[cap-talk] Capability-based Projects - theory vs. practice

Jed Donnelley capability at webstart.com
Fri Aug 3 06:05:18 EDT 2007 

At 02:24 AM 8/3/2007, Mark Miller wrote:
>On 8/3/07, Jed Donnelley <capability at webstart.com> wrote:
> > I was hoping you'd challenge the lack of persistence (better term
> > than durability I guess?) for E MarkM.  That allows me to ask
> > (or try to ask) what persistence means in the language context.
>
> > For the language context (e.g. E) is there a similar
> > notion?  Maybe this question isn't well enough formed
> > to be answered, but please give it a try if you understand
> > what I am getting at.  Can you show me, for example, how
> > actions in E can result in shared access of an object
> > between two "users" that persists after a system restart?
>
>Hi Jed, I'm going to give you a long reading list.
>...
>
>In the E source distribution, the file
>src/esrc/scripts/persist-echat.e does exactly what you ask for above.
>...
> > Is something required at the OS level to make such
> > persistent object sharing work?
>
>The file system must usually survive restarts ;).

I can understand how file content that might be modified by
executing E programs will survive.  What I don't understand
is how that effects any sort of permanent sharing between
users - e.g. on a Unix system for example.  When the system
restarts all process state is lost.  While there may be
some changed file contents for some users, how does that
effect sharing?  Does E do something with Unix's ACLs that
somehow effects permanent sharing between users?

Skip this if you already understand my question, but let
me describe in a bit more detail in case not.  Unix user
Jed and Unix user MarkM initially have no shared
file content on Unix.  However they can both communicate
on the network which allows them to communicate through
vats.  Somehow (I don't think these details matter, but
perhaps they do) user Jed and user MarkM run some E
programs that effect some sharing of capabilities through
networking between their vats.  For example, let's say
that user Jed sends a RW capability to a file to user
MarkM.

Now the Unix system reboots.  How does user MarkM
exercise his RW access to user Jed's file?  Perhaps
both user Jed and user MarkM have to initialize
E 'demon's that pick up the changed file state and
permit communication from user MarkM to modify user
Jed's file - e.g. through the vat mechanism on the
network?

I hope my question is clear.  There's something
fundamental here that I think I'm missing.

--Jed  http://www.webstart.com/jed-signature.html

More information about the cap-talk mailing list