At Mon, 24 Apr 2006 15:39:04 -0400, "Jonathan S. Shapiro" <[EMAIL PROTECTED]> wrote: > The assumption in my example is that the "recovery boundary" is between > M and S, but C is relying fully on the fact that M performs recovery.
This is the trivial case, it is identical to the case where C and M are in fact identical (which means we are talking about a scenario involving two parties, not three). My concern is about the case where there is a "recovery boundary" between C and M as well as between M and S. It is not clear to me that in that case M has any information about what a reasonable amount of time is. It may have, but it also may not have, depending on the specific use case. A thread migration model, for example, would address this by letting C provide an upper bound for the operation in M as well as in S. A real-time system would address this by having in-advance knowledge about the required times. But without such broad assumptions I don't think there is a general answer for M to the question when it needs to recover. Thanks, MArcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
