Struct kernel::Kernel

pub struct Kernel { /* private fields */ }

Main object for the kernel. Each board will need to create one.

Implementations

impl Kernel

pub fn new(processes: &'static [Option<&'static dyn Process>]) -> Kernel

Create the kernel object that knows about the list of processes.

Crucially, the processes included in the processes array MUST be valid to execute. Any credential checks or validation MUST happen before the Process object is included in this array.

pub fn process_map_or_external<F, R>( &self, default: R, processid: ProcessId, closure: F, _capability: &dyn ProcessManagementCapability, ) -> R

where F: FnOnce(&dyn Process) -> R,

Run a closure on a specific process if it exists. If the process with a matching ProcessId does not exist at the index specified within the ProcessId, then default will be returned.

A match will not be found if the process was removed (and there is a None in the process array), if the process changed its identifier (likely after being restarted), or if the process was moved to a different index in the processes array. Note that a match will be found if the process still exists in the correct location in the array but is in any “stopped” state.

This is functionally the same as process_map_or(), but this method is available outside the kernel crate and requires a ProcessManagementCapability to use.

pub fn process_each_capability<F>( &'static self, _capability: &dyn ProcessManagementCapability, closure: F, )

where F: FnMut(&dyn Process),

Run a closure on every valid process. This will iterate the array of processes and call the closure on every process that exists.

This is functionally the same as process_each(), but this method is available outside the kernel crate and requires a ProcessManagementCapability to use.

pub fn create_grant<T: Default, Upcalls: UpcallSize, AllowROs: AllowRoSize, AllowRWs: AllowRwSize>( &'static self, driver_num: usize, _capability: &dyn MemoryAllocationCapability, ) -> Grant<T, Upcalls, AllowROs, AllowRWs>

Create a new grant. This is used in board initialization to setup grants that capsules use to interact with processes.

Grants must only be created before processes are initialized. Processes use the number of grants that have been allocated to correctly initialize the process’s memory with a pointer for each grant. If a grant is created after processes are initialized this will panic.

Calling this function is restricted to only certain users, and to enforce this calling this function requires the MemoryAllocationCapability capability.

pub fn get_grant_count_and_finalize_external( &self, _capability: &dyn ExternalProcessCapability, ) -> usize

Returns the number of grants that have been setup in the system and marks the grants as “finalized”. This means that no more grants can be created because data structures have been setup based on the number of grants when this function is called.

In practice, this is called when processes are created, and the process memory is setup based on the number of current grants.

This is exposed publicly, but restricted with a capability. The intent is that external implementations of Process need to be able to retrieve the final number of grants.

pub fn hardfault_all_apps<C: ProcessManagementCapability>(&self, _c: &C)

Cause all apps to fault.

This will call set_fault_state() on each app, causing the app to enter the state as if it had crashed (for example with an MPU violation). If the process is configured to be restarted it will be.

Only callers with the ProcessManagementCapability can call this function. This restricts general capsules from being able to call this function, since capsules should not be able to arbitrarily restart all apps.

pub fn kernel_loop_operation<KR: KernelResources<C>, C: Chip, const NUM_PROCS: u8>( &self, resources: &KR, chip: &C, ipc: Option<&IPC<NUM_PROCS>>, no_sleep: bool, _capability: &dyn MainLoopCapability, )

Perform one iteration of the core Tock kernel loop.

This function is responsible for three main operations:

1. Check if the kernel itself has any work to be done and if the scheduler wants to complete that work now. If so, it allows the kernel to run.
2. Check if any processes have any work to be done, and if so if the scheduler wants to allow any processes to run now, and if so which one.
3. After ensuring the scheduler does not want to complete any kernel or process work (or there is no work to be done), are there are no outstanding interrupts to handle, put the chip to sleep.

This function has one configuration option: no_sleep. If that argument is set to true, the kernel will never attempt to put the chip to sleep, and this function can be called again immediately.

pub fn kernel_loop<KR: KernelResources<C>, C: Chip, const NUM_PROCS: u8>( &self, resources: &KR, chip: &C, ipc: Option<&IPC<NUM_PROCS>>, capability: &dyn MainLoopCapability, ) -> !

Main loop of the OS.

Most of the behavior of this loop is controlled by the Scheduler implementation in use.