[cap-talk] controversial article
David-Sarah Hopwood
david-sarah at jacaranda.org
Fri Jul 3 22:45:56 EDT 2009
Ben Laurie wrote:
> On Thu, Jul 2, 2009 at 10:13 PM, Mark Miller<erights at gmail.com> wrote:
>> On Thu, Jul 2, 2009 at 1:40 PM, Karp, Alan H <alan.karp at hp.com> wrote:
>>> MarkM wrote:
>>>
>>> While it is true that the infinite loop example only applies within a vat,
>>> E's distributed semantics require unbounded message buffering in the same
>>> sense in which its local semantics requires unbounded heap and stack.
>>> Unbounded buffering requirements do not normally prevent a protocol from
>>> claiming "liveness", FWIW.
>>>
>>> Does that mean buffering on the sender side is better for defensive
>>> correctness?
>>
>> yes. Similarly, and more practically, bounding the receiver side buffer to a
>> memory budget specific to a given sender, and doing sender side buffering
>> when exceeding that limit is better... But one must be careful to account
>> not only for the messages themselves, but also all the other bookkeeping
>> memory that one side of a connection can force the other side to use.
>
> Presumably this means that you are always limited to some finite
> number of senders, then?
Yes.
The limit on the number of senders for this reason can be large enough
that it is not likely to be hit in practice. In a vat-based system, the
bookkeeping information can be aggregated by sending vat (or possibly
by connection, if connections can be shared between vats), not by sending
object. Note that the operating system will impose a finite limit on the
number of incoming connections (for TCP buffers, for instance), even if
the capability comm system doesn't impose its own limit.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list