[cap-talk] Wikipedia: Object-capability model - reference vs. capability?
Charles Landau
clandau at macslab.com
Wed Jan 17 10:36:14 CST 2007
At 4:52 AM +0000 1/17/07, David Hopwood wrote:
>Charles Landau wrote:
> > I argue that the number capability in KeyKOS etc. is *not* a
> > reference to a data object.
>
>I think this is focussing too much on an implementation detail. ...
>Why does this matter?
I need to know whether a reference to the KeyKOS number object is a
capability or not.
At 5:55 AM -0500 1/17/07, Jonathan S. Shapiro wrote:
>On Tue, 2007-01-16 at 19:12 -0800, Charles Landau wrote:
>> I argue that the number capability in KeyKOS etc. is *not* a
>> reference to an [immutable] data object. If it were, we could use the same
>> hardware "add" instruction to operate on it that we use on ordinary
>> integers.
>
>Um. No.
>
>I understand what you are saying, but when you started talking about
>capabilities you moved up at least one layer of abstraction, and then
>when you talked about machine instructions you violated the layering.
We are talking about references. The article says a capability is a
reference to a non-data object. At which level of abstraction is this
statement?
>I agree that a KeyKOS number key is not an immutable data object at the
>hardware layer of abstraction. It is a perfectly fine immutable data
>object at the capability layer of abstraction.
I need to know whether a reference to the KeyKOS number object is a
capability or not. In KeyKOS, I can hold this reference in a
capability register and invoke it like a capability. I can obtain it
only from one of the allowed sources of capabilities (not literals in
my source code). It looks to me like a capability, not a reference to
a data object, which by definition is not a capability.
More information about the cap-talk
mailing list