[E-Lang] New Page: Partially Ordered Message Delivery
Jonathan S. Shapiro
Thu, 15 Feb 2001 09:34:25 -0500
Tyler Close wrote:
> Alan Karp wrote:
> > We decided that it should be a policy decision based on who
> > you're talking
> > to as to which behavior you got. Where we expected the
> > connection to be
> > there, all references were kept and were immediately available on
> > reconnection.
This discussion has also come up in the context of distributing EROS. I
think our take on it is going to come out as follows:
1. Non-reauthenticatable connections outside the box are lost.
2. We will probably build a "helper" agent to rebuild cross-machine
capabilities in a semi-automated way.
Unfortunately, this proves to be a place where transparent persistence
is a bit of an annoyance, because the two machines may not have a
consistent worldview after recovery. This is no different than the
situation that now exists between "normal" clients and servers, but
dealing with it requires a deviation from the "normal" programming style
in EROS (which is to assume that everything survives consistently).
As far as I can tell, the best way to deal with the problem is to wrap
cross-machine things in transactions that are aborted by restart, and
then keep some form of replay or undo log on both sides so that the
logical connection state can be recovered.
My point, in the context of E/E-Speak is that this policy decision does
not appear to need to be made in the heart of the core runtime. It can
be solved with helper code.
Question for Alan (others also welcome): in your experience with
E-Speak, did it prove that there was some compelling reason of trust of
security that motivated moving things into the runtime, or did you
basically handle this with ordinary code?