freenode/#sicl - IRC Chatlog
Search
8:35:58
beach
But not *just* capabilities. I was not convinced by the EROS argument that capabilities are all we need.
8:36:46
beach
I am more convinced about the Multics argument where the object store uses ACLs and when you retrieve an object from the object store, the ACL is turned into a capability.
8:55:15
pjb
beach: in the case of EROS, there is no separate object store. All the universe is persistent. This is why they can do without ACLs. If you want to serialize objects in an object store based on vectors of bytes, then the introduction of ACL is justified.
8:57:53
pjb
beach: if you have an in-memory object store, you could just keep a reference to the capabilities. No need to convert them into ACL?
9:01:55
pjb
If you want to read back an ACL and find a pointer to a garbage collected object, this might be a problem.
9:02:22
pjb
"when you retrieve an object from the object store, the ACL is turned into a capability."
9:02:58
pjb
I mean for the reference (capability) the object in the object store has to other objects.
9:04:05
pjb
But you're saying you're converting capabilities -> ACLs -> capabilities. When theyre ACLS, there's no pointer anymore.
9:04:16
beach
Basically, the object store maps names and ACLs to maximal capabilities. When a user retrieves the object, the capability is ANDed with what the ACL says.
9:05:28
beach
The user who puts an object in the object store can decide on a maximal capability. It could have all privileges or just a subset.
9:05:55
beach
Then the ACL determines how these privileges may decrease depending on the user doing the retrieval.
9:06:57
beach
So I can say "nobody has write access to this object, but anyone in the ADMIN group has read access."
9:08:30
pjb
IIRC, in EROS, there were domain controller object who would control how the capabilities are passed from one object to another. The object store would have been such a domain controller, and would have perform this capability downsizing upon request.
16:52:58
beach
Significant progress today. I am cleaning up the bootstrapping procedure to avoid "global overrides".
16:53:06
beach
When some code C is loaded into some environment E, then the function FUNCTION-CELL in E is called to request function cells to satisfy global function references in C. But sometimes during bootstrapping, E is not the right environment to find the function cell for some function. So I have a mechanism for overriding such requests.
16:53:13
beach
Requests can be overridden globally for all code loaded into the environment, or locally for loading a particular file. I have been abusing global overrides, so I am working on converting them to local ones as much as possible.
16:53:17
beach
In particular, I want MAKE-INSTANCE in environment E to call FIND-CLASS in environment E when given a symbol, and I want the correct class to be returned so that MAKE-INSTANCE will return an instance of the class with that name.
16:53:18
beach
I already cleaned up all the global overrides of MAKE-INSTANCE and tomorrow I will work on FIND-CLASS. As it turns out, by removing global overrides, I can often decrease the number of local ones, so the code is nicer overall.