[cap-talk] Another "core" principle
Jonathan S. Shapiro
shap at eros-os.com
Mon Dec 18 12:34:02 CST 2006
On Mon, 2006-12-18 at 10:01 -0800, Marc Stiegler wrote:
> These are two passages concerned with the theoretical (never observed in
> anything I have seen or written) problem of fine grain caps getting so
> intertwined that you dare do nothing but leave them alone.
>
> To quote a book that I myself wrote: "The engineer takes a large problem
> and breaks it down into small problems, each of which can be solved
> easily. The bureaucrat takes a large number of small problems and rolls
> them all together into a problem that no one can solve."
>
> Preventing incomprehensible intertwining is what modular design is all
> about. Using the logic that finer-grain control means understanding of
> what is going on, one would predict systems build of tiny objects to be
> incomprehensible, and less maintainable, than systems built using
> FORTRAN... Caps, which flow so naturally from objects, follow the same
> logic to the same conclusion. All of which probably has something to do
> with why I haven't seen a problem in the field.
This is all true, but completely irrelevant. The type of intertwining
that concerns me does not arise from cruddy engineering. It arises from
the fact that real users in real systems are going to build *documents*
consisting of intertwined capbilities. It is not the underlying
applications that are unstructured. Rather, the claim is that in an
object system the natural content model for document-like content is an
intertwined space of capabilities.
Regarding your claim that this hasn't been seen in the field: perhaps
you haven't heard of the MS Object Linking and Embedding protocol.
In OLE, the bad effect results from files being deleted rather than
capabilities being severed, but the end result is precisely the same.
For document transmission, application authors have been forced to bad
expedients such as caching a WMF image in the document containing the
OLE link source. Meanwhile, users have learned that out-of-document
object references cannot be relied on.
I claim that not only is the problem real, but it has been observed
continuously in the wild for at least 10 years, and it is the single
greatest impediment to the utility of OLE.
Fundamentally, the OLE problem is a failure of GC and object reference
preservation of exactly the type I anticipate will occur under membrane
revocation.
shap
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
More information about the cap-talk
mailing list