[e-lang] Side Channels (was: E-on-Common-Lisp now available)
Mark Miller
markm at cs.jhu.edu
Sun May 22 11:43:54 EDT 2005
Mark Miller wrote:
> David Wagner wrote:
>> Allocate two identical instances of a DeepFrozen type; call them D1, D2.
>> Then for all environments Env,
>> Env[Alice[D1], Bob[D2]].run()
>> is indistinguishable from
>> Env[Alice[D1], Bob[D1]].run()
>> [...]
>> Is DeepFrozen the right concept here?
>
> You've got the right term.
My mistake. DeepFrozen implies transitively immutable. The right terms is
Selfless. (Note that PassByCopy implies Selfless, and DeepPassByCopy implies
PassByCopy, so either of these is adequate as well.) DeepPassByCopy implies
DeepFrozen and Selfless, but DeepFrozen by itself is not adequate, as
DeepFrozen objects can be Selfish -- they can carry an EQ identity, and so be
distinguished by E's ==.
Objects in E are either Selfish or Selfless. If D1 and D2 are both Selfless
and D1 == D2, then regarding overt computation (and therefore authority but
not side channels), the above indistinguishability hold.
In Java, only scalars and interned strings are Selfless. The above
indistinguishability holds only for these. If Joe-E allows Java's ==
everywhere Java allows it, then it can do no better. I had forgotten to raise
this in our previous Joe-E discussions.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the e-lang
mailing list