resume capabilities

shapj@us.ibm.com shapj@us.ibm.com
Sun, 2 Jan 2000 13:06:32 -0500 

>Does this mean I must trust every process I communicate bidirectionally
> with not to let me hang forever?  Or is it expected that I will use
> trusted intermediaries, or spawn off another process to call me or send
> to me after a while in case I'm hung?

Rules:

1. A client either trusts the server or does not call it.
2. A server may be multiplexed. The architecture of the system must enable
the creation of shared servers whose clients are hostile to each other.
Thus, the server must not be dependent on the goodwill of any particular
client.

Thus, a client trusts a server not to hang it forever. If the server has
documented and unbounded delays (as in your CGI example), the client must
either arrange for an asynchrony support process or some buffering
arrangement. Much of this can be managed behind a library.

In your CGI example, the web server must provide a bounded response time to
the client. In that instance, it runs a timer tool and kills the CGI
processes when they have run too long.

Jonathan S. Shapiro, Ph. D.
Research Staff Member
IBM T.J. Watson Research Center
Email: shapj@us.ibm.com
Phone: +1 914 784 7085  (Tieline: 863)
Fax: +1 914 784 6576


kragen@pobox.com (Kragen Sitaker)@eros-os.org on 12/30/99 11:43:29 AM

Sent by:  owner-eros-arch@eros-os.org


To:   eros-arch@eros-os.org
cc:
Subject:  Re: resume capabilities



Shap writes:
> The reciprocal situation -- that the client can be starved by competition
> for the server -- is not as compelling.  In deciding to call the server,
> the client has already decided to trust the server.  If the server is
> multiplexed the client has elected to trust the multiplexing decisions.
> This is a completely separate matter from trusting other clients of the
> same server.

As far as I can tell, there are two ways to initiate bidirectional
communication with another process:
- call it and wait for it to return;
- send to it, then return to somebody, and wait for it to call or send to
you.

Does this mean I must trust every process I communicate bidirectionally
with not to let me hang forever?  Or is it expected that I will use
trusted intermediaries, or spawn off another process to call me or send
to me after a while in case I'm hung?

Maybe it's premature to be worrying about stuff like this when the OS
doesn't run Emacs yet.

--
<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
The Internet stock bubble didn't burst on 1999-11-08.  Hurrah!
<URL:http://www.pobox.com/~kragen/bubble.html>