This Scheme code captures some of the buddy capability logic described here.
It relies on a few non-standard Scheme features defined in SRFI 60.
At the top lexical level are defined
- rp
- is a useful debugging tool, not currently called.
- p
- is a print routine of large integers in binary and logarithmic form.
- NSP
- is a creator of functional but insecure sealer-unsealer pairs.
- (desc k)
- generates (top . catalog), for a address space of 2k cells.
“top” is the capability for all cells and will presumably be closely held by whoever calls desc.
“catalog” is a function that returns any of a universally available set of values and functions.
If C is the aforementioned catalog:
- ((C 'within) b c)
- returns a bool indicating if all the cells available via b are available via c.
- ((C 'sub) b n)
- returns a new capability to a subset of capability b.
- ((C 'locate) b c)
- returns the range r of b within c if ((C 'within) b c).
Otherwise it returns 0.
- ((C 'size) A)
- returns a power of 2 which is the smallest invalid index into capability A.
- (C 'zer)
- returns the null capability with no valid indexes.
- ((C 'zer?) A)
- iff A is the null capability.
- ((C 'eq?) A B)
- iff A and B are the same capability.
If T = top = (car (desc k)) then ((C 'locate) x T) yields the real mid-pointer of the block accessed by x.
Let (R x) be defined as ((C 'locate) x T) for this section.
Let (S A n) be the storage cell accessed by applying index n to capability A.
We can make several definitive claims with this notation.
If 0≤n<(size A) then