On Thu, 2005-10-20 at 02:31 +0200, olafBuddenhagen@gmx.net wrote:
Hi,
For example, process instantiaton (spawn or fork) requires many capability copies even in our current plans. Creating new processes is an important operation in the EROS operating system to enforce confinement policies.
I see a flaw in this reasoning: If you start more processes due to a finer grained design -- which is probably a Good Thing (TM) -- then the individuall processes do less, so you need only few capabilities for each one... We'd need to make the rest of the process startup *very* efficient, to make it matter even for a "hello world" process. (Would be desirable, but I doubt it is achievable.)
I still can't think of any realistic scenario, where capability passing would be so common as to make a few hundred clock cycles per operation really relevant. Of course, that doesn't mean none exist...
I think You have to distinguish between user-level capabilities, representing user-level objects and kernel capabilities which name kernel objects, such as communication points. For kernel capabilities there may be a very frequent transfers, in particular in the case of sessionless protocols, where a capability for the answer must be transfered on every IPC because of the unidirectional nature of communication points.