Retrofitting objcaps (was: Capabilities in Squeak)
Mark S. Miller
markm at cs.jhu.edu
Tue Oct 17 16:47:38 UTC 2006
Lex Spoon wrote:
> Michael van der Gulik <squeakml at gulik.co.nz> writes:
>> Does anybody have code (particularly VM modifications) which allow
>> Capabilities in Squeak?
>> In particular, I'm referring to code that implements stuff described
>> on this page:
> This is my old "Islands" project, [...]
> Full information about Islands is available at this page:
> I still think the basic approach is good. The next thing I would do,
> were I to continue, would be to get rid of the dynamically bound
> global variables, and instead to have separate, static namespaces.
That does sound good.
> The reason for the current approach--i.e. all global references are
> bound indirectly through the currently active island--is that compiled
> code can be reused across multiple islands. In retrospect, it would
> be better to maintain conceptual pruity and simply recompile any
> reused code.
A different compilation strategy would still allow compiled code to be shared
-- by treating these the way other languages treat captured outer lexical
> More broadly, I still think the object capabilities approach is
> important and worth giving a good look in any new language. It is a
> feature you cannot very well add late.
It has indeed been hard to add objcaps to Squeak after the fact, or rather to
subtract out the non-objcap parts of the language. (Motto: "Don't add
security, remove insecurity.") Other efforts have yielded varying results.
Securing Java to create Joe-E looks quite good, and we have recently been
using this successfully within HP. Although Java is much more
"object-oriented" than Scheme or OCaml, W7 and Emily were much easier
than Joe-E, whereas securing Common Lisp was hard enough that the effort
seems to have been abandoned. The effort to secure Mozart/Oz is proceeding
slowly, but has yielded one of the best documents about the issues in
retrofitting objcaps into an existing language. I am also hopeful about a new
effort to secure Python.
All these efforts have freshly encountered many of the same issues. It would
be good if they could learn more from each other. A secure Squeak-like
language would still be awesome. Perhaps we should have a workshop about
retrofitting objcaps into existing languages?
Text by me above is hereby placed in the public domain
More information about the Squeak-dev