More on EOR
Kragen Sitaker (firstname.lastname@example.org)
Tue, 27 Jun 2000 21:23:20 -0400 (EDT)
Now I'm reading the Standard Processes section, the last bit of the EOR.
- is an "object" the same thing as a "process"?
- "escrow agent agent" isn't a typo, is it?
Standard Processes.Buffered Stream:
- hmm, it would be nice to have a buffered stream that returned errors
on overflows and underflows instead of blocking the caller
- wow, we need three processs to implement the buffered stream? Have
you benchmarked this implementation? (Is this where the 18.7 us pipe
latency and 112 megabytes per second results from 1998 come from?)
- the descriptions of the algorithm leaves something to be desired; the
parts that need to be atomic are glossed over.
- are the alleged key types really 0x00010000 and 0x00010001?
- hey hey spiffy, we do have non-blocking writes. much much better than the
Unix design. Presumably many other objects (e.g. files?) support the
same read/write protocol?
- apparently write returns KT+3 "Request Error" instead of KT+4 "Access
Violation" when there's an access violation. What's up with that?
- it looks like the protocol here is inherently less efficient than the
Unix read()/write()/readv()/writev() stuff. Hmm, well, maybe not. You
do need at least one key invocation per contiguous area, unlike
readv(), but I think cross-domain invocation is supposed to be fast
enough this shouldn't be a problem. But the key invocation mechanism
physically copies the data between the address spaces, doesn't it?
So allowing the pipe protocol to make shared copy-on-write mappings
instead of copying data, when possible within alignment restrictions,
would mean changing the user-visible protocol.
That's not so bad; making that possible will require changes to the
library routines to allocate buffers in a properly aligned way, and
making it useful will require changes to user code.
- these Extended calls, if badly named, are nicely designed.
- I think "as many bytes as requested from the buffer" should have
"possible" for "requested".
- I take it the semaphore object is the third process?
- hmm, most of the documented keys I've seen so far document OC_KeyType
but not OC_Destroy. Does that mean they don't support OC_Destroy?
Standard Processes.Fresh Address Space: semi-empty.
- hmm, you know, everybody's reusing the same order codes. Maybe it
would be a good idea to use different order codes for each kind of
object to facilitate debugging? Quite aside from the rather remote
possibility that someone would try to execute a buffered-stream
non-blocking write on a fresh address space and end up executing
"make read-only key", it would be nice for debuggers to be able to
symbolically display the order code on outgoing key invocations.
- Return Unused Pages' description mentions "the space bank". Does
this mean that Fresh Address Space retains a key to the space bank it
was created from? Is this standard practice? (Hmm, I suppose Fresh
Address Space is obtaining pages from the space bank on a regular
basis, whenever they get allocated, so I guess it would need to.)
- it's kind of neat that passing the length of your data parameter
makes it possible to do sort-of dynamic parameter typing.
- it's documented that there's a Destroy operation with OC = KT+4. Why
Standard Processes.Factory: empty. Also, linked as "Factory", not
- isn't this called a "MetaConstructor"? And what's up with
WritingObjectNamesLikeBrandNames? It's hard on the eyes of those of
us who are used to reading English prose ;)
- what is "build state"?
- where in the newly created factory are KR3 and "start address"
stored? Does the MetaConstructor return a factory process with key
register 3 set to a copy key to itself and with its PC set to 0? Or
something else entirely?
- what's the numeric value of AKT_MetaFactory?
- why does the space bank need to be prompt?
- there's "factoryin" for "factory in".
- what's a process creator? I thought we used factories to create
processes. [See below about Standard Processes.Process Creator.]
- When would you want to use "Get Fetcher Key" instead of "Create a
Factory" or vice versa? What's this about mutexes? Is there a mutex
in the MetaConstructor?
- again we have "it's" for "its"
- presumably there's a MutexFactory somewhere?
- why does checking the alleged key type of a mutex relinquish key
relinquish the mutex? Isn't that a really bad thing?
- Request Mutex is documented as always returning "Mutex ownership
granted". Presumably this means the mutex doesn't return until the
mutex can be granted? If you ask for a mutex you already hold, do
you hang forever? Is the mutex relinquish key a resume key? (I'm
trying to find where resume keys get passed, and I'm not having any
luck in Primary Objects.Process or Concepts.Invocation. Ahh, I see
- it's RK3. So, yes, it's the resume key.) (Hmm, is a return key
the same thing as a resume key?)
- does "KT+3" mean "key is a mutex request key, not a mutex relinquish
- is "discrete" intended to mean "discreet"?
- what's a "process creator"?
- what's a scheduling authority? Is it the same as a scheduling class?
- what's the numerical value of AKT_PCC?
- what's an "official space bank"?
- what's a "schedule"? Is it the same as a SchedClass key?
- does "all allocate space" mean "all allocated space"?
Standard Processes.Process Creator:
- is "DCC" supposed to be "PCC"? ("domain creator creator"?)
- again we have "factories".
- presumably process creators and the PCC are the only holders of
ProcessTool, right? So we have this whole chain of authority: PCC
starts with ProcessTool; PCC creates Process Creators, using
ProcessTool [ProcessTool isn't produced by factories, is it?] and
sealing ProcessTool within them; the MetaConstructor holds a key to
PCC (does only the MetaConstructor hold the PCC key? Is the
MetaConstructor also a primordial process?) and uses it to produce
process creators, which it then seals into
Factories^H^H^H^H^H^H^H^H^HConstructors, right? It would be nice to
have an explanation of this chain --- and the reasons for the
separation from link to link --- in the document.
- why is Destroy KT+4 instead of KT+1? Why is its return value on
error KT+2 instead of KT+4?
- here's "official space bank" again. Apparently there's something
more to being official than being prompt.
- How can an invocation of a Process Creator be prompt?
Concepts.Promptness says flatly, "Process invocations are not
prompt". Does that mean Process Creators are not really processes?
- now we have "key registers capage". Does that mean that a capage is
indeed the same thing as a node?
- I take it that creating a process doesn't allocate pages or nodes,
- why does the process creator need to destroy processes? What happens
if you try to return a process to the wrong space bank?
- again we have "it's" for "its"
- what's the difference between a key with and without destroy rights,
- ah, so if you have a process creator key and a gate key, you can get
the key to the process. Nifty. Explains why process creator keys
need to be closely held. Why is it useful?
- yet another indication that capages and nodes are the same thing:
"the red address space capage".
- "sempahore" for "semaphore"
- I don't think this is the standard Dijkstra P-and-V semaphore, is it?
- is there a symbolic value AKT_Semaphore?
- why is this a useful object?
- sounds like SFS is not a process, but a family of two different kinds
- what are the numeric values of AKT_SFS[FD]?
- unfortunately, the files here use a protocol incompatible with the
pipe protocol. That sucks. Some people are excited about the power
of one namespace everywhere; I'm excited about the power of one
protocol everywhere. On one hand, EROS uses a single uniform
protocol for all system and interprocess calls; on the other hand,
some of the higher-level objects are gratuitously incompatible.
- what is this "file descriptor" thing in the requests? Doesn't a Unix
file descriptor map to an EROS key?
- what's "rcv.len"?
- it looks like several of the return codes are gratuitous duplicates
of the standard return codes.
- why is "write" limited to one architecture-dependent-sized page?
- this "file descriptor" looks worse and worse. It's an integer? So
if I randomly guess integers, I can get unjustified access to a file?
- IMHO 'seek' should be merged into 'read' and 'write', with SEEK_CUR
defined as 0.
- if the invoked file could tell how big the return buffer was, 'read'
wouldn't need a length parameter. Redundant parameters in general
are asking for big trouble. Can it?
- presumably "creat" needs a name, doesn't it?
- unlink ("remove")'s semantics are incorrect for Unix emulation.
- readdir is really two separate calls conflated into the same order code.
Standard Processes.Address Space Accessor:
- empty page.
Standard Processes.Space Bank:
- another "it's" for "its", and "chose" for "choose"
- here's what it means to be an "official" space bank --- it returns
the only keys for the space it returns keys for. How can a Process
Creator tell whether a space bank is official?
- what's the numerical value of AKT_SpaceBank?
- the allocation interface is a little weird. Why have three calls for
one, two, or three nodes? Are there deadlock issues this avoids?
- again with the "strong key" stuff. What's up with that?
- it sounds like freeing a node (and lots of other things) can create
garbage. Does the system include a GC? In general, how do you
recycle runaway processes?
- is "sever" difficult to implement?
- it sounds like all space banks are required to be official space banks.
- in several places, it says things like "The returned keys are guaranteed
to be the only valid key in existence" --- I think you mean "the only
valid keys in existence".
- is it possible to sever processes? This will be necessary for device
drivers, I think.
- it appears that there are seven calls to return keys to the space
bank with various kinds of rights removed; the eighth one (remove no
rights) is missing. Wouldn't it be better to have a single call to
remove a specified set of rights, or at worst, three calls to remove
particular individual rights?
- you say "additive"; do you mean "cumulative"?
- ah, here's how you tell if a space bank is official. Is "Bank
Verifyer" supposed to be spelled "Bank Verifier"? "publically" is
supposed to be spelled "publicly".
- is the prime space bank the root of the space bank tree? Or is it
just an important bank?
- again "it's" for "its"
- again Destroy is KT+4; perhaps the definition in the Introduction is
- so it's apparent how you can kill runaway processes: hold onto keys
for their storage, and return them back to the space bank to be
rescinded and resurrected (rather like the Resurrecting Duckling.)
Standard Processes.Virtual Copy Address Space:
Standard Processes.Network Socket:
- the last remaining big page. I'm not going to try to read it,
because it's claimed that it's here for historical interest only.
Standard Processes.Reserve Agent:
Standard Processes.Signal Multiplexor:
- I don't understand what this is good for.
<email@example.com> Kragen Sitaker <http://www.pobox.com/~kragen/>
The Internet stock bubble didn't burst on 1999-11-08. Hurrah!
The power didn't go out on 2000-01-01 either. :)