Struct kernel::process::SequentialProcessLoaderMachine

source ·
pub struct SequentialProcessLoaderMachine<'a, C: Chip + 'static> {
    client: OptionalCell<&'a dyn ProcessLoadingAsyncClient>,
    checker: &'static ProcessCheckerMachine,
    procs: MapCell<&'static mut [Option<&'static dyn Process>]>,
    proc_binaries: MapCell<&'static mut [Option<ProcessBinary>]>,
    flash: Cell<&'static [u8]>,
    app_memory: Cell<&'static mut [u8]>,
    deferred_call: DeferredCall,
    kernel: &'static Kernel,
    chip: &'static C,
    policy: OptionalCell<&'a dyn AppIdPolicy>,
    fault_policy: &'static dyn ProcessFaultPolicy,
    state: OptionalCell<SequentialProcessLoaderMachineState>,
Expand description

A machine for loading processes stored sequentially in a region of flash.

Load processes (stored as TBF objects in flash) into runnable process structures stored in the procs array. This machine scans the footers in the TBF for cryptographic credentials for binary integrity, passing them to the checker to decide whether the process has sufficient credentials to run.


§client: OptionalCell<&'a dyn ProcessLoadingAsyncClient>

Client to notify as processes are loaded and process loading finishes.

§checker: &'static ProcessCheckerMachine

Machine to use to check process credentials.

§procs: MapCell<&'static mut [Option<&'static dyn Process>]>

Array of stored process references for loaded processes.

§proc_binaries: MapCell<&'static mut [Option<ProcessBinary>]>

Array to store ProcessBinarys after checking credentials.

§flash: Cell<&'static [u8]>

Flash memory region to load processes from.

§app_memory: Cell<&'static mut [u8]>

Memory available to assign to applications.

§deferred_call: DeferredCall

Mechanism for generating async callbacks.

§kernel: &'static Kernel

Reference to the kernel object for creating Processes.

§chip: &'static C

Reference to the Chip object for creating Processes.

§policy: OptionalCell<&'a dyn AppIdPolicy>

The policy to use when determining ShortIds and process uniqueness.

§fault_policy: &'static dyn ProcessFaultPolicy

The fault policy to assign to each created Process.

§state: OptionalCell<SequentialProcessLoaderMachineState>

Current mode of the loading machine.



impl<'a, C: Chip> SequentialProcessLoaderMachine<'a, C>


pub fn new( checker: &'static ProcessCheckerMachine, procs: &'static mut [Option<&'static dyn Process>], proc_binaries: &'static mut [Option<ProcessBinary>], kernel: &'static Kernel, chip: &'static C, flash: &'static [u8], app_memory: &'static mut [u8], fault_policy: &'static dyn ProcessFaultPolicy, policy: &'static dyn AppIdPolicy, _capability_management: &dyn ProcessManagementCapability, ) -> Self

This function is made pub so that board files can use it, but loading processes from slices of flash an memory is fundamentally unsafe. Therefore, we require the ProcessManagementCapability to call this function.


fn find_open_process_slot(&self) -> Option<usize>

Find a slot in the PROCESSES array to store this process.


fn find_open_process_binary_slot(&self) -> Option<usize>

Find a slot in the PROCESS_BINARIES array to store this process.


fn load_and_check(&self)


fn discover_process_binary(&self) -> Result<ProcessBinary, ProcessBinaryError>

Try to parse a process binary from flash.

Returns the process binary object or an error if a valid process binary could not be extracted.


fn load_process_objects(&self) -> Result<(), ()>

Create process objects from the discovered process binaries.

This verifies that the discovered processes are valid to run.


fn is_blocked_from_loading_by( &self, pb1: &ProcessBinary, pb2: &ProcessBinary, ) -> bool

Check if pb1 is blocked from running by pb2.

pb2 blocks pb1 if:

  • They both have the same AppID or they both have the same ShortId, and
  • pb2 has a higher version number.

fn is_blocked_from_loading_by_process( &self, pb: &ProcessBinary, process: &dyn Process, ) -> bool

Check if pb is blocked from running by process.

process blocks pb if:

  • They both have the same AppID, or
  • They both have the same ShortId

Since process is already loaded, we only have to enforce the AppID and ShortId uniqueness guarantees.

Trait Implementations§


impl<'a, C: Chip> DeferredCallClient for SequentialProcessLoaderMachine<'a, C>


impl<'a, C: Chip> ProcessCheckerMachineClient for SequentialProcessLoaderMachine<'a, C>


fn done( &self, process_binary: ProcessBinary, result: Result<(), ProcessCheckError>, )

Check is finished, and the check result is in result.0 Read more

impl<'a, C: Chip> ProcessLoadingAsync<'a> for SequentialProcessLoaderMachine<'a, C>


fn set_client(&self, client: &'a dyn ProcessLoadingAsyncClient)

Set the client to receive callbacks about process loading and when process loading has finished.

fn set_policy(&self, policy: &'a dyn AppIdPolicy)

Set the credential checking policy for the loader.

fn start(&self)

Start the process loading operation.

Auto Trait Implementations§

Blanket Implementations§


impl<T> Any for T
where T: 'static + ?Sized,


fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,


fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,


fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T


fn from(t: T) -> T

Returns the argument unchanged.


impl<T, U> Into<U> for T
where U: From<T>,


fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.


impl<T, U> TryFrom<U> for T
where U: Into<T>,


type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,


type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.