[coyotos-dev] Thoughts on (non)persistence

Marcus Sundman sundman at iki.fi
Fri Jan 21 19:17:58 EST 2005 

On Saturday 22 January 2005 01:36, Jonathan S. Shapiro wrote:
> On Sat, 2005-01-22 at 00:23 +0200, Marcus Sundman wrote:
> > On Friday 21 January 2005 23:42, Jonathan S. Shapiro wrote:
> > > The system loses power. On restart, how do you get the right
> > > capabilities assigned to the right process?
> >
> > Umm.. the first process that is restarted after the (re)boot gets the
> > first set of process-less capabilities, the second one gets the second
> > set etc.
>
> I apologize in advance for what I'm about to do --

I forgive you this time, but if it happens again I won't be responsible for 
the consequences!

Seriously, I have never seen you write anything that would require 
apologizing, nor is any apology needed now.


> So: you propose to simply start up two processes and give to one of them
> the capabilities that used to go with our first process and to the other
> the capabilities that went with the second. Excellent.
>
> 1. How do you know what capabilities were held, respectively, by
>    old.p1 and old.p2?

Without knowing how coyotos handles capabilities I would guess the OS 
associated each (running) process with some data structure containing the 
capabilities of said process. To have capabilities that are persistent 
across reboots this data structure has to be written to disk (e.g. once 
every minute).

Now have this data structure include something denoting which program the 
process is an instance of.

Let's say we have a program, A, of which there are two processes running, P1 
and P2. Now P1 and P2 holds capability sets S1 and S2, respectively. Then 
suddenly your chinchilla gnaws through your power cord between your 
computer and the UPS, bringing your whole system down. After feeding the 
chinchilla to your bulldog and replacing the power cord you boot the 
system. The system sees that S1 and S2 have no processes so it starts two 
instances of A, let's call them P3 and P4, and gives S1 to P3 and S2 to P4.


> 2. Once you have your new processes started, how do you ensure that
>    they are now understood by the rest of the system to be the
>    replacements for old.p1 and old.p2? That is, that they are
>    recognized as having assumed the identity of the processes that
>    they have replaced?

Instead of having process capabilities point directly at the processes, have 
them instead point at the capability sets. E.g., if P1 has a capability, C, 
to P2 then make C actually point at S2.

All this seems quite obvious to me, so I have no doubt that there is 
something I haven't understood correctly.


- Marcus Sundman

More information about the coyotos-dev mailing list