A RATS retrospective

by Charles Landau

RATS (the RISOS ARPA Terminal System) is a capability-based operating system for the DEC PDP-11/45 computer. RATS is little-known, and deservedly so, as it only ran on a single machine for less than two years. It had only one application, so the security features of its capability architecture were never exercised.

The obvious question is: Why was it written?

The only answer is �because I wanted to.� Writing operating systems is as natural to me as breathing. (Yes, I�m working on another one right now�CapROS). And, fortunately, Bob Abbott was wise enough (or so I would like to believe) to allow us RISOS researchers to do some things we wanted, as long as we got our real work done.

Looking back after 30 years, I find it remarkable that I designed a system and dashed off nearly 12,000 lines of working assembly code in just 6 months. (Another 3400 lines were written by Dave Neilson.) This just goes to show what can be accomplished when you aren�t burdened with such distractions as collaborating with other designers, being compatible with past work, satisfying users, or accommodating assorted machine configurations and architectures. In fact, the design was patterned closely on the MIT PDP-1 system, so I was not breaking new architectural ground.

RATS is documented in three obscure reports from LLNL:

Design of the RATS Operating System, Lawrence Livermore Laboratory Report, UCRL78705, September 1976.

The RATS Operating System, Lawrence Livermore Laboratory Report, UCRL77378, October 1975.

An Introduction to RATS (RISOS/ARPA Terminal System): An Operating System for the DEC PDP 11/45, Lawrence Livermore Laboratory Report, UCRL51582, March 1974.

Much later, RATS was found to have some flaws in capability discipline. For one, the Entered Process Capability (called the Resume key in KeyKOS and CapROS) can�t be copied. (The technology for supporting this wasn�t invented until KeyKOS.) A second flaw is in the �File� object�s �Attach� operation. It maps the file to part of the address space of the invoking process. That sound innocuous enough, but because it operates on the invoking process, rather than a specified process, the operation can�t be transparently proxied. But in a sense, I�m flattered that the design errors in RATS are few enough that even now they are considered exceptional.