[coyotos-dev] Activations

Jonathan S. Shapiro shap at eros-os.com
Tue May 22 09:20:50 EDT 2007 

On Sun, 2007-05-06 at 19:48 -0400, Christopher Nelson wrote:
> It seems to me that, especially in real-time applications in embedded
> systems, you would want to make use of such a mechanism.   
> 
> Many (most?) of the in-practice software errors I deal with on a
> day-to-day involve blocked threads, race conditions, and bad timeout
> assumptions.  It seems to me that considered use of activation
> handlers can eliminate the need for these constructs in many places. 

Chris:

Let me probe this a little further, because we keep hitting issues where
the activation mechanism gets in our way.

The alternative to an activation mechanism is to have a fault handler
that shares an address space with the original process. There are only
two significant differences between this and an activation handler:

  1. The space-sharing "external" handler behaves more sensibly for
     applications that involve multiple kernel-scheduled processes in
     a single address space. All of the worker threads can share the
     same fault handler, and the mutual exclusion around fault handler
     invocation is guaranteed. With activation handlers, each of these
     worker threads would invoke its handler independently and care
     is required in the handler to avoid concurrency problems.

  2. The space-sharing "external" handler must perform a kernel entry
     in order to return to the worker process. The in-process activation
     handler does not.

The fault handler approach is capable of doing everything that the
activation handler can do.

There are a bunch of issues with activation handlers in Coyotos

  1. They aren't useful for user-mode thread switch, because switching
     the capability registers requires a kernel entry in any case.

  2. They introduce a bunch of "double fault" problems. In particular,
     they make certain design options in the IPC path impossible that
     we would really like to use.

Given this, we are giving serious thought to abandoning activation
handlers.

Given that the same functionality can be accomplished with a same-space
"external" handler, and given also that there appears to be no
performance advantage to activation handlers because of the capability
register issue, I have two questions:

  1. Do you still feel that activation handlers are motivated?
  2. Do you see any examples of real things you want to do that cannot
     be handled with an external fault handler that shares an address
     space with the "base" process?

shap

More information about the coyotos-dev mailing list