• Messages sorted by: [ date ][ thread ][ subject ][ author ] [ Next ]
• [ Previous ] Next in thread: Jonathan Adams

Now I'm reading the Standard Processes section, the last bit of the EOR.

• is an "object" the same thing as a "process"?
• "escrow agent agent" isn't a typo, is it?

Standard Processes.Buffered Stream:
- hmm, it would be nice to have a buffered stream that returned errors
on overflows and underflows instead of blocking the caller
- wow, we need three processs to implement the buffered stream? Have
you benchmarked this implementation? (Is this where the 18.7 us pipe latency and 112 megabytes per second results from 1998 come from?)
- the descriptions of the algorithm leaves something to be desired; the
parts that need to be atomic are glossed over.
- are the alleged key types really 0x00010000 and 0x00010001?

• hey hey spiffy, we do have non-blocking writes. much much better than the Unix design. Presumably many other objects (e.g. files?) support the same read/write protocol?
• apparently write returns KT+3 "Request Error" instead of KT+4 "Access Violation" when there's an access violation. What's up with that?
• it looks like the protocol here is inherently less efficient than the Unix read()/write()/readv()/writev() stuff. Hmm, well, maybe not. You do need at least one key invocation per contiguous area, unlike readv(), but I think cross-domain invocation is supposed to be fast enough this shouldn't be a problem. But the key invocation mechanism physically copies the data between the address spaces, doesn't it? So allowing the pipe protocol to make shared copy-on-write mappings instead of copying data, when possible within alignment restrictions, would mean changing the user-visible protocol.

That's not so bad; making that possible will require changes to the library routines to allocate buffers in a properly aligned way, and making it useful will require changes to user code.
- these Extended calls, if badly named, are nicely designed.

• I think "as many bytes as requested from the buffer" should have "possible" for "requested".
• I take it the semaphore object is the third process?
• hmm, most of the documented keys I've seen so far document OC_KeyType but not OC_Destroy. Does that mean they don't support OC_Destroy?

Standard Processes.Fresh Address Space: semi-empty.

• hmm, you know, everybody's reusing the same order codes. Maybe it would be a good idea to use different order codes for each kind of object to facilitate debugging? Quite aside from the rather remote possibility that someone would try to execute a buffered-stream non-blocking write on a fresh address space and end up executing "make read-only key", it would be nice for debuggers to be able to symbolically display the order code on outgoing key invocations.
• Return Unused Pages' description mentions "the space bank". Does this mean that Fresh Address Space retains a key to the space bank it was created from? Is this standard practice? (Hmm, I suppose Fresh Address Space is obtaining pages from the space bank on a regular basis, whenever they get allocated, so I guess it would need to.)
• it's kind of neat that passing the length of your data parameter makes it possible to do sort-of dynamic parameter typing.
• it's documented that there's a Destroy operation with OC = KT+4. Why not KT+1?

Standard Processes.Factory: empty. Also, linked as "Factory", not "Constructor".

Standard Processes.MetaFactory:
- isn't this called a "MetaConstructor"? And what's up with
WritingObjectNamesLikeBrandNames? It's hard on the eyes of those of us who are used to reading English prose ;)
- what is "build state"?

• where in the newly created factory are KR3 and "start address" stored? Does the MetaConstructor return a factory process with key register 3 set to a copy key to itself and with its PC set to 0? Or something else entirely?
• what's the numeric value of AKT_MetaFactory?
• why does the space bank need to be prompt?
• there's "factoryin" for "factory in".
• what's a process creator? I thought we used factories to create processes. [See below about Standard Processes.Process Creator.]
• When would you want to use "Get Fetcher Key" instead of "Create a Factory" or vice versa? What's this about mutexes? Is there a mutex in the MetaConstructor?

Standard Processes.Mutex:
- again we have "it's" for "its"

• presumably there's a MutexFactory somewhere?
• why does checking the alleged key type of a mutex relinquish key relinquish the mutex? Isn't that a really bad thing?
• Request Mutex is documented as always returning "Mutex ownership granted". Presumably this means the mutex doesn't return until the mutex can be granted? If you ask for a mutex you already hold, do you hang forever? Is the mutex relinquish key a resume key? (I'm trying to find where resume keys get passed, and I'm not having any luck in Primary Objects.Process or Concepts.Invocation. Ahh, I see
  • it's RK3. So, yes, it's the resume key.) (Hmm, is a return key the same thing as a resume key?)
• does "KT+3" mean "key is a mutex request key, not a mutex relinquish key"?

Standard Processes.PCC:
- is "discrete" intended to mean "discreet"?

• what's a "process creator"?
• what's a scheduling authority? Is it the same as a scheduling class?
• what's the numerical value of AKT_PCC?
• what's an "official space bank"?
• what's a "schedule"? Is it the same as a SchedClass key?
• does "all allocate space" mean "all allocated space"?

Standard Processes.Process Creator:
- is "DCC" supposed to be "PCC"? ("domain creator creator"?)

• again we have "factories".
• presumably process creators and the PCC are the only holders of ProcessTool, right? So we have this whole chain of authority: PCC starts with ProcessTool; PCC creates Process Creators, using ProcessTool [ProcessTool isn't produced by factories, is it?] and sealing ProcessTool within them; the MetaConstructor holds a key to PCC (does only the MetaConstructor hold the PCC key? Is the MetaConstructor also a primordial process?) and uses it to produce process creators, which it then seals into Factories^H^H^H^H^H^H^H^H^HConstructors, right? It would be nice to have an explanation of this chain --- and the reasons for the separation from link to link --- in the document.
• why is Destroy KT+4 instead of KT+1? Why is its return value on error KT+2 instead of KT+4?
• here's "official space bank" again. Apparently there's something more to being official than being prompt.
• How can an invocation of a Process Creator be prompt? Concepts.Promptness says flatly, "Process invocations are not prompt". Does that mean Process Creators are not really processes?
• now we have "key registers capage". Does that mean that a capage is indeed the same thing as a node?
• I take it that creating a process doesn't allocate pages or nodes, only capages?
• why does the process creator need to destroy processes? What happens if you try to return a process to the wrong space bank?
• again we have "it's" for "its"
• what's the difference between a key with and without destroy rights, concretely?
• ah, so if you have a process creator key and a gate key, you can get the key to the process. Nifty. Explains why process creator keys need to be closely held. Why is it useful?
• yet another indication that capages and nodes are the same thing: "the red address space capage".

Standard Processes.Semaphore:
- "sempahore" for "semaphore"

• I don't think this is the standard Dijkstra P-and-V semaphore, is it?
• is there a symbolic value AKT_Semaphore?
• why is this a useful object?

Standard Processes.SFS:
- sounds like SFS is not a process, but a family of two different kinds
of processes.
- what are the numeric values of AKT_SFS[FD]?

• unfortunately, the files here use a protocol incompatible with the pipe protocol. That sucks. Some people are excited about the power of one namespace everywhere; I'm excited about the power of one protocol everywhere. On one hand, EROS uses a single uniform protocol for all system and interprocess calls; on the other hand, some of the higher-level objects are gratuitously incompatible.
• what is this "file descriptor" thing in the requests? Doesn't a Unix file descriptor map to an EROS key?
• what's "rcv.len"?
• it looks like several of the return codes are gratuitous duplicates of the standard return codes.
• why is "write" limited to one architecture-dependent-sized page?
• this "file descriptor" looks worse and worse. It's an integer? So if I randomly guess integers, I can get unjustified access to a file?
• IMHO 'seek' should be merged into 'read' and 'write', with SEEK_CUR defined as 0.
• if the invoked file could tell how big the return buffer was, 'read' wouldn't need a length parameter. Redundant parameters in general are asking for big trouble. Can it?
• presumably "creat" needs a name, doesn't it?
• unlink ("remove")'s semantics are incorrect for Unix emulation.
• readdir is really two separate calls conflated into the same order code.

Standard Processes.Address Space Accessor:
- empty page.

Standard Processes.Space Bank:
- another "it's" for "its", and "chose" for "choose"

• here's what it means to be an "official" space bank --- it returns the only keys for the space it returns keys for. How can a Process Creator tell whether a space bank is official?
• what's the numerical value of AKT_SpaceBank?
• the allocation interface is a little weird. Why have three calls for one, two, or three nodes? Are there deadlock issues this avoids?
• again with the "strong key" stuff. What's up with that?
• it sounds like freeing a node (and lots of other things) can create garbage. Does the system include a GC? In general, how do you recycle runaway processes?
• is "sever" difficult to implement?
• it sounds like all space banks are required to be official space banks.
• in several places, it says things like "The returned keys are guaranteed to be the only valid key in existence" --- I think you mean "the only valid keys in existence".
• is it possible to sever processes? This will be necessary for device drivers, I think.
• it appears that there are seven calls to return keys to the space bank with various kinds of rights removed; the eighth one (remove no rights) is missing. Wouldn't it be better to have a single call to remove a specified set of rights, or at worst, three calls to remove particular individual rights?
• you say "additive"; do you mean "cumulative"?
• ah, here's how you tell if a space bank is official. Is "Bank Verifyer" supposed to be spelled "Bank Verifier"? "publically" is supposed to be spelled "publicly".
• is the prime space bank the root of the space bank tree? Or is it just an important bank?
• again "it's" for "its"
• again Destroy is KT+4; perhaps the definition in the Introduction is just wrong?
• so it's apparent how you can kill runaway processes: hold onto keys for their storage, and return them back to the space bank to be rescinded and resurrected (rather like the Resurrecting Duckling.)

Standard Processes.Virtual Copy Address Space:
- empty.

Standard Processes.Network Socket:
- the last remaining big page. I'm not going to try to read it,
because it's claimed that it's here for historical interest only.

Standard Processes.Reserve Agent:
- empty.

Standard Processes.Signal Multiplexor:
- I don't understand what this is good for.

-- 
<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
The Internet stock bubble didn't burst on 1999-11-08.  Hurrah!
<URL:http://www.pobox.com/~kragen/bubble.html>
The power didn't go out on 2000-01-01 either.  :)

[ Next ]
• [ Previous ] Next in thread: Jonathan Adams