kernel/
syscall_driver.rs

1// Licensed under the Apache License, Version 2.0 or the MIT License.
2// SPDX-License-Identifier: Apache-2.0 OR MIT
3// Copyright Tock Contributors 2022.
4
5//! System call interface for userspace processes implemented by capsules.
6//!
7//! Drivers implement these interfaces to expose operations to processes.
8
9use crate::errorcode::ErrorCode;
10use crate::process;
11use crate::process::ProcessId;
12use crate::processbuffer::UserspaceReadableProcessBuffer;
13use crate::syscall::SyscallReturn;
14
15/// Possible return values of a `command` driver method, as specified in TRD104.
16///
17/// This is just a wrapper around [`SyscallReturn`] since a `command` driver
18/// method may only return primitive integer types as payload.
19///
20/// It is important for this wrapper to only be constructable over variants of
21/// [`SyscallReturn`] that are deemed safe for a capsule to construct and return
22/// to an application (e.g. not
23/// [`SubscribeSuccess`](crate::syscall::SyscallReturn::SubscribeSuccess)). This
24/// means that the inner value **must** remain private.
25pub struct CommandReturn(SyscallReturn);
26
27impl CommandReturn {
28    pub(crate) fn into_inner(self) -> SyscallReturn {
29        self.0
30    }
31
32    /// Command error
33    pub fn failure(rc: ErrorCode) -> Self {
34        CommandReturn(SyscallReturn::Failure(rc))
35    }
36
37    /// Command error with an additional 32-bit data field
38    pub fn failure_u32(rc: ErrorCode, data0: u32) -> Self {
39        CommandReturn(SyscallReturn::FailureU32(rc, data0))
40    }
41
42    /// Command error with two additional 32-bit data fields
43    pub fn failure_u32_u32(rc: ErrorCode, data0: u32, data1: u32) -> Self {
44        CommandReturn(SyscallReturn::FailureU32U32(rc, data0, data1))
45    }
46
47    /// Command error with an additional 64-bit data field
48    pub fn failure_u64(rc: ErrorCode, data0: u64) -> Self {
49        CommandReturn(SyscallReturn::FailureU64(rc, data0))
50    }
51
52    /// Successful command
53    pub fn success() -> Self {
54        CommandReturn(SyscallReturn::Success)
55    }
56
57    /// Successful command with an additional 32-bit data field
58    pub fn success_u32(data0: u32) -> Self {
59        CommandReturn(SyscallReturn::SuccessU32(data0))
60    }
61
62    /// Successful command with two additional 32-bit data fields
63    pub fn success_u32_u32(data0: u32, data1: u32) -> Self {
64        CommandReturn(SyscallReturn::SuccessU32U32(data0, data1))
65    }
66
67    /// Successful command with three additional 32-bit data fields
68    pub fn success_u32_u32_u32(data0: u32, data1: u32, data2: u32) -> Self {
69        CommandReturn(SyscallReturn::SuccessU32U32U32(data0, data1, data2))
70    }
71
72    /// Successful command with an additional 64-bit data field
73    pub fn success_u64(data0: u64) -> Self {
74        CommandReturn(SyscallReturn::SuccessU64(data0))
75    }
76
77    /// Successful command with an additional 64-bit and 32-bit data field
78    pub fn success_u32_u64(data0: u32, data1: u64) -> Self {
79        CommandReturn(SyscallReturn::SuccessU32U64(data0, data1))
80    }
81
82    /// Returns true if this [`CommandReturn`] is of type
83    /// [`SyscallReturn::Failure`].
84    pub fn is_failure(&self) -> bool {
85        matches!(self.0, SyscallReturn::Failure(_))
86    }
87
88    /// Returns true if this [`CommandReturn`] is of type
89    /// [`SyscallReturn::FailureU32`].
90    pub fn is_failure_u32(&self) -> bool {
91        matches!(self.0, SyscallReturn::FailureU32(_, _))
92    }
93
94    /// Returns true if this [`CommandReturn`] is of type
95    /// [`SyscallReturn::FailureU32U32`].
96    pub fn is_failure_2_u32(&self) -> bool {
97        matches!(self.0, SyscallReturn::FailureU32U32(_, _, _))
98    }
99
100    /// Returns true if this [`CommandReturn`] is of type
101    /// [`SyscallReturn::FailureU64`].
102    pub fn is_failure_u64(&self) -> bool {
103        matches!(self.0, SyscallReturn::FailureU64(_, _))
104    }
105
106    /// Returns true if this [`CommandReturn`] is of type
107    /// [`SyscallReturn::Success`]. Note that this does not return true for
108    /// other success types, such as [`SyscallReturn::SuccessU32`].
109    pub fn is_success(&self) -> bool {
110        matches!(self.0, SyscallReturn::Success)
111    }
112
113    /// Returns true if this [`CommandReturn`] is of type
114    /// [`SyscallReturn::SuccessU32`].
115    pub fn is_success_u32(&self) -> bool {
116        matches!(self.0, SyscallReturn::SuccessU32(_))
117    }
118
119    /// Returns true if this [`CommandReturn`] is of type
120    /// [`SyscallReturn::SuccessU32U32`].
121    pub fn is_success_2_u32(&self) -> bool {
122        matches!(self.0, SyscallReturn::SuccessU32U32(_, _))
123    }
124
125    /// Returns true if this [`CommandReturn`] is of type
126    /// [`SyscallReturn::SuccessU64`].
127    pub fn is_success_u64(&self) -> bool {
128        matches!(self.0, SyscallReturn::SuccessU64(_))
129    }
130
131    /// Returns true if this [`CommandReturn`] is of type
132    /// [`SyscallReturn::SuccessU32U32U32`].
133    pub fn is_success_3_u32(&self) -> bool {
134        matches!(self.0, SyscallReturn::SuccessU32U32U32(_, _, _))
135    }
136
137    /// Returns true if this CommandReturn is of type
138    /// [`SyscallReturn::SuccessU32U64`].
139    pub fn is_success_u32_u64(&self) -> bool {
140        matches!(self.0, SyscallReturn::SuccessU32U64(_, _))
141    }
142
143    /// Returns the [`ErrorCode`] if this [`CommandReturn`] is of type
144    /// [`SyscallReturn::Failure`].
145    pub fn get_failure(&self) -> Option<ErrorCode> {
146        match self.0 {
147            SyscallReturn::Failure(r1) => Some(r1),
148            _ => None,
149        }
150    }
151
152    /// Returns the [`ErrorCode`] and value if this [`CommandReturn`] is of type
153    /// [`SyscallReturn::FailureU32`].
154    pub fn get_failure_u32(&self) -> Option<(ErrorCode, u32)> {
155        match self.0 {
156            SyscallReturn::FailureU32(r1, r2) => Some((r1, r2)),
157            _ => None,
158        }
159    }
160
161    /// Returns the [`ErrorCode`] and values if this [`CommandReturn`] is of type
162    /// [`SyscallReturn::FailureU32U32`].
163    pub fn get_failure_2_u32(&self) -> Option<(ErrorCode, u32, u32)> {
164        match self.0 {
165            SyscallReturn::FailureU32U32(r1, r2, r3) => Some((r1, r2, r3)),
166            _ => None,
167        }
168    }
169
170    /// Returns the [`ErrorCode`] and value if this [`CommandReturn`] is of type
171    ///  [`SyscallReturn::FailureU64`].
172    pub fn get_failure_u64(&self) -> Option<(ErrorCode, u64)> {
173        match self.0 {
174            SyscallReturn::FailureU64(r1, r2) => Some((r1, r2)),
175            _ => None,
176        }
177    }
178
179    /// Returns the value if this [`CommandReturn`] is of type
180    /// [`SyscallReturn::SuccessU32`].
181    pub fn get_success_u32(&self) -> Option<u32> {
182        match self.0 {
183            SyscallReturn::SuccessU32(r1) => Some(r1),
184            _ => None,
185        }
186    }
187
188    /// Returns the values if this [`CommandReturn`] is of type
189    /// [`SyscallReturn::SuccessU32U32`].
190    pub fn get_success_2_u32(&self) -> Option<(u32, u32)> {
191        match self.0 {
192            SyscallReturn::SuccessU32U32(r1, r2) => Some((r1, r2)),
193            _ => None,
194        }
195    }
196
197    /// Returns the value if this [`CommandReturn`] is of type
198    /// [`SyscallReturn::SuccessU64`].
199    pub fn get_success_u64(&self) -> Option<u64> {
200        match self.0 {
201            SyscallReturn::SuccessU64(r1) => Some(r1),
202            _ => None,
203        }
204    }
205
206    /// Returns the values if this [`CommandReturn`] is of type
207    /// [`SyscallReturn::SuccessU32U32U32`].
208    pub fn get_success_3_u32(&self) -> Option<(u32, u32, u32)> {
209        match self.0 {
210            SyscallReturn::SuccessU32U32U32(r1, r2, r3) => Some((r1, r2, r3)),
211            _ => None,
212        }
213    }
214
215    /// Returns the values if this [`CommandReturn`] is of type
216    /// [`SyscallReturn::SuccessU32U64`].
217    pub fn get_success_u32_u64(&self) -> Option<(u32, u64)> {
218        match self.0 {
219            SyscallReturn::SuccessU32U64(r1, r2) => Some((r1, r2)),
220            _ => None,
221        }
222    }
223}
224
225impl From<Result<(), ErrorCode>> for CommandReturn {
226    fn from(rc: Result<(), ErrorCode>) -> Self {
227        match rc {
228            Ok(()) => CommandReturn::success(),
229            Err(e) => CommandReturn::failure(e),
230        }
231    }
232}
233
234impl From<process::Error> for CommandReturn {
235    fn from(perr: process::Error) -> Self {
236        CommandReturn::failure(perr.into())
237    }
238}
239
240/// Trait for capsules implementing peripheral driver system calls specified in
241/// TRD104.
242///
243/// The kernel translates the values passed from userspace into Rust
244/// types and includes which process is making the call. All of these
245/// system calls perform very little synchronous work; long running
246/// computations or I/O should be split-phase, with an upcall
247/// indicating their completion.
248///
249/// The exact instances of each of these methods (which identifiers are valid
250/// and what they represents) are specific to the peripheral system call driver.
251///
252/// Note about `subscribe`, `read-only allow`, and `read-write allow` syscalls:
253/// those are handled entirely by the core kernel, and there is no corresponding
254/// function for capsules to implement.
255#[allow(unused_variables)]
256pub trait SyscallDriver {
257    /// System call for a process to perform a short synchronous operation or
258    /// start a long-running split-phase operation (whose completion is signaled
259    /// with an upcall). Command 0 is a reserved command to detect if a
260    /// peripheral system call driver is installed and must always return a
261    /// [`CommandReturn::success`].
262    fn command(
263        &self,
264        command_num: usize,
265        r2: usize,
266        r3: usize,
267        process_id: ProcessId,
268    ) -> CommandReturn {
269        CommandReturn::failure(ErrorCode::NOSUPPORT)
270    }
271
272    /// System call for a process to pass a buffer (a
273    /// [`UserspaceReadableProcessBuffer`]) to the kernel that the kernel can
274    /// either read or write. The kernel calls this method only after it checks
275    /// that the entire buffer is within memory the process can both read and
276    /// write.
277    ///
278    /// This is different to `allow_readwrite` in that the app is allowed to
279    /// read the buffer once it has been passed to the kernel. For more details
280    /// on how this can be done safely see the userspace readable allow syscalls
281    /// TRDXXX.
282    fn allow_userspace_readable(
283        &self,
284        app: ProcessId,
285        which: usize,
286        slice: UserspaceReadableProcessBuffer,
287    ) -> Result<UserspaceReadableProcessBuffer, (UserspaceReadableProcessBuffer, ErrorCode)> {
288        Err((slice, ErrorCode::NOSUPPORT))
289    }
290
291    /// Request to allocate a capsule's grant for a specific process.
292    ///
293    /// The core kernel uses this function to instruct a capsule to ensure its
294    /// grant (if it has one) is allocated for a specific process. The core
295    /// kernel needs the capsule to initiate the allocation because only the
296    /// capsule knows the type `T` (and therefore the size of `T`) that will be
297    /// stored in the grant.
298    ///
299    /// The typical implementation will look like:
300    /// ```rust, ignore
301    /// fn allocate_grant(&self, processid: ProcessId) -> Result<(), kernel::process::Error> {
302    ///    self.apps.enter(processid, |_, _| {})
303    /// }
304    /// ```
305    ///
306    /// No default implementation is provided to help prevent accidentally
307    /// forgetting to implement this function.
308    ///
309    /// If a capsule fails to successfully implement this function, subscribe
310    /// calls from userspace for the [`SyscallDriver`] may fail.
311    //
312    // The inclusion of this function originates from the method for ensuring
313    // correct upcall swapping semantics in the kernel starting with Tock 2.0.
314    // To ensure upcalls are always swapped correctly all upcall handling is
315    // done in the core kernel. Capsules only have access to a handle which
316    // permits them to schedule upcalls, but capsules no longer manage upcalls.
317    //
318    // The core kernel stores upcalls in the process's grant region along with
319    // the capsule's grant object. A simultaneous Tock 2.0 change requires that
320    // capsules wishing to use upcalls must also use grants. Storing upcalls in
321    // the grant requires that the grant be allocated for that capsule in that
322    // process. This presents a challenge as grants are dynamically allocated
323    // only when actually used by a process. If a subscribe syscall happens
324    // first, before the capsule has allocated the grant, the kernel has no way
325    // to store the upcall. The kernel cannot allocate the grant itself because
326    // it does not know the type T the capsule will use for the grant (or more
327    // specifically the kernel does not know the size of T to use for the memory
328    // allocation).
329    //
330    // There are a few ideas on how to handle this case where the kernel must
331    // store an upcall before the capsule has allocated the grant.
332    //
333    // 1. The kernel could allocate space for the grant type T, but not actually
334    //    initialize it, based only on the size of T. However, this would
335    //    require the kernel to keep track of the size of T for each grant, and
336    //    there is no convenient place to store that information.
337    //
338    // 2. The kernel could store upcalls and grant types separately in the grant
339    //    region.
340    //
341    //    a. One approach is to store upcalls completely dynamically. That is,
342    //       whenever a new subscribe_num is used for a particular driver the
343    //       core kernel allocates new memory from the grant region to store it.
344    //       This would work, but would have high memory and runtime overhead to
345    //       manage all of the dynamic upcall stores.
346    //    b. To reduce the tracking overhead, all upcalls for a particular
347    //       driver could be stored together as one allocation. This would only
348    //       cost one additional pointer per grant to point to the upcall array.
349    //       However, the kernel does not know how many upcalls a particular
350    //       driver needs, and there is no convenient place for it to store that
351    //       information.
352    //
353    // 3. The kernel could allocate a fixed region for all upcalls across all
354    //    drivers in the grant region. When each grant is created it could tell
355    //    the kernel how many upcalls it will use and the kernel could easily
356    //    keep track of the total. Then, when a process's memory is allocated
357    //    the kernel would reserve room for that many upcalls. There are two
358    //    issues, however. The kernel would not know how many upcalls each
359    //    driver individually requires, so it would not be able to index into
360    //    this array properly to store each upcall. Second, the upcall array
361    //    memory would be statically allocated, and would be wasted for drivers
362    //    the process never uses.
363    //
364    //    A version of this approach would assume a maximum limit of a certain
365    //    number of upcalls per driver. This would address the indexing
366    //    challenge, but would still have the memory overhead problem. It would
367    //    also limit capsule flexibility by capping the number of upcalls any
368    //    capsule could ever use.
369    //
370    // 4. The kernel could have some mechanism to ask a capsule to allocate its
371    //    grant, and since the capsule knows the size of T and the number of
372    //    upcalls it uses the grant type and upcall storage could be allocated
373    //    together.
374    //
375    // Based on the available options, the Tock developers decided go with
376    // option 4 and add the `allocate_grant` method to the `SyscallDriver`
377    // trait. This mechanism may find more uses in the future if the kernel
378    // needs to store additional state on a per-driver basis and therefore needs
379    // a mechanism to force a grant allocation.
380    //
381    // This same mechanism was later extended to handle allow calls as well.
382    // Capsules that do not need upcalls but do use process buffers must also
383    // implement this function.
384    fn allocate_grant(&self, process_id: ProcessId) -> Result<(), crate::process::Error>;
385}
386
387#[cfg(test)]
388mod test {
389    use crate::syscall_driver::CommandReturn;
390    use crate::ErrorCode;
391
392    #[test]
393    fn failure() {
394        let command_return = CommandReturn::failure(ErrorCode::RESERVE);
395        assert!(command_return.is_failure());
396        assert!(!command_return.is_failure_u32());
397        assert!(!command_return.is_failure_2_u32());
398        assert!(!command_return.is_failure_u64());
399        assert!(!command_return.is_success());
400        assert!(!command_return.is_success_u32());
401        assert!(!command_return.is_success_2_u32());
402        assert!(!command_return.is_success_u64());
403        assert!(!command_return.is_success_3_u32());
404        assert!(!command_return.is_success_u32_u64());
405        assert_eq!(command_return.get_failure(), Some(ErrorCode::RESERVE));
406        assert_eq!(command_return.get_failure_u32(), None);
407        assert_eq!(command_return.get_failure_2_u32(), None);
408        assert_eq!(command_return.get_failure_u64(), None);
409        assert_eq!(command_return.get_success_u32(), None);
410        assert_eq!(command_return.get_success_2_u32(), None);
411        assert_eq!(command_return.get_success_u64(), None);
412        assert_eq!(command_return.get_success_3_u32(), None);
413        assert_eq!(command_return.get_success_u32_u64(), None);
414    }
415
416    #[test]
417    fn failure_u32() {
418        let command_return = CommandReturn::failure_u32(ErrorCode::OFF, 1002);
419        assert!(!command_return.is_failure());
420        assert!(command_return.is_failure_u32());
421        assert!(!command_return.is_failure_2_u32());
422        assert!(!command_return.is_failure_u64());
423        assert!(!command_return.is_success());
424        assert!(!command_return.is_success_u32());
425        assert!(!command_return.is_success_2_u32());
426        assert!(!command_return.is_success_u64());
427        assert!(!command_return.is_success_3_u32());
428        assert!(!command_return.is_success_u32_u64());
429        assert_eq!(command_return.get_failure(), None);
430        assert_eq!(
431            command_return.get_failure_u32(),
432            Some((ErrorCode::OFF, 1002))
433        );
434        assert_eq!(command_return.get_failure_2_u32(), None);
435        assert_eq!(command_return.get_failure_u64(), None);
436        assert_eq!(command_return.get_success_u32(), None);
437        assert_eq!(command_return.get_success_2_u32(), None);
438        assert_eq!(command_return.get_success_u64(), None);
439        assert_eq!(command_return.get_success_3_u32(), None);
440        assert_eq!(command_return.get_success_u32_u64(), None);
441    }
442
443    #[test]
444    fn failure_2_u32() {
445        let command_return = CommandReturn::failure_u32_u32(ErrorCode::ALREADY, 1002, 1003);
446        assert!(!command_return.is_failure());
447        assert!(!command_return.is_failure_u32());
448        assert!(command_return.is_failure_2_u32());
449        assert!(!command_return.is_failure_u64());
450        assert!(!command_return.is_success());
451        assert!(!command_return.is_success_u32());
452        assert!(!command_return.is_success_2_u32());
453        assert!(!command_return.is_success_u64());
454        assert!(!command_return.is_success_3_u32());
455        assert!(!command_return.is_success_u32_u64());
456        assert_eq!(command_return.get_failure(), None);
457        assert_eq!(command_return.get_failure_u32(), None);
458        assert_eq!(
459            command_return.get_failure_2_u32(),
460            Some((ErrorCode::ALREADY, 1002, 1003))
461        );
462        assert_eq!(command_return.get_failure_u64(), None);
463        assert_eq!(command_return.get_success_u32(), None);
464        assert_eq!(command_return.get_success_2_u32(), None);
465        assert_eq!(command_return.get_success_u64(), None);
466        assert_eq!(command_return.get_success_3_u32(), None);
467        assert_eq!(command_return.get_success_u32_u64(), None);
468    }
469
470    #[test]
471    fn failure_u64() {
472        let command_return = CommandReturn::failure_u64(ErrorCode::BUSY, 0x0000_1003_0000_1002);
473        assert!(!command_return.is_failure());
474        assert!(!command_return.is_failure_u32());
475        assert!(!command_return.is_failure_2_u32());
476        assert!(command_return.is_failure_u64());
477        assert!(!command_return.is_success());
478        assert!(!command_return.is_success_u32());
479        assert!(!command_return.is_success_2_u32());
480        assert!(!command_return.is_success_u64());
481        assert!(!command_return.is_success_3_u32());
482        assert!(!command_return.is_success_u32_u64());
483        assert_eq!(command_return.get_failure(), None);
484        assert_eq!(command_return.get_failure_u32(), None);
485        assert_eq!(command_return.get_failure_2_u32(), None);
486        assert_eq!(
487            command_return.get_failure_u64(),
488            Some((ErrorCode::BUSY, 0x0000_1003_0000_1002))
489        );
490        assert_eq!(command_return.get_success_u32(), None);
491        assert_eq!(command_return.get_success_2_u32(), None);
492        assert_eq!(command_return.get_success_u64(), None);
493        assert_eq!(command_return.get_success_3_u32(), None);
494        assert_eq!(command_return.get_success_u32_u64(), None);
495    }
496
497    #[test]
498    fn success() {
499        let command_return = CommandReturn::success();
500        assert!(!command_return.is_failure());
501        assert!(!command_return.is_failure_u32());
502        assert!(!command_return.is_failure_2_u32());
503        assert!(!command_return.is_failure_u64());
504        assert!(command_return.is_success());
505        assert!(!command_return.is_success_u32());
506        assert!(!command_return.is_success_2_u32());
507        assert!(!command_return.is_success_u64());
508        assert!(!command_return.is_success_3_u32());
509        assert!(!command_return.is_success_u32_u64());
510        assert_eq!(command_return.get_failure(), None);
511        assert_eq!(command_return.get_failure_u32(), None);
512        assert_eq!(command_return.get_failure_2_u32(), None);
513        assert_eq!(command_return.get_failure_u64(), None);
514        assert_eq!(command_return.get_success_u32(), None);
515        assert_eq!(command_return.get_success_2_u32(), None);
516        assert_eq!(command_return.get_success_u64(), None);
517        assert_eq!(command_return.get_success_3_u32(), None);
518        assert_eq!(command_return.get_success_u32_u64(), None);
519    }
520
521    #[test]
522    fn success_u32() {
523        let command_return = CommandReturn::success_u32(1001);
524        assert!(!command_return.is_failure());
525        assert!(!command_return.is_failure_u32());
526        assert!(!command_return.is_failure_2_u32());
527        assert!(!command_return.is_failure_u64());
528        assert!(!command_return.is_success());
529        assert!(command_return.is_success_u32());
530        assert!(!command_return.is_success_2_u32());
531        assert!(!command_return.is_success_u64());
532        assert!(!command_return.is_success_3_u32());
533        assert!(!command_return.is_success_u32_u64());
534        assert_eq!(command_return.get_failure(), None);
535        assert_eq!(command_return.get_failure_u32(), None);
536        assert_eq!(command_return.get_failure_2_u32(), None);
537        assert_eq!(command_return.get_failure_u64(), None);
538        assert_eq!(command_return.get_success_u32(), Some(1001));
539        assert_eq!(command_return.get_success_2_u32(), None);
540        assert_eq!(command_return.get_success_u64(), None);
541        assert_eq!(command_return.get_success_3_u32(), None);
542        assert_eq!(command_return.get_success_u32_u64(), None);
543    }
544
545    #[test]
546    fn success_2_u32() {
547        let command_return = CommandReturn::success_u32_u32(1001, 1002);
548        assert!(!command_return.is_failure());
549        assert!(!command_return.is_failure_u32());
550        assert!(!command_return.is_failure_2_u32());
551        assert!(!command_return.is_failure_u64());
552        assert!(!command_return.is_success());
553        assert!(!command_return.is_success_u32());
554        assert!(command_return.is_success_2_u32());
555        assert!(!command_return.is_success_u64());
556        assert!(!command_return.is_success_3_u32());
557        assert!(!command_return.is_success_u32_u64());
558        assert_eq!(command_return.get_failure(), None);
559        assert_eq!(command_return.get_failure_u32(), None);
560        assert_eq!(command_return.get_failure_2_u32(), None);
561        assert_eq!(command_return.get_failure_u64(), None);
562        assert_eq!(command_return.get_success_u32(), None);
563        assert_eq!(command_return.get_success_2_u32(), Some((1001, 1002)));
564        assert_eq!(command_return.get_success_u64(), None);
565        assert_eq!(command_return.get_success_3_u32(), None);
566        assert_eq!(command_return.get_success_u32_u64(), None);
567    }
568
569    #[test]
570    fn success_u64() {
571        let command_return = CommandReturn::success_u64(0x0000_1002_0000_1001);
572        assert!(!command_return.is_failure());
573        assert!(!command_return.is_failure_u32());
574        assert!(!command_return.is_failure_2_u32());
575        assert!(!command_return.is_failure_u64());
576        assert!(!command_return.is_success());
577        assert!(!command_return.is_success_u32());
578        assert!(!command_return.is_success_2_u32());
579        assert!(command_return.is_success_u64());
580        assert!(!command_return.is_success_3_u32());
581        assert!(!command_return.is_success_u32_u64());
582        assert_eq!(command_return.get_failure(), None);
583        assert_eq!(command_return.get_failure_u32(), None);
584        assert_eq!(command_return.get_failure_2_u32(), None);
585        assert_eq!(command_return.get_failure_u64(), None);
586        assert_eq!(command_return.get_success_u32(), None);
587        assert_eq!(command_return.get_success_2_u32(), None);
588        assert_eq!(
589            command_return.get_success_u64(),
590            Some(0x0000_1002_0000_1001)
591        );
592        assert_eq!(command_return.get_success_3_u32(), None);
593        assert_eq!(command_return.get_success_u32_u64(), None);
594    }
595
596    #[test]
597    fn success_3_u32() {
598        let command_return = CommandReturn::success_u32_u32_u32(1001, 1002, 1003);
599        assert!(!command_return.is_failure());
600        assert!(!command_return.is_failure_u32());
601        assert!(!command_return.is_failure_2_u32());
602        assert!(!command_return.is_failure_u64());
603        assert!(!command_return.is_success());
604        assert!(!command_return.is_success_u32());
605        assert!(!command_return.is_success_2_u32());
606        assert!(!command_return.is_success_u64());
607        assert!(command_return.is_success_3_u32());
608        assert!(!command_return.is_success_u32_u64());
609        assert_eq!(command_return.get_failure(), None);
610        assert_eq!(command_return.get_failure_u32(), None);
611        assert_eq!(command_return.get_failure_2_u32(), None);
612        assert_eq!(command_return.get_failure_u64(), None);
613        assert_eq!(command_return.get_success_u32(), None);
614        assert_eq!(command_return.get_success_2_u32(), None);
615        assert_eq!(command_return.get_success_u64(), None);
616        assert_eq!(command_return.get_success_3_u32(), Some((1001, 1002, 1003)));
617        assert_eq!(command_return.get_success_u32_u64(), None);
618    }
619
620    #[test]
621    fn success_u32_u64() {
622        let command_return = CommandReturn::success_u32_u64(1001, 0x0000_1003_0000_1002);
623        assert!(!command_return.is_failure());
624        assert!(!command_return.is_failure_u32());
625        assert!(!command_return.is_failure_2_u32());
626        assert!(!command_return.is_failure_u64());
627        assert!(!command_return.is_success());
628        assert!(!command_return.is_success_u32());
629        assert!(!command_return.is_success_2_u32());
630        assert!(!command_return.is_success_u64());
631        assert!(!command_return.is_success_3_u32());
632        assert!(command_return.is_success_u32_u64());
633        assert_eq!(command_return.get_failure(), None);
634        assert_eq!(command_return.get_failure_u32(), None);
635        assert_eq!(command_return.get_failure_2_u32(), None);
636        assert_eq!(command_return.get_failure_u64(), None);
637        assert_eq!(command_return.get_success_u32(), None);
638        assert_eq!(command_return.get_success_2_u32(), None);
639        assert_eq!(command_return.get_success_u64(), None);
640        assert_eq!(command_return.get_success_3_u32(), None);
641        assert_eq!(
642            command_return.get_success_u32_u64(),
643            Some((1001, 0x0000_1003_0000_1002))
644        );
645    }
646}