[e-lang] Auditors

Kevin Reid kpreid at mac.com
Wed May 30 13:03:09 EDT 2007 

On May 30, 2007, at 10:59, Stephan van Staden wrote:

> I have a couple of questions regarding auditors:
>
> Suppose I create a discriminating, not closely held auditor x in  
> Vat A.
> Does "not closely held" mean that references to x are made freely
> available, such that Vat B can call x <- audit(script)?

Yes, but just invoking an auditor has no relevant effect; an auditor,  
which is an ordinary object, just returns a boolean or throws.  
Approvals happen when *the auditing system* invokes an auditor and  
records the answer.

> Will the result of the audit then be recorded in Vat B such that a  
> guard in Vat B can use local information?

No; an auditor (currently) must be near to the vat creating the  
object which is to be approved.

Auditing with eventual auditors isn't inherently difficult, but it  
would be a source of mutability (an object would transition from not- 
yet-approved-by-X to approved-by-X) which would have to be rejected  
by, e.g., the DeepFrozen auditor.

> Suppose that an object o in Vat B passed an audit by x. If a  
> reference to o is then sent to Vat C, will this reference install  
> information regarding its x audit in Vat C?

No mechanism has currently been designed or implemented for far  
references to have approvals. If o is PassByConstruction in the  
mobile code style then a local audit by the auditors its definition  
carried (which must have arrived near) is by definition part of its  
unserialization.

> Can Vat C trust Vat B on the results of the audit?

If we had support for non-near auditing, then the answer to this  
would depend on the origins of the vats. If they came from the same  
vat-maker and used the similar evaluators, such that their auditing  
subsystems may sensibly be mutually reliant auditing systems, then yes.

> Suppose now that x is instead PassByCopy and that Vat B can execute  
> the audit locally. To which extent can Vat B trust that x is  
> auditing what it claims to audit? In other words, is there an  
> auditing system for auditors?

PassByCopy objects are transparent by definition; a PassByCopy  
auditor can indeed be relied upon to audit for the property which it  
can be observed to implement auditing for.

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>

More information about the e-lang mailing list