Bedrock – Object-capability model

In my words, Move is kind of a Resource-Oriented Programming language. The resource is represented by struct in Move, aka object in other programming language. By the way, the resource in Move is the struct which cannot be copied and cannot be dropped1.

Distinct from other programming language, objects are stored in memory, resource in Move can store to the chain’s global storage.

Move also provides public modifier for functions, and without that the function is private, which means that function only allow be invoked in the module.

But a public function doesn’t mean we want everybody to call it, especially in blockchain system. According object-capability model, we can define a witness parameter which is a specific object. Then the function can be invoked only if somebody have that resource.

There are two rules in Move enhance this model:

Struct Can Only be Created or Destroyed in The Module It Belongs

  • Struct types can only be created or destroyed inside the odule that defines the struct.
  • The fields fo a struct are only accessable inside the module that defines the struct.

Module Can Only be Invoked by Script

Everybody Can Invoke

Nobody Can Invoke Except The Resource Owner

Nobody Can Invoke Except Who Initialized The Resource

Nobody Can Invoke Except Whom The Module Belongs to

  1. Only structs with the key ability can be saved directly in persistent global storage. All Values stored within those key structs must have the store abilities. See Type Abilities↩︎