genode manual

Prashanth Mundkur pmundkur.l4 at ...9...
Mon Apr 27 08:25:03 CEST 2015 

Hi,

I'm having trouble building the manual from the latest genode-manual
master:

<use img/genode_labs.pdf> [150] <use img/genode_labs.pdf> [151]
<use img/genode_labs.pdf> [152]

! LaTeX Error: File `spec/classes/genode/capability/description.tex'
  not found.


Type X to quit or <RETURN> to proceed,
or enter new name. (Default extension: tex)

Enter file name:


Being unable to build, I instead read the March 9th version of the
really excellent manual, and have the following feedback:

- section 3.1.4: Capability delegation through capability invocation

  Is there a notion of access rights on capabilities,
  e.g. read/write/grant as in sel4?  If not, it might be good to
  comment on the design choice.

- 3.2.4: Client-server relationship

  Not sure if this is the best place for it, but related to the
  lifetime of a session, can capabilities be revoked or deleted, and
  who can perform this action (child/parent/delegatee)?  It would be
  good to have an explanation that is as clear as the one on
  capability creation and delegation, explaining how a capability is
  removed from a protection domain.

- 3.4.5: Address-space management

  One issue that was not referred to was handling page-faults, which
  I found is indeed covered in the 'Under the hood' chapter.  It would
  be good to have a forward reference.

  I found the sub-section on managed dataspaces a bit unclear,
  especially the relationship between 'the RM client' and 'the
  component' in the first case, and 'client', 'RM client' and 'server'
  in the second case.  One (or two) of your excellent diagrams would
  be really helpful here.

- 3.6.1: Synchronous RPC

  This is not clear: "Each IPC server has a corresponding untyped
  capability that can be used to perform calls to the server using an
  IPC client object."  Perhaps server/client got swapped somewhere?

- 3.6.2: Asynchronous notifications

  Even when the server is signalling events to a single trusted
  client, isn't there a possibility of deadlock that motivates the
  need for asynchronous notifications?

- 6.2.6: Assigning subsystems to CPUs

  At the end of the section, I thought the upper-left CPU would be at
  position (0,8) instead of (4,0).  Perhaps a diagram could help, or
  the existing diagram showing affinity for nested inits could be
  reused for this example.


Hope this is useful.

--prashanth

More information about the users mailing list