JAR: Join-Accumulate Refine

10.2. Capability Indirection🔗

Cap slot references are u32 with byte-packed HANDLE chain indirection (3 levels max):

  • byte 0: target cap slot (0-255)

  • byte 1: indirection level 0 (0x00 = end of chain, 1-255 = HANDLE slot)

  • byte 2: indirection level 1

  • byte 3: indirection level 2

Slot 0 (IPC) cannot be used for indirection (byte=0x00=end of chain). (u8 as u32) zero-extended = local slot, backward compatible. Each intermediate VM must be non-RUNNING (IDLE or FAULTED).

This enables zero-copy I/O to descendant VMs (protocol caps write directly into a child's backing pages), cross-CNode cap management (MOVE replaces GRANT/REVOKE), and demand paging (parent MAPs pages in child's address space via indirection + RESUME).