Vision Paper — Submitted for Review

ICM-OS: An Intent-Centric Meta-Operating System

Capability Decomposition, Generative Binary Translation, and the Architecture of AI-First Computing

Jin Bohao

Abstract

Today's operating systems carry assumptions baked in decades ago: a binary exists for a specific ISA, an application ships as a self-contained package, and the distance between what a user wants and what actually runs is bridged by layers of static scaffolding no one questions anymore.

This paper describes the Intent-Centric Meta-Operating System (ICM-OS), a speculative but carefully grounded architecture in which an AI foundation model takes on the role of the OS abstraction layer. The AI is not a probabilistic replacement for the kernel—it is one half of a hybrid, responsible for semantic reasoning, intent decomposition, and emulation strategy, while formally verified primitives handle everything where determinism is non-negotiable.

ICM-OS is built around two mechanisms: the Capability Decomposition Model (CDM), which treats applications as dynamically assembled graphs of atomic capability primitives; and Generative Binary Translation (GBT), which replaces instruction-level ISA mapping with a semantic lift-and-synthesize pipeline.

AI-native OS intent-centric computing capability decomposition generative binary translation LLM systems program synthesis cross-architecture emulation stateful primitives

1. Introduction

Each OS generation added a layer of abstraction: direct hardware access gave way to process and memory abstractions; physical hardware gave way to virtual machines; host environment assumptions gave way to containers. The pattern is consistent enough that asking what comes next feels less like speculation and more like reading the trend line.

What none of those transitions touched is a more fundamental assumption: software is a thing you compile, package, and install. TLS stacks are re-implemented in every major browser. ISA proliferation means a binary that runs on one machine may not run on another. The distance between what a user wants and the execution path that fulfills it is bridged entirely by developer effort expended at design time.

Capability Decomposition Claim

Any user-facing software function can be decomposed into a graph of atomic capability primitives; the AMS performs this decomposition dynamically from intent, eliminating monolithic application installation.

Generative Binary Translation Claim

Cross-ISA execution is achieved by lifting source binaries into an ISA-agnostic SIR and synthesizing target-native code—generalizing to unseen programs without hand-authored per-ISA-pair translation tables.

ICM-OS proposes a clean division of labor: the AI meta-system (AMS) handles semantic reasoning; formally verified, deterministic primitives handle execution. The AI decides what to run. Verified code runs it.

3. Capability Decomposition Model

Consider what ships when you install a browser: a TLS stack, DNS resolver, HTTP client, HTML parser, CSS layout engine, JavaScript runtime, and dozens of other components. Chrome carries its own TLS implementation. Firefox carries its own. This is what the monolithic model structurally requires. CDM dissolves this coupling.

Definition 1 — Capability Primitive

A capability primitive c ∈ C is a 5-tuple c = ⟨id, τ, σ, φ, s⟩, where: id is a unique identifier; τ = (T_in, T_out) is a typed interface signature; σ is a semantic descriptor; φ is a reference to a formally verified binary implementation; and s ∈ {stateless, stateful}.

Definition 3 — Capability Graph

A capability graph G = (V, E, λ) is a directed acyclic graph (DAG) where each node v ∈ V is labeled by λ(v) ∈ C, and each edge (u,v) ∈ E is a typed data-flow dependency. A well-formed graph satisfies: (i) type-correctness; (ii) acyclicity; (iii) absence of resource deadlock patterns.

3.3 Stateful Primitives

A web-browsing session requires cookies, tokens, and cached resources that persist across multiple graph invocations. Three standard stateful primitives are defined:

[SESSION_STORE⟨K,V⟩]       — auth tokens, cookies, per-session prefs
[CACHE_LAYER⟨K,V,TTL⟩]     — TTL-bounded cache for idempotent resources
[FILE_STATE⟨path, schema⟩] — typed persistent file binding

3.4 Worked Example: Stateful Web Browsing

Intent I = "Log into example.com and bookmark the dashboard page."

// G₁ — Login
[DNS_RESOLVE] → [TCP_CONNECT] → [TLS_HANDSHAKE] → [HTTP_GET]
  → [HTML_PARSE] → [CSS_LAYOUT] → [JS_EXECUTE] → [WINDOW_RENDER]
  → [SESSION_STORE⟨cookie, token⟩]

// G₂ — Return to dashboard (session persisted)
[SESSION_STORE⟨cookie, token⟩] → [HTTP_GET(+auth)]
  → [HTML_PARSE] → [CSS_LAYOUT] → [WINDOW_RENDER]

No browser application was installed at any point.

4. Generative Binary Translation

Rosetta 2 represented years of engineering effort for exactly one ISA pair. As the hardware landscape fragments—ARM variants, RISC-V, WASM, proprietary NPU instruction sets—the cost scales as O(N×M). GBT offers generalization: the ability to handle a new ISA pair without writing new rules.

4.2 The Semantic Translation Model

// Traditional DBT — syntactic, table-driven
f: S_src → S_dst

// GBT — via semantic intermediate space
ℓ: B_src ──── Semantic Lifting ────→ M  (ISA-agnostic SIR)
s: M     ──── Semantic Synthesis ───→ B_dst (target-native)

GBT(B_src, S_dst) = s(ℓ(B_src), S_dst)

Semantic Intermediate Representation

M = ⟨CFG, DFG, Σ, Θ⟩
CFG — control-flow graph; DFG — data-flow graph;
Σ: BasicBlock → SemanticSummary (natural-language + pre/postconditions + safety classification);
Θ — identified high-level patterns (loops, memory alloc, synchronization)

4.5 Applicability Boundary

Three classes fall outside GBT's current scope:

Self-modifying code — defeats static lifting; falls back to instruction-level emulation
Timing-dependent code — hard real-time constraints cannot be guaranteed behaviorally equivalent
Hardware-intrinsic drivers — require verified, hand-authored translation

5. Case Studies

5.1 Stateful Text Reader via CDM

Intent I = "Open notes.txt and let me scroll through it and search for text."

[FILE_OPEN] → [FILE_READ] → [UTF8_DECODE] → [TEXT_LAYOUT]
          [SEARCH_INDEX] ↘ ↗
                    [WINDOW_RENDER] ↔ [SCROLL_INPUT]
                                         ↓
                              [FILE_STATE⟨preferences⟩]

[UTF8_DECODE] and [TEXT_LAYOUT] are the same verified modules used by the email client, document editor, and terminal—no re-implementation, no redundant bundling.

5.2 Cross-ISA Execution via GBT

An ARM64 binary uses NEON FMLA (fused multiply-add) SIMD instructions. GBT lifts the loop to SIR:

Σ(loop_body) = {
  description: 'vectorized fused multiply-add over float32 arrays',
  roles: { SIMD_ARITHMETIC, ALIGNED_LOAD, ALIGNED_STORE },
  pre:  'a, b, c are 32-byte-aligned float32 arrays of length n',
  post: 'result[i] = a[i] * b[i] + c[i] for all i < n',
  safety: safe
}

GBT synthesizes a loop using AVX-512 VFMADD231PS on x86-64—potentially achieving higher throughput than the ARM64 original because synthesis exploits target-native register width.

6. Comparison with Existing OS Paradigms

Dimension Traditional OS VM Container Microkernel ICM-OS
App modelMonolithic binaryGuest OSImage + processService procsDynamic cap. graph
ISA bindingCompile-timeSame ISAHost ISAHost ISARuntime via GBT
Cap. sharingPer-app duplicatePer-VM dup.PartialShared svcsFull CPR sharing
CorrectnessDeterministicDeterministicDeterministicDeterministicHybrid†
CompositionStaticStaticStaticStatic (IPC)AI (intent-time)
State mgmt.Process memoryVM memoryVolumeSvc stateStateful prims.

† ICM-OS: probabilistic AI composition + deterministic verified primitive execution.

7. Technical Challenges and Mitigations

7.1 Determinism

ICM-OS contains the probabilism-determinism tension through architectural separation. The AI reasons about semantics; verified primitives execute. Every graph produced by the AMS is type-checked, acyclicity-verified, resource-analyzed, and access-control-checked before execution. A probabilistically incorrect AMS output that fails validation is rejected; δ is reinvoked with the failure as a constraint.

7.2 Graph-Structure Attacks

Any path that lets an adversary influence AMS graph assembly might produce a graph that passes type-checking but behaves badly. The graph validator performs full static analysis including resource-bound analysis, cycle detection, and liveness analysis. The Confused Deputy problem is addressed by a graph-level policy engine that evaluates composite data flows against information-flow security policies (e.g., "data tagged sensitive may not flow to any network-output primitive").

7.3 Taint Tracking

Data entering through user-controlled external sources is tagged with a taint label at the primitive that ingests it. Taint propagates through the session-scoped dependency graph. The AMS intent channel is taint-isolated: tainted data may never be passed as input to the AMS's intent-parsing component.

7.4 Inference Latency

LLM inference latency is currently 10–1000× higher than kernel system call overhead. Three mitigations:

Compiled Intent Plans — δ(I) is cached as a compiled, validated execution plan; identical invocations execute without AMS involvement

Hierarchical Model Cascade — edge model (<1B params, NPU-accelerated) handles frequent intents; full model handles novel requests. Target: <50ms cached; <500ms novel

Progressive Rendering — execute partial capability graphs while the remainder is assembled

8. Research Roadmap

Phase 1

CDM Prototype

0 – 18 months

  • >90% correct intent decomposition
  • <200ms AMS latency (cached)
  • CPR reuse ratio >3×
  • Zero graph attacks escape validator

Phase 2

GBT: ARM64 → x86-64

12 – 36 months

  • 90% functions pass all test cases
  • Zero memory-safety regressions
  • Cold-start within 5× QEMU
  • Warm-path within 2× Rosetta 2

Phase 3

Integrated Kernel

24 – 60 months

  • Minimal kernel in hypervisor sandbox
  • Security red-team evaluation
  • Benchmarking vs Linux
  • Open-source prototype

9. Conclusion

The assumption ICM-OS challenges is one the field has largely stopped questioning: that software has to be a pre-compiled artifact, installed on a specific machine, compiled for a specific ISA. The tools to pursue an alternative—foundation models capable of semantic reasoning, formal verification infrastructure for bounded software components—are now available or close enough to plan around.

"At bottom, what ICM-OS is arguing about is what an operating system is for. The purpose is mediation: bridging the gap between what a user wants and what the hardware can do. LLMs offer a qualitatively different kind of answer, one that operates at the level of semantic intent rather than binary instruction."

ICM-OS is not a proposal to replace Linux. It is a proposal that the systems community has not yet asked the right questions about what an AI-first OS would actually require.

References

[1]Dennis, J. B., & Van Horn, E. C. (1966). Programming semantics for multiprogrammed computations. CACM, 9(3), 143–155.
[2]Levy, H. M. (1984). Capability-Based Computer Systems. Digital Press.
[3]Engler, D. R., et al. (1995). Exokernel. ACM SIGOPS, 29(5), 251–266.
[4]Liedtke, J. (1995). On μ-kernel construction. ACM SIGOPS, 29(5), 237–250.
[6]Klein, G., et al. (2009). seL4: Formal verification of an OS kernel. ACM SIGOPS, 43(4), 207–220.
[7]Bellard, F. (2005). QEMU, a fast and portable dynamic translator. USENIX ATC, 41–46.
[8]Apple Inc. (2020). Rosetta 2 – Run apps natively on Apple Silicon. Apple Developer Documentation.
[11]Solar-Lezama, A. (2008). Program Synthesis by Sketching. PhD thesis, UC Berkeley.
[14]Mei, K., et al. (2024). AIOS: LLM Agent Operating System. arXiv:2403.16971.
[21]Hardy, N. (1988). The Confused Deputy. ACM SIGOPS, 22(4), 36–38.
[22]Calcagno, C., et al. (2011). Compositional shape analysis by means of bi-abduction. JACM, 58(6), 1–66.
[27]Myers, A. C., & Liskov, B. (1998). A decentralized model for information flow control. ACM SIGOPS, 31(5), 129–142.
[29]Abadi, M., et al. (2009). Control-flow integrity principles, implementations, and applications. ACM TISSEC, 13(1), 1–40.
[30]Meyer, B. (1992). Applying "Design by Contract." IEEE Computer, 25(10), 40–51.