Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Hello,I'm not quite sure what you mean by "capabilities paradigm", could you elaborate on it a bit.
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can
perform, or not. So, it's merely a bitset. A bitset which can form
derived bitsets.
no it is another thing, https://en.wikipedia.org/wiki/Capability-based_security
On Monday, October 11, 2021 at 7:33:53 AM UTC-6, Doctor Who wrote:
Hello,I'm not quite sure what you mean by "capabilities paradigm", could you elaborate on it a bit.
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
If my gut intuition is anything to go off of, you're referring to the ability to program against a type and operations thereon, correct?
If so, then Ada has this in the form of Generics: you can pass types, subprograms, values & objects, and generic packages via formal parameters.
On 11/10/2021 20:25, Doctor Who wrote:
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can
perform, or not. So, it's merely a bitset. A bitset which can form
derived bitsets.
no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security
I know what it is. It is still a set of bits, or, permissions, or >capabilities. The capabilities are usually provided by the OS services.
But as you didn't specify whether you wanted to map onto an existing OS' >capabilities or if you wanted to implement your own, I went with the latter.
Doctor Who <doc@tardis.org> writes:
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Google hasn't helped me to understand what you're getting at. Perhaps
you could expand?
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can
perform, or not. So, it's merely a bitset. A bitset which can form
derived bitsets.
On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 20:25, Doctor Who wrote:
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can
perform, or not. So, it's merely a bitset. A bitset which can form
derived bitsets.
no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security
I know what it is. It is still a set of bits, or, permissions, or
capabilities. The capabilities are usually provided by the OS services.
But as you didn't specify whether you wanted to map onto an existing OS'
capabilities or if you wanted to implement your own, I went with the latter.
there isn't any existing OS that provides capability-security from the
ground up, I intend to implement my own.
CapOS/KeyOS don't exist then?
On Tue, 12 Oct 2021 01:45:40 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 20:50, Doctor Who wrote:
On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 20:25, Doctor Who wrote:
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada, >>>>>>> specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can >>>>>> perform, or not. So, it's merely a bitset. A bitset which can form >>>>>> derived bitsets.
no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security
I know what it is. It is still a set of bits, or, permissions, or
capabilities. The capabilities are usually provided by the OS services. >>>>
But as you didn't specify whether you wanted to map onto an existing OS' >>>> capabilities or if you wanted to implement your own, I went with the latter.
there isn't any existing OS that provides capability-security from the
ground up, I intend to implement my own.
CapOS/KeyOS don't exist then?
Windows has capabilities.
Pretty sure iOS has them too.
only CapROS at the moment, KeyKOS only survives as an ancestor
reference to CapROS and Coyotos.
But Coyotos development has been sleeping for years now, and CapROS is >starting to revive only now.
But yes, I would chose CapROS now.
On 11/10/2021 20:50, Doctor Who wrote:
On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 20:25, Doctor Who wrote:
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can
perform, or not. So, it's merely a bitset. A bitset which can form
derived bitsets.
no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security
I know what it is. It is still a set of bits, or, permissions, or
capabilities. The capabilities are usually provided by the OS services.
But as you didn't specify whether you wanted to map onto an existing OS' >>> capabilities or if you wanted to implement your own, I went with the latter.
there isn't any existing OS that provides capability-security from the
ground up, I intend to implement my own.
CapOS/KeyOS don't exist then?
Windows has capabilities.
Pretty sure iOS has them too.
On 12/10/2021 01:45, Luke A. Guest wrote:
CapOS/KeyOS don't exist then?
Might be called KeyKos.
On Tue, 12 Oct 2021 01:45:40 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 20:50, Doctor Who wrote:
On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 20:25, Doctor Who wrote:
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada, >>>>>>> specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can >>>>>> perform, or not. So, it's merely a bitset. A bitset which can form >>>>>> derived bitsets.
no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security
I know what it is. It is still a set of bits, or, permissions, or
capabilities. The capabilities are usually provided by the OS services. >>>>
But as you didn't specify whether you wanted to map onto an existing OS' >>>> capabilities or if you wanted to implement your own, I went with the latter.
there isn't any existing OS that provides capability-security from the
ground up, I intend to implement my own.
CapOS/KeyOS don't exist then?
Windows has capabilities.
Pretty sure iOS has them too.
only CapROS at the moment, KeyKOS only survives as an ancestor
reference to CapROS and Coyotos.
But Coyotos development has been sleeping for years now, and CapROS is >starting to revive only now.
But yes, I would chose CapROS now.
On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 20:25, Doctor Who wrote:
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can
perform, or not. So, it's merely a bitset. A bitset which can form
derived bitsets.
no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security
I know what it is. It is still a set of bits, or, permissions, or
capabilities. The capabilities are usually provided by the OS services.
But as you didn't specify whether you wanted to map onto an existing OS'
capabilities or if you wanted to implement your own, I went with the latter.
there isn't any existing OS that provides capability-security from the
ground up, I intend to implement my own.
On 12/10/2021 02.50, Doctor Who wrote:
On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"seL4? The whitepaper includes the proofs also.
<laguest@archeia.com> wrote:
On 11/10/2021 20:25, Doctor Who wrote:
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<laguest@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can
perform, or not. So, it's merely a bitset. A bitset which can form
derived bitsets.
no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security
I know what it is. It is still a set of bits, or, permissions, or
capabilities. The capabilities are usually provided by the OS services.
But as you didn't specify whether you wanted to map onto an existing OS' >>> capabilities or if you wanted to implement your own, I went with the latter.
there isn't any existing OS that provides capability-security from the
ground up, I intend to implement my own.
On Tue, 12 Oct 2021 12:17:00 +0700, Richard IswaraHas Qualcomm and Apple iOS abandoned it when it changed from OKL4 to seL4?
<haujek...@gmail.com> wrote:
On 12/10/2021 02.50, Doctor Who wrote:eh yes, I forgot seL4, however it isn't much used I think
On Mon, 11 Oct 2021 20:36:46 +0100, "Luke A. Guest"seL4? The whitepaper includes the proofs also.
<lag...@archeia.com> wrote:
On 11/10/2021 20:25, Doctor Who wrote:
On Mon, 11 Oct 2021 15:48:37 +0100, "Luke A. Guest"
<lag...@archeia.com> wrote:
On 11/10/2021 14:33, Doctor Who wrote:
Hello,
someone knows how to introduce the capabilities paradigm in Ada, >>>>>> specifically for programs written using the Ravenscar profile ?
Capabilities are just a set of operations that an object / user can >>>>> perform, or not. So, it's merely a bitset. A bitset which can form >>>>> derived bitsets.
no it is another thing,
https://en.wikipedia.org/wiki/Capability-based_security
I know what it is. It is still a set of bits, or, permissions, or
capabilities. The capabilities are usually provided by the OS services. >>>
But as you didn't specify whether you wanted to map onto an existing OS' >>> capabilities or if you wanted to implement your own, I went with the latter.
there isn't any existing OS that provides capability-security from the
ground up, I intend to implement my own.
Has Qualcomm and Apple iOS abandoned it when it changed from OKL4 to seL4?eh yes, I forgot seL4, however it isn't much used I thinkthere isn't any existing OS that provides capability-security from the >>>> ground up, I intend to implement my own.seL4? The whitepaper includes the proofs also.
I thought they use it for isolating their modem firmware from general OS.
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:
Doctor Who writes:
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Type Capability is ( Read, Copy, Whatever );
On 12/10/2021 12:51, Richard Iswara wrote:
Has Qualcomm and Apple iOS abandoned it when it changed from OKL4 to seL4? >> I thought they use it for isolating their modem firmware from general OS.eh yes, I forgot seL4, however it isn't much used I thinkthere isn't any existing OS that provides capability-security from the >>>>> ground up, I intend to implement my own.seL4? The whitepaper includes the proofs also.
The biggest flaw in L4 I found is that sigma0 cannot claim memory back
from processes when it runs out. There was apparently work being done,
but I don't know if they did it.
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:Ah.
Doctor Who writes:
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Google hasn't helped me to understand what you're getting at. Perhapswikipedia has a good explanation: https://en.wikipedia.org/wiki/Capability-based_security
you could expand?
On 12/10/2021 16:01, Shark8 wrote:Possibly.
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:There can be a capabiity for literally anything, even ownership and can
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:Type Capability is ( Read, Copy, Whatever );
Doctor Who writes:
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
be different depending on object/os service.
I'd say a tagged type is better than an enum.
On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote:Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and instantiating
On 12/10/2021 16:01, Shark8 wrote:Possibly.
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:There can be a capabiity for literally anything, even ownership and can
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:Type Capability is ( Read, Copy, Whatever );
Doctor Who writes:
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
be different depending on object/os service.
I'd say a tagged type is better than an enum.
But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector of
On 12/10/2021 16:33, Shark8 wrote:Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and instantiating
On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote:
On 12/10/2021 16:01, Shark8 wrote:Possibly.
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:There can be a capabiity for literally anything, even ownership and can
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:Type Capability is ( Read, Copy, Whatever );
Doctor Who writes:
someone knows how to introduce the capabilities paradigm in Ada, >>>>>>> specifically for programs written using the Ravenscar profile ?
be different depending on object/os service.
I'd say a tagged type is better than an enum.
But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector of
Capabilities allow granting and revoking of access, iirc, the kernel has >access to all, the kernel then grants access to certain processes, i.e. >memory server, filesystem server, etc. each of those processes can
further grant and revoke caps.
On Tue, 12 Oct 2021 16:43:07 +0100, "Luke A. Guest"of Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and
<laguest@archeia.com> wrote:
On 12/10/2021 16:33, Shark8 wrote:
On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote:
On 12/10/2021 16:01, Shark8 wrote:Possibly.
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:There can be a capabiity for literally anything, even ownership and can >>>> be different depending on object/os service.
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:Type Capability is ( Read, Copy, Whatever );
Doctor Who writes:
someone knows how to introduce the capabilities paradigm in Ada, >>>>>>>> specifically for programs written using the Ravenscar profile ? >>>>>>>
I'd say a tagged type is better than an enum.
But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector
Capabilities allow granting and revoking of access, iirc, the kernel has >>access to all, the kernel then grants access to certain processes, i.e. >>memory server, filesystem server, etc. each of those processes can
further grant and revoke caps.
thank you all for the help, I hope this discussion goes far.
the most useful approach is the microkernel, where access to, and
operation of, each service is mediated by capabilities.
I would go so far to define and implement a capability-based
microkernel written in Ada using the Ravenscar profile.
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:Permissions); -- Override to give permissions.) and/or possibly a registry to manage permissions (on a finer-grained level) if you need it. A lot depends on how you architect/model it, but the "limited private unknown-discriminant type" perfectly fits
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:Ah.
Doctor Who writes:wikipedia has a good explanation:
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Google hasn't helped me to understand what you're getting at. Perhaps
you could expand?
https://en.wikipedia.org/wiki/Capability-based_security
Limited Private, unknown-discriminant types.
Package Capabilities is
-- Enumeration of the particular capabilities.
Type Capability is ( Read, Copy, Whatever );
-- A Boolean set for delineating a set of Capabilities.
Type Capability_List is Array(Capability) of Boolean;
-- An instance of a set of capabilities; note that:
-- (1) LIMITED means there is no predefined assignment/copy.
-- (2) PRIVATE means there is no public view to the components.
-- (3) Unknown discriminants mean there is no object-creation w/o a function-call.
Type Instance(<>) is limited private;
-- Create an instance; add any other needed parameters.
Function Create( Capabilities : Capability_List ) return Instance;
-- No permissions.
Function No_Permissions return Instance;
Private
Type Instance is record
Permissions : Capability_List:= (raise Program_Error with "Capabilities-Instance must be initialized.");
-- (others => False); -- Or maybe default to no permissions.
-- OTHER DATA, IF NEEDED; PERHAPS TASK-/PROCESS-ID.
End record;
Function Create( Capabilities : Capability_List ) return Instance is
( Permissions => Capabilities );
Function No_Permissions return Instance is
( Create( Capability_List'(others => False) ) );
End Capabilities;
You could also extend things with a Task-ID, assuming you want this prevalent/pervasive across the OS, you could make a TASK INTERFACE with an accessor (Function Get_Capabilities(Task : OS_Task_Interface) return Capabilities.Instance is (Capabilities.No_
On Tue, 12 Oct 2021 08:01:26 -0700 (PDT), Shark8No_Permissions); -- Override to give permissions.) and/or possibly a registry to manage permissions (on a finer-grained level) if you need it. A lot depends on how you architect/model it, but the "limited private unknown-discriminant type" perfectly fits
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:Ah.
Doctor Who writes:wikipedia has a good explanation:
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Google hasn't helped me to understand what you're getting at. Perhaps
you could expand?
https://en.wikipedia.org/wiki/Capability-based_security
Limited Private, unknown-discriminant types.
Package Capabilities is
-- Enumeration of the particular capabilities.
Type Capability is ( Read, Copy, Whatever );
-- A Boolean set for delineating a set of Capabilities.
Type Capability_List is Array(Capability) of Boolean;
-- An instance of a set of capabilities; note that:
-- (1) LIMITED means there is no predefined assignment/copy.
-- (2) PRIVATE means there is no public view to the components.
-- (3) Unknown discriminants mean there is no object-creation w/o a function-call.
Type Instance(<>) is limited private;
-- Create an instance; add any other needed parameters.
Function Create( Capabilities : Capability_List ) return Instance;
-- No permissions.
Function No_Permissions return Instance;
Private
Type Instance is record
Permissions : Capability_List:= (raise Program_Error with "Capabilities-Instance must be initialized.");
-- (others => False); -- Or maybe default to no permissions.
-- OTHER DATA, IF NEEDED; PERHAPS TASK-/PROCESS-ID.
End record;
Function Create( Capabilities : Capability_List ) return Instance is
( Permissions => Capabilities );
Function No_Permissions return Instance is
( Create( Capability_List'(others => False) ) );
End Capabilities;
You could also extend things with a Task-ID, assuming you want this prevalent/pervasive across the OS, you could make a TASK INTERFACE with an accessor (Function Get_Capabilities(Task : OS_Task_Interface) return Capabilities.Instance is (Capabilities.
a Process Capability looks like this:Does it?
Operations:
a. "Read", address; > data;
b. "Write", address, data; > ;
c. "Take", index; > ; capability
d. "Give", index; capability > ;
e. "Find", index, count; capability > result, index;
f. "Start"; > ;
g. "Stop"; > ;
Semantics: The "Read" and "Write" operations allow access to theI think you're jumping the gun.
process's memory. For example, in the "Read" operation, the literal
string "Read" (or a recognizable OP code) is passed along with an
address. The data word at the address is returned.
The "Give" and "Take" operations allow access to the process's C-list.This part of your explanation makes it sound like you do not understand the code I presented, or the reasoning behind it; forgive me for poorly communicating it.
For example, the "Give" operation passes the string "Give", an index
into the C-list, and a capability to be stored at the passed index.
Such a stored capability could be invoked by the process if it were "Start"ed.
The "Find" operation allows a slightly optimized sort of compareWhy are you bothering with a list?
operation for capabilities. The process's C-list is searched, starting
at the passed index, for the passed capability until either:
1. The passed capability is found in the C-list. In this case, the
operation returns "Yes" and the first index where the capability was
found, or
2. The count is exhausted. In this case the operation returns "No" and
the passed index plus count.
in addition there is a Nil Capability:This... sounds like you are not understanding, at all, the Ada code I presented you.
Nil Capability: When a process is initially created its C-list
contains only Nils. These are empty place holders. Nil always returns "Empty".
On Wednesday, October 13, 2021 at 9:46:34 PM UTC-6, Doctor Who wrote:No_Permissions); -- Override to give permissions.) and/or possibly a registry to manage permissions (on a finer-grained level) if you need it. A lot depends on how you architect/model it, but the "limited private unknown-discriminant type" perfectly fits
On Tue, 12 Oct 2021 08:01:26 -0700 (PDT), Shark8
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:Ah.
Doctor Who writes:wikipedia has a good explanation:
someone knows how to introduce the capabilities paradigm in Ada,
specifically for programs written using the Ravenscar profile ?
Google hasn't helped me to understand what you're getting at. Perhaps
you could expand?
https://en.wikipedia.org/wiki/Capability-based_security
Limited Private, unknown-discriminant types.
Package Capabilities is
-- Enumeration of the particular capabilities.
Type Capability is ( Read, Copy, Whatever );
-- A Boolean set for delineating a set of Capabilities.
Type Capability_List is Array(Capability) of Boolean;
-- An instance of a set of capabilities; note that:
-- (1) LIMITED means there is no predefined assignment/copy.
-- (2) PRIVATE means there is no public view to the components.
-- (3) Unknown discriminants mean there is no object-creation w/o a function-call.
Type Instance(<>) is limited private;
-- Create an instance; add any other needed parameters.
Function Create( Capabilities : Capability_List ) return Instance;
-- No permissions.
Function No_Permissions return Instance;
Private
Type Instance is record
Permissions : Capability_List:= (raise Program_Error with "Capabilities-Instance must be initialized.");
-- (others => False); -- Or maybe default to no permissions.
-- OTHER DATA, IF NEEDED; PERHAPS TASK-/PROCESS-ID.
End record;
Function Create( Capabilities : Capability_List ) return Instance is
( Permissions => Capabilities );
Function No_Permissions return Instance is
( Create( Capability_List'(others => False) ) );
End Capabilities;
You could also extend things with a Task-ID, assuming you want this prevalent/pervasive across the OS, you could make a TASK INTERFACE with an accessor (Function Get_Capabilities(Task : OS_Task_Interface) return Capabilities.Instance is (Capabilities.
a Process Capability looks like this:Does it?
Operations:
a. "Read", address; > data;
b. "Write", address, data; > ;
c. "Take", index; > ; capability
d. "Give", index; capability > ;
e. "Find", index, count; capability > result, index;
f. "Start"; > ;
g. "Stop"; > ;
Why?
Or is this just one possible implementation of 'capabilities' operations?
Operations on a type correspond to subprograms in Ada; nothing you present seems (at first glance) incompatible with the structure/types I gave you.
I think you're jumping the gun.
Semantics: The "Read" and "Write" operations allow access to the
process's memory. For example, in the "Read" operation, the literal
string "Read" (or a recognizable OP code) is passed along with an
address. The data word at the address is returned.
You need to have a good model, and why are you jumping straight into implementation?
(Literal string? Recognizable OP code? -- All implementation details; forget them right now, concentrate on the modeling of the problem, not the details of how to implement, and AFTER getting the model down, THEN consider code.)function:
The "Give" and "Take" operations allow access to the process's C-list.This part of your explanation makes it sound like you do not understand the code I presented, or the reasoning behind it; forgive me for poorly communicating it.
For example, the "Give" operation passes the string "Give", an index
into the C-list, and a capability to be stored at the passed index.
Such a stored capability could be invoked by the process if it were
"Start"ed.
The reason you want a "limited private type with unknown discriminants" is because:
1) It hides the implementation, meaning clients cannot alter it indiscriminately.
2) It prohibits automatic initialization, forcing the usage of an initialization subprogram.
3) It forces usage of the public interface for clients, private details can manipulate it though.
4) Any public operations, again, have to go through the public interface.
5) Copying is strictly prohibited, hence "limited".
In the model I had envisioned the Capabilities-list (Capabilities.Instance) would be an integral part of the TASK, and there would likely be a Get_Capabilities function which would return the proper value, some set-operations, and a new creation-
Function Create( Object : OS_Task_Interface; Capabilities : Capability_List ) return Instance is
Parent : Instance renames Get_Capabilities( Object );
Caps : Capability_List renames Parent.Permissions;
Begin
Return Intersect( Caps, Capabilities ); -- The granted capabilities cannot be ones the parent does not have, nor may it be ones not requested.
End Create;
The above, I think, does the work you are putting into TAKE and GIVE.
The "Find" operation allows a slightly optimized sort of compareWhy are you bothering with a list?
operation for capabilities. The process's C-list is searched, starting
at the passed index, for the passed capability until either:
1. The passed capability is found in the C-list. In this case, the
operation returns "Yes" and the first index where the capability was
found, or
2. The count is exhausted. In this case the operation returns "No" and
the passed index plus count.
Why are you even bothering with an index?
The implementation I gave you has the capabilities enumerated; you would add an operation to the capabilities package:
Function Has( Object : Instance; Permission : Capability) return Boolean is >Begin
Return Object.Permissions( Permission ); -- Just use the enumeration-index of the permissions field.
End Has;
Done.
This... sounds like you are not understanding, at all, the Ada code I presented you.
in addition there is a Nil Capability:
Nil Capability: When a process is initially created its C-list
contains only Nils. These are empty place holders. Nil always returns
"Empty".
Look at the creation function No_Permissions.
http://www.webstart.com/jed/papers/DCCS/
Doctor Who <doc@tardis.org> writes:
http://www.webstart.com/jed/papers/DCCS/
Not the most understandable of papers. Haven't things improved since 1976?
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 292 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 204:43:42 |
| Calls: | 6,618 |
| Calls today: | 2 |
| Files: | 12,168 |
| Messages: | 5,316,586 |