why use ambient authority in genode hello world?

Dan Connolly dckc at ...392...
Thu Feb 11 00:15:13 CET 2016

Norman Feske writes 2016-01-25 07:52:10:
> welcome to the mailing list!

Thanks! (Though I haven't actually subscribed yet.
I just noticed your reply by looking at the archives.)

> > ... Why not pass a
> > capability to main ...?
> That is a good point. In fact, we are currently revisiting the API in
> this respect:
>  https://github.com/genodelabs/genode/issues/1832

Ah. Yes. Exactly: "In the spirit of capability-based security, let us
drop the global env."

I hope the hello-world example is updated to make use of explicit
access to the LOG session while you're at it.

> That said, we will maintain the side effect of a default output facility
> (printf, PDBG) for practical reasons. For debugging (the main purpose of
> those functions), it would be unbearable to always need to pass a
> reference to a LOG interface around.

Yes, such a practical expedient is common in the ocap APIs that I'm
familiar with; e.g.

   The safeScope now provides a println-like traceln function for
logging debugging output to the tracelog. This output is quoted using
email quoting syntax, to identify the fully-qualified name of the
module it came from.
   -- http://www.erights.org/download/0-9-1/highlights.html

But I guess I don't consider debugging/logging the main use of
printf(). Traditionally,
printf() (implicitly to stdout) creates the normal output of a
program, not any sort of debug info.

Dan Connolly

More information about the users mailing list