Till now I was neutral on the term "Vat". But part of the notion of Vat is that Vats are (mostly[1]) only asynchronously coupled. Two fully membraned subgraphs, interacting synchronously only through Proxies, would by my normal definitions be together in one Vat.
For this separation, where non-subvertable membrane boundaries impose security boundaries between disjoint subgraphs of the object graph, I use the term "Compartment". This corresponds well enough to the established meaning of "Compartment" in computer security. [1] In E the issue of asynchronous-only coupling is broken into two concepts, the Vat and the Runner. Each Vat is within one Runner, and there can be multiple Vats within a Runner. Each Job (nee Turn) is associated with a one Vat. Each Runner is associated with a single threat of control. Each Job of any Vat within a Runner, once started, runs to completion before that Runner can start any of the other Jobs of any of its Vats. Thus, a single non-terminating Job of any Vat within a Runner prevents any further progress by any other Vat within that Runner. This is the *only* sense in which Vats within a Runner are synchronously coupled. Objects within one Vat cannot synchronously invoke/access any objects/state within any other Vat, whether in the same Runner or not. So, I would say that Runners are units of concurrency, Vats are units of asynchrony, and Compartments are units of unmediated direct access. On Fri, Oct 17, 2014 at 9:37 AM, Allen Wirfs-Brock <[email protected]> wrote: > > On Oct 16, 2014, at 5:31 PM, Boris Zbarsky wrote: > > > On 10/16/14, 5:58 PM, Brendan Eich wrote: > >> Can you say more? > > > > Vats as currently specified have independent event loops and allow > parallel JS execution, in the sense that they are totally disconnected from > each other and have separate run-to-completion guarantees. > > > > A window and its same-origin subframe have two separate WindowProxys but > can't really be separate Vats given the above, yes? > > We've also talked about this in the other recent related thread. > > As Vats are current specified (the ES6 spec essentially describes a single > Vat), the host is responsible for making Job scheduling decisions for each > Vat. This means that a host that is managing multiple Vats could impose a > synchronous scheduling policy that spans multiple Vats. This seems like it > may be sufficient to describe browsers behavior. > > Allen > > _______________________________________________ > es-discuss mailing list > [email protected] > https://mail.mozilla.org/listinfo/es-discuss > -- Cheers, --MarkM
_______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
