From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on ip-172-31-74-118.ec2.internal X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.6 Path: eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail From: Doctor Who Newsgroups: comp.lang.ada Subject: Re: The Ravenscar profile and capabilities paradigm Date: Tue, 12 Oct 2021 20:24:20 +0200 Organization: A noiseless patient Spider Message-ID: <4lkbmgd7dabitibimkab7hodsfqpv422cr@4ax.com> References: <07f8mgdot9tmh8mqen2ogd5dds2gojoleh@4ax.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Injection-Info: reader02.eternal-september.org; posting-host="029ba4d39744cc2f920d1f90b5831eec"; logging-data="19461"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/ck5lmH/4vQrrTp5ep7mZA" User-Agent: ForteAgent/8.00.32.1272 Cancel-Lock: sha1:lwFm32nqgGR7EpKpIIILMLkPz1Q= Xref: reader02.eternal-september.org comp.lang.ada:62983 List-Id: On Tue, 12 Oct 2021 20:21:28 +0200, Doctor Who wrote: >On Tue, 12 Oct 2021 16:43:07 +0100, "Luke A. Guest" > wrote: > >>On 12/10/2021 16:33, Shark8 wrote: >>> On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote: >>>> On 12/10/2021 16:01, Shark8 wrote: >>>>> On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote: >>>>>> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote: >>>>>>> Doctor Who writes: >>>>>>> >>>>>>>> someone knows how to introduce the capabilities paradigm in Ada, >>>>>>>> specifically for programs written using the Ravenscar profile ? >>>>>>> >>>>> Type Capability is ( Read, Copy, Whatever ); >>>> There can be a capabiity for literally anything, even ownership and can >>>> be different depending on object/os service. >>>> >>>> I'd say a tagged type is better than an enum. >>> Possibly. >>> But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector of Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and instantiating the Vector container and setting up multiple non-abstract Capability-descendants, cluttering the point of the example.) >>> >> >>Capabilities allow granting and revoking of access, iirc, the kernel has >>access to all, the kernel then grants access to certain processes, i.e. >>memory server, filesystem server, etc. each of those processes can >>further grant and revoke caps. >> > >thank you all for the help, I hope this discussion goes far. >the most useful approach is the microkernel, where access to, and >operation of, each service is mediated by capabilities. > >I would go so far to define and implement a capability-based >microkernel written in Ada using the Ravenscar profile. I like SweetAda, and I would like to implement something similar but using the approach I described so far.