On Tue, 2006-04-25 at 13:06 +0200, Marcus Brinkmann wrote: > However, I am _much_ more interested in discussing what the actual > problem is we are trying to solve. It has to do with recovery...
I agree. Also, there is something else that we all agree on: if one mechanism can handle two problems with acceptable efficiency, it is a mistake to introduce a second mechanism for the second problem. So I pose the following test case: Suppose C calls S, and S enters an infinite loop. How should the client defend itself from this error? Notice that none of the "capability death notice" ideas are helpful. The only mechanism that I know about that can guard against this is some form of watchdog (which is why I am backing away somewhat from my earlier position about watchdogs). If we conclude that we need watchdogs for this (or for something else), then I suggest that kernel-supported capability death notice (any kind) is unnecessary and should not be implemented. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
