>* Regular Squeak objects.
>* Sandbox objects.
>* Mum wrappers.
>* Ear wrappers.

A Possible Clever Implementation

The obvious implementation is to make all of the wrappers be real objects.
But there might be a more clever way.  The idea is to not actually have the
wrapper objects, but to modify the interpreter to function as if the
wrappers were there.

Perhaps you don't need actual Mum wrappers.  Suppose the interpreter could
tell which of the four kinds an object is.  Every CompiledMethod has a
"mumOK" bit.  At every method lookup, if the sender is a Sandbox object, we
pretend that the receiver is a Mum wrapper.  If the CompiledMethod is
"mumOK", let the send happen.  If not, probe a lookaside table for an
alternative "mum" method to run.  (Perhaps look for the same selector with
"mum" on the front.)  If none is found, halt with a protection error.
	For example, an evil Sandbox object gets a hold of a FileStream and
tries send #delete.  The interpreter sees that the sender is a Sandbox
object, and the receiver must therefore be Mum-wrapped.  The method for
#delete has "mumOK" off.  There is no alternative method to run, so it
signals an error.
	 "mumOK" methods have special return code in them.  It checks if
the returned object is set up to have "mumOK" bits in some of its methods.
If so, that object is in effect wrapped, and is returned.  If not, it cause
an exception error.

I don't know the rest of the scheme for Ear wrappers, but you get the idea
here.

--Ted.


Ted Kaehler,   Walt Disney Imagineering, R&D
(home) 3415 Cork Oak Way, Palo Alto, CA  94303.  voice (650) 424-1070
http://www.webPage.com/~kaehler2/
See exactly what your web browser reveals about your identity
http://www.junkbusters.com/cgi-bin/privacy