Comparing IPC and capability invocation

Jonathan S. Shapiro shap at
Sun Dec 21 18:25:52 CET 2003

On Fri, 2003-12-12 at 12:33, Hermann Härtig wrote:
> > Descriptors, which *can* be used as a foundation for certain kinds of
> > security, suddenly become extremely inefficient because they cannot be
> > passed without consulting a third party.
> Caching solves that problem...

I believe it does not.

Caching solves the problem only if descriptors are long-lived and used
many times within a relatively short temporal time frame. This is not
the case in current EROS usage. A typical interaction between two
user-level objects may involve only two to four invocations, which is
not enough to amortize the cost of caching the answers. If a caching
approach is adopted, the end to end cost of this caching is many
MULTIPLES of our current end to end time.

Someone proposed using a shared-memory cache of some sort, but this is
not an option, because it violates confinement.

However, let me emphasize that I am completely willing to give up the
particular mechanism proposed if we can solve the underlying problem
efficiently in some other way.


More information about the l4-hackers mailing list