[cap-talk] Cap OS question
Sandro Magi
naasking at higherlogics.com
Sun Sep 6 21:07:58 PDT 2009
David-Sarah Hopwood wrote:
> I don't understand why the overhead due to CAS checks is any greater
> in this kind of design. When the application uses only the tamed API,
> it is not directly making any requests that would cause a CAS check.
> (The CAS overhead is only incurred on a check, not per stack frame.)
> The taming library makes requests that need not involve CAS checks
> because it is running in another AppDomain that could be given FullTrust
> (or even if it is not given FullTrust, it would have the same permissions
> that a domain in a system relying on bytecode verification would have, so
> there is no extra overhead).
Good points. In rethinking this, the overheads I foresee are in
marshalling calls across AppDomains, and benign CAS checks. IIRC, there
are some benign functions that are protected by permissions, and since
running with CAS is all-or-nothing, we incur the overhead of checking
permissions for those functions regardless of whether or not they're
enforced.
I'm a little hazy on the details now though, it's been awhile since I
looked at this stuff.
Sandro
More information about the cap-talk
mailing list