tool: check slot of extra caps

This checks if people try to place extra caps in slot 0,
which is reserved for Microkit CNode, and adds a test
case for it.

Signed-off-by: Terry Bai <tianyi.bai@unsw.edu.au>

Author: terryzbai

tool/microkit/src/sdf.rs

@@ -1372,6 +1372,14 @@ impl CapMap {
 
         let slot = sdf_parse_number(checked_lookup(xml_sdf, node, "slot")?, node)?;
 
+        if slot == 0 {
+            return Err(value_error(
+                xml_sdf,
+                node,
+                format!("The destination slot 0 has been reserved for Microkit CNode"),
+            ));
+        }
+
         // TODO: Rework this so that we don't have a fixed upper limit.
         if slot >= CAP_MAP_MAX_SLOT {
             return Err(value_error(

tool/microkit/tests/sdf/cap_mappings_slot_invalid.system

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2026, UNSW
+
+ SPDX-License-Identifier: BSD-2-Clause
+-->
+<system>
+    <protection_domain name="pd_a">
+        <program_image path="test" />
+    </protection_domain>
+
+    <protection_domain name="pd_b">
+        <program_image path="test" />
+
+        <cspace>
+            <cap_sc slot="0" pd="pd_a" />
+        </cspace>
+    </protection_domain>
+</system>

tool/microkit/tests/test.rs

@@ -1040,6 +1040,15 @@ mod system {
         )
     }
 
+    #[test]
+    fn test_cap_mappings_slot_invalid() {
+        check_error(
+            &DEFAULT_AARCH64_KERNEL_CONFIG,
+            "cap_mappings_slot_invalid.system",
+            "Error: The destination slot 0 has been reserved for Microkit CNode on element 'cap_sc'",
+        )
+    }
+
     #[test]
     fn test_cap_mappings_invalid() {
         check_error(