From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ronald G Minnich To: <9fans@cse.psu.edu> Subject: Re: [9fans] Ephase question. In-Reply-To: <3D5AC78B.E19A9DA1@null.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Thu, 15 Aug 2002 10:22:11 -0600 Topicbox-Message-UUID: dd37854c-eaca-11e9-9e20-41e7f4b1d025 On Thu, 15 Aug 2002, Douglas A. Gwyn wrote: > > What matters is expressibility without bloat, not finding > > the criteria under which to claim a lower count of > > functions of type T, for some T. > > It can depend on one's goal. For example, if a primary goal > is proof of security, it seems intractible unless the number > of primitive functions is fairly small and each has a fairly > clean specification. Reliability and correctness, ditto. Why I care about "how many system calls"; check out the Unix (Linux) system call list nowadays. There are lots of different resource types (pathnames, sysctl names, fds, pids, etc. etc) and consequently lots of different difficulties. Just watching the freebsd 'jail' discussion has been interesting. How do you ever secure an interface this complicated? Seems very hard, and has proven to be hard in practice. It's not just "reduce T for some T". Exploding system call counts can indicate a problem with the design of the system (see some of the later Linux system calls ...). ron