[cap-talk] emulation (was Facet term)

Mon Jul 24 22:02:39 CDT 2006

At 12:07 PM -0700 6/27/06, Jed at Webstart wrote:
>At 10:07 PM 6/23/2006, Norman Hardy wrote:
>  >I introduced "service key" recently to unify a discussion of keepers.
>>See <http://www.cap-lore.com/CapTheory/KK/Keeper.html>.
>>It is a key category for explaining kernel logic.
>>It was to unify a discussion of keepers.
>>The kernel's message to the keeper includes the service key to the
>>kept object so that the keeper can fix the object.
>>The service key for a meter or segment is the node key.
>>The service key for a domain is the domain key.
>>The kernel knows node keys and domain keys when it sees them.
>
>Can the node and domain keys still be effectively "emulated"
>(substituted) by an extension (e.g. remote) key?  If the kernel
>knows node and domain keys when it sees them, that would
>seem to suggest that it would know when it received an
>extension (e.g. emulating a node or domain key) key
>instead.  In my limited experience (e.g. with RATS) that's
>an area where care needs to be taken to insure that all
>the base system capabilities can be emulated/extended
>(as the file capability was not on RATS).
>
>Just thought I'd ask.  Perhaps Charlie knows?

At 1:11 PM -0700 6/27/06, Norman Hardy wrote:
>Your question about emulation is complex and important

At 9:17 PM -0700 6/29/06, Norman Hardy wrote:
>This is a non-trivial question with less trivial answer.

Indeed. I really should write up my thoughts on this subject too, but 
it's not likely to happen soon. Meanwhile:

Yes, these service keys known to the kernel can be emulated, but it 
can be difficult. The easiest is a domain/process key: emulating a 
domain requires emulating also its domain creator and possibly space 
bank. Emulating a memory/segment key is quite difficult; we made 
provision for a segment keeper so you wouldn't have to. And as Norm 
pointed out, emulating a meter is completely impractical, except 
through the keeper.

At 2:45 PM -0700 6/27/06, Jed at Webstart wrote:
>At 01:11 PM 6/27/2006, Norman Hardy wrote:
>  >One conundrum is the meaning of sending a meter key over a
>>communications link.
>>Probably a bad idea. In effect a meter key is authority to consume
>>resources on some particular CPU.
>>It is not of much use on another CPU.
>
>I don't understand why not.  Why should it matter what processor
>makes the requests?

It would be more accurate to say a meter is authority to consume 
resources on some particular *system*, which could be a 
multiprocessor system. Outside that system it is not much use.

>With a mechanism like the DCCS:
>
>http://www.webstart.com/jed/papers/DCCS/
>
>any invocation can only happen on the system that
>directly supports the resource that the capability is
>a reference to.
>
>I have to admit I don't understand why it should make
>a difference.  Maybe Charlie Landau (who is certainly
>familiar with the issue I'm getting at) could comment,

Because at the kernel level of abstraction, a meter key isn't 
*invoked*, it is placed in a magic slot of a process.