[erlang-questions] Capability model?
Mark S. Miller
Thu Oct 26 21:43:58 CEST 2006
Jim Larson wrote:
> I find registered processes useful for two reasons.
> First, it increases modularity by allowing deeply-nested code to
> send a message without passing the target Pid as an explicit parameter
> through each and every intermediate function. A standard situation
> is error logging. Other functional languages handle this through
> monads or other fanciness, but the Erlang way is to be simple and
> functional at a micro-level, and work around any problems through
> impure message-passing and other environmental services at the
Regarding named access to a given pid from various functions within a process,
isn't this what lexical scoping is for? Why not simply bind a variable to this
pid, in just the way you bind a variable to any other value?
If the intent is to escape the discipline imposed by lexical scoping, then you
are likely also escaping the discipline needed for secure object-capability
programming. Could you provide some motivating examples?
> Second, since the communication endpoint is also the unit of failure,
> you need *something* to use as a stable address in case the target
> process crashes and gets restarted. This suggests that if we
> re-interpret process registration as syntactic sugar plus an OTP
> service, the supervisory tree might be the right place to implement
> the process registry too. It could mean a lot of extra steps in
> message sending, but as with the capa-safe RPC transformation
> mentioned earlier, any optimizations to soften the impact would
> have a general benefit to the system.
See section 17.3 of <http://www.erights.org/talks/thesis/>.
Text by me above is hereby placed in the public domain
More information about the erlang-questions