On 4/25/06, Jonathan S. Shapiro <[EMAIL PROTECTED]> wrote: > On Tue, 2006-04-25 at 18:14 +0200, Pierre THIERRY wrote: > > Scribit Bas Wijnen dies 25/04/2006 hora 16:51: > > > However, as far as I see it, only the performance problem is actually > > > valid for the move-only-send-exactly-once capabilities. > > > > IIRC, move-only capabilities add a check in the copy process which > > impacts performance. > > Yes. But truthfully this is a small issue. The bigger issue is that an > application cannot perform a copy without knowing what "type" of > capability it is copying. It needs to know this because the copy > behavior depends on the capability type. > > Notice that this is not the same as the interface type, and it > introduces a significant application complexity. > > Note further that not all reply capabilities are invoked by a reply. > Some are invoked by a send or a call! >
I would expect the interface to the service to define what kind of capability is accepted. This way the program will always assume the right capability type, and no complexity is needed. If the type is not directly checked by the kernel when performing the IPC the application may have to check for capabilities that are insufficient to perform the service. Another question is if client submitting a send capability instead of reply capability (or non-counted reply instead of reference-counted reply capability) is violating the protocol. The capability should be sufficient to perform the service but giving more authority than needed can cause risks for the client. Thanks Michal
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
