[cap-talk] kernel object knowledge
Mark S. Miller
markm at cs.jhu.edu
Wed May 30 16:42:35 EDT 2007
Jonathan S. Shapiro wrote:
> On Wed, 2007-05-30 at 10:09 -0700, Charles Landau wrote:
>> Don't these difficulties apply also to non-oblivious membranes,
>> though to a lesser degree? A non-oblivious membrane may know that
>> some capabilities do not need to be wrapped, but there may still be
>> some that do need to be wrapped. At best, a non-oblivious membrane
>> simply lowers the bound of storage required (possibly lowering it
>> from infinite to finite).
>
> I seem to recall that MarkM had an implementation in E at one point that
> was able to evade this issue by re-using the proxy object in some clever
> way that I no longer recall. I may be mistaken.
You may be thinking of Bill Frantz's proposal to pre-allocate bit positions in
the capability representation for all the membranes that a capability
virtually passes through (link needed). This is a clever approach that shifts
the costs around in a thought provoking way. But it's only practical if one
can practically treat such system-supported membranes as a globally
super-scarce resource, say 32 altogether. I expect this issue disqualifies the
proposal for general purpose use.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list