This can be seen as voluntarily confining oneself, either to avoid inadvertant damage, or to avoid detection.
The Tymnet supervisor first ran in an SDS 940 computer and another program would run with read-only access to the changing memory of the supervisor and report statistics and trace out network circuits as dynamically modeled by the supervisor. There were no transaction boundaries and the observer would occasionally report transient mysteries, but the observer was not designed to require a consistent state. Stable situations could generally be observed and reported.
In a capability system such as Keykos state lives in nodes as well as pages and a sensory capability to a node generally lets an observer navigate thru a network of nodes and pages. If that network is dynamic some navigation techniques must be modified to tolerate dead ends whereas the program that changes the network will not be surprised at such dead ends. This situation ranges from insignificant to intolerable. Gate keys are invisible via sensory keys and this limits the scheme to one abstraction level—the contractor cannot have subcontractors.
There are techniques for observed routines to work that make the observer's job easier and even lets the observer make some safe deductions about the transient state. These techniques range from easy to impossible depending on the charter of the observed program. For instance the observed program keeps a state version number sv which alternates between −1 and an increasing positive number. While the program is changing the state sv=−1 after which the program sets sv to a value higher than it has had before. The observer may be able to make its observation while sv is an unchanged positive number. sv may be a gc count and between gc's much is reliably accessible by the observer.
Factories are well suited to produce observers while simply assuring they will not muck up the observed. All of these schemes respect abstraction. This pattern, as is, fails for subcontractors, but see this!