In principle the reasonable limit is 1. If a sender can transfer 1 cap per message, it can transfer any number of caps by sending a lot of messages. Some protocol can be built to reassemble the intended message from the flurry of messages actually being sent. This is all necessary if the user code needs to send an arbitrary number of capabilities. However if in practice the number is always 1, 2 or 3, it makes sense for the kernel to support these cases directly to simplify the user implementations and to avoid wasting as much time context switching. Cheers, Thomas. On 13/02/15 05:55, Raoul Duke wrote:
How many would your application need at most, and more generally speaking, what would you think is a good limit? I woulda thunk the only reasonable software engineering answer to this is: "0, 1, max_int" (or whatever), no? Some other arbitrary value (like 6) sure seems a poor design to me.
(Now, sure, there are times when it actually truly is not so easy - consider things like Scala's tupling only going up to 5 http://www.scala-lang.org/api/current/index.html#scala.Function$ - although it is still kinda sad in those cases too.)
_______________________________________________ Devel mailing list Devel@sel4.systems https://sel4.systems/lists/listinfo/devel
________________________________ The information in this e-mail may be confidential and subject to legal professional privilege and/or copyright. National ICT Australia Limited accepts no liability for any damage caused by this email or its attachments.