[ Norm: cap-talk is specifically intended for conversations that are
not specific to EROS, so I'm taking the liberty of reframing the
question for cap-talk ]
A capability system needs a way to "rescind" objects. The effect of the rescind operation is to invalidate all outstanding capabilities. The operation is needed when (e.g.) an object is returned to the free store.
The question, in the large, is what "value" should a capability to an object have after the corresponding object goes away. In KeyKOS and EROS, all such capabilities turn into the zero number key, which may be thought of as equivalent to a null pointer.
Should two capabilities to two dead objects compare equal? Should two capabilities to the same dead object compare equal?
In practice, it probably doesn't matter. The capability is no good, so it's value isn't very interesting. These are the questions that we've been idly discussing in the eros-arch group.
shap