Let this quick example design document serve as an inspiration for you. (Yours should be better, of course.)
1. Interface
struct proc { ...
flangestate* flange_; // initially nullptr
};
struct flangestate {
spinlock lock_;
wait_queue wq_;
butt** butt_table_;
...
void bend();
...
};
struct butt {
spinlock lock_;
unsigned refct_;
int type_;
...
virtual ~butt();
void put_ref();
virtual ssize_t measure();
virtual void copy_shape(char* dest);
};
Each flangestate
is pointed to by exactly one proc
. Each butt
is pointed
to by one or more butt_table_
entries. A butt
’s refct_
member is always
greater than or equal to the number of references to the butt
from system
butt_table_
s. We expect butt
to be subclassed with specific kinds of
butt
, for instance, plumber_butt
in problem set 4.
2. Functionality
flangestate::bend()
: This method bends the flangestate, rearranging its
butts in random order. That means…
butt
s are always dynamically allocated by kalloc
/knew<butt>()
. It is
invalid to allocate a butt
on the stack.
butt::put_ref()
: Decrements butt::refct_
by one. If the resulting count is
0, frees the butt
.
butt::measure()
: Returns the size of the butt in
micrometers.
butt::copy_shape(dest)
: Writes information about the butt
’s shape to the
dest
pointer. Writes up to 128 bytes.
3. Synchronization and blocking
flangestate::lock_
protects flangestate::butt_table_
.
flangestate::bend()
must be called with flangestate::lock_
locked.
butt::lock_
protects butt::refct_
and …. In the lock ordering,
flangestate::lock_ < butt::lock_
(so it’s OK to lock butt::lock_
while
flangestate::lock_
is held).
butt::type_
is set when the butt
is initialized and cannot be changed
thereafter. A butt
is only destroyed when its refct_
falls to zero.
butt::measure()
can block.
4. Future directions
If we introduce threads, a flangestate
might be shared between multiple
struct proc
s.
If threads can free memory as well as allocate memory, we might need to change
butt::copy_shape
to validate the destination memory before writing to it.
128 bytes is enough for all butt shapes we can think of, but we might need to raise it if we add support for virtual machines.
5. Concerns
We’re worried that butt::copy_shape()
will be wicked hard to write.
We’re not sure we understand the synchronization requirements of
flangestate::bend()
.