pfeiffer@nmsu.edu (Joe Pfeiffer) (02/02/90)
Backup ports are documented as follows: ``... if a primary port has a backup port, and the primary would have been destroyed by the deallocation of its receive rights, then instead the receive right for the primary port is sent in a notify message to the backup port.'' Question: if a task crashes, will receive rights be transferred? In other words, how helpful will this be in enhancing robustness? -Joe.
Richard.Draves@CS.CMU.EDU (02/04/90)
When a task dies all port rights that it holds are deallocated. Therefore, if a task T has a receive right for a port A which has a backup port B, then when T dies the receive right for A will be sent to B in a notification message. However, backup ports do not work across the network in some cases. In the above scenario, the receive right for B can be on a second machine and everything works. However, if T's machine crashes, and the receive right for B is on a second machine, then the backup port mechanism will not work. This is because netmsgservers don't know about backup ports, and if T's kernel doesn't generate the notification message (because it crashed), then the netmsgservers on the other machines won't know to synthesize the notification message and port A will be destroyed. Backup ports are not designed to be The Robustness Solution. They are a substitute for some uses of ownership rights, a feature I removed. (The good thing about ownership rights is that netmsgservers do know about them, so they work even when machines crash. The bad thing about ownership rights is that this greatly complicates netmsgservers.) Rich