[cap-talk] Capability language safety
Jonathan S. Shapiro
shap at eros-os.org
Tue Nov 2 08:34:04 EST 2004
On Tue, 2004-11-02 at 04:59, Ben Laurie wrote:
> David Hopwood wrote:
> > Technically, you are right that it is *possible* (in a strictly literal
> > sense) to build a nontrivial system that enforces capability discipline
> > in such a way that there is no clear layering between a part of the system
> > that essentially acts as a capability-secure language implementation or
> > kernel, and an application layer. I would never trust such a system, and
> > I have no confidence that there is anyone competent to design one that
> > way. (If there were, they probably would not trust it, either.)
> I actually think this would be quite easy to do in C++.
Not a prayer.
It might be possible to build a class library that would *support* a
more capability-oriented style of programming. Indeed, we contemplated
such for EROS.
It is not possible to build anything in the C language family that
*enforces* anything at all.
More information about the cap-talk