pub struct Kernel { /* private fields */ }
Expand description
Main object for the kernel. Each board will need to create one.
Implementations§
source§impl Kernel
impl Kernel
sourcepub fn new(processes: &'static [Option<&'static dyn Process>]) -> Kernel
pub fn new(processes: &'static [Option<&'static dyn Process>]) -> Kernel
Create the kernel object that knows about the list of processes.
Crucially, the processes included in the processes
array MUST be valid
to execute. Any credential checks or validation MUST happen before the
Process
object is included in this array.
sourcepub fn process_map_or_external<F, R>(
&self,
default: R,
processid: ProcessId,
closure: F,
_capability: &dyn ProcessManagementCapability,
) -> R
pub fn process_map_or_external<F, R>( &self, default: R, processid: ProcessId, closure: F, _capability: &dyn ProcessManagementCapability, ) -> R
Run a closure on a specific process if it exists. If the process with a
matching ProcessId
does not exist at the index specified within the
ProcessId
, then default
will be returned.
A match will not be found if the process was removed (and there is a
None
in the process array), if the process changed its identifier
(likely after being restarted), or if the process was moved to a
different index in the processes array. Note that a match will be
found if the process still exists in the correct location in the array
but is in any “stopped” state.
This is functionally the same as process_map_or()
, but this method is
available outside the kernel crate and requires a
ProcessManagementCapability
to use.
sourcepub fn process_each_capability<F>(
&'static self,
_capability: &dyn ProcessManagementCapability,
closure: F,
)
pub fn process_each_capability<F>( &'static self, _capability: &dyn ProcessManagementCapability, closure: F, )
Run a closure on every valid process. This will iterate the array of processes and call the closure on every process that exists.
This is functionally the same as process_each()
, but this method is
available outside the kernel crate and requires a
ProcessManagementCapability
to use.
sourcepub fn create_grant<T: Default, Upcalls: UpcallSize, AllowROs: AllowRoSize, AllowRWs: AllowRwSize>(
&'static self,
driver_num: usize,
_capability: &dyn MemoryAllocationCapability,
) -> Grant<T, Upcalls, AllowROs, AllowRWs>
pub fn create_grant<T: Default, Upcalls: UpcallSize, AllowROs: AllowRoSize, AllowRWs: AllowRwSize>( &'static self, driver_num: usize, _capability: &dyn MemoryAllocationCapability, ) -> Grant<T, Upcalls, AllowROs, AllowRWs>
Create a new grant. This is used in board initialization to setup grants that capsules use to interact with processes.
Grants must only be created before processes are initialized. Processes use the number of grants that have been allocated to correctly initialize the process’s memory with a pointer for each grant. If a grant is created after processes are initialized this will panic.
Calling this function is restricted to only certain users, and to
enforce this calling this function requires the
MemoryAllocationCapability
capability.
sourcepub fn get_grant_count_and_finalize_external(
&self,
_capability: &dyn ExternalProcessCapability,
) -> usize
pub fn get_grant_count_and_finalize_external( &self, _capability: &dyn ExternalProcessCapability, ) -> usize
Returns the number of grants that have been setup in the system and marks the grants as “finalized”. This means that no more grants can be created because data structures have been setup based on the number of grants when this function is called.
In practice, this is called when processes are created, and the process memory is setup based on the number of current grants.
This is exposed publicly, but restricted with a capability. The intent
is that external implementations of Process
need to be able to
retrieve the final number of grants.
sourcepub fn hardfault_all_apps<C: ProcessManagementCapability>(&self, _c: &C)
pub fn hardfault_all_apps<C: ProcessManagementCapability>(&self, _c: &C)
Cause all apps to fault.
This will call set_fault_state()
on each app, causing the app to enter
the state as if it had crashed (for example with an MPU violation). If
the process is configured to be restarted it will be.
Only callers with the ProcessManagementCapability
can call this
function. This restricts general capsules from being able to call this
function, since capsules should not be able to arbitrarily restart all
apps.
sourcepub fn kernel_loop_operation<KR: KernelResources<C>, C: Chip, const NUM_PROCS: u8>(
&self,
resources: &KR,
chip: &C,
ipc: Option<&IPC<NUM_PROCS>>,
no_sleep: bool,
_capability: &dyn MainLoopCapability,
)
pub fn kernel_loop_operation<KR: KernelResources<C>, C: Chip, const NUM_PROCS: u8>( &self, resources: &KR, chip: &C, ipc: Option<&IPC<NUM_PROCS>>, no_sleep: bool, _capability: &dyn MainLoopCapability, )
Perform one iteration of the core Tock kernel loop.
This function is responsible for three main operations:
- Check if the kernel itself has any work to be done and if the scheduler wants to complete that work now. If so, it allows the kernel to run.
- Check if any processes have any work to be done, and if so if the scheduler wants to allow any processes to run now, and if so which one.
- After ensuring the scheduler does not want to complete any kernel or process work (or there is no work to be done), are there are no outstanding interrupts to handle, put the chip to sleep.
This function has one configuration option: no_sleep
. If that argument
is set to true, the kernel will never attempt to put the chip to sleep,
and this function can be called again immediately.
sourcepub fn kernel_loop<KR: KernelResources<C>, C: Chip, const NUM_PROCS: u8>(
&self,
resources: &KR,
chip: &C,
ipc: Option<&IPC<NUM_PROCS>>,
capability: &dyn MainLoopCapability,
) -> !
pub fn kernel_loop<KR: KernelResources<C>, C: Chip, const NUM_PROCS: u8>( &self, resources: &KR, chip: &C, ipc: Option<&IPC<NUM_PROCS>>, capability: &dyn MainLoopCapability, ) -> !
Main loop of the OS.
Most of the behavior of this loop is controlled by the Scheduler
implementation in use.