|
|
Scribit Jonathan S. Shapiro dies 25/04/2006 hora 13:56:
> > checking that the capability is still usable seems to me to be much
> > complicated
> This check is already necessary in the specification.
Could you point me where it is further described in the Coyotos
specification (I'm reading it a bit in random order)?
> > this check would need to page in the FCRB
> So does severing the FCRB.
Yes, but not at the same time.
When C is eventually asked to cancel the operation, it will sever the
reply FCRB to itself. The capability to the FCRB then becomes a null
capability. C and anything from it can be paged out, it is not needed
anymore.
Some time later, S notices that it's capability is null, and can recover
without the need to page C in, not even the FCRB.
And so on in the chain of processes involved.
> > With the severing option, the check is lightweight and can be done
> > while the FCRB remain paged out, if it has been.
> Actually, severing requires an interprocess call to the storage
> allocator. It is *much* more expensive!
Severing is maybe expensive, but the check is not. Severing occurs only
N times for N+1 processes involved, and only when operation is canceled.
The check could occur at each heartbeat, until the operation is canceled
or completed, so it needs to be *very* inexpensive.
Expensively,
Nowhere man
--
nowhere.man@xxxxxxxxxxxxxxxx
OpenPGP 0xD9D50D8A
_______________________________________________
L4-hurd mailing list
L4-hurd@xxxxxxx
http://lists.gnu.org/mailman/listinfo/l4-hurd
|
|