[coyotos-dev] Explicit Persistence Considered Harmful
Jonathan S. Shapiro
shap at eros-os.com
Fri Aug 22 11:50:33 CDT 2008
On Fri, 2008-08-22 at 09:34 -0700, Charles Landau wrote:
> IIUC, a process that has stored such a triple is in effect persistent,
> because it will be restarted with the same program and host-unique-id,
> but its state is not persistent, because it will be restarted from the
> beginning. The host-unique-id gives it the authority to fetch the
> durable capabilities it previously saved.
Yes. And also there is provision made for re-bootstrapping the process
by keeping a record of its initial program image.
> If client C has a capability to an object implemented by server S, how
> does C reestablish its capability to S? Does it save a durable
> capability containing S's host-unique-id?
Yes. The mechanism for this is that it provides the NON-durable
capability to the capability store, which in turn knows how to construct
the durable capability.
If the target of a saved capability is not durable, the saved capability
cannot be reconstructed.
Reconstruction of a saved capability does not imply that communication
state is consistent. The mechanism enables reconstruction of the
communication graph, but does not reconstruct consistent sessions. It is
approximately as if a re-open has occurred.
I suppose this might be thought of as a persistence mailbox namespace
with a secure means of re-connection in that name space.
shap
More information about the coyotos-dev
mailing list