[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Jonathan S. Shapiro
Mon, 24 Oct 2005 15:52:17 -0400
I want to offer three terms that we use in EROS, Coyotos, and KeyKOS
that may help sort out some confusion. In hindsight, I wish that I had
thought about this before I introduced the term REVOCABLE COPY.
sever To cause a particular capability to become invalid.
destroy An operation performed by an object, at the end of
which the object no longer exists.
reclaim An action that reclaims the storage occupied by an
object server, without consulting the server.
Hopefully, this terminology makes it clear that a particular capability
can cease to function while the object continues to function. In
hindsight, I wish that I had used the name "severable copy" instead of
Unfortunately, the terminology on these things is confused in KeyKOS,
EROS, and Coyotos, because the action that causes a RECLAIM is to
perform a DESTROY on a space bank.
A consequence of reclaiming any resource is that *every* capability to
that resource is severed.
When a server implements one object, and is asked to destroy() itself,
its last step is to destroy its own space bank. This causes its storage
to be reclaimed, which has the effect of severing all existing
capabilities to the server process.
When a server implements multiple objects, it is necessary for the
server to arrange that individual object capabilities can be severed
when the destroy() operation is performed for that object. This is
usually done by introducing a wrapper that can later be destroyed.
- Revocation terminology,
Jonathan S. Shapiro <=