Skip to main content

State

lion_core::state

Struct State 

Source 
pub struct State { /* private fields */ }
Expand description

Complete system state

Corresponds to Lean: @[ext] structure State

INVARIANTS:

  • All state transitions preserve isolation (non-active plugins unchanged)
  • Temporal safety: freed resources stay freed
  • Capability validity is checked at use time
  • All collections are sorted by key for deterministic iteration
  • Single source of truth: logical time lives in kernel.now, not duplicated here

Implementations§

Source§

impl State

Source

pub fn empty() -> Self

Create a new empty state

Source

pub fn plugin_memory(&self, pid: PluginId) -> Option<&LinearMemory>

Get plugin memory

Corresponds to Lean: def State.plugin_memory

Source

pub fn plugin_level(&self, pid: PluginId) -> Option<SecurityLevel>

Get plugin security level

Corresponds to Lean: def State.plugin_level

Source

pub fn resource_level(&self, rid: ResourceId) -> Option<SecurityLevel>

Get resource security level

Corresponds to Lean: def State.resource_level

Source

pub fn get_cap(&self, cap_id: CapId) -> Option<&Capability>

Get capability from kernel

Corresponds to Lean: def State.get_cap

Source

pub fn cap_is_valid(&self, cap_id: CapId) -> bool

Check if capability is valid in current state

Corresponds to Lean: def State.cap_is_valid

Source

pub fn plugin_holds(&self, pid: PluginId, cap_id: CapId) -> bool

Check if plugin holds capability by ID

Corresponds to Lean: def State.plugin_holds

Source

pub fn apply_alloc(&self, owner: PluginId, _size: Size) -> Self

Allocate resource, update ghost history

Corresponds to Lean: def State.apply_alloc

Source

pub fn apply_alloc_mut(&mut self, owner: PluginId, _size: Size) -> MemAddr

Allocate resource (mutating version)

Source

pub fn apply_free(&self, addr: MemAddr) -> Result<Self, StateError>

Free resource, mark as dead in ghost history

Corresponds to Lean: def State.apply_free

SECURITY: This checks for dangling capabilities before freeing. If any valid capability targets this address, freeing it would create a USE-AFTER-FREE vulnerability.

§Errors

Returns StateError::DanglingCapability if a valid capability still targets the address.

Source

pub fn apply_free_mut(&mut self, addr: MemAddr) -> Result<(), StateError>

Free resource (mutating version)

SECURITY: Checks for dangling capabilities before freeing. Requires the resource to be currently allocated (not unallocated or already freed).

§Errors

Returns StateError::DanglingCapability if a valid capability still targets the address. Returns StateError::ResourceNotFound if the address was already freed or never allocated.

Source

pub fn apply_revoke(&self, cap_id: CapId) -> Self

Revoke capability (single cap)

Corresponds to Lean: def State.apply_revoke

Source

pub fn apply_cap_revoke(&self, cap_id: CapId) -> Self

Revoke capability transitively

Corresponds to Lean: def State.apply_cap_revoke

Source

pub fn apply_cap_revoke_mut(&mut self, cap_id: CapId) -> Result<(), KernelError>

Revoke capability transitively (mutating version)

Uses the children-index optimized O(k) fast path with BFS traversal and visited set (no iteration cap).

§Errors

Returns KernelError::CapNotFound if the capability does not exist.

Source

pub fn apply_cap_delegate( &self, new_cap: Capability, target: PluginId, ) -> Result<Self, KernelError>

Delegate capability: insert new cap into kernel and grant to target

Corresponds to Lean: def State.apply_cap_delegate

Returns error if capability ID already exists (collision).

§Errors

Returns KernelError::CapIdCollision if a capability with the same ID already exists.

Source

pub fn apply_cap_delegate_mut( &mut self, new_cap: Capability, target: PluginId, ) -> Result<(), KernelError>

Delegate capability (mutating version)

§Errors

Returns KernelError::CapIdCollision if a capability with the same ID already exists.

Source

pub fn preserves_isolation(&self, other: &State, active: PluginId) -> bool

Check if memory isolation is preserved after step

Corresponds to Lean: def State.preserves_isolation

Source

pub fn temporal_safety(&self, other: &State) -> bool

Check temporal safety: freed resources stay freed

Corresponds to Lean: def State.temporal_safety

Source

pub fn time(&self) -> Time

Get the current logical time (delegates to kernel.now – single source of truth)

Corresponds to Lean: def State.time

Source

pub fn tick(&mut self) -> Result<(), StateError>

Advance logical time via the kernel clock (single source of truth).

Uses checked arithmetic so overflow is explicit rather than silent.

§Errors

Returns StateError::CounterOverflow if the time counter would exceed u64::MAX.

Source

pub fn kernel(&self) -> &KernelState

Get a reference to the kernel state

Source

pub fn ghost(&self) -> &MetaState

Get a reference to the ghost state

Source

pub fn get_plugin(&self, pid: PluginId) -> Option<&PluginState>

Get a plugin state

Source

pub fn get_plugin_mut(&mut self, pid: PluginId) -> Option<&mut PluginState>

Get a mutable plugin state

Source

pub fn insert_plugin( &mut self, pid: PluginId, ps: PluginState, ) -> Result<(), StateError>

Insert a plugin (checks for collision)

SECURITY: Returns error if plugin already exists to prevent silent overwrite.

§Errors

Returns StateError::PluginExists if a plugin with the given ID is already registered.

Source

pub fn get_actor(&self, aid: ActorId) -> Option<&ActorRuntime>

Get an actor runtime

Source

pub fn get_actor_mut(&mut self, aid: ActorId) -> Option<&mut ActorRuntime>

Get a mutable actor runtime

Source

pub fn insert_actor( &mut self, aid: ActorId, ar: ActorRuntime, ) -> Result<(), StateError>

Insert an actor (checks for collision)

SECURITY: Returns error if actor already exists to prevent silent overwrite.

§Errors

Returns StateError::ActorExists if an actor with the given ID is already registered.

Source

pub fn get_resource(&self, rid: ResourceId) -> Option<&ResourceInfo>

Get a resource

Source

pub fn insert_resource( &mut self, rid: ResourceId, ri: ResourceInfo, ) -> Result<(), StateError>

Insert a resource (checks for collision)

SECURITY: Returns error if resource already exists to prevent silent overwrite.

§Errors

Returns StateError::ResourceExists if a resource with the given ID is already registered.

Source

pub fn get_workflow(&self, wid: WorkflowId) -> Option<&WorkflowInstance>

Get a workflow

Source

pub fn get_workflow_mut( &mut self, wid: WorkflowId, ) -> Option<&mut WorkflowInstance>

Get a mutable workflow

Source

pub fn insert_workflow( &mut self, wid: WorkflowId, wi: WorkflowInstance, ) -> Result<(), StateError>

Insert a workflow (checks for collision)

SECURITY: Returns error if workflow already exists to prevent silent overwrite.

§Errors

Returns StateError::WorkflowExists if a workflow with the given ID is already registered.

Source

pub fn plugin_count(&self) -> usize

Get the number of plugins

Source

pub fn actor_count(&self) -> usize

Get the number of actors

Source

pub fn resource_count(&self) -> usize

Get the number of resources

Source

pub fn workflow_count(&self) -> usize

Get the number of workflows

Source

pub fn plugin_ids(&self) -> Vec<PluginId>

Get all plugin IDs

Source

pub fn resource_ids(&self) -> Vec<ResourceId>

Get all resource IDs

Trait Implementations§

Source§

impl Clone for State

Source§

fn clone(&self) -> State

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for State

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for State

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl Freeze for State

§

impl RefUnwindSafe for State

§

impl Send for State

§

impl Sync for State

§

impl Unpin for State

§

impl UnsafeUnpin for State

§

impl UnwindSafe for State

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.