Re: Re: Re: emulating no-senders notifications in L4?

From: Ondrej Hurt
Subject: Re: Re: Re: emulating no-senders notifications in L4?
Date: Thu, 27 Dec 2001 18:50:41 +0100 (CET)

> You're free to set the exception handler to some external entity if
> you want to.  The application is also free to mess itself up if it
> wants to, but this is not really a big issue since the application
> itself is the only one to suffer from the messup.

> Realizing that the application is allowed to mess itself up, there's
> really no problem with also letting an intra-task exception handler do
> all the proper handling and potentially send a "I'm completely messed
> up, please kill me" message to some task server.  The only reason I
> can think for using an external exception handler is for robustness
> reasons---there's less chance of accidentally messing up the exception
> handler itself.

The application has the right to trash itself but it should not harm
the rest of the system. In the case of unreliable fault detection, it
is not only the app who will suffer because it can lock resources in
other apps, it can hold references to misc stuff forbiding its
deletion (leaving it 'busy'), it consumes task slot etc.

BUT - I realized that the possibility of exception handler making
another exception making another exception making another exception
...... is standard in UNIX and we must do it the same way :-/

