[cap-talk] TIL: all exceptions before the commit point

5 views
Skip to first unread message

Dan Connolly

unread,
Mar 18, 2016, 10:15:40 PM3/18/16
to General discussions concerning capability systems.
I have flipped through the Secure Distributed Programming with Object-capabilities in JavaScript slides a few times, but this week I discovered a very interesting point about 48 minutes into the talk that isn't on the slides:

Do all of your gating checks before you do any of your irrevocable side effects.

It's somewhat obvious in retrospect, but I don't recall reading it in the "robust composition" thesis or anywhere else. Perhaps it's just my memory that's failing. I should check again.

Mark S. Miller

unread,
Mar 18, 2016, 11:18:19 PM3/18/16
to General discussions concerning capability systems., General discussions concerning capability systems.
Your memory is correct. I got the principle from KeyKOS and EROS, both of which practiced it brilliantly. Although both as ocap systems, as it my application of it, I think the point is orthogonal from ocaps. It is just a beautiful way to structure a system.

I have had many idle thoughts about direct language support for this pattern but I have not pursued it. I encourage someone to. It smells promising.




_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk




--
    Cheers,
    --MarkM

Mark S. Miller

unread,
Mar 18, 2016, 11:19:38 PM3/18/16
to General discussions concerning capability systems., General discussions concerning capability systems.
On Fri, Mar 18, 2016 at 8:18 PM, Mark S. Miller <eri...@google.com> wrote:
Your memory is correct. I got the principle from KeyKOS and EROS, both of which practiced it brilliantly. Although both as ocap systems, as it my application of it, I think the point is orthogonal from ocaps. It is just a beautiful way to structure a system.

I have had many idle thoughts about direct language support for this pattern but I have not pursued it. I encourage someone to. It smells promising.




On Fri, Mar 18, 2016 at 7:15 PM, Dan Connolly <dc...@madmode.com> wrote:
I have flipped through the Secure Distributed Programming with Object-capabilities in JavaScript slides a few times, but this week I discovered a very interesting point about 48 minutes into the talk that isn't on the slides:

Do all of your gating checks before you do any of your irrevocable side effects.

It's somewhat obvious in retrospect, but I don't recall reading it in the "robust composition" thesis or anywhere else. Perhaps it's just my memory that's failing. I should check again.

Please don't let my confirmation that it is not in my thesis deter you from looking at it again!

;)
 

_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk




--
    Cheers,
    --MarkM



--
    Cheers,
    --MarkM
Reply all
Reply to author
Forward
0 new messages