[E-Lang] Authority -- what is its dual?

Mark S. Miller markm@caplet.com
Wed, 17 Oct 2001 17:17:51 -0700 

At 10:31 AM 10/17/2001 Wednesday, Joerg Bornschein wrote:
>On Wed, Oct 17, 2001 at 09:46:59AM -0700, Mark S. Miller wrote:
>
>> "operation on an object" only makes sense given a different use of "object" 
>> than used by oo and E programmers -- one that distinguishes "object" from 
>> "data".  In EROS (and in the concurrent logic languages, and in one of the 
>> Actor languages), there is such a primitive distinction, and we wouldn't 
>> think that "3 + 4" requires authority beyond that needed to occupy memory 
>> and use CPU time.  In particular, neither "3" nor "+" (depending on your 
>> view of "3 + 4") is a capability that an object may be denied.
>
>Not that it made a practical difference, but i could think "3+4" as
>operation on a memory object: 1) store 3  2) add 4.

In getting such definitional matters straight, it pays to pick nits, so I'll 
respond in kind.  I do think it's useful to view this as operations on 
memory-as-an-object, and KeyKOS and EROS are very close to taking this pure 
view.  However, the operations would be "read the word at this address" and 
"store this word at this address".  It is not the business of the memory 
object to know whether the process thinks of the word read or stored as a 
number or as something else.  Also, in neither system, nor in any other 
capability system that I've ever heard of, does one require a capability to 
access one's own ALU.  So, I think we can say that the universal capability 
approach is to treat internal calculation as no one's business, and, except 
for resources, not to have it require any capabilities that may be denied.

Oops.  I don't think the above claims hold true for Toontalk.  Toontalk does 
not gain any security leverage from this, but it does gain in expository 
uniformity.

In what way is E not this uniform?  Besides the universal scope, E, like 
almost all programming languages (other than Toontalk), has a set of literal 
data types, such that a program may obtain access to any instance of these 
types, like the number 3, simply by saying its name, like "3".  It's as if 
all instances of these literal data types were already in the universal 
scope, indexed by these names.  No program may be denied any instance of a 
literal data type, because it can obtain them simply by naming them.


        Cheers,
        --MarkM