[cap-talk] EQ and the object-cap model
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Sun Dec 10 21:10:46 CST 2006
At Sun, 10 Dec 2006 14:56:17 -0500,
"Jonathan S. Shapiro" <shap at eros-os.com> wrote:
> No, I do not. This is a rather large can of worms. A proxy object should
> definitely be EQUAL? to the object it wraps. It is never EQ? (Marcus
> Brinkmann got this wrong last week).
Frankly, I didn't make a distinction between the different types of
equals that one can consider. I am aware of them, but for my own
modest practical needs I would be satisfied with a variant of EQ*?
that lies somewhere between your EQ? and EQUAL?.
It seems to me to be quite difficult to correctly support a
transparent proxy which is indistinguishable in behaviour from the
original object, in particular if one takes into account timing
considerations and failure scenarios. The paper "Synchronous IPC over
Transparent Monitors" by Jaeger et al gives some indication for what
it entails (in this case, special kernel support for the monitors),
but I don't think it is exhaustive.
http://i30www.ira.uka.de/research/documents/l4ka/synchronous-ipc.pdf
Thus, I would be quite satisfied with a more practical approach to the
problem, and define an EQ*? operation that is both efficient to
implement and sufficient for implementing common design patterns. In
particular as in many systems (especially the types I am interested
in) there are other constraints that already cover the defects of an
imperfect EQ*?.
Not very ambitious, I know. Sorry about that :)
Thanks,
Marcus
More information about the cap-talk
mailing list