[seL4] Capability unwrapping

Thomas Sewell thomas.sewell at nicta.com.au
Fri Feb 13 10:30:52 EST 2015

In principle the reasonable limit is 1. If a sender can transfer 1 cap
per message, it can transfer any number of caps by sending a lot of

Some protocol can be built to reassemble the intended message from the
flurry of messages actually being sent.

This is all necessary if the user code needs to send an arbitrary number
of capabilities.

However if in practice the number is always 1, 2 or 3, it makes sense
for the kernel to support these cases directly to simplify the user
implementations and to avoid wasting as much time context switching.


On 13/02/15 05:55, Raoul Duke wrote:
>> How many would your application need at most, and more generally speaking, what would you think is a good limit?
> I woulda thunk the only reasonable software engineering answer to this
> is: "0, 1, max_int" (or whatever), no? Some other arbitrary value
> (like 6) sure seems a poor design to me.
> (Now, sure, there are times when it actually truly is not so easy -
> consider things like Scala's tupling only going up to 5
> http://www.scala-lang.org/api/current/index.html#scala.Function$ -
> although it is still kinda sad in those cases too.)
> _______________________________________________
> Devel mailing list
> Devel at sel4.systems
> https://sel4.systems/lists/listinfo/devel


The information in this e-mail may be confidential and subject to legal professional privilege and/or copyright. National ICT Australia Limited accepts no liability for any damage caused by this email or its attachments.

More information about the Devel mailing list