Standardized Write Bit in Capabilities
Many capability platforms allocate a position within a capability to hold a “write permissions” bit.
This perhaps evolved along with capabilities for memory or perhaps memory for capabilities.
Keykos does not.
We realized that for each particular type of object the code for that type would always run and that logic (usually a program) would be in a position to interpret extra bits in a capability as it wishes so as to guard the integrity of the designated object appropriately.
The “type of object” is manifest in the type field of the capability and if the key is a start key then the program obeyed by the designated domain is situated just right to interpret the “data byte” from the start key.
For keys that denote kernel objects the story is the same.
Occasionally the kernel is responsible for evaluating the potency of a capability such as when the kernel object DISCRIM is asked about the discretion of a kernel object, such as a page, node or fetch key.
The kernel must first examine the key type, whereupon it may save just a few instructions if the write bits in these keys to kernel objects are co-located.