Aoife Kavannagh Thesis Abstract
Using Grasshopper as a research vehicle, this thesis investigates protection
and naming using capabilities in a distributed environment, and describes
the introduction of computation migration to Grasshopper. Capabilities
act as tokens to gain access to objects. Associated with capabilities
are access and status rights which determine the operations which may
be performed on the referenced object and the capability. Associated with
every Grasshopper entity is a list of capabilities and a list of permission
groups. Grasshopper capabilities lend themselves well to distribution
as they are opaque at user-level. As capabilities provide a pointer naming
model, it is necessary to identify the extensions required for capabilities
to work in a distributed environment. These are: the ability to distinguish
between local and non-local entities, the ability to uniquely name and
locate entities and the ability to locate permission groups. A reference
counting algorithm using bulk references and proxy permission groups is
introduced for garbage collection. Computation migration allows threads
to move between different nodes on a network. This involves the design
and implementation of the Grasshopper Inter Kernel Protocol which supports
communication between two Grasshopper kernels. A migrating locus must
be allowed to bring its capability list with it, resulting in the introduction
of a mechanism for marshalling and unmarshalling capabilities before and
after a network traversal. One of the attractive features of capabilities
is that they allow the creation of closed worlds. The use of name servers
to allow sharing results in the loss of this isolation property. This
thesis introduces a broker which provides a form of opaque sharing where
both the capability presenter and the receiver agree to the sharing. Remote
machines may request a copy of the kernel registered capability of a remote
broker, providing a means of obtaining remote capabilities. Once a capability
for a remote broker is held, capabilities may be presented to it from
a remote machine for sharing with local entities. This thesis describes
how the Grasshopper system has been extended to support distributed computation
and capability migration whilst maintaining location and naming transparency.