I really like the protection domains and the PLB, I could really use this on my x86 right now. 🙂
At about 1:03:40 there’s an explanation of passing a graph structure by allocating an arena and passing the arena. There’s a comment that the callee can “tromp on your arena structure”. Shouldn’t we be able to pass() the graph read-only to avoid the callee making any changes? Or does pass implicitly grant read and write access? It seemed that earlier at about 1:01:30 we see a write system call using pass(ptr, len, r), I assume that “r” is read and the absence of “w” means it’s read-only.