// -*- Mode: C++ -*-
// vim:ft=cpp
/**
 * \file
 * Capability allocator
 */
/*
 * (c) 2008-2009 Adam Lackorzynski <adam@os.inf.tu-dresden.de>,
 *               Alexander Warg <warg@os.inf.tu-dresden.de>
 *     economic rights: Technische Universität Dresden (Germany)
 *
 * License: see LICENSE.spdx (in this directory or the directories above)
 */

#pragma once

#include <l4/re/util/cap_alloc_impl.h>
#include <l4/sys/smart_capability>
#include <l4/sys/task>
#include <l4/re/consts>

namespace L4Re { namespace Util {

/**
 * \defgroup l4re_cap_api L4Re Capability API
 * \ingroup api_l4re_util
 */
/**@{*/
/**
 * Capability allocator.
 *
 * This is the instance of the capability allocator that is used
 * by usual applications.
 *
 * The capability allocator uses the Counting_cap_alloc, a
 * reference-counting thread-safe capability allocator, that keeps a
 * reference counter for each managed capability selector.
 */
extern _Cap_alloc &cap_alloc;

/**
 * Helper for Unique_cap and Unique_del_cap.
 */
template< unsigned long Unmap_flags = L4_FP_ALL_SPACES >
class Smart_cap_auto
{
public:
  /**
   * Free the provided capability.
   */
  static void free(L4::Cap_base &c)
  {
    if (c.is_valid())
      {
        cap_alloc.free(L4::Cap<void>(c.cap()), This_task, Unmap_flags);
        c.invalidate();
      }
  }

  /**
   * Invalidate the provided capability.
   */
  static void invalidate(L4::Cap_base &c)
  {
    if (c.is_valid())
      c.invalidate();
  }

};


/**
 * Helper for Ref_cap and Ref_del_cap.
 */
template< unsigned long Unmap_flags = L4_FP_ALL_SPACES >
class Smart_count_cap
{
public:
  /**
   * Free operation for L4::Smart_cap
   * (decrement ref count and delete if 0).
   */
  static void free(L4::Cap_base &c) noexcept
  {
    if (c.is_valid())
      {
        if (cap_alloc.release(L4::Cap<void>(c.cap()), This_task, Unmap_flags))
	  c.invalidate();
      }
  }

  /**
   * Invalidate operation for L4::Smart_cap.
   */
  static void invalidate(L4::Cap_base &c) noexcept
  {
    if (c.is_valid())
      c.invalidate();
  }

  /**
   * Copy operation for L4::Smart_cap (increment ref count).
   */
  static L4::Cap_base copy(L4::Cap_base const &src)
  {
    cap_alloc.take(L4::Cap<void>(src.cap()));
    return src;
  }
};


/**
 * Automatic capability that implements automatic free and
 * unmap of the capability selector.
 *
 * \tparam T  Type of the object that is referred by the capability.
 *
 * This kind of automatic capability implements a counted reference to a
 * capability selector. The capability shall be unmapped and freed
 * when the reference count in the allocator goes to zero.
 *
 * Usage:
 * ~~~
 * L4Re::Util::Ref_cap<L4Re::Dataspace>::Cap global_ds_cap;
 *
 * {
 *   L4Re::Util::Ref_cap<L4Re::Dataspace>::Cap
 *     ds_cap(L4Re::Util::cap_alloc.alloc<L4Re::Dataspace>());
 *   // reference count for the allocated cap selector is now 1
 *
 *   // use the dataspace cap
 *   L4Re::chksys(mem_alloc->alloc(4096, ds_cap.get()));
 *
 *   global_ds_cap = ds_cap;
 *   // reference count is now 2
 *   ...
 * }
 * // reference count dropped to 1 (ds_cap is no longer existing).
 * ~~~
 */
template< typename T >
struct Ref_cap
{
  typedef L4::Smart_cap<T, Smart_count_cap<L4_FP_ALL_SPACES> > Cap;
};

/**
 * Automatic capability that implements automatic free and
 * unmap+delete of the capability selector.
 *
 * \tparam T  Type of the object that is referred by the capability.
 *
 * This kind of automatic capability implements a counted reference to a
 * capability selector. The capability shall be unmapped and freed
 * when the reference count in the allocator goes to zero.
 * The main difference to Ref_cap is that the unmap is done with the
 * deletion flag enabled and this leads to the deletion of the object
 * if the current task holds appropriate deletion rights.
 *
 * Usage:
 * ~~~
 * L4Re::Util::Ref_del_cap<L4Re::Dataspace>::Cap global_ds_cap;
 *
 * {
 *   L4Re::Util::Ref_del_cap<L4Re::Dataspace>::Cap
 *     ds_cap(L4Re::Util::cap_alloc.alloc<L4Re::Dataspace>());
 *   // reference count for the allocated cap selector is now 1
 *
 *   // use the dataspace cap
 *   L4Re::chksys(mem_alloc->alloc(4096, ds_cap.get()));
 *
 *   global_ds_cap = ds_cap;
 *   // reference count is now 2
 *   ...
 * }
 * // reference count dropped to 1 (ds_cap is no longer existing).
 * ...
 * global_ds_cap = L4_INVALID_CAP;
 * // reference count dropped to 0 (data space shall be deleted).
 * ~~~
 */
template< typename T >
struct Ref_del_cap
{
  typedef L4::Smart_cap<T, Smart_count_cap<L4_FP_DELETE_OBJ> > Cap;
};

/**
 * Allocate a capability slot and wrap it in a Ref_cap.
 *
 * \tparam T  Type of capability the slot is used for.
 */
template< typename T >
typename Ref_cap<T>::Cap
make_ref_cap() { return typename Ref_cap<T>::Cap(cap_alloc.alloc<T>()); }

/**
 * Allocate a capability slot and wrap it in a Ref_del_cap.
 *
 * \tparam T  Type of capability the slot is used for.
 */
template< typename T >
typename Ref_del_cap<T>::Cap
make_ref_del_cap()
{ return typename Ref_del_cap<T>::Cap(cap_alloc.alloc<T>()); }

/**@}*/

}}

