[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wortel syscall wrappers
|
From: |
Niels Möller |
|
Subject: |
Re: wortel syscall wrappers |
|
Date: |
20 Jan 2004 15:37:12 +0100 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 |
Johan Rydberg <address@hidden> writes:
> Yes. I have done the same thing in my hurd-l4 tree. One comment,
> though:
>
> : if (l4_untyped_words (tag) != 1
> : || l4_typed_words (tag) != 0)
> : panic ("Invalid format of space_control reply");
>
> Is there really a need for this type of sanity tests? First the
> message must pass the wortel control cap test. And if it passes
> that, and the message is still not correct, then something is
> really wrong, and the system deserve to crash and burn.
Well, I think it's good style to not move the responsibility for
protocol syntax and safety from the server onto the client. Even if
it's correct that in this case, both server and client have to be
trusted anyway.
> But I guess they doesn't hurd for starters. Later they can be
> removed, to increase performance (it they have any impact on
> performance, that is.)
I think the the tests can be made for free[1], if we really want. Just
let the server loop extract the bits of the message tag that contain
the label and word counts, and switch on that, instead of on the label
alone. Then the default error case will take care both of unknown
labels, and known labels with invalid word counts. Something like
switch (tag & LABEL_AND_COUNTS_MASK)
{
case MAKE_TAG(FOO_LABEL, 2, 0): /* FOO takes two untyped args */
...
default: /* Bad label or message syntax */
/Niels
[1] Perhaps we'll pay a few cycles if the switch on label alone is
compiled to a jump table, and the above construction is not. But
it's much too early to worry about that ;-) Hopefully we'll use
some tools too automatically generate good code for this dispatch.