[cap-talk] Cap OS question
Sam Mason
sam at samason.me.uk
Sun Aug 2 13:11:45 EDT 2009
On Mon, Aug 03, 2009 at 12:36:21AM +0800, Ben Kloosterman wrote:
> Unsafe code will be limited eg no user apps will support it . Note CIL (
> bytecode) assemblies with unsafe code on them are marked unsafe and the OS
> will compile all bytecode during installation so we can choose note to
> compile these ( there is also the reference checks) . The other change is
> MetaData/Reflection will be limited eg no support for Emitting code ,
> reading the underlying bytes or private members.
That all sounds well and good.
> I was thinking of making Capabilies contain a reference ( which is fine if
> they are stored in the kernel)
I think you're misunderstand me; what's wrong with just making a
capability be a normal object reference? i.e. it sounds as though you're
proposing to have a "Capability" class and then have methods in this
class that does invocation. You've got a nice safe language why not
exploit it to its full potential?
> but the main issues are
> 1) Persistence so would need to store a reference that is not a memory
> address when storing on disk.
What sort of garbage collection are you doing? If you're doing say a
copying collector then you must be able to deal with objects moving
anyway and this should just be able to use the same mechanisms.
> 2) How to handle the access rights and where does the logic go . In the
> capability ?
Access rights belong in the object the capability points to.
--
Sam http://samason.me.uk/
More information about the cap-talk
mailing list