gparmer
commented
6 years ago To add more detail:
The three-step protocol for capability activation is meant to address races between two capability activations in the same slot. Currently, the code in the repo simply doesn't do this. The abstractions of the code abide by the 3 step protocol, but the implementation of that abstraction does not. BUG.
The three steps are:
- Atomically mark the slot as allocated (with
cas). - Update the body of the slot but not the type, so that any parallel accesses to the slot will fail as it is being populated.
- Only after the slot is well-formed, do we set its type to the apporpriate value to enable accesses to the resource.
Note that once a slot is active, it is immutable with very few exceptions.
3 step protocol for cap active needs to be fixed. There is a bug in this function.