[cap-talk] Price of resource accountability
Matej Kosik
kosik at fiit.stuba.sk
Tue Sep 2 01:53:06 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Baldur Johannsson wrote:
> Curiously enough I have been thinking/experimenting a bit with exactly
> this issue.
Likewise.
>
> Three kinds of resources for an protection domain come up in my mind:
> 1. memory ( for storing programs both text and state )
> 2. cpu-time ( for running an protection domain )
> 3. inter protection domain messaging ( to prevent flooding )
>
> Both 1. and 2. are familiar to anyone who as studied KeyKos/Eros/Capros as
> they can be achieved by sub-spacebank and sub-meter respectively.
> But what about 3.? I havent seen it used/mentioned so far except in
> the Agorics Inc.
> paper titled "Digital Silkroad" under the concept of "postage".
I do not think that problems (1) and (3) are inherently separate. At
least in my current attempt to address this problem for Pict
http://altair.sk/mediawiki/upload/4/48/Memics2008.pdf
(work in progess)
these two problems are addressed at once.
Some details are in the article. Although I do not regard the
proposition very trustworthy until I implement it and test it. But I
have the belief that it can be solved.
I am somehow hesitating to turn to schemes described in the Digital
Silkroad article---especially in non-distributed and closed environment.
There must be a simpler solution. Although in a distributed environment
they seem inevitable (even though they are beyond my imagination how to
implement them).
>
> So I ask you(plural) this: are these three types of resources inter-fungible?
> If that is the case I suggest that an third type of datum primitive (besides
> capabilities and normal bit pattern datums) be added to both protected
> domain state
> and messages: some sort of an quota currency ( basically an big number
> say 256 bit one).
>
> Also that the additional behaviour would be added:
> The kernel deducts x amount from an protected domains quota currency
> amount when said domain is acquiring more memory, creating other
> domains and sending messages.
> And such operation would fail (with indication) if the domain doesnt
> have enough of the quota currency.
> The kernel adds x amount to an protected domains quota currency when
> it receives an
> message from another domain and releases memory.
>
> Quota currency would, as noted above, also be part of every message
> giving the option of
> a sending domain passing more of it to receiving domain if so desired
> by the programmer at
> the time.
>
> If anyone is interested in a spec for capForth Actors I clobbered
> together then dont hesitate
> to ask for it. Though here is a fair warning: it is an documentation
> written by an programmer
> for himself and assumes familiarity of the Actor Model, capabilities,
> Forth and Dual Stack Machines.
>
> I hope this post of mine is pretty free of rambling and need for clarifications.
> Cheers
> -Baldur
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAki84tIACgkQL+CaXfJI/hhgsACfRijjjliCC/KbckaL04AOxHOV
gmsAoLmPJjWzBc1KSvDqFYV93kajoyNX
=XElO
-----END PGP SIGNATURE-----
More information about the cap-talk
mailing list