[coyotos-dev] Explicit Persistence Considered Harmful
Jonathan S. Shapiro
shap at eros-os.com
Mon Aug 18 22:18:12 CDT 2008
On Mon, 2008-08-18 at 20:06 -0700, Charles Landau wrote:
> > 2. Capability safety requires that one maintain a type partition between
> > data and capabilities. If persistence is not implicit, then capabilities
> > that reference server-implemented objects
> If you count the kernel as a server, then I think all objects are
Yes. In the context of this discussion, the kernel is not a server.
> > are effectively severed by restart.
> Perhaps you mean, the capabilities must be severed to avoid an
> inconsistent state. This is the implication of concept (a).
Not so. I mean: are necessarily severed. In non-implicit persistence,
names of objects are not durable across restart except by invocation of
some sort of reconnection protocol.
> Or perhaps you mean, because the server is not persistent, its objects
> aren't either. But it's possible in some implementation for the server
> to be persistent, but not implicitly so. This is the implication of
> concept (b).
Yes. But in a non-implicit persistence mechanism, the server and the
client must together make provision for re-establishment of
> > This means that:
> > a) Some form of file system comes to be required, or
> > b) Some form of re-connection protocol implemented by a trusted
> > service becomes necessary.
> > Neither is impossible, but both are complex and awkward.
> I think a file system is not sufficient, unless it includes an access
> control system, which is in effect a re-connection protocol.
Yes. I probably should have written "an object system".
> > 1. It is exceptionally hard to implement "notify on last close"
> > semantics.
> Possibly, but I'm not convinced this is a consequence of implicit
I believe that it is. The problem is that it is very difficult to know
when the last on-disk capability to an object disappears without disk
GC. The problem arises primarily because the object graph in all KeyKOS
derivatives may contain cycles.
More information about the coyotos-dev