Memory protection clarification.
Norman Feske
norman.feske at ...1...
Tue Mar 29 19:07:07 CEST 2016
Hi Daniel,
> So in a "resilient" system the parent would need to have the
> responsibility of checking the liveness (e.g., in event of fault) of the
> child to see if the resources should be taken back?
yes, that would work. The remaining open question is how to detect
lifeness. In principle, this could be done by the child providing
reports (via a 'Report' session) about its internal state in a periodic
fashion - similar to a watchdog timer. If the child stops reporting, or
if the reports start to look strange, it may be in trouble.
Another principal (yet untested) approach would be the use of core's
TRACE mechanism, which allows a trace monitor to dynamically instrument
components at interesting points like RPC calls or the reception of
signals. If the trace monitor has a model of the component's behavior,
it may match the traces against the model.
Cheers
Norman
--
Dr.-Ing. Norman Feske
Genode Labs
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the users
mailing list