-
Notifications
You must be signed in to change notification settings - Fork 641
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Confusing parameter name index
in CNode and Untyped object invocations
#566
Comments
This comment has been minimized.
This comment has been minimized.
Another reason why it's non-intuitive is because the way page-table addressing is handled in the API is the invocation takes an absolute virtual-address and doesn't require the unused bits to be |
I agree Slightly worried about Maybe |
Maybe we could look at renaming both
|
Actually, this comment was wrong: #566 (comment). |
I am so glad I'm not the only one that finds this confusing! |
Just brainstorming some ideas here. I'm not necessarily strongly in favour of any of them, but might inspire others. 1: Perhaps we should have "CapAddress" and "CNodeAddress". I believe it is only when addressing CNodes that you need the additional 'depth' argument. 2: While 'depth' makes sense because it is a tree, I feel that the parameter you are passing represents the number of bits / length of the address that is being decoded. And actually depth isn't great because a node may be three levels deep, but that isn't the thing you pass tin the 'depth' argument. 3: The manual uses CPTR in some places and CPtr in other. We should be consistent. (Assuming the outcome of this issue is updating docs). 4: I find the statement in 3.3.2 that "A capability address is stored in a CPointer (abbreviated CPTR), which is an unsigned integer variable". It seems to imply some difference between a capability address and a CPointer. Really there isn't one. It previously describes "a capability address is simply an integer". The only difference is that a CPointer is a specific storage location in a user's program. But this confuses things (in my opinion). 5: Of course a capability address actually refers to a "slot" in a CNode. That slot may or may not hold a capability. (Unless we say that all slots hold a capability and such a capability may by the NULL cap. The user manual seems to be inconsistent here. I think the kernel implementation (I don't know about the proof) really does have "Null caps" and I think since it does this should be documented as such. And a capability address to a NULL cap is different from a capability address that does not resolve to any slot at all. Possibly I'm making this bigger than the specific problem. |
Since we are taking confusing things around capabilities. One things that has confused me in the past is that inside the kernel there are various variations on the theme of I know there is a distinction between interface and implementation, but having |
And on the same line. |
The manual is actually wrong there (see RFC-7), you can only provide a guard in Mutate. |
Oh, right. There is the magical "preserve" parameter to |
Finally found the commit that introduces During a |
(The reason changing the badge changes parent/child is that a neighbour cap to the same object with a non-zero badge is treated as a child of a zero-badge cap -- all of this is because there are not enough bits on 32-bit architectures to properly represent depth in the CDT. It'd be good, but at least a medium-sized operation to find a better mechanism for this.) |
It's 14 years ago, but, was there any consideration at the time to simply not call |
Yes, that's right, hence RFC-7. 14 years ago we were expecting to produce further cap types with potentially more cap data, so removing it then would have been premature. But, there is actually a good point on the discussion on RFC-7: if we remove it, we cannot produce revokable CNode caps with guards any more. And that is probably a show-stopper for removing it. At least I haven't come up yet with anything that would suitably replace it. If that is the case, we should probably rename the operation, but otherwise leave it as is. |
Context: Invocations that need to address CNodes use a different addressing method than just a seL4_CPtr. They need:
The API documentation names the second parameter (with the address/path information)
index
ornode_index
. I find this name makes it easy to confuse the parameter as being a CNode object index instead of an address/path of multiple CNode indexes.Another thing that contributes to the confusion is that the
index
is almost a seL4_CPtr and is treated the same if the depth argument isWORD_BITS
, but for every bit less you want to resolve, the index argument needs to get right shifted by that amount. However, elsewhere you can use a seL4_CPtr to perform an invocation on a non-CNode object located at a depth less thanWORD_BITS
and you aren't supposed to right shift by the difference.A better name would be something like
address
orslot_address
.The text was updated successfully, but these errors were encountered: