On Fri, Jun 10, 2005 at 02:23:50PM +0100, Neal H. Walfield wrote:
Usage scenario 2: Reference counting.
the main problem with reference counting is that the clients have to explicitly release the reference. Thus cooperation is needed, since L4 do not send a notification if an object e.g. a task is destroyed...
Clients can voluntarily release a reference, however, they are not required to do so. The task server, which is part of the TCB, knows when every task terminates. It can provide this information to the reference monitor.
There is a grant problem. If a client X grant an object to Y and X dies, this does not mean, that the reference to the object is released...
Situation: S -> C -> (1 reference) A -> B
Goal: /-> (1 reference) A S-> C -> (1 reference) B
In your scenario both clients A and B have to cooperate with C
C needn't trust either A or B.
If client A asks the server C to map something it already has, from C to a client B, only the clients have to trust C to provide this service. The server C needn't trust its clients for this operation...
Bernhard