Comparing IPC and capability invocation

Rudy Koot rudykoot at hotmail.com
Fri Dec 12 13:01:04 CET 2003 

I've been following this discussion and I first want to say that I agree 
that threads should be virtual objects. The cuse of thread IDs on L4 now 
requires eiter the receiver to check if the sender had the rights to send to 
it or the use of IPC redirection. Both methodes make it easy for security 
holes to creep into the code and are (as you correctly pointed out) even 
slower than using virtual objects. And if the map, grant and unmap 
operations can be used on them they are even more flexible than the current 
implementaion.

I'm however still doubting wherer EROS capabilities are necessary, because I 
believe the arguments you have given are entierly correct

>In L4, if a client wishes to perform an operation on a file, the "name"
>of the file must be passed as an argument to an IPC. The invocation is
>something like:
>
>    file_server->invoke(file-id, operation-id, ... other args ...)

>In EROS, the corresponding invocation would be:
>
>   file_capability->invoke(operation-id, ... other args ...)

While this might be true at the lowest level, high level abstactions will 
geneally hide this fact from you, making this only an aestatic argument 
unless you can tell me why one of them is technically better/safer. And I 
think the examples you give here have been given in a form that is more 
favorable for de EROS case. The true inkovations would normally look more 
like this:

L4:
invoke(file_server_thread, file_id, operation_id, other_args)
EROS:
invoke(file_capability, operation_id, other_args)

Again I want to stress that this is normally hidden by the high level 
language interface.

Some interessting thing can also be done with alternative designs. For 
example the open call op the file_server creates a new thread that handles 
the calls to that file. The calls would now look like this:

L4:
invoke(file_thread, operation_id, other_args)
EROS:
invoke(file_capability, operation_id, other_args)

Looks pretty similar doesn't it. The difference is now that in L4 the 
messages are send to a collection of threads while in EROS it is only one 
thread.

  -- Rudy Koot

_________________________________________________________________
Play online games with your friends with MSN Messenger 
http://messenger.msn.nl/

More information about the l4-hackers mailing list