[cap-talk] Virtualizability vs. Synergy
Norman Hardy
norm at cap-lore.com
Wed Jul 12 18:04:59 EDT 2006
On Jul 12, 2006, at 11:46 AM, Eric Jacobs wrote:
> On Sun, 09 Jul 2006 14:29:15 +0100
> David Hopwood <david.nospam.hopwood at blueyonder.co.uk> wrote:
>
>>
>> # In each synergy pattern I rely on some other object that I did
>> not get
>> # from you to tell me whether I can safely use P. I pass P to it
>> and it
>> # replies yes or no.
>
> I don't really understand what the conflict between that and full
> virtualizability is. The very definition of full virtualization in a
> capability system would be that there are no "other objects" that come
> from outside the virtualizing host, I'd think.
David was quoting from my page at <http://cap-lore.com/CapTheory/
Patterns/CapParam.html>.
By "full virtualizability" I meant that any old program that holds a
capability X, is in a position to unilaterally virtualize X (and only
X) without coordination with anyone else.
This is in marked contrast to virtual machines where most or at least
much of the system must be virtualized and then only the privileged
code (in everyone's TCB is capable of virtualizing.
Does this clarify my comments?
>
> In that case the host takes full responsibility for the cases where
> the
> interface contracts are broken, if it does override the synergy checks
> (as it may well be sensible to do, for example in a test case, for
> debug
> or experimental purposes.) For the confined object to have some way of
> escaping this would compromise those use cases.
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
More information about the cap-talk
mailing list