Mach interfaces do not allow for proper resource accounting, when a server allocates resources on behalf of a client.
Mach can't do a good job at resource management, as it doesn't have enough information how resources are used: which data is important and which is discardable, for example.
This is the fundamental failing of the Mach/Hurd architecture. The
Hurd operates via many server to client relationships, in which
servers request resources on behalf of their clients. For example at
any given time, extfs could have many different clients (emacs, vim,
git etc.) requesting data, creating files, deleting files, re-naming
files, etc. Suppose one rogue client out of 50 is continually
requesting increasingly more memory, which is exhasting the machine's
resources. As far as Mach knows, ext2fs is wasting RAM. It doesn't
know that one ext2fs' client program is at fault. There is no way
for Mach to fix this, since it should not kill ext2fs, and it cannot
know which ext2fs client to kill.
This server/client architecture is a problem that exists elsewhere. A
good example is X. Firefox might allocate a lot of pixmaps, which
causes X to use more memory. Linux actually used to kill X, because
of this several years ago.
This problem is much worse on a multiserver system, because we have many server/client relationships. A simple fix that would limit these issues is to introduce fixed limits on various kinds of resource usage. A proper fix requires a way to attribute all resource usage to the clients -- either by avoiding server-side allocation or by keeping track of who is requesting resources. Both of these changes requires lots of changes to low-level code.
These issues are what Neal Walfield explored with his kernel: viengoos.
Kernel
Inside the kernel, there is commonly a need to allocate resources according to externally induced demand, dynamically. For example, for memory-management data structures (page tables), process table entries, thread control blocks, capability tables, incoming network packages, blocks that are read in from disk, the keyboard type-ahead buffer for a in-kernel keyboard driver. Some of these are due to actions driven by user-space requests, others are due to actions internal to the the kernel itself. Some of these buffers can be sized statically (keyboard type-ahead buffer), and are thus unproblematic. Others are not, and should thus be attributed to their user space entities. In the latter (ideal) case, all resources -- that is, including those needed inside the kernel -- that a user space task needs for execution are provided by itself (and, in turn, provided by its parent / principal), and the kernel itself does not need to allocate any resources dynamically out of an its own memory pool. This avoids issues like Mach's zalloc panics upon user space processes allocating too many ports, for example.
fof plos09: Pierre-Evariste Dagand, Andrew Baumann, Timothy Roscoe. Filet-o-Fish: practical and dependable domain-specific languages for OS development. PLOS '09, October 11, 2009, Big Sky, Montana, USA.
ENDBODY]]
Use this template to insert a note into a page. The note will be styled to float to the right of other text on the page. This template has one parameter:
- `text` - the text to display in the note