[Openmcl-devel] process-run-function and mach ports usage

Shannon Spires svspire at sandia.gov
Thu Feb 24 05:02:17 UTC 2011


Wow. This little exchange was a mind-blower. My jaw is hanging open. My naive, childish illusions of software competence have been dashed.

If bridges were built with this level of professionalism, people would die and engineers would be jailed.

I've heard that "the difference between a Porsche and a Ferrari is that the Porsche was designed by people who went to college." All this time, I had sort of assumed
Porsche:Ferrari :: Apple:Microsoft.

Guess not. 

It's time somebody wrote an operating system with the same degree of engineering rigor that Germans use to design cars. Are we yet tired enough of this kind of crap to do something about it?


[Gary wrote:]

> Apple's documentation for mach_thread_self() (see
> 
> <http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/osfmk/man/mach_thread_self.html?txt>)
> 
> doesn't seem to explicitly state that that function increments the
> port's send reference count (though it certainly seems to.)  The GNU
> Hurd documentation does state this, but warns the user that
> mach_thread_self() allows the reference count to silently wrap around
> (wrap around 2^32 ?  what ?) without error and that the reference count
> shouldn't be decremented if this overrun might have happened.
> 
> This stuff escaped from a lab somewhere; the fact that it's been
> lurching around the countryside frightening villagers as long as it
> has is pretty sad.
> 
> I don't care what a thread's Mach port's send right's reference count
> is.  I do care that thread creation doesn't leak kernel resources, and
> because if this nonsense it does.
> 

[then mikel evins wrote:]

> However, during the investigation, we ended up talking over the issues with Avie Tevanian, who was the boss of that stuff at NeXT at that time, and who was before that involved in the design and construction of Mach at CMU. What struck me about the conversations was that Avie said Mach was designed to leak certain resources because allowing them to leak avoided some costly houskeeping, and in "normal use" the leaks would not be a problem. Mach's designers simply assumed that systems would be rebooted often enough to prevent any issues arising.
> 
> I remember that he seemed slightly put out that NeXT customers would use system calls in a way that violated that assumption.





More information about the Openmcl-devel mailing list