>> 2. "All invocations of system-implemented object[s] are
>> semantically atomic":
>>
>> Can you flesh out exactly what this means a little more? For example, does
>> it mean you can't interrupt an IPC operation in the middle and leave a
>> partially-copied data buffer in the receiver?
>>
>> I don't intend to let transfers be interrupted in mid-stream, The
>> kernel is free to buffer, but w.r.t any given process the transfer
>> happens "instantaneously."
>
>This question is much more complex than appears on the surface. Consider
>the cases of either a DMA device of an other CPU writting into the string
>while the kernel is copying it as part of an invocation. 370 Principles
>of Operation goes to great length to define how these situations are
>resolved in the hardware, even to defining the minimum size and alignment
>atomic writes.
...And in practice this is all a moot point for user-level applications, because any possible race conditions that might depend on kernel-provided atomicity usually have to be avoided by the application for other reasons. I think this is a situation in which the end-to-end argument can be invoked: synchronization and race avoidance must be provided at the application level (the "endpoints") anyway in order to ensure correctness; any atomicity guarantees the kernel may make w.r.t. its low-level operations are inherently insufficient, and their presence will only affect performance. And in this case, I'm pretty sure performance can only be hurt by such guarantees: I have yet to see any compelling example of the usefulness of such a guarantee, but I can easily envision ways in which that guarantee will stand in the way of kernel optimization.
>> KeyKOS does not have a disabled state. The disabled state is a
But in that case you have to take priority inheritance into consideration.
You can no longer stop a thread merely by revoking its source of CPU time:
if another thread tries to make a call to it, it may donate its own
source of CPU time, and the "stopped" thread will run anyway.
Of course, if priority inheritance can be disabled on a thread-by-thread
basis, you can solve this simply by revoking the schedule _and_
disabling priority inheritance on the thread.
>> placeholder until I figure out what debugging sequence points I want
>> to stick into the state diagram. The basic idea is to freeze a
>> process without thereby causing it's messages to be dropped on the
>> floor.
>
>KeyKOS used meters to freeze a process. You could use schedules.
Bryan