[cap-talk] Memory Accounting without partitions(was: Language-based OS domain separation.)
Jed Donnelley
capability at webstart.com
Sat Jun 16 11:44:25 EDT 2007
At 08:14 AM 6/16/2007, Jonathan S. Shapiro wrote:
>On Sat, 2007-06-16 at 00:25 +0000, Karp, Alan H wrote:
>
> > Every Protection Domain (an e-speak managed resource) was assigned a
> > quota. Every time a Client (an e-speak term for the equivalent of a
> > process) consumed space in the e-speak repository, the unused quota in
> > its Protection Domain was decremented. The right to deallocate was a
> > capability that was normally held by the Client that allocated the
> > space. When the Client freed space, its unused quota was incremented.
> > Each registry entry was tagged with the Protection Domain responsible
> > for its existence.
>
>Okay. All of this makes sense. It also follows my rule of thumb that "he
>who pays must be able to deallocate".
We had a similar working rule in our NLTSS system. It's difficult
for me to imagine a workable system without this criteria being met.
(interesting amount of cap-talk list activity for a Saturday morning...)
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list