I'm wondering if there has been much research done on C++'s object model and how well it does or doesn't work as an ocap model? I figured this might be a good place to ask if anyone has any pointers (ha!) on things to look at. (Or perhaps references instead ;) )
I'm aware of Cap'n Proto
existing as something that can provide some form of capability model, and that "it's a C++ library". But this model seems to be strongly based on an environment set up as part of the design of Cap'n Proto as a library and protocol, as opposed to anything explicitly part of C++ as a programming language. I'm more specifically wondering about the language
level. An issue that I think I came across somewhere in some initial searching is C++ class extension could break ocap guarantees (if malicious code just extended an existing class to override functionality).
For context, I am in the tail end of a research project looking at ocap languages to map/adapt to the seL4 microkernel
(which has its own capability system for resource management). About half of the research has been trying to adapt the Pony
language (or in practice rather its runtime
more specifically) to an seL4 environment, as Pony can give ocap guarantees as part of its language
, but the other half is more broadly looking at various ocap languages out there and their tradeoffs when it comes to implementing them in the very minimal environment provided by seL4. Pony was my eventual top candidate for looking at because it compiles straight to machine code via LLVM, with the only other dependency being a linked runtime library that's implemented in C - this made it the best performance candidate for building systems stuff ontop of a microkernel like seL4, and one with dependencies that seemed the easiest to port into the C programming environment that seL4 development entails. Hence also my interest in anything that's been done with C++.
(CompSci Masters student @ University of Melbourne)