[Self-interest] globals (was: Block Question)

Jecel Assumpcao Jr jecel at merlintec.com
Sat Nov 13 02:08:43 UTC 2021 

Russell Allen wrote on Fri, 12 Nov 2021 14:19:05 +1100
> > On 12 Nov 2021, at 12:35 pm, Jecel Assumpcao Jr wrote:
> > Not having globals built into the language allows a more secure system
> > to be created, but that was not done for Self. 
> 
> I played around a bit with trying to create ?vats? ie segregated object graphs
> 
> The two big roadblocks I ran into were this issue of the compiler creating
> objects that refer back to the lobby, eg small ints, strings etc, and also the
> way in which primitives could be constructed to break out of the vat, eg,
> "2 _Quit" and of course "2 _Mirror"

Most of the ways Smalltalks have implemented primitives are a globals:

- Smalltalk-72 escape codes
- Smalltalk-80 method headers
- Self special message selectors
- Little Smalltalk primitive expressions

In some of my designs I had a more local scheme. For example, primitive
objects so you have something like

   IntALU add: self with: arg

which you can only use in places in the system that happen to have a
refence to the IntALU object.

> There are primitives put in for the JVM emulator which allow for reasonably
> fast integers that aren't necessarily delegates of traits smallInt, so with a
> suitable compiler which compiled in the context of a different "lobby"
> (and disallowed constructing interned strings for most primitives) I think
> you could get there.

It isn't easy to isolate stuff. For example, an object knows not only
the set of objects that have references built into it when it was
created (our discussion so far) but also anything that gets passed as
arguments of any messages sent to it.

> I thought the result would be pretty interesting - self contained object
> clusters with a defined interface which could be easily serialised and
> passed around, or imported safely without worrying about the main image.

An interesting project is SqueakNOS that ran Squeak Smalltalk on bare
hardware. The only changes to the virtual machine were the addition of
primitives to access any byte in memory (and read or write any i/o port
on the x86) and to associate a Smalltalk semaphore with a hardware
interrupt. Everything else, including device drivers, is just regular
Smalltalk code.

The problem is that this makes old MS-DOS look like a security focused
operating system in comparison. But what if the VM could handle multiple
images which communicated with each other? Supposing only a single
"system image" had access to the SqueakNOS primitives while the various
"application images" ran the user's code this could be a very secure OS.
In fact, the various images wouldn't even have to be the same version.
Craig Latta has worked in this area:

https://github.com/ccrraaiigg/context

-- Jecel

More information about the Self-interest mailing list