[cap-talk] Joe-E (was: the prize)
Jonathan S. Shapiro
shap at eros-os.org
Mon Nov 1 20:39:16 EST 2004
On Mon, 2004-11-01 at 19:35, David Wagner wrote:
> Marc Stiegler writes:
> >While I'm responding, since you used Java as your example, just thought
> >I'd mention that a capability-secure version of 100%pure Java, Joe-E, is
> >possible, if you use an appropriate verifier. That version of Java could
> >make sense -- but it is once again a true capability-secure language.
> I'm glad you mentioned that. This is a really exciting direction,
> particularly since it would allow programmers to build on their existing
> familiarity with Java. What's the current status of Joe-E? Is Chip
> Morningstar's verifier complete (i.e., it correctly verifies a useful
> and capability-secure subset of Java)? Is anyone actively working on it?
>From conversations with MarkM at the time -- and I may have
misunderstood him -- the "original E" project (which appears to have
morphed into Joe-E) was one of those asymptotic convergence problems. It
was easy to get the first 80%, then feasible to get 80% of the rest,
then there was hard stuff, and then it all came apart at the seams.
MarkM, if I understood him, felt that it could not (in a practical
sense) be done.
If I misunderstood, or if new insights have emerged, I would be very
interested to hear about them.
More information about the cap-talk