From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on ip-172-31-74-118.ec2.internal X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.6 Path: eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail From: Doctor Who Newsgroups: comp.lang.ada Subject: Re: The Ravenscar profile and capabilities paradigm Date: Tue, 12 Oct 2021 20:21:28 +0200 Organization: A noiseless patient Spider Message-ID: References: <07f8mgdot9tmh8mqen2ogd5dds2gojoleh@4ax.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Injection-Info: reader02.eternal-september.org; posting-host="029ba4d39744cc2f920d1f90b5831eec"; logging-data="16036"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18thbUsx9C9CjVn7uh0gh18" User-Agent: ForteAgent/8.00.32.1272 Cancel-Lock: sha1:ecoizQtTHanjXNz1QAWqtUqwuUY= Xref: reader02.eternal-september.org comp.lang.ada:62982 List-Id: On Tue, 12 Oct 2021 16:43:07 +0100, "Luke A. Guest" wrote: >On 12/10/2021 16:33, Shark8 wrote: >> On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote: >>> On 12/10/2021 16:01, Shark8 wrote: >>>> On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote: >>>>> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote: >>>>>> Doctor Who writes: >>>>>> >>>>>>> someone knows how to introduce the capabilities paradigm in Ada, >>>>>>> specifically for programs written using the Ravenscar profile ? >>>>>> >>>> Type Capability is ( Read, Copy, Whatever ); >>> There can be a capabiity for literally anything, even ownership and can >>> be different depending on object/os service. >>> >>> I'd say a tagged type is better than an enum. >> Possibly. >> But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector of Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and instantiating the Vector container and setting up multiple non-abstract Capability-descendants, cluttering the point of the example.) >> > >Capabilities allow granting and revoking of access, iirc, the kernel has >access to all, the kernel then grants access to certain processes, i.e. >memory server, filesystem server, etc. each of those processes can >further grant and revoke caps. > thank you all for the help, I hope this discussion goes far. the most useful approach is the microkernel, where access to, and operation of, each service is mediated by capabilities. I would go so far to define and implement a capability-based microkernel written in Ada using the Ravenscar profile.