16, 2022 |quote=}}</ref> Despite this, early versions of Multics were compromised repeatedly.<ref>{{cite web|url=http://www.multicians.org/security.html|title=How the Air Force cracked Multics Security|author=Tom Van Vleck|year=2002|author-link=Tom Van Vleck}}</ref> This led to further work that made the system more secure, and prefigured modern [[security engineering]] techniques. Break-ins became very rare once the second-generation hardware base was adopted; it has hardware support for [[ring (computer security)|ring-oriented security]], a multilevel refinement of the concept of [[kernel mode|master mode]].{{Citation needed|date=October 2007}} A US Air Force tiger team project tested Multics security in 1973 under the codeword ZARF. On 28 May 1997, the American National Security Agency declassified this use of the codeword ZARF.

Multics is the first operating system to provide a [[hierarchical file system]],<ref>{{cite web|url=http://www.multicians.org/mgf.html#filesystem|title=Multics Glossary -F-|website=www.multicians.org|access-date=April 11, 2018}}</ref><ref>R. C. Daley and P. G. Neumann, [http://dl.acm.org/citation.cfm?id=1463915 "A general-purpose file system for secondary storage"], AFIPS '65 (Fall, part I) Proceedings of the November 30 – December 1, 1965</ref> and file names can be of almost arbitrary length and syntax. A given file or directory can have multiple names (typically a long and short form), and symbolic links between directories are also supported. Multics is the first to use the now-standard concept of per-[[process (computing)|process]] [[Stack (data structure)|stack]]s{{disputed inline|Kernel stacks|reason=What about MCP|date=November 2021}} in the [[kernel (operating system)|kernel]], with a separate stack for each security ring. It is also the first to have a [[command processor]] implemented as ordinary user code – an idea later used in the [[Unix shell]]. It is also one of the first written in a high-level language (Multics [[PL/I]]),<ref name="Mpl1">R. A. Freiburghouse, [http://www.multicians.org/pl1-raf.html "The Multics PL/1 Compiler"], General Electric Company, Cambridge, Massachusetts, 1969.</ref><ref>[https://lwn.net/Articles/881431/ Brian Kernighan on the origins of Unix] LWN.net. 2022.</ref> after the [[Burroughs MCP]] system written in [[Executive Systems Problem Oriented Language|ESPOL]], an expanded version of [[ALGOL]].

The deployment of Multics into secure computing environments also spurred the development of innovative supporting applications. In 1975, Morrie Gasser of MITRE Corporation developed a pronounceable random word generator to address password requirements of installations such as the Air Force Data Services Center (AFDSC) processing classified information. To avoid guessable passwords, the AFDSC decided to assign passwords but concluded the manual assignment required too much administrative overhead. Thus, a random word generator was researched and then developed in PL/I. Instead of being based on [[phoneme]]s, the system employed phonemic segments (second order approximations of English) and other rules to enhance pronounceability and randomness, which was statistically modeled against other approaches.<ref>{{cite web |title=A Random Word Generator for Pronounceable Passwords |url= https://apps.dtic.mil/sti/pdfs/ADA017676.pdf |archive-url= https://web.archive.org/web/20220408145811/https://apps.dtic.mil/sti/pdfs/ADA017676.pdf |url-status= live |archive-date= April 8, 2022 |date=November 1975 |publisher=Electronic Systems Division, Air Force Systems Command, USAF |location=Bedford, MA |id= ESD-TR-75-97 |access-date=8 March 2021}}</ref> A descendant of this generator was added to Multics during Project Guardian.<ref>{{cite web |title= Password Generator |url=https://multicians.org/thvv/gpw-js.html |last= Van Vleck |first=Tom |access-date= 8 March 2021}}</ref>