Move to non-enum Status for type safety reasons (#51)

Author: HadrienG2

src/error/mod.rs

@@ -1,5 +1,6 @@
 use core::result;
 
+/// Definition of UEFI's standard status codes
 mod status;
 pub use self::status::Status;
 

src/error/status.rs

@@ -5,120 +5,154 @@ use super::Result;
 use core::ops;
 use ucs2;
 
-const HIGHEST_BIT_SET: usize = !((!0_usize) >> 1);
-
-/// Status codes are returned by UEFI interfaces
-/// to indicate whether an operation completed successfully.
+/// UEFI uses status codes in order to report successes, errors, and warnings.
+///
+/// Unfortunately, the spec allows and encourages implementation-specific
+/// non-portable status codes. Therefore, these cannot be modeled as a Rust
+/// enum, as injecting an unknown value in a Rust enum is undefined behaviour.
+///
+/// For lack of a better option, we therefore model them as a newtype of usize.
 #[derive(Debug, Copy, Clone, Eq, PartialEq)]
-#[repr(usize)]
+#[repr(transparent)]
 #[must_use]
-pub enum Status {
+pub struct Status(usize);
+
+/// Macro to make implementation of status codes easier
+macro_rules! status_codes {
+    (   $(  $(#[$attr:meta])*
+            $status:ident = $code:expr, )*
+    ) => {
+        #[allow(unused)]
+        impl Status {
+            $(  $(#[$attr])*
+                pub const $status: Status = Status($code); )*
+        }
+    }
+}
+//
+status_codes! {
     /// The operation completed successfully.
-    Success,
-    /// The string contained characters that the device could not render and were skipped.
-    WarnUnknownGlyph,
+    SUCCESS                 =  0,
+    /// The string contained characters that could not be rendered and were skipped.
+    WARN_UNKNOWN_GLYPH      =  1,
     /// The handle was closed, but the file was not deleted.
-    WarnDeleteFailure,
+    WARN_DELETE_FAILURE     =  2,
     /// The handle was closed, but the data to the file was not flushed properly.
-    WarnWriteFailure,
-    /// The resulting buffer was too small,
-    /// and the data was truncated to the buffer size.
-    WarnBufferTooSmall,
-    /// The data has not been updated within the timeframe
-    /// set by local policy for this type of data.
-    WarnStaleData,
+    WARN_WRITE_FAILURE      =  3,
+    /// The resulting buffer was too small, and the data was truncated.
+    WARN_BUFFER_TOO_SMALL   =  4,
+    /// The data has not been updated within the timeframe set by local policy.
+    WARN_STALE_DATA         =  5,
     /// The resulting buffer contains UEFI-compliant file system.
-    WarnFileSystem,
+    WARN_FILE_SYSTEM        =  6,
     /// The operation will be processed across a system reset.
-    WarnResetRequired,
+    WARN_RESET_REQUIRED     =  7,
+}
+
+/// Bit indicating that a status code is an error
+const ERROR_BIT: usize = 1 << (core::mem::size_of::<usize>() * 8 - 1);
+
+/// Macro to make implementation of error codes easier
+macro_rules! error_codes {
+    (   $(  $(#[$attr:meta])*
+            $status:ident = $error_code:expr, )*
+    ) => {
+        status_codes! { $(
+            $(#[$attr])*
+            $status = $error_code | ERROR_BIT,
+        )* }
+    }
+}
+//
+error_codes! {
     /// The image failed to load.
-    LoadError = 1 | HIGHEST_BIT_SET,
+    LOAD_ERROR              =  1,
     /// A parameter was incorrect.
-    InvalidParameter,
+    INVALID_PARAMETER       =  2,
     /// The operation is not supported.
-    Unsupported,
+    UNSUPPORTED             =  3,
     /// The buffer was not the proper size for the request.
-    BadBufferSize,
+    BAD_BUFFER_SIZE         =  4,
     /// The buffer is not large enough to hold the requested data.
     /// The required buffer size is returned in the appropriate parameter.
-    BufferTooSmall,
+    BUFFER_TOO_SMALL        =  5,
     /// There is no data pending upon return.
-    NotReady,
+    NOT_READY               =  6,
     /// The physical device reported an error while attempting the operation.
-    DeviceError,
+    DEVICE_ERROR            =  7,
     /// The device cannot be written to.
-    WriteProtected,
+    WRITE_PROTECTED         =  8,
     /// A resource has run out.
-    OutOfResources,
-    /// An inconstancy was detected on the file system causing the operating to fail.
-    VolumeCorrupted,
+    OUT_OF_RESOURCES        =  9,
+    /// An inconstency was detected on the file system.
+    VOLUME_CORRUPTED        = 10,
     /// There is no more space on the file system.
-    VolumeFull,
+    VOLUME_FULL             = 11,
     /// The device does not contain any medium to perform the operation.
-    NoMedia,
+    NO_MEDIA                = 12,
     /// The medium in the device has changed since the last access.
-    MediaChanged,
+    MEDIA_CHANGED           = 13,
     /// The item was not found.
-    NotFound,
+    NOT_FOUND               = 14,
     /// Access was denied.
-    AccessDenied,
+    ACCESS_DENIED           = 15,
     /// The server was not found or did not respond to the request.
-    NoResponse,
+    NO_RESPONSE             = 16,
     /// A mapping to a device does not exist.
-    NoMapping,
+    NO_MAPPING              = 17,
     /// The timeout time expired.
-    Timeout,
+    TIMEOUT                 = 18,
     /// The protocol has not been started.
-    NotStarted,
+    NOT_STARTED             = 19,
     /// The protocol has already been started.
-    AlreadyStarted,
+    ALREADY_STARTED         = 20,
     /// The operation was aborted.
-    Aborted,
+    ABORTED                 = 21,
     /// An ICMP error occurred during the network operation.
-    IcmpError,
+    ICMP_ERROR              = 22,
     /// A TFTP error occurred during the network operation.
-    TftpError,
+    TFTP_ERROR              = 23,
     /// A protocol error occurred during the network operation.
-    ProtocolError,
+    PROTOCOL_ERROR          = 24,
     /// The function encountered an internal version that was
     /// incompatible with a version requested by the caller.
-    IncompatibleVersion,
+    INCOMPATIBLE_VERSION    = 25,
     /// The function was not performed due to a security violation.
-    SecurityViolation,
+    SECURITY_VIOLATION      = 26,
     /// A CRC error was detected.
-    CrcError,
+    CRC_ERROR               = 27,
     /// Beginning or end of media was reached
-    EndOfMedia,
+    END_OF_MEDIA            = 28,
     /// The end of the file was reached.
-    EndOfFile = 31 | HIGHEST_BIT_SET,
+    END_OF_FILE             = 31,
     /// The language specified was invalid.
-    InvalidLanguage,
+    INVALID_LANGUAGE        = 32,
     /// The security status of the data is unknown or compromised and
     /// the data must be updated or replaced to restore a valid security status.
-    CompromisedData,
+    COMPROMISED_DATA        = 33,
     /// There is an address conflict address allocation
-    IpAddressConflict,
+    IP_ADDRESS_CONFLICT     = 34,
     /// A HTTP error occurred during the network operation.
-    HttpError,
+    HTTP_ERROR              = 35,
 }
 
 impl Status {
     /// Returns true if status code indicates success.
     #[inline]
     pub fn is_success(self) -> bool {
-        self == Status::Success
+        self == Status::SUCCESS
     }
 
     /// Returns true if status code indicates a warning.
     #[inline]
     pub fn is_warning(self) -> bool {
-        (self as usize) & HIGHEST_BIT_SET == 0
+        (self != Status::SUCCESS) && (self.0 & ERROR_BIT == 0)
     }
 
     /// Returns true if the status code indicates an error.
     #[inline]
     pub fn is_error(self) -> bool {
-        (self as usize) & HIGHEST_BIT_SET != 0
+        self.0 & ERROR_BIT != 0
     }
 
     /// Converts this status code into a result with a given value.
@@ -127,6 +161,7 @@ impl Status {
     where
         F: FnOnce() -> T,
     {
+        // FIXME: Is that the best way to handle warnings?
         if self.is_success() {
             Ok(f())
         } else {
@@ -155,18 +190,18 @@ impl ops::Try for Status {
     }
 
     fn from_ok(_: Self::Ok) -> Self {
-        Status::Success
+        Status::SUCCESS
     }
 }
 
 impl From<ucs2::Error> for Status {
     fn from(other: ucs2::Error) -> Self {
         use ucs2::Error;
         match other {
-            Error::InvalidData => Status::CompromisedData,
-            Error::BufferUnderflow => Status::BadBufferSize,
-            Error::BufferOverflow => Status::BufferTooSmall,
-            Error::MultiByte => Status::Unsupported,
+            Error::InvalidData => Status::INVALID_PARAMETER,
+            Error::BufferUnderflow => Status::BAD_BUFFER_SIZE,
+            Error::BufferOverflow => Status::BUFFER_TOO_SMALL,
+            Error::MultiByte => Status::UNSUPPORTED,
         }
     }
 }

src/proto/console/gop.rs

@@ -110,7 +110,8 @@ impl GraphicsOutput {
                     width,
                     height,
                     0,
-                ).into()
+                )
+                .into()
             }
             BltOp::VideoToBltBuffer {
                 buffer,
@@ -132,7 +133,8 @@ impl GraphicsOutput {
                         width,
                         height,
                         0,
-                    ).into(),
+                    )
+                    .into(),
                     BltRegion::SubRectangle {
                         coords: (dest_x, dest_y),
                         px_stride,
@@ -147,7 +149,8 @@ impl GraphicsOutput {
                         width,
                         height,
                         px_stride * core::mem::size_of::<BltPixel>(),
-                    ).into(),
+                    )
+                    .into(),
                 }
             }
             BltOp::BufferToVideo {
@@ -170,7 +173,8 @@ impl GraphicsOutput {
                         width,
                         height,
                         0,
-                    ).into(),
+                    )
+                    .into(),
                     BltRegion::SubRectangle {
                         coords: (src_x, src_y),
                         px_stride,
@@ -185,7 +189,8 @@ impl GraphicsOutput {
                         width,
                         height,
                         px_stride * core::mem::size_of::<BltPixel>(),
-                    ).into(),
+                    )
+                    .into(),
                 }
             }
             BltOp::VideoToVideo {
@@ -197,7 +202,8 @@ impl GraphicsOutput {
                 self.check_framebuffer_region((dest_x, dest_y), (width, height));
                 (self.blt)(
                     self, 0usize, 3, src_x, src_y, dest_x, dest_y, width, height, 0,
-                ).into()
+                )
+                .into()
             }
         }
     }

src/proto/console/pointer/mod.rs

@@ -37,8 +37,8 @@ impl Pointer {
         let mut pointer_state = unsafe { mem::uninitialized() };
 
         match (self.get_state)(self, &mut pointer_state) {
-            Status::Success => Ok(Some(pointer_state)),
-            Status::NotReady => Ok(None),
+            Status::SUCCESS => Ok(Some(pointer_state)),
+            Status::NOT_READY => Ok(None),
             error => Err(error),
         }
     }

src/proto/console/serial.rs

@@ -60,7 +60,8 @@ impl Serial {
             mode.parity,
             mode.data_bits as u8,
             mode.stop_bits,
-        ).into()
+        )
+        .into()
     }
 
     /// Sets the device's new control bits.
@@ -88,7 +89,7 @@ impl Serial {
         let status = (self.write)(self, &mut buffer_size, data.as_ptr());
 
         match status {
-            Status::Success | Status::Timeout => Ok(buffer_size),
+            Status::SUCCESS | Status::TIMEOUT => Ok(buffer_size),
             err => Err(err),
         }
     }
@@ -104,7 +105,7 @@ impl Serial {
         let status = (self.read)(self, &mut buffer_size, data.as_mut_ptr());
 
         match status {
-            Status::Success | Status::Timeout => Ok(buffer_size),
+            Status::SUCCESS | Status::TIMEOUT => Ok(buffer_size),
             err => Err(err),
         }
     }

src/proto/console/text/input.rs

@@ -34,8 +34,8 @@ impl Input {
         let mut key = unsafe { mem::uninitialized() };
 
         match (self.read_key_stroke)(self, &mut key) {
-            Status::Success => Ok(Some(key)),
-            Status::NotReady => Ok(None),
+            Status::SUCCESS => Ok(Some(key)),
+            Status::NOT_READY => Ok(None),
             error => Err(error),
         }
     }

src/proto/console/text/output.rs

@@ -46,7 +46,7 @@ impl Output {
     /// some unsupported characters.
     pub fn test_string(&mut self, string: *const u16) -> bool {
         match (self.test_string)(self, string) {
-            Status::Success => true,
+            Status::SUCCESS => true,
             _ => false,
         }
     }
@@ -126,7 +126,7 @@ impl Output {
         let bgc = background as usize;
 
         if bgc >= 8 {
-            Err(Status::DeviceError)
+            Err(Status::DEVICE_ERROR)
         } else {
             let attr = ((bgc & 0x7) << 4) | (fgc & 0xF);
             (self.set_attribute)(self, attr).into()