Re: A comment about changing kernels

[Neal H. Walfield]

At Mon, 31 Oct 2005 11:39:15 +0100,
Bernhard Kauer wrote:
> 
> On Mon, Oct 31, 2005 at 01:05:20AM +0100, Marcus Brinkmann wrote:
> > > server protocols will be session based.  To establish a new session
> > > with a server the server has to be called anyway, which nullifies
> > > the advantage of copy().
> > 
> > You won't actually call this policy neutral, will you?
> 
> Sorry, but I do not understand your question.

I would characterize the problem as follows: you appear to explicitly
devalue certain design patterns in favor of others.  That is, the
abstractions that you provide impose a policy not present in the
underlying virtual machine.  This is not intrinsically bad: it becomes
a problem when the policy conflicts with or impedes other goals.  In
fact, imposing policy is sometimes good: policy can (and sometimes is
the only way) to facilitate the goals.  Consider resource allocation:
there has to be a resource allocation policy *somewhere*.  In this
case, the lack of an explicit policy is an implicit policy: any one
can use the resources in question at any time.

> Perhaps I should give an example to make my statement clear:
> Suppose a client A want to transfer a capability to a session to client B.
> Client A can copy or map this capability to B and let B invoke the capbility
> to get a new session from the server S. Or A can call S and say: "give this
> capability to B". Both cases need independently of copy/map 4 IPC's.

Why must B start a new session with the server?  I think that there
are legitimate models where the types of sessions you propose are
problematic.  So the claim isn't that session hand off is better done
using copy rather than map but that doing session management where the
identify of the caller is required is, for our purposes, flawed,
i.e. an inappropriate policy.

Thanks,
Neal