[cap-talk] membrane implementations?

Bill Frantz frantz at pwpconsult.com
Thu Jan 25 21:53:17 CST 2007

david.nospam.hopwood at blueyonder.co.uk (David Hopwood) on Thursday, January 25, 2007 wrote:

>Jonathan Shapiro wrote:
>> An OS-based ob-cap system generally *will* have a destroy operation, and
>> it is necessary to say what happens to existing capabilities when an
>> object is destroyed.
>AFAIU, objects in any obj-cap system cannot be destroyed per se. An object
>can be modelled as changing to a 'deleted' state in which it throws an
>exception (for example) on all calls, but conceptually the object still
>So, nothing happens to existing capabilities *within the model* when an
>object is 'deleted' in this way. An implementation might change the
>representations of existing capabilities so that it is able to reclaim
>any storage needed to map them to an object location, but that has no
>semantic effect.

There is one possibly significant difference between the way a language
like E handles deleting an object, and the way an OS like KeyKOS or EROS
does.  In E, the reference in the membrane object is set to null to
delete access through the membrane.  The membrane object still exists,
and any kind of EQ operation may well show it as different from other
membrane objects with deleted access.

Compare this with KeyKOS and EROS, where the storage for the membrane
object will be reclaimed, and the system will change all capabilities to
that membrane object to Number(0) (KeyKOS) or void (EROS).  This action
looses the EQ identity, making all deleted access membrane objects
compare EQ to each other.

For systems like Jonathan described:
>   2. Have a valid bit in the capability and turn that off, but
>      leave the rest of the capability unchanged.

These systems might also preserve the un-deleted EQ behavior of deleted
access membrane objects.

Cheers - Bill

