[coyotos-dev] Explicit Persistence Considered Harmful
clandau at macslab.com
Fri Aug 22 11:34:05 CDT 2008
Jonathan S. Shapiro wrote:
> I assume that every process, on creation, is assigned a protected
> payload that constitutes a host-unique-id for that process. Logically,
> no host-unique-id is ever reused. In practice, they can be re-used once
> the previous use is unreachable.
> I assume there exists a privileged server that will store triples of the
> (host-unique-id, index, durable capability)
> A process having host-unique-id is entitled thereby to read or write the
> associated triples to this server. This is the durability mechanism for
> persistent capabilities.
> By strong convention, index 0 names the binary image from which the
> process having host-unique-id should be restarted on system restart.
IIUC, a process that has stored such a triple is in effect persistent,
because it will be restarted with the same program and host-unique-id,
but its state is not persistent, because it will be restarted from the
beginning. The host-unique-id gives it the authority to fetch the
durable capabilities it previously saved.
If client C has a capability to an object implemented by server S, how
does C reestablish its capability to S? Does it save a durable
capability containing S's host-unique-id?
More information about the coyotos-dev