haskell: Add assertion about IRQ handler cap.

Once again, we know in the abstract invariants that these must be async endpoint caps or null caps, but this is only knowable in haskell by asserting it.

haskell: Add assertion about IRQ handler cap.
25155caf · Thomas Sewell · 9001e413 · 25155caf · 25155caf
Commit 25155caf authored 9 years ago by Thomas Sewell
--- a/haskell/src/SEL4/Object/Interrupt.lhs
+++ b/haskell/src/SEL4/Object/Interrupt.lhs
@@ -131,6 +131,9 @@ When the last IRQ handler capability for a given IRQ is deleted, the capability
 > deletingIRQHandler :: IRQ -> Kernel ()
 > deletingIRQHandler irq = do
 >     slot <- getIRQSlot irq
+>     cap <- getSlotCap slot
+>     assert (isAsyncEndpointCap cap || isNullCap cap)
+>         "Cap in IRQ handler slot should be AsyncEP or Null."
 >     cteDeleteOne slot

 > deletedIRQHandler :: IRQ -> Kernel ()

--- a/haskell/src/SEL4/Object/Structures.lhs
+++ b/haskell/src/SEL4/Object/Structures.lhs
@@ -101,6 +101,10 @@ This is the type used to represent a capability.
 > isUntypedCap (UntypedCap {}) = True
 > isUntypedCap _ = False

+> isAsyncEndpointCap :: Capability -> Bool
+> isAsyncEndpointCap (AsyncEndpointCap {}) = True
+> isAsyncEndpointCap _ = False
+
 \subsection{Kernel Objects}

 When stored in the physical memory model (described in \autoref{sec:model.pspace}), kernel objects must be encapsulated in "KernelObject", so the stored type is independent of the real type of the object.