Trait kernel::process::Process[][src]

pub trait Process {
Show 59 methods fn processid(&self) -> ProcessId;
fn enqueue_task(&self, task: Task) -> Result<(), ErrorCode>;
fn ready(&self) -> bool;
fn has_tasks(&self) -> bool;
fn dequeue_task(&self) -> Option<Task>;
fn pending_tasks(&self) -> usize;
fn remove_pending_upcalls(&self, upcall_id: UpcallId);
fn get_state(&self) -> State;
fn set_yielded_state(&self);
fn stop(&self);
fn resume(&self);
fn set_fault_state(&self);
fn get_restart_count(&self) -> usize;
fn get_process_name(&self) -> &'static str;
fn terminate(&self, completion_code: Option<u32>);
fn try_restart(&self, completion_code: Option<u32>);
fn brk(&self, new_break: *const u8) -> Result<*const u8, Error>;
fn sbrk(&self, increment: isize) -> Result<*const u8, Error>;
fn mem_start(&self) -> *const u8;
fn mem_end(&self) -> *const u8;
fn flash_start(&self) -> *const u8;
fn flash_end(&self) -> *const u8;
fn kernel_memory_break(&self) -> *const u8;
fn number_writeable_flash_regions(&self) -> usize;
fn get_writeable_flash_region(&self, region_index: usize) -> (u32, u32);
fn update_stack_start_pointer(&self, stack_pointer: *const u8);
fn update_heap_start_pointer(&self, heap_pointer: *const u8);
fn app_memory_break(&self) -> *const u8;
fn build_readwrite_process_buffer(
        &self,
        buf_start_addr: *mut u8,
        size: usize
    ) -> Result<ReadWriteProcessBuffer, ErrorCode>;
fn build_readonly_process_buffer(
        &self,
        buf_start_addr: *const u8,
        size: usize
    ) -> Result<ReadOnlyProcessBuffer, ErrorCode>;
unsafe fn set_byte(&self, addr: *mut u8, value: u8) -> bool;
fn flash_non_protected_start(&self) -> *const u8;
fn setup_mpu(&self);
fn add_mpu_region(
        &self,
        unallocated_memory_start: *const u8,
        unallocated_memory_size: usize,
        min_region_size: usize
    ) -> Option<Region>;
fn remove_mpu_region(&self, region: Region) -> Result<(), ErrorCode>;
fn allocate_grant(
        &self,
        grant_num: usize,
        driver_num: usize,
        size: usize,
        align: usize
    ) -> Option<NonNull<u8>>;
fn grant_is_allocated(&self, grant_num: usize) -> Option<bool>;
fn allocate_custom_grant(
        &self,
        size: usize,
        align: usize
    ) -> Option<(ProcessCustomGrantIdentifer, NonNull<u8>)>;
fn enter_grant(&self, grant_num: usize) -> Result<*mut u8, Error>;
fn enter_custom_grant(
        &self,
        identifier: ProcessCustomGrantIdentifer
    ) -> Result<*mut u8, Error>;
fn leave_grant(&self, grant_num: usize);
fn grant_allocated_count(&self) -> Option<usize>;
fn lookup_grant_from_driver_num(
        &self,
        driver_num: usize
    ) -> Result<usize, Error>;
fn is_valid_upcall_function_pointer(&self, upcall_fn: NonNull<()>) -> bool;
fn set_syscall_return_value(&self, return_value: SyscallReturn);
fn set_process_function(&self, callback: FunctionCall);
fn switch_to(&self) -> Option<ContextSwitchReason>;
fn get_addresses(&self) -> ProcessAddresses;
fn get_sizes(&self) -> ProcessSizes;
fn print_memory_map(&self, writer: &mut dyn Write);
fn print_full_process(&self, writer: &mut dyn Write);
fn debug_syscall_count(&self) -> usize;
fn debug_dropped_upcall_count(&self) -> usize;
fn debug_timeslice_expiration_count(&self) -> usize;
fn debug_timeslice_expired(&self);
fn debug_syscall_called(&self, last_syscall: Syscall);
fn debug_heap_start(&self) -> Option<*const u8>;
fn debug_stack_start(&self) -> Option<*const u8>;
fn debug_stack_end(&self) -> Option<*const u8>;
}
Expand description

This trait represents a generic process that the Tock scheduler can schedule.

Required methods

Returns the process’s identifier.

Queue a Task for the process. This will be added to a per-process buffer and executed by the scheduler. Tasks are some function the app should run, for example a upcall or an IPC call.

This function returns Ok(()) if the Task was successfully enqueued. If the process is no longer alive, Err(ErrorCode::NODEVICE) is returned. If the task could not be enqueued because there is insufficient space in the internal task queue, Err(ErrorCode::NOMEM) is returned. Other return values must be treated as kernel-internal errors.

Returns whether this process is ready to execute.

Return if there are any Tasks (upcalls/IPC requests) enqueued for the process.

Remove the scheduled operation from the front of the queue and return it to be handled by the scheduler.

If there are no Tasks in the queue for this process this will return None.

Returns the number of pending tasks. If 0 then dequeue_task() will return None when called.

Remove all scheduled upcalls for a given upcall id from the task queue.

Returns the current state the process is in. Common states are “running” or “yielded”.

Move this process from the running state to the yielded state.

This will fail (i.e. not do anything) if the process was not previously running.

Move this process from running or yielded state into the stopped state.

This will fail (i.e. not do anything) if the process was not either running or yielded.

Move this stopped process back into its original state.

This transitions a process from StoppedRunning -> Running or StoppedYielded -> Yielded.

Put this process in the fault state. This will trigger the FaultResponse for this process to occur.

Returns how many times this process has been restarted.

Get the name of the process. Used for IPC.

Stop and clear a process’s state, putting it into the Terminated state.

This will end the process, but does not reset it such that it could be restarted and run again. This function instead frees grants and any queued tasks for this process, but leaves the debug information about the process and other state intact.

When a process is terminated, an optional completion_code should be stored for the process. If the process provided the completion code (e.g. via the exit syscall), then this function should be called with a completion code of Some(u32). If the kernel is terminating the process and therefore has no completion code from the process, it should provide None.

Terminates and attempts to restart the process. The process and current application always terminate. The kernel may, based on its own policy, restart the application using the same process, reuse the process for another application, or simply terminate the process and application.

This function can be called when the process is in any state. It attempts to reset all process state and re-initialize it so that it can be reused.

Restarting an application can fail for two general reasons:

  1. The kernel chooses not to restart the application, based on its policy.

  2. The kernel decides to restart the application but fails to do so because Some state can no long be configured for the process. For example, the syscall state for the process fails to initialize.

After restart() runs the process will either be queued to run its the application’s _start function, terminated, or queued to run a different application’s _start function.

As the process will be terminated before being restarted, this function accepts an optional completion_code. If the process provided a completion code (e.g. via the exit syscall), then this should be called with Some(u32). If the kernel is trying to restart the process and the process did not provide a completion code, then this should be called with None.

Change the location of the program break and reallocate the MPU region covering program memory.

This will fail with an error if the process is no longer active. An inactive process will not run again without being reset, and changing the memory pointers is not valid at this point.

Change the location of the program break, reallocate the MPU region covering program memory, and return the previous break address.

This will fail with an error if the process is no longer active. An inactive process will not run again without being reset, and changing the memory pointers is not valid at this point.

The start address of allocated RAM for this process.

The first address after the end of the allocated RAM for this process.

The start address of the flash region allocated for this process.

The first address after the end of the flash region allocated for this process.

The lowest address of the grant region for the process.

How many writeable flash regions defined in the TBF header for this process.

Get the offset from the beginning of flash and the size of the defined writeable flash region.

Debug function to update the kernel on where the stack starts for this process. Processes are not required to call this through the memop system call, but it aids in debugging the process.

Debug function to update the kernel on where the process heap starts. Also optional.

Return the highest address the process has access to, or the current process memory brk.

Creates a ReadWriteProcessBuffer from the given offset and size in process memory.

Returns

In case of success, this method returns the created ReadWriteProcessBuffer.

In case of an error, an appropriate ErrorCode is returned:

  • If the memory is not contained in the process-accessible memory space / buf_start_addr and size are not a valid read-write buffer (any byte in the range is not read/write accessible to the process), ErrorCode::INVAL.
  • If the process is not active: ErrorCode::FAIL.
  • For all other errors: ErrorCode::FAIL.

Creates a ReadOnlyProcessBuffer from the given offset and size in process memory.

Returns

In case of success, this method returns the created ReadOnlyProcessBuffer.

In case of an error, an appropriate ErrorCode is returned:

  • If the memory is not contained in the process-accessible memory space / buf_start_addr and size are not a valid read-only buffer (any byte in the range is not read-accessible to the process), ErrorCode::INVAL.
  • If the process is not active: ErrorCode::FAIL.
  • For all other errors: ErrorCode::FAIL.

Set a single byte within the process address space at addr to value. Return true if addr is within the RAM bounds currently exposed to the process (thereby writable by the process itself) and the value was set, false otherwise.

Safety

This function verifies that the byte to be written is in the process’s accessible memory. However, to avoid undefined behavior the caller needs to ensure that no other references exist to the process’s memory before calling this function.

Get the first address of process’s flash that isn’t protected by the kernel. The protected range of flash contains the TBF header and potentially other state the kernel is storing on behalf of the process, and cannot be edited by the process.

Configure the MPU to use the process’s allocated regions.

It is not valid to call this function when the process is inactive (i.e. the process will not run again).

Allocate a new MPU region for the process that is at least min_region_size bytes and lies within the specified stretch of unallocated memory.

It is not valid to call this function when the process is inactive (i.e. the process will not run again).

Removes an MPU region from the process that has been previouly added with add_mpu_region.

It is not valid to call this function when the process is inactive (i.e. the process will not run again).

Allocate memory from the grant region and store the reference in the proper grant pointer index.

This function must check that doing the allocation does not cause the kernel memory break to go below the top of the process accessible memory region allowed by the MPU. Note, this can be different from the actual app_brk, as MPU alignment and size constraints may result in the MPU enforced region differing from the app_brk.

This will return None and fail if:

  • The process is inactive, or
  • There is not enough available memory to do the allocation, or
  • The grant_num is invalid, or
  • The grant_num already has an allocated grant.

Check if a given grant for this process has been allocated.

Returns None if the process is not active. Otherwise, returns true if the grant has been allocated, false otherwise.

Allocate memory from the grant region that is size bytes long and aligned to align bytes. This is used for creating custom grants which are not recorded in the grant pointer array, but are useful for capsules which need additional process-specific dynamically allocated memory.

If successful, return a Some() with an identifier that can be used with enter_custom_grant() to get access to the memory and the pointer to the memory which must be used to initialize the memory.

Enter the grant based on grant_num for this process.

Entering a grant means getting access to the actual memory for the object stored as the grant.

This will return an Err if the process is inactive of the grant_num is invalid, if the grant has not been allocated, or if the grant is already entered. If this returns Ok() then the pointer points to the previously allocated memory for this grant.

Enter a custom grant based on the identifier.

This retrieves a pointer to the previously allocated custom grant based on the identifier returned when the custom grant was allocated.

This returns an error if the custom grant is no longer accessible, or if the process is inactive.

Opposite of enter_grant(). Used to signal that the grant is no longer entered.

If grant_num is valid, this function cannot fail. If grant_num is invalid, this function will do nothing. If the process is inactive then grants are invalid and are not entered or not entered, and this function will do nothing.

Return the count of the number of allocated grant pointers if the process is active. This does not count custom grants.

Useful for debugging/inspecting the system.

Get the grant number (grant_num) associated with a given driver number if there is a grant associated with that driver_num.

Verify that an Upcall function pointer is within process-accessible memory.

Returns true if the upcall function pointer is valid for this process, and false otherwise.

Set the return value the process should see when it begins executing again after the syscall.

It is not valid to call this function when the process is inactive (i.e. the process will not run again).

This can fail, if the UKB implementation cannot correctly set the return value. An example of how this might occur:

  1. The UKB implementation uses the process’s stack to transfer values between kernelspace and userspace.
  2. The process calls memop.brk and reduces its accessible memory region below its current stack.
  3. The UKB implementation can no longer set the return value on the stack since the process no longer has access to its stack.

If it fails, the process will be put into the faulted state.

Set the function that is to be executed when the process is resumed.

It is not valid to call this function when the process is inactive (i.e. the process will not run again).

Context switch to a specific process.

This will return None if the process is inactive and cannot be switched to.

Return process state information related to the location in memory of various process data structures.

Return process state information related to the size in memory of various process data structures.

Print out the memory map (Grant region, heap, stack, program memory, BSS, and data sections) of this process.

Print out the full state of the process: its memory map, its context, and the state of the memory protection unit (MPU).

Returns how many syscalls this app has called.

Returns how many upcalls for this process have been dropped.

Returns how many times this process has exceeded its timeslice.

Increment the number of times the process has exceeded its timeslice.

Increment the number of times the process called a syscall and record the last syscall that was called.

Return the address of the start of the process heap, if known.

Return the address of the start of the process stack, if known.

Return the lowest recorded address of the process stack, if known.

Implementors