[DGD] Access

[Stephen Schmidt]

On Thu, 9 Aug 2001, Mikael Lind wrote:
> After some initial problems I had, Dworkin emphasised that
> compilation and calling are to be kept separate.

Can someone give some intuition as to why this is desirable?
I understand it, but don't understand the need for it. I have
not done much work with the kernel, but it seems to me that
this method requires that, each time an object calls into
another object, one must check whether the target object is
compiled, and if not, pass control to a manager object which
determines whether to compile and proceed, or abort the call,
based on the identity of the calling object and whatever else
you want to take into account. Of course it's not a lot of
code, it's just a matter of putting it into the auto object
appropriately and creating the manager, but it raises big
conceptual issues about when the manager should permit
compiling and when it should not.

It is much simpler to allow any object which can call into a
target, to also be allowed to compile the target. I know from
past experience that Dworkin has good reasons for these sorts
of things, and I imagine that there is a security hole that
opens up if calling objects can force a compilation. What is
the problem? Or, if the concern is not security, what is it?

Steve



_________________________________________________________________
List config page:  http://list.imaginary.com/mailman/listinfo/dgd