[cap-talk] gauntlet - one way IPC considered useless, practical
david.nospam.hopwood at blueyonder.co.uk
Fri Jan 20 19:09:59 EST 2006
> Suppose that a process A wants to tell processes B and C to perform some
> actions P_B and P_C respectively, and be assured that all effects of P_B happen
> before effects of P_C. B and C do not know anything about each other. There are
> only a few possible ways to implement this:
> 1. A relies on timing, e.g. it assumes that effects of P_B happen within some
> maximum time. This is too unreliable.
... and too inefficient, because it means that P_C cannot start before a worst
case estimate of the latency of P_B, rather than how long P_B actually takes.
> 2. Some protocol is used that requires B and C to communicate to ensure that
> P_B completes before P_C. But by assumption, B and C know nothing about each
> other, so this is unworkable.
> 3. A receives an acknowledgement from B that P_B has completed, and only then
> asks C to do P_C. This is by far the simplest and most reliable solution --
> but it introduces communication channels from B to A and from C to A.
... from C to A under the assumption that the protocol must be composable, and so
there might be a P_D that has to be done next.
> Any nontrivial operating system or environment will have thousands of cases where
> such ordering constraints, requiring acknowledgements in order to be implemented
> reliably, have to happen between processes that would be at different MLS levels,
> in the case of an MLS system.
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk