[cap-talk] Petnames versus E-order with ocaps
Charles Landau
clandau at macslab.com
Wed Jan 28 19:30:36 EST 2009
Karp, Alan H wrote:
> Charles Landau wrote:
>> In different vats, Bob's old reference will deliver messages to
>> Carol right away, while his new reference will wait until Alice's
>> previous messages have arrived. Would you agree this difference
>> requires the two references to be different?
>
> E uses lambda names, so Bob does distinguish his various references
> to Carol. My question is what implications that has for a different
> system that uses petnames.
You are asking about a hypothetical system that uses petnames. The
answer is in the details of that system.
I imagine a system in which a reference coming into an object (such as
Bob) is (efficiently) compared (using some form of EQ) with all existing
references in the object. If there is a match, the system says "here is
a reference that you know as foo". If there is no match, a new unique
petname is somehow generated for the incoming reference.
> We can't let Bob's messages to Carol go
> through immediately, because that violates E-order. We can't make
> all of Bob's messages to Carol wait for Alice's message to arrive,
> because that allows a malicious vat to block another vat's
> independent requests. The issue is that a petname system can't
> distinguish these two cases, which appears to mean that the ordering
> guarantees must be weaker.
The two references Bob has to Carol (old and new) are different (see
above), so the petname system I'm imagining must give them different
petnames.
More information about the cap-talk
mailing list