[eros-arch] EROS Mistake #1: No Object Perimeters

[Jonathan S. Shapiro]

This problem is glaringly obvious, and there may be a glaringly obvious
solution.

In a conventional system, you can point to any persistent object and say
"that one". You can then dig in to the underlying data structures, trace
them out, and arrive unambiguously at a set of all data structures that
comprise the object.

Another way of saying this is that files consist of DAGs, and that these
DAGs do *not* contain references to resources other than those that are
the data or metadata of the file itself.

In EROS this is not true. If you point to a name in a directory you can
certainly identify the capability that this name is bound to. Given the
capability, you can trace out the set of all disk-level objects that are
causally entangled proceeding from that capability. Unfortunately, this
set usually consists of the entire EROS system image.

Every "file" is a process. Every process has an address space. Both have
keepers, all of these have space banks, and space banks interact with
absolutely everything.

Identity is "the unique set of stuff that is named by a given primitive
name". Note that this definition relies critically on the existence of
dependency perimeters in the underlying object system. EROS doesn't have
those perimeters.

In consequence, while you can point to an individual EROS object, you
cannot in general say "save that". More importantly, you cannot in
general say "restore that". Worst of all, you cannot say "share that" in
any way that is sensible across a network. In the absence of identity,
one cannot say what "that" is to be shared.

>From a purely pragmatic perspective, the inability of the EROS
architecture to support *selective* restore from backup seems fatal to
me.

Reactions, thoughts, and suggestions are very welcome.


shap
-- 
Jonathan S. Shapiro <shap@eros-os.org>