Planning for contingencies in Squeak [was: Puzzle: Adding domain-based security to Squeak]

Klaus D. Witzel klaus.witzel at cobss.com
Mon Aug 7 09:40:58 UTC 2006 

Hi Michael,

since I cannot see what memory usage (or resource usage, for that matter)  
has to do with security, I suggest to refer to "planning for  
contingencies", like in

- http://en.wikipedia.org/wiki/Defensive_design
- http://www.google.com/search?q=%22planning+for+contingencies%22

A while back I had a discussion with Alexandre Bergel on "coloring" object  
memory (as part of the Goya project) and your description looks like an  
application of that idea. What we concluded by that time (pure theory ;-)  
was that the metaclass is sufficient for coloring memory resources (i.e.  
usage of memory, as in your case).

Your "domain" members can be a (sub)set of instances of Metaclass, your  
"domain" can be a clone of Metaclass. Think that today's Metaclass belongs  
to the builtin *system* domain and that every domain user (or application  
instance, as you mentioned in your posting) gets a clone of Metaclass (and  
consequently the respective instances of Metaclass), on demand.

So finding the total memory usage for one of your domains is pretty easy  
and the pointer which does it is the *class* pointer (no change to the  
VM), like (roughly) in

  domain "clone of Metaclass" allInstances inject: 0 into: [:accum  
:aDomainClass |
    aDomainClass allInstances ... + accum]

Since I planned for a short response, I stop here (many more implications  
can be discussed, of course).

I'm sure that coloring of object memory is something which is easy to  
implement and to maintain.

/Klaus

On Sat, 05 Aug 2006 13:10:33 +0200, Michael van der Gulik wrote:

> Michael van der Gulik wrote:
>> Hi all.
>>  Here's a generic problem for people that like puzzles that I can't  
>> seem to work out: I want to add "Domains" to Squeak, so that system  
>> resources can be managed.
>>  Here's how it would work, in theory:
>>  * A domain would typically be a group of objects related to a  
>> particular application.
>> * Every object belongs to a domain.
>>  And then:
>>  - A domain's memory usage can be capped. Object>>new would be  
>> implemented so that it would wait for free memory or throw an Exception  
>> if the memory cap has been breached.
>
> Finding total memory usage for a Domain seems to be pretty difficult.
>
> There's a PointerFinder class which would work if every object in a  
> domain had a reference to that domain, but that looks expensive.
>
> If I did domains by assigning a domain to each Process, then memory  
> usage per domain would be impossible to calculate.
>
> Back to the drawing board... VM hacking might be needed :-(.
>
> Michael.
>
>
>

More information about the Squeak-dev mailing list