|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [MirageOS-devel] Remove DEVICE.connect?
One thing that bothers me about the Mirage types is the DEVICE.connect function.
If I have e.g.
module MyMod (F : FS) = struct
let use f = ...
end
then I'd expect that MyMod won't be able to corrupt the filesystem
(assuming the FS itself isn't buggy).
But in fact MyMod can do:
let use f =
let f2 = F.connect (F.id f)) in ...
and now we have two filesystems on the same underlying block device,
which can't be good.
In OO terms, "connect" is the constructor (defined separately by each
concrete implementation), while the other functions in DEVICE are
methods (defined by the generic interface).
So, I propose removing connect from the type signatures (but keeping
it in the implementations). Then, being given a device only implies
the ability to use it, not the ability to create more devices.
We should probably get rid of "id" as well. The signature says:
type id
(** Type defining an identifier for this device that uniquely
identifies it among a device tree. *)
val id : t -> id
(** Return the identifier that was used to construct this device *)
That might make sense for low-level Xen devices such as disks, but not
for things built on them. For example, for an FS the "id" is the
underlying block device. Perhaps it would be better to have a function
"name : t -> string" for when you need a name for display? I don't see
any particular reason why the user of a device should be able to
recover the constructor arguments.
Thoughts?
--
Dr Thomas Leonard http://0install.net/
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA
_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |