Message passing

Bryan Ford baford@schirf.cs.utah.edu
Thu, 15 Dec 94 18:35:32 MST 

>   You can still monitor all page faults, through the external pager interface.
>
>The person running the debugger has authority over the application,
>but not necessarily over the external pager.  The debugging interface
>needs to be built with this in mind.

If the debugger has enough authority to manipulate the application's
address space (which presumably it must), then it should have the authority
to interpose itself on any memory objects mapped into the application's
address space - basically, to become a "composed memory object" so to speak. :-)
The real external pagers don't have to be affected at all.

On the other hand, it may be fairly trivial to add a simple controlled
monitoring interface to certain "important" external pagers, or possibly
to the VM manager, so that the debugger can get at page fault information
without having to go to the trouble of interposing on the memory object.

Finally, it may indeed be fairly easy to allow debuggers direct control
over page fault handing through the thread itself, if that's really desirable.
I haven't thought about it a whole lot.

>   >   If a message transfer tries to use too much memory, then one side is
>   >   not being "reasonable" and so the transfer fails.
>   >
>   >To whom is such an exception reported?
>
>   For asynchronous messages or RPC requests, the sender.
>
>Sorry - I wasn't clear enough in my question.  Are you assuming that a
>message send can fail with an OS-supplied error number?  This is how
>UNIX fails system calls, and it's an okay approach, but it seems to
>violate the ability of one process to front-end for another
>transparently, as the front-end process presumably is prohibited from
>using such error ranges.

This brings up a whole different issue - the handling of message
transfer failures.  Perhaps KeyKOS message transfers were never allowed
to fail - that would simplify some things nicely.  But in any distributed
system, any cross-node message transfers can fail, so it's something
you'll have to deal with in DIMSUM anyway.  Allocating intermediate
message buffers is just another possible way transfers can fail.

In any case, this is an important issue, and I haven't fully resolved it,
or even thought about it a whole lote.  You're right that Mach's current
error reporting semantics don't adequately allow for interposition,
and that's a problem I'd like to fix at some point.  But we should probably
stick to more immediate, fundamental issues for now.

				Bryan