On Sun, Mar 15, 2009 at 2:49 PM, Eric Rannaud <[email protected]> wrote: > This kind of consideration doesn't belong to a language's runtime (maybe > in a system like Singularity from MS Research,
Or any of <http://wiki.erights.org/wiki/Object-capability_languages>. > but we're not talking about that for BitC). I am. As with Scheme and ML, the attention paid by BitC to good modularity and software engineering considerations has led it into being almost an object-capability language. I do not speak for the BitC project, but I am interested in seeing BitC used in this way. > The reason is that the OS already cares about > security (and containment between processes), and it cannot trust the > applications (and their runtime) to not look at the content of newly > allocated pages. So the OS has to clear the pages itself. Certainly. But just because the OS doesn't trust a process, it does not follow that all parts of an individual process must trust all parts of the same process. BitC is almost perfectly suitable for supporting mutual suspicion at much finer grain than individual processes. It would be a shame to blow this possibility on details. > When you use BitC to program the OS itself, you will have to zero > pages explicitly. You cannot just clear any newly allocated memory: for > instance, it doesn't make a lot of sense to zero out an area reserved > for DMA. -- Text by me above is hereby placed in the public domain Cheers, --MarkM _______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
