Implementation

Copy avoidance is only partly automated, because it is unfortunately infeasible for the runtime system to infer all intentions automatically. Instead, it presents filters by default with a conservatively shared view together with interfaces for acquiring additional permissions. The filter developer can use these to choose between data and metadata manipulation, for instance. Similarly, state has to be explicitly requested. By default, a filter has read and write permissions on metadata, read permissions on data and no state. This choice follows from the observation that metadata updates are cheap and frequent, while data updates are expensive and - thanks to the metadata channel - infrequent.