Abstract: A containment mechanism provides for the grouping and isolation of multiple processes running on a single computer using a single instance of the operating system. A system is divided into one or more side-by-side and/or nested isolated environments enabling the partitioning and controlled sharing of resources by creating different views of hierarchical name spaces via virtual hierarchies.

Abstract: The efficient use of type descriptors with frozen objects. A frozen object might actually include several type descriptors, a primary type descriptor that is canonical according to a set of canonicalization rules, and an auxiliary type descriptor that is not identical to the primary type descriptor. The auxiliary type descriptor may be used to access the canonical type descriptor. When performing an operation, if the auxiliary type descriptor can be used to perform the operation, then that auxiliary type descriptor may be used. If the canonical type descriptor is to be used to perform the operation, the auxiliary type descriptor is used to gain access to the canonical primary type descriptor. The primary type descriptor is then used to perform the operation.

Abstract: A containment mechanism provides for the grouping and isolation of multiple processes running on a single computer using a single instance of the operating system. A system environment is divided into one or more side-by-side and/or nested spaces enabling the partitioning and controlled sharing of resources by creating different views of hierarchical name spaces via virtual hierarchies. A set of declarative rules specifying access capabilities may specify a set of filter drivers to be used to limit access to nodes in the hierarchical name space. The rules may be applied in sequence to construct a new name space from an existing one, or to add to an existing hierarchy. Filter drivers are used to limit access to nodes in the new name space or new portion of the name space. Access to nodes can be limited (read-only access instead of read/write) or nodes can be hidden altogether. Rules may be specified in a declarative language such as XML.

Abstract: Two or more separate physical file system directories are presented as one merged (virtual) file system directory to a process running in a silo. The operating system controls the level of access to the files in the merge directory. The operating system provides the merged view of the file system directories by monitoring file system requests made by processes in silos on a computer or computer system and in response to detecting certain types of file system access requests, provides the view of the seemingly merged directories by performing special processing. The types of requests which trigger the special processing include: enumeration, open, create, rename or close.

Abstract: Mechanisms that allow frameworks significant flexibility in varying the library of common base classes in a manner that better suits the domain of applications served by the framework. Instead of providing the base class library, the runtime provides a data contract for the data structure of each base class. The frameworks can then define each base class in a custom way so long as the data contract is honored. Thus, for example, the framework may provide custom framework-specific methods and/or properties as is appropriate for the framework. Another framework might define the base classes in a different way.

Abstract: Two or more separate physical Registry directories are presented as a single (virtual) Registry directory to an application running in a controlled execution environment called a silo. All of the operations normally available to be performed on the Registry directory can be performed on the merge directory, however, the operating system controls the level of access to the keys in the merge directory. The operating system provides the merged view of the Registry directories by a Registry filter driver. The Registry filter model provides a single callback with a notification code indicating the reason the callback was called. The types of notifications which trigger the special processing include: enumeration of a key, enumeration of the value of a key, query a key, close a key, delete a key, create or open a key or rename a key.

Abstract: Each virtualized environment on a computer has its own set of firewall rules. The virtualized environments share a single instance of the operating system image, a filter engine and a single network stack. A virtualized environment may be a compartment or a server silo. A virtualized environment is a network isolation mechanism and may be used to prevent use of a computer to traverse network boundaries by creating a separate virtualized environment for each network, enabling a separate set of rules to be applied to each virtualized environment and the network interfaces within it. Virtualized environments may also be used to assign different trust levels to the same physical network. Firewall rules are applied by virtualized environment identifier (ID), enabling separate filters to be applied to each virtualized environment on a computer. A virtualized environment may include or be associated with one or more network interfaces.

Abstract: A containment mechanism provides for the grouping and isolation of multiple processes running on a single computer using a single instance of the operating system. A system is divided into one or more side-by-side and/or nested spaces enabling the partitioning and controlled sharing of resources by creating different views of hierarchical name spaces by creating a new branch of an existing global system name space or by linking the sub-root level nodes of a new hierarchy to a subset of nodes in an existing global system name space.

Abstract: A version traversal system for objects, such as types, may include a reference to another version of an object with the type definition. The reference may be used to identify an older or newer version of the object which may be in a different assembly and may have a different simple name. The version traversal system may be used to compile applications written for the first version but compiled with assemblies from the second version, as well as serializing and deserializing objects from one version to another. The version traversal system may enable two way communications between applications that use two versions of a set of assemblies. The reference may include a fully qualified name or other identifiers.

Abstract: A silo-specific view of the file system is provided to processes running in the silo. Processes can access a file only by uttering the silo-relative name. To determine if access to a file identified by a file ID should be permitted, a list of physical names of the file identified by the file ID is constructed. If a silo-relative name that translates to a name in the list can be uttered, the file is opened and the file ID for the opened file is retrieved. If the file IDs match, the silo-relative name is used to open the file. If a process running within a silo requests a list of names for a file that has been opened using a file ID, results returned are filtered so that only names visible in the silo are returned, thus restricting the process' access to files to those files within its hierarchical namespace.

Abstract: An element of a file system is virtually deleted by creating a deletion marker for the element. Two or more separate physical file system directories are presented as one merged (virtual) file system directory to a process running in a silo. The operating system provides the merged view of the file system directories by monitoring file system requests made by processes in silos on a computer or computer system and filtering out those elements associated with deletion markers. Special processing is invoked in response to detecting certain types of file system access requests, including: enumeration, open, create, rename or delete.

Abstract: Methods for increasing the efficiency of data transfers by passing a reference to the data rather than to transfer the data itself. When a new communication begins, a memory object, e.g. a buffer, is selected to receive the data. Information if provided that may be used to ascertain the communication path without actual knowledge of the path. If a communication pattern is likely to be repeated, a memory object created on the initial access is saved. The saved memory object (“precursor”) is provided to the memory system on subsequent access as a hint about the process path to be used. The memory system can select a cached buffer that has a similar set of mappings to the precursor.

Abstract: Mechanisms that allow frameworks significant flexibility in varying the library of common base classes in a manner that better suits the domain of applications served by the framework. Instead of providing the base class library, the runtime provides a data contract for the data structure of each base class. The frameworks can then define each base class in a custom way so long as the data contract is honored. Thus, for example, the framework may provide custom framework-specific methods and/or properties as is appropriate for the framework. Another framework might define the base classes in a different way.

Abstract: The efficient use of type descriptors with frozen objects. A frozen object might actually include several type descriptors, a primary type descriptor that is canonical according to a set of canonicalization rules, and an auxiliary type descriptor that is not identical to the primary type descriptor. The auxiliary type descriptor may be used to access the canonical type descriptor. When performing an operation, if the auxiliary type descriptor can be used to perform the operation, then that auxiliary type descriptor may be used. If the canonical type descriptor is to be used to perform the operation, the auxiliary type descriptor is used to gain access to the canonical primary type descriptor. The primary type descriptor is then used to perform the operation.

Abstract: Systems and methods for providing a framework within which device drivers may run at a user-mode level. A platform (e.g., APIC) or bus (PCI bus) generic feature is used to take the CPU out of interrupt mode without having to wait for a user-level driver to clear the device interrupt. This allows writing the complete device driver in user space. The device driver still get notifications on interrupts but not at interrupt priority. The same scheme can be extended to shared interrupts, where multiple devices share a single interrupt line.

Abstract: Methods for performing zero-copy memory transfers between processes or services using shared memory without the overhead of current schemes. An IPC move semantic may be used that allows a sender to combine passing a reference and releasing it within the same IPC call. An insulate method removes all references to the original object and creates a new object pointing to the original memory if a receiver requires exclusive access. Alternatively, if a receiving process or service seeks read-only access, the sender unmaps its access to the buffer before sending to the receiver. When the insulate operation is initiated, the kernel detects an object with multiple active references but no active mappings and provides a mapping to the memory without taking a copy or copy-on-write.

Abstract: An intra-operating system isolation mechanism called a silo provides for the grouping and isolation of processes running on a single computer using a single instance of the operating system. The operating system enables the controlled sharing of resources by providing a view of a system name space to processes executing within an isolated application called a server silo. A server silo is created by performing a separate “mini-boot” of user-level services within the server silo. The single OS image serving the computer employs the mechanism of name space containment to constrain which server silos can use which resource(s). Restricting access to resources is therefore directly based on the process or application placed in the server silo rather than who is running the application because if a process or application is unable to resolve a name used to access a resource, it will be unable to use the resource.

Abstract: An operating system architecture is based on a service model in which active entities (services) are containers for objects having a number of interfaces specified through a contract language that is a subset of the language in which the service is coded. Services may reside in the same address space or may reside in separate address spaces, without changing the programming model or compiled binaries. The location of a service is independent of the location of the service's clients and of services the service calls.

Abstract: A silo-specific view of the file system is provided to processes running in the silo. Processes can access a file only by uttering the silo-relative name. To determine if access to a file identified by a file ID should be permitted, a list of physical names of the file identified by the file ID is constructed. If a silo-relative name that translates to a name in the list can be uttered, the file is opened and the file ID for the opened file is retrieved. If the file IDs match, the silo-relative name is used to open the file. If a process running within a silo requests a list of names for a file that has been opened using a file ID, results returned are filtered so that only names visible in the silo are returned, thus restricting the process' access to files to those files within its hierarchical namespace.

Abstract: An element such as a Registry key or value is virtually deleted by creating a deletion marker for the element. Two or more separate sets of physical Registry keys/values are presented as one merged (virtual) Registry to a process running in a silo. The operating system provides the merged view of the Registry by monitoring Registry key or value system requests made by processes in silos on a computer or computer system and filtering out those elements associated with deletion markers. Special processing is invoked in response to detecting certain types of Registry key or value system access requests, including but not limited to: enumeration, open, create, rename or delete.