[cap-talk] "Same" key

Mark S. Miller markm at cs.jhu.edu
Sun Feb 4 13:46:49 CST 2007

Jonathan S. Shapiro wrote:
> On Sat, 2007-02-03 at 13:47 -0800, Mark S. Miller wrote:
>> Can you give an example where two not-EQ caps designate the same object?
> Not having tracked your definition of "object", probably not, but the
> obvious example would be an object implemented by a domain that chooses
> to ignore some or all of the facet ID bits. This would let two facets
> alias the same object, but the resulting capabilities would fail EQ.

Yes, I used exactly this case as a counter-example at
So, yes, we seem to consistently mean different things by "object".

> More practically -- and this exposes a place where I continue to be
> uncomfortable with your definition of "object" -- it is very common to
> have two capabilities with distinct facet IDs that designate the same
> state and differ only in permissions -- specifically, one provides a
> subset of the operations of the other. An example is RO-page key vs.
> RW-page key, but the same notion appears in user-implemented
> capabilities as well. In spite of your attempts to redefine terms :-) I
> expect that I will continue to speak of such capabilities as designating
> the same object.

Yes, I expect so as well ;).

I do think the dominant use of "object" in computer science is what 
"object-oriented programmers" mean by "object" -- a combination of state and 
behavior that reacts in a certain way to messages/invocations. Certainly, we 
have been clear that the "object" in our term "object-capability model" is a 
reference to the "object" of "object-oriented programming" (or "object-based 
programming" if one buys Wegner's taxonomy).

So, in spite of your attempts to redefine terms ;), I will continue to speak 
in terms more familiar from the PL perspective, even if that's more confusing 
from the OS or historical access control perspectives.

Text by me above is hereby placed in the public domain


More information about the cap-talk mailing list