Indeed, Eio is far more than just a library for concurrency/parallelism. Furthermore, even if I find the idea of capabilities very interesting (that’s a notion and a conception of security I learned from Eio), it’s not the only way to solve safety problem. For instance, @dinosaure who writes unikernel can do this by restricting the number of system call allowed by his code, and maybe that’s why he wrote his own effect based scheduler.
OCaml type system can do a lot, but it’s not sure any user wants to pay that price just to have more safety control on their code. For instance, IIRC @c-cube wrote a simpler version of access control with [R|W] phantom type on bytes but I guess he stopped using it. And he also wrote his own effect-based scheduler.
The rest of this comment is more for people interested by philosophy of law and how it relates to object-capabilities system. I mostly thinking out loud since I only start reading about capabilities last week but I’ve been reading Kant’s philosophy for more than 25 years.
Since capabilities system deal with the right some code have regarding some resources, It must have some analogy with how the law works among human beings, and indeed it has. First of all, when I said that Curry-Howard was a particular case of a more general principle (not only use to study the analogy between computation and mathematical proof) I was serious. Let’s look at what Kant said about the formal structure of a State (his philosophy of law can be seen as a typing theory of roman law):
In other words, a State is formally structure like an Aristotelian syllogism (this is due to the formal structure of human mind: reason, understanding and the faculty of judgment, structure that we project in the constitution of our States).
- the law is the major (legislative power)
- the case at hand is the minor (executive power)
- the sentence is the conclusion (judiciary power)
That’s exactly what we got with a capability:
- the authority is the major
- the resource is the minor
- the capability is the conclusion
and that’s what I explained when I draw the correspondence between type class/trait system and Aristotelian syllogistic. The purpose of the authority is to rule out some uses of the resource, and the purpose of the system is to enforced the law. It can do it absolutely a priori if it is encoded in the static type system (a world with precogs à la Minority Report, system that will be fundamentally despotic if applied to human beings).
For the record, Kant also used this analogy in his famous Perpetual Peace to describe the distinction between a representative and a despotic constitution.
and in the french version I have, there is this additional remark in parentheses:
He also made an interesting use of syllogistic in an article about copyright (with a problem about concurrency), but I only know a french version freely accessible; De l’illégitimité de la contrefaçon des livres.