Re: secure exec

[Niels Möller]

Marcus Brinkmann <address@hidden> writes:

> The label in the reply should be the label of the request + 1 (where the
> request always has the least significant bit 0).

Ok. So the error code goes in mr1 then?

> Also, notifications about task death are really just a special case of
> notifications about an object being destroyed (in this case it is the task
> object).

For now I use (not all implemented, though) the following mechanism
for handling notifications that can't be sent:

  * When sending a notification to a task fails, the task server sets
    a flag in the task structure.

  * A task can ensure that it is in sync by querying that flag, and if
    it set, it can send a special call requesting a list of all of
    its handles that refer to zombies.

Hmm, it's probably a good idea to include the value of that flag into
the notification messages. 0 means "if you get this message, you're in
sync with respect to zombies" and 1 means "even if you get this
message, you're not in sync and you should query the server for other
zombies you hold references to".

The same mechanism could perhaps be used for other servers as well. If
so, then one consequence is that a server needs to keep a little per
task state (not just per handle state), namely that flag. And then
that is also a convenient place to put the reference count for a
server that wants to have several handles referring to the same task.
Don't know yet if the same is true for clients.

Regards,
/Niels