why use ambient authority in genode hello world?
Dan Connolly
dckc at ...392...
Thu Feb 11 00:15:13 CET 2016
Norman Feske writes 2016-01-25 07:52:10:
> welcome to the mailing list!
Thanks! (Though I haven't actually subscribed yet.
I just noticed your reply by looking at the archives.)
> > ... Why not pass a
> > capability to main ...?
>
> That is a good point. In fact, we are currently revisiting the API in
> this respect:
>
> https://github.com/genodelabs/genode/issues/1832
Ah. Yes. Exactly: "In the spirit of capability-based security, let us
drop the global env."
I hope the hello-world example is updated to make use of explicit
access to the LOG session while you're at it.
> That said, we will maintain the side effect of a default output facility
> (printf, PDBG) for practical reasons. For debugging (the main purpose of
> those functions), it would be unbearable to always need to pass a
> reference to a LOG interface around.
Yes, such a practical expedient is common in the ocap APIs that I'm
familiar with; e.g.
The safeScope now provides a println-like traceln function for
logging debugging output to the tracelog. This output is quoted using
email quoting syntax, to identify the fully-qualified name of the
module it came from.
-- http://www.erights.org/download/0-9-1/highlights.html
But I guess I don't consider debugging/logging the main use of
printf(). Traditionally,
printf() (implicitly to stdout) creates the normal output of a
program, not any sort of debug info.
--
Dan Connolly
http://www.madmode.com/
More information about the users
mailing list