On 21 Oct 2015, at 14:02 , Kevin Elphinstone <Kevin.Elphinstone@nicta.com.au> wrote:
BTW, Dhammika's use case was paravirtualised Linux, which is now better handled by CPU hardware extensions on ARM and x86.
… but points to a general use case: One of the attractions of clean object capability models is that any operation can be transparently virtualised. If an original cap can be derived, but a derived one cannot, then this breaks transparency at some point. There’s the old saying that in CS there are only three valid constants: zero, one and infinity. We have a two in there, which clearly smells badly. Gernot ________________________________ The information in this e-mail may be confidential and subject to legal professional privilege and/or copyright. National ICT Australia Limited accepts no liability for any damage caused by this email or its attachments.