Note that there is no intent that these questions cover the entire exam! Please review other material, homework, etc! An Idea: Consider an operating system similar to Demos and Amoeba. Like Demos, it supports unconstrained message passing between processes. Like Amoeba, it is based on server side authentication. Capabilities have the following form:
_______________________________
| destination ID | index | key |
|_________________|_______|_____|
The kernel uses destination ID to route messages to their recipients.
The kernel makes no use of the index or key fields. Typically, servers
will use the index field to identify an object, and will use the key
field to validate the capability for the object.
Typically, user processes will validate capabilities by checking to see that table[index]=key, where the index and key are taken from the capability presented with a message, and where table is local to the process that is checking the validity. Note that no trapdoor function is involved here.
The destination ID is not a process id. The right of a process to receive messages addressed to a particular destination is controlled as follows: The kernel cooperates with a special server, the registration server. The registration server supports the following operations:
create destination ID any process can do this at any time Returns a new capability for a newly allocated destination ID. The index field is the new destination ID The key field is used to validate the right to accept messages addressed to that destination. register destination ID legal only if the key is the correct key for the destination. The most recent process to register some destination ID will receive all messages addressed to that destination. The registration server distributes destination ID information to the kernels of all member computers.The following message passing primitives are provided:
send( cap, buf, len ) uses the destination ID of cap to send a len-byte message from the buffer given to the most recent process that registered that destination ID. Message delivery is not guaranteed. Message loss may be caused by network problems, lack of buffer capacity, etc. receive( &cap, buf, len, &reallen, time ) await any message addressed to the current process, and place it in buf, up to len bytes. Returns the number of bytes in reallen, and returns the capability for the sender in cap. Time gives the maximum time to wait before returning. This may be zero, in which case, this service returns immediately, giving a message only if one was already enqueued, and it may be infinity, giving the usual semantics for a blocking receive.
A problem: What additional information that was not mentioned above must be passed to the registration server in order to allow it to register a process as the recipient for some desitnation ID?
A problem: How would you code an RPC protocol using these primitives?
A problem: How would you handle the problem of access rights to objects?
A problem: How would you write a file server using this model?
THERE IS NO RIGHT ANSWER TO THE ABOVE QUESTIONS