[cap-talk] the prize - objects and their behavior, EQ?

[smagi at naasking.homeip.net]

> The RATS system was a virtual memory system and had
> a file object with the usual reading and writing operations.
> However, there was also a call on a file object that allowed
> a process to "map" a portion of a file into its memory space.

Doesn't this violate capability discipline anyway? The process is
designating itself implicitly rather than explicitly in this "map" call.
Doesn't capability discipline demand that all rights wielded in any
operation be explicitly named? From this perspective, the second
alternative Jed proposes would naturally be the correct design.

> C.  What's "wrong" (i.e. inadequate) about having objects
> defined entirely by their behavior in response to messages?
> [...]
> Since I don't know what is wrong with objects being defined
> entirely by their behavior I'm afraid I'll have to leave the initial
> identifying of such failings to others such as Jonathan to establish
> for the discussion.

I think Shap's point is that managing low-level machine resources via
objects with "equality as behaviour" is a poor fit. Quote from the e-mail:

"As the level of abstraction gets closer to representation, the "objects
as behavior" model becomes less comfortable. In the operating system,
one must ultimately reify the primitive storage elements (e.g. pages),
and one would like a consistent protection model from top to bottom. At
the very bottom, one needs to be able to reason about representation
identity, and so one needs to be able to ask whether two capabilities
reference the same representation state (example: the storage allocator
must not multiply allocate a page to different clients)."

My (perhaps unclear and incorrect) elaborations:

By protecting pages themselves with capabilities as EROS does, how is one
page differentiable from another if we try to discern them by behaviour?
What does the "behaviour" of a page entail? At this level, "object
identity as pointer" seems the natural fit.