[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Revocation terminology

From: Jonathan S. Shapiro
Subject: Revocation terminology
Date: Mon, 24 Oct 2005 15:52:17 -0400

I want to offer three terms that we use in EROS, Coyotos, and KeyKOS
that may help sort out some confusion. In hindsight, I wish that I had
thought about this before I introduced the term REVOCABLE COPY.


  sever       To cause a particular capability to become invalid.

  destroy     An operation performed by an object, at the end of
              which the object no longer exists.

  reclaim     An action that reclaims the storage occupied by an
              object server, without consulting the server.

Hopefully, this terminology makes it clear that a particular capability
can cease to function while the object continues to function. In
hindsight, I wish that I had used the name "severable copy" instead of
"revocable copy".

Unfortunately, the terminology on these things is confused in KeyKOS,
EROS, and Coyotos, because the action that causes a RECLAIM is to
perform a DESTROY on a space bank.

A consequence of reclaiming any resource is that *every* capability to
that resource is severed.

When a server implements one object, and is asked to destroy() itself,
its last step is to destroy its own space bank. This causes its storage
to be reclaimed, which has the effect of severing all existing
capabilities to the server process.

When a server implements multiple objects, it is necessary for the
server to arrange that individual object capabilities can be severed
when the destroy() operation is performed for that object. This is
usually done by introducing a wrapper that can later be destroyed.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]