Enum r3_core::kernel::ResultCode

source · [−]

#[repr(i8)]
#[non_exhaustive]
pub enum ResultCode {
    Success,
    NotSupported,
    BadParam,
    NoAccess,
    BadContext,
    NotOwner,
    WouldDeadlock,
    BadObjectState,
    QueueOverflow,
    Abandoned,
    Interrupted,
    Timeout,
}

Expand description

All result codes (including the one indicating success) that a kernel function can return.

Relation to Other Specifications: The error variants were loosely inspired from μITRON4.0 for no particular reasons.

Rationale: Giving them explicit and stable discriminants makes it possible to produce them directly in foreign code.

The discriminants are assigned in a way that maximizes the execution efficiency based on the following assumptions:

Some variants, such as BadContext and NoAccess, are more likely to be handled by unwrap-ing than other variants. Therefore, sorting their u8 interpretations in the increasing order of the likelihood of being handled by unwrap-ing increases the likelihood of the evaluation of an unwrap condition being compiled down to a single integer comparison.

The discriminants are tightly arranged so that the membership test with a compile-time result code set can be implemented by a bitfield look-up table on a general-purpose register.

Most of the error types including subsets of ResultCode include BadContext, hence by assigning -1 to it, Result<(), $ErrorType>::Ok will get 0 as its discriminant, which improves the execution efficiency because comparison to zero can be done efficiently on most instruction set architectures.

Stability

This type is covered by the application-side API stability guarantee. The explicit discriminants are only covered by the kernel-side API stability guarantee. Adding new variants or changing the representation size is not considered a breaking change.

Variants (Non-exhaustive)

This enum is marked as non-exhaustive

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

`Success`

The operation was successful. No additional information is available.

`NotSupported`

The operation is not supported.

`BadParam`

A parameter is invalid in a way that is no covered by any other error codes.

`NoAccess`

The current operation was rejected by an optional protection mechanism, e.g., because the specified object identifier (Id) is invalid, or the caller lacks the necessary privileges to complete the operation.

This error usually indicates an object safety or memory safety violation. A kernel implementation is not required to report this as it’s not practical in general cases. It’s strongly recommended that application code not rely on this error code being returned and, should it be returned, escalate it to a panic or abort immediately unless the code is written for a specific kernel implementation that makes a special provision.

Rationale: In the original design, R3 was limited to a specific kernel implementation, and this kernel implementation always validated input object identifiers as it was trivial to do so. Now that R3 is being redesigned as a pure interface for unknown kernels, requiring this property might pose a considerable burden on kernel implementations. In addition, the provided object handle types enforces object safety, and creating them from raw object IDs is impossible in safe code. It’s for this reason that detecting this error is now optional.

One of the avenues being explored is to support RTOS kernels with a security-oriented protection mechanism. From a security point of view, it’s preferable not to disclose the state of other protection domains (e.g., if the object IDs were memory addresses, exposing them would undermine the security benefits of address space layout randomization), hence the intentional lack of error code distinction between invalid IDs and inaccessible IDs.

Since it’s most likely escalated to a panic or abort, it was also considered to remove this error code altogether. However, since error codes are not extensible, this would unnecessarily complicate the rare cases where it can be reasonably handled in other ways.

`BadContext`

The current context disallows the operation.

`NotOwner`

The caller does not own the resource.

`WouldDeadlock`

Resource deadlock would occur.

`BadObjectState`

A target object is in a state that disallows the operation.

`QueueOverflow`

An operation or an object couldn’t be enqueued because there are too many of such things that already have been enqueued.

`Abandoned`

The owner of a mutex exited while holding the mutex lock.

`Interrupted`

The wait operation was interrupted by Task::interrupt.

`Timeout`

The operation timed out.

Enum r3_core::kernel::ResultCode

Variants (Non-exhaustive)

Success

NotSupported

BadParam

NoAccess

BadContext

NotOwner

WouldDeadlock

BadObjectState

QueueOverflow

Abandoned

Interrupted

Timeout

Implementations

impl ResultCode

pub fn as_str(self) -> &'static str

impl ResultCode

pub fn is_err(self) -> bool

pub fn is_ok(self) -> bool

Trait Implementations

impl Clone for ResultCode

fn clone(&self) -> ResultCode

fn clone_from(&mut self, source: &Self)

impl Debug for ResultCode

fn fmt(&self, f: &mut Formatter<'_>) -> Result

impl From<ActivateTaskError> for ResultCode

fn from(x: ActivateTaskError) -> Self

impl From<AdjustTimeError> for ResultCode

fn from(x: AdjustTimeError) -> Self

impl From<BoostPriorityError> for ResultCode

fn from(x: BoostPriorityError) -> Self

impl From<ClearInterruptLineError> for ResultCode

fn from(x: ClearInterruptLineError) -> Self

impl From<CpuLockError> for ResultCode

fn from(x: CpuLockError) -> Self

impl From<DrainSemaphoreError> for ResultCode

fn from(x: DrainSemaphoreError) -> Self

impl From<EnableInterruptLineError> for ResultCode

fn from(x: EnableInterruptLineError) -> Self

impl From<ExitTaskError> for ResultCode

fn from(x: ExitTaskError) -> Self

impl From<GetCurrentTaskError> for ResultCode

fn from(x: GetCurrentTaskError) -> Self

impl From<GetEventGroupError> for ResultCode

fn from(x: GetEventGroupError) -> Self

impl From<GetSemaphoreError> for ResultCode

fn from(x: GetSemaphoreError) -> Self

impl From<GetTaskPriorityError> for ResultCode

fn from(x: GetTaskPriorityError) -> Self

impl From<InterruptTaskError> for ResultCode

fn from(x: InterruptTaskError) -> Self

impl From<LockMutexError> for ResultCode

fn from(x: LockMutexError) -> Self

impl From<LockMutexTimeoutError> for ResultCode

fn from(x: LockMutexTimeoutError) -> Self

impl From<MarkConsistentMutexError> for ResultCode

fn from(x: MarkConsistentMutexError) -> Self

impl From<ParkError> for ResultCode

fn from(x: ParkError) -> Self

impl From<ParkTimeoutError> for ResultCode

fn from(x: ParkTimeoutError) -> Self

impl From<PendInterruptLineError> for ResultCode

fn from(x: PendInterruptLineError) -> Self

impl From<PollEventGroupError> for ResultCode

fn from(x: PollEventGroupError) -> Self

impl From<PollSemaphoreError> for ResultCode

fn from(x: PollSemaphoreError) -> Self

impl From<QueryInterruptLineError> for ResultCode

fn from(x: QueryInterruptLineError) -> Self

impl From<QueryMutexError> for ResultCode

fn from(x: QueryMutexError) -> Self

impl From<Result<(), ActivateTaskError>> for ResultCode

fn from(x: Result<(), ActivateTaskError>) -> Self

impl From<Result<(), AdjustTimeError>> for ResultCode

fn from(x: Result<(), AdjustTimeError>) -> Self

impl From<Result<(), BoostPriorityError>> for ResultCode

fn from(x: Result<(), BoostPriorityError>) -> Self

impl From<Result<(), ClearInterruptLineError>> for ResultCode

fn from(x: Result<(), ClearInterruptLineError>) -> Self