[coyotos-dev] Thoughts on (non)persistence
sundman at iki.fi
Fri Jan 21 19:17:58 EST 2005
On Saturday 22 January 2005 01:36, Jonathan S. Shapiro wrote:
> On Sat, 2005-01-22 at 00:23 +0200, Marcus Sundman wrote:
> > On Friday 21 January 2005 23:42, Jonathan S. Shapiro wrote:
> > > The system loses power. On restart, how do you get the right
> > > capabilities assigned to the right process?
> > Umm.. the first process that is restarted after the (re)boot gets the
> > first set of process-less capabilities, the second one gets the second
> > set etc.
> I apologize in advance for what I'm about to do --
I forgive you this time, but if it happens again I won't be responsible for
Seriously, I have never seen you write anything that would require
apologizing, nor is any apology needed now.
> So: you propose to simply start up two processes and give to one of them
> the capabilities that used to go with our first process and to the other
> the capabilities that went with the second. Excellent.
> 1. How do you know what capabilities were held, respectively, by
> old.p1 and old.p2?
Without knowing how coyotos handles capabilities I would guess the OS
associated each (running) process with some data structure containing the
capabilities of said process. To have capabilities that are persistent
across reboots this data structure has to be written to disk (e.g. once
Now have this data structure include something denoting which program the
process is an instance of.
Let's say we have a program, A, of which there are two processes running, P1
and P2. Now P1 and P2 holds capability sets S1 and S2, respectively. Then
suddenly your chinchilla gnaws through your power cord between your
computer and the UPS, bringing your whole system down. After feeding the
chinchilla to your bulldog and replacing the power cord you boot the
system. The system sees that S1 and S2 have no processes so it starts two
instances of A, let's call them P3 and P4, and gives S1 to P3 and S2 to P4.
> 2. Once you have your new processes started, how do you ensure that
> they are now understood by the rest of the system to be the
> replacements for old.p1 and old.p2? That is, that they are
> recognized as having assumed the identity of the processes that
> they have replaced?
Instead of having process capabilities point directly at the processes, have
them instead point at the capability sets. E.g., if P1 has a capability, C,
to P2 then make C actually point at S2.
All this seems quite obvious to me, so I have no doubt that there is
something I haven't understood correctly.
- Marcus Sundman
More information about the coyotos-dev