Expand description
Cap — cap enum + shared constants.
Cap types and their inner storage use the default Global allocator
(= std heap on host, talc on guest via #[global_allocator]).
§CapRef is an Arc-backed handle
A CapRef is the entry-lifetime token for CacheDirectory.instances.
Clone bumps an inner Arc refcount; Drop decrements it.
CacheDirectory itself owns one CapRef per live entry alongside the
data; when external holders all drop their clones, the directory’s
sweep_instances finds entries whose stored CapRef has
strong_count == 1 and removes them. No callback-on-drop, no
deadlock discipline.
Cap::CNode slots and Cap::Instance.root_cnode hold
CapHashOrRef::Ref(CapRef) directly, so cloning a Cap deep-bumps every
nested handle and dropping a Cap deep-releases them. Recursive cleanup
is automatic via Rust’s Drop semantics; cycles are structurally
impossible (data-flow principle: no shared mutable state across
Instance boundaries).
Structs§
- CapRef
- Cache-local lifetime handle to a working
Cap::InstanceinCacheDirectory.instances.Clonebumps the refcount; the directory’ssweep_instancesreclaims entries whose only holder is the directory itself. Two separateCacheDirectoryinstances produce independentCapRefid namespaces — refs must not cross caches. - TypeCap
Cap::Typepayload. Pure identifier; no owned content, so no allocator parameter needed.
Enums§
- Cap
- One of the five v3 cap kinds.
- CapHash
OrRef - Slot/field reference: either a content-addressed blob in
cache.blobsor a mutable working entry incache.instances. - CapKind
- Discriminant for
Cap. Useful for matching, error messages, and places where the payload is irrelevant.
Constants§
- MAX_
ENDPOINTS - Maximum number of endpoints per Image.
- MAX_
SOURCE_ DEPTH - Maximum depth of a
MemoryMapping.source_path. v3 cap graphs stay shallow; eight is plenty. - NUM_
REGS - Number of PVM general-purpose registers (φ[0]..φ[12]).
Type Aliases§
- CapHash
- 32-byte digest used for all v3 cap identity / content hashes.