[EROS-Arch] Re: design change -- IPC semantics
Bill Frantz
frantz@communities.com
Mon, 27 Nov 2000 15:02:33 -0800
At 05:18 PM 11/27/00 -0500, Jonathan S. Shapiro wrote:
>Charlie has proposed that we revise the space bank to produce
>processes/domains. I agree unreservedly with part of his proposal.
I also agree.
>The only negative I see is that the current space bank incorporates no
>machine-specific code, and it now must do so. On balance, I think this
>is a
>worthwhile trade.
To make the space bank code machine independent, one might make the kernel
responsible for process creation thru the range key. There would be two
additional calls:
NRANGE(ProcessStuctureQuery==>c) Query the number of pages and nodes needed
to assemble a process.
c is (NumPages<<16) + NumNodes
NRANGE(ProcessAssemble;N,Ka,Kb,Kc==>c;D) Assemble nodes and pages to form a
process. This call is designed to be used multiple times until all the
pages and nodes needed for a process have been assembled.
N is the "primary node", and is always the same key for each of the
multiple invocations.
Ka, Kb, Kc are page or node keys, different for each call, which will be
assembled into the machine dependent process structure.
c is 0, the assembly is complete, D is a domain key to the new process
c is 1, more pages or nodes are needed for the assembly. D is null.
Note: This design assumes that a process always has at least one node.
I can also think of some more direct alternatives, for example call the
NRANGE key passing a list of nodes to allocate in the byte string + the
page keys. It isn't as flexible as the above design, but i suspect it will
work for all real architectures.
>An implication of this design change is that it should no longer be
>possible
>to "break" a process into its constituent nodes -- the process is
>allocated
>or destroyed all at once. I think this is good.
I still worry about low level error conditions/operations screw ups
producing malformed domains. Possible examples include:
* Reformatting some ranges.
* Zapping a space bank having freed some nodes and not others (while the
zap is in-process).
While the kernel can assume that nodes aren't shared between domains, is
should handle the above situations with some degree of grace.
Cheers - Bill