Follow the approach of newlib to use a file sys/_types.h to specify the
underlying type for POSIX/libc types that must be provided in multiple
headers. The identifier for this type is in the reserved namespace.
Use this type rather than a specific standard type in all headers that
need to provide the type under its public name.
Remove the inclusion of <sys/types.h> from headers that should not bring
in all symbols present in that header, replacing it with the standard
boilerplate to expose the specific symbols that are required.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
time_t and suseconds_t are defined in time.h and sys/types.h. Handle
the duplication by adding ifdef protection around them similar to what
is being done for other types.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Similar to how other sub-libraries are defined in Zephyr tree, e.g.
"fs", "lgvl", etc. This is supposed to help with the need to
explicitly add posix include path to each and every application using
POSIX subsys.
Fixes: #15627
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is consistent with how newlib headers are treated, and will
have effect of ninlibc headers to be further down in the include
order. This is important, because some POSIX subsys headers
override those of libc. Without this change, we can't streamline
POSIX build config using zephyr_interface_library_named() cmake
directive, because includes will be in wrong order.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Historically, it used to be "PTHREAD", which is no longer true, as
POSIX subsys offers much more functionality than just Pthreads. Use
detailed name, like "posix_subsys", to avoid possible confusion with
ARCH_POSIX-related matters.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
These functions are useful for determining prefixes, as with file system
paths. They are required by littlefs.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
struct tm has fields that were not being set by the implementation,
causing the test to fail when the uninitialized values were compared
with a static initialized result. Zero the structure before filling it.
Closes#17794
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
By the latest convention, libc's define struct timespec in
sys/_timespec.h. This is consistent with Newlib and ensures
about errors due to redefinitions.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Per POSIX, open() is defined in <fcntl.h>. fcntl.h in turn comes from
the underlying libc, either newlib, or minimal libc.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
That's the header which is supposed to define them, there was even
FIXME on that in mqueue.h.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
POSIX subsys defines struct timespec in <time.h> (as POSIX public
API requires), but newlib defines in in sys/_timespec.h, which
inevitably leads to inclusion order and redifinition conflicts.
Follow newlib way and define it in single place, sys/_timespec.h,
which belongs to libc namespace. Thus, we move current definition
to minimal libc, and will use either minlibc's or newlib's
definition, instead of trying to redefine it.
This is similar to the introduction of sys/_timeval.h done earlier.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Newlib libc already provides sys/stat.h, so trying to have sys/stat.h
on the level of POSIX subsys inevitable leads to include order and
definition conflicts. Instead (as most of other sys/* includes)
should come from the underlying libc.
While moving, made unrelated change of removing #include <kernel.h>,
to accommodate the change reviewers.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
For systems with userspace, the sys_sem exist in user memory working
as counter semaphore for user mode thread. The implemention of sys_sem
is based on k_futex. And the majority of the synchronization operations
are performed in user mode to reduce the calling of system call.
And for systems without userspace enabled, sys_sem behaves like k_sem.
Fixes: #15139.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
User mode isn't allowed to generate a panic and this would
lead to a confusing privilege violation exception.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a generic API to provide the inverse operation for gmtime and as a
home for future generic time-related functions that are not in POSIX.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Implement the conversion from UNIX time to broken-down civil time per
the gmtime() and gmtime_r() functions.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Provide definitions for a subset of the standard time types that must be
provided by this file, in anticipation of supporting civil time in
Zephyr.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
The mempool allocator implementation recursively breaks a memory block
into 4 sub-blocks until it minimally fits the requested memory size.
The size of each sub-blocks is rounded up to the next word boundary to
preserve word alignment on the returned memory, and this is a problem.
Let's consider max_sz = 2072 and n_max = 1. That's our level 0.
At level 1, we get one level-0 block split in 4 sub-blocks whose size
is WB_UP(2072 / 4) = 520. However 4 * 520 = 2080 so we must discard the
4th sub-block since it doesn't fit inside our 2072-byte parent block.
We're down to 3 * 520 = 1560 bytes of usable memory.
Our memory usage efficiency is now 1560 / 2072 = 75%.
At level 2, we get 3 level-1 blocks, and each of them may be split
in 4 sub-blocks whose size is WB_UP(520 / 4) = 132. But 4 * 132 = 528
so the 4th sub-block has to be discarded again.
We're down to 9 * 132 = 1188 bytes of usable memory.
Our memory usage efficiency is now 1188 / 2072 = 57%.
At level 3, we get 9 level-2 blocks, each split into WB_UP(132 / 4)
= 36 bytes. Again 4 * 36 = 144 so the 4th sub-block is discarded.
We're down to 27 * 36 = 972 bytes of usable memory.
Our memory usage efficiency is now 972 / 2072 = 47%.
What should be done instead, is to round _down_ sub-block sizes
not _up_. This way, sub-blocks still align to word boundaries, and
they always fit within their parent block as the total size may
no longer exceed the initial size.
Using the same max_sz = 2072 would yield a memory usage efficiency of
99% at level 3, so let's demo a worst case 2044 instead.
Level 1: 4 sub-blocks of WB_DN(2044 / 4) = 508 bytes.
We're down to 4 * 508 = 2032 bytes of usable memory.
Our memory usage efficiency is now 2032 / 2044 = 99%.
Level 2: 4 * 4 sub-blocks of WB_DN(508 / 4) = 124 bytes.
We're down to 16 * 124 = 1984 bytes of usable memory.
Our memory usage efficiency is now 1984 / 2044 = 97%.
Level 3: 16 * 4 sub-blocks of WB_DN(124 / 4) = 28 bytes.
We're down to 64 * 28 = 1792 bytes of usable memory.
Our memory usage efficiency is now 1792 / 2044 = 88%.
Conclusion: if max_sz is a power of 2 then we get 100% efficiency at
all levens in both cases. But if not, then the rounding-up method has
a far worse degradation curve than the rounding-down method, wasting
more than 50% of memory in some cases.
So let's round sub-block sizes down rather than up, and remove
block_fits() which purpose was to identify sub-blocks that didn't
fit within their parent block and is now useless.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Since commit 39cd2ebef7 ("malloc: make sure returned memory is
properly aligned") the size of struct sys_mem_pool_block size is
rounded up to the next word boundary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Move duplicate hex2bin and add bin2hex function so that application can
use the functions and avoid code duplication.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The space or plus prefix must appear when requested even with INF and
NAN. And no zero-padding in that case.
Also, 0.0 and -0.0 are distinct values. It is necessary to display
the minus sign with a negative zero.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The precision parameter to the %g conversion indicates the maximum
number of significant digits and not the number of digits to appear
after the radix character. Here's a few examples this patch fixes:
expected before
----------------------------------------------------------
printf("%.3g", 150.12) 150 150.12
printf("%.2g", 150.1) 1.5e+02 150.1
printf("%#.3g", 150.) 150. 150.000
printf("%#.2g", 15e-5) 0.00015 0.00
printf("%#.4g", 1505e-7) 0.0001505 0.0002
printf("%#.4g", 1505e-8) 1.505e-05 1.5050e-05
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The code accounts only for 2 exponent digits even though the exponent
may grow up to 308. Before this change, printf("%g", 1e300) would
produce "1e+N0".
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The on-stack work buffer occupies 201 bytes by default. Now that we've
made the code able to cope with virtually unlimited width and precision
values, we can reduce stack usage to its strict minimum i.e. 25 bytes.
This allows for some additional sprintf tests exercizing wide results.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Even if the code used to limit the precision to the on-stack buffer
size, it was still possible to do:
printf("%f", 1.0e300);
which would overflow the stack and crash the program. Let fix this issue
and remove the precision limitation by recording the number of zeroes to
insert while converting the value and generating those zeroes only
when outputting the data.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Zero-padding of integers took place in the on-stack buffer before
justification. Let's perform that padding on the fly while sending
out data instead.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The z_prf() function currently allocates a 200-byte buffer on the
stack to copy strings into, and then perform left/right alignment
and padding. Not only this is a pretty large chunk of stack usage,
but this imposes limitations on field width and string length. Also
the string is copied not only once but _thrice_ making this code
less than optimal.
Let's rework the code to get rid of both the field width limit and
string length limit, as well as the two extra memory copy instances.
While at it, let's fixes printf("%08s", "abcd") which used to
produce "0000abcd".
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Mimic the glibc behavior when encountering an unknown conversion
specifier rather than silently skipping it.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This makes for nicer code by avoiding repetitions of the same pattern.
Changes to come will make more use of it.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Some cleanups before further changes:
- Remove dead leftover from the "case 's'" code.
- Remove needless parents and casts.
- Remove "register" qualifier as it is ignored. The compiler knows
better these days.
- Adjust tabs assuming standard 8-columns tab spacing.
- Make multi-line comments start with "/*" on a line of its own.
- Make the format string const to match prototypes in other files.
- Declare boolean variable and parameters as bool.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This reverts commit 2a63e342f4.
This needs to be reverted as otherwise the type of ssize_t will be
"unsigned long" which is not correct.
(gdb) ptype ssize_t
type = unsigned long
For example this check would fail in that case
ssize_t foo(void)
{
return -1;
}
...
if (foo() < 0) {
printk("This is never called\n");
}
Fixes#17378
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Removed lvgl sources from CMakefile.txt and only keep zephyr glue
logic.
Further added lvgl module to west.yml.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Compilers (at least gcc and clang) already provide max value definitions
for basic types. It makes sense to rely on them to properly support
both 32-bit and 64-bit builds.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The accounting data stored at the beginning of a memory block used by
malloc must push the returned memory address to a word boundary. This
is already the case on 32-bit systems, but not on 64-bit systems where
e.g. struct k_mem_block_id still has a size of 4.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The current CMSIS v2 implementation is clearly assuming that timeout
arguments being passed to e.g. osDelay() are in units of Zephyr ticks,
not milliseconds as specified by ARM or (inconsistently) assumed by
our test code.
Most tests work with the ~100 Hz default tick rate, but they tend to
fail on precision issues at higher tick rates. Force the CMSIS v2
applications to be 1000 Hz for now as a workaround, and detect the
mismatch as a build failure.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The "bits" field in struct sys_mem_pool_lvl is unioned with a pointer.
That leaves more space for inline free bits on 64-bit targets.
Let's declare it as an array and adjust its size based on the pointer
size. On 32-bit targets the generated code remains identical.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Minimum alignment and rounding must be done on a word boundary. Let's
replace _ALIGN4() with WB_UP() which is equivalent on 32-bit targets,
and 64-bit aware.
Also enforce a minimal alignment on the memory pool. This is making
a difference mostly on64-bit targets where the widely used 4-byte
alignment is not sufficient.
The _ALIGN4() macro has no users left so it is removed.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This function doesn't do anything, and only exists so that
it can be overridden later, exclude from coverage reports.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
move misc/reboot.h to power/reboot.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/stack.h to debug/stack.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/speculation.h to sys/speculation.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/slist.h to sys/slist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/rb.h to sys/rb.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/printk.h to sys/printk.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mutex.h to sys/mutex.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mempool.h to sys/mempool.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mempool_base.h to sys/mempool_base.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/math_extras.h to sys/math_extras.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/libc-hooks.h to sys/libc-hooks.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/fdtable.h to sys/fdtable.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/errno_private.h to sys/errno_private.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move ring_buffer.h to sys/ring_buffer.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move display.h to drivers/display.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move hwinfo.h to drivers/hwinfo.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move flash.h to drivers/flash.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move json.h to data/json.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move crc.h to sys/crc.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move base64.h to sys/base64.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move fs.h to fs/fs.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This adds the necessary bits to utilize the x86_64 toolchain
built by sdk-ng for x86_64 when toolchain variant is either
zephyr or xtools. This allows decoupling the builds from
the host toolchain.
Newlib is also available with this toolchain so remove
the Kconfig restriction on CONFIG_NEWLIB_LIBC.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
types.h was wrongly defining unsigned as signed and following
undefining it. This definition was not being used anywhere though.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In ARM builds with support for user mode, i.e. with
CONFIG_USERSPACE=y, we need to align the beginning
of the heap space, to respect the ARM MPU region
alignment requirements.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
USED_RAM_END_ADDR is not used when Kconfig option
CONFIG_NEWLIB_LIBC_ALIGNED_HEAP_SIZE is defined,
therefore, we do not need to define the macro in
that specific case.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Compilers (at least gcc and clang) already provide definitions to
create standard types and their range. For example, __INT16_TYPE__ is
normally defined as a short to be used with the int16_t typedef, and
__INT16_MAX__ is defined as 32767. So it makes sense to rely on them
rather than hardcoding our own, especially for the fast types where
the compiler itself knows what basic type is best.
Using compiler provided definitions makes even more sense when dealing
with 64-bit targets where some types such as intptr_t and size_t must
have a different size and range. Those definitions are then adjusted
by the compiler directly.
However there are two cases for which we should override those
definitions:
* The __INT32_TYPE__ definition on 32-bit targets vary between an int
and a long int depending on the architecture and configuration.
Notably, all compilers shipped with the Zephyr SDK, except for the
i586-zephyr-elfiamcu variant, define __INT32_TYPE__ to a long int.
Whereas, all Linux configurations for gcc, both 32-bit and 64-bit,
always define __INT32_TYPE__ as an int. Having variability here is
not welcome as pointers to a long int and to an int are not deemed
compatible by the compiler, and printing an int32_t defined with a
long using %d makes the compiler to complain, even if they're the
same size on 32-bit targets. Given that an int is always 32 bits
on all targets we might care about, and given that Zephyr hardcoded
int32_t to an int before, then we just redefine __INT32_TYPE__ and
derrivatives to an int to keep the peace in the code.
* The confusion also exists with __INTPTR_TYPE__. Looking again at the
Zephyr SDK, it is defined as an int, even even when __INT32_TYPE__ is
initially a long int. One notable exception is i586-zephyr-elf where
__INTPTR_TYPE__ is a long int even when using -m32. On 64-bit targets
this is always a long int. So let's redefine __INTPTR_TYPE__ to always
be a long int on Zephyr which simplifies the code, works for both
32-bit and 64-bit targets, and mimics what the Linux kernel does.
Only a few print format strings needed adjustment.
In those two cases, there is a safeguard to ensure the type we're
enforcing has the right size and fail the build otherwise.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The free block bitmap uses either extra memory specified by a pointer
in struct sys_mem_pool_lvl or the space occupied by that pointer
directly if the bitmap length is small enough to fit it.
But the test is wrong. the inline bitmap should be used if the number
of required bits is smaller or _equal_ to the pointer size. Not doing so
would wrongly bounce the free block bitmap to extra memory when the
number of blocks is exactly 32, which is in disagreement with
Z_MPOOL_LBIT_WORDS() that correctly returns 0 in that case.
In theory that mean that this bug would causes an overflow of the free
block bitmap whenever one level has exactly 32 blocks. But right now
there is a separate bug fixed separately that over-sizes the extra block
bitmap mitigating this bug.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The block_fits() predicate was borked. It would check that a block
fits within the bounds of the whole heap. But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward. It needs to fit inside the PARENT block that it was
split from.
What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap. That's bad.
Change the API of block_fits() a little so it can extract the parent
region and do this properly.
Fixes#15279. Passes test introduced in #16728 to demonstrate what
seems like the same issue.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In z_sys_mem_pool_block_alloc() the size of the first level block
allocation is rounded up to the next 4-bite boundary. This means one
or more of the trailing blocks could overlap the free block bitmap.
Let's consider this code from kernel.h:
#define K_MEM_POOL_DEFINE(name, minsz, maxsz, nmax, align) \
char __aligned(align) _mpool_buf_##name[_ALIGN4(maxsz * nmax) \
+ _MPOOL_BITS_SIZE(maxsz, minsz, nmax)]; \
The static pool allocation rounds up the product of maxsz and nmax not
size of individual blocks. If we have, say maxsz = 10 and nmax = 20,
the result of _ALIGN4(10 * 20) is 200. That's the offset at which the
free block bitmap will be located.
However, because z_sys_mem_pool_block_alloc() does this:
lsizes[0] = _ALIGN4(p->max_sz);
Individual level 0 blocks will have a size of 12 not 10. That means
the 17th block will extend up to offset 204, 18th block up to 216, 19th
block to 228, and 20th block to 240. So 4 out of the 20 blocks are
overflowing the static pool area and 3 of them are even located
completely outside of it.
In this example, we have only 20 blocks that can't be split so there is
no extra free block bitmap allocation beyond the bitmap embedded in the
sys_mem_pool_lvl structure. This means that memory corruption will
happen in whatever data is located alongside the _mpool_buf_##name
array. But even with, say, 40 blocks, or larger blocks, the extra bitmap
size would be small compared to the extent of the overflow, and it would
get corrupted too of course.
And the data corruption will happen even without allocating any memory
since z_sys_mem_pool_base_init() stores free_list pointer nodes into
those blocks, which in turn may get corrupted if that other data is
later modified instead.
Fixing this issue is simple: rounding on the static pool allocation is
"misparenthesized". Let's turn
_ALIGN4(maxsz * nmax)
into
_ALIGN4(maxsz) * nmax
But that's not sufficient.
In z_sys_mem_pool_base_init() we have:
size_t buflen = p->n_max * p->max_sz, sz = p->max_sz;
u32_t *bits = (u32_t *)((u8_t *)p->buf + buflen);
Considering the same parameters as above, here we're locating the extra
free block bitmap at offset `buflen` which is 20 * 10 = 200, again below
the reach of the last 4 memory blocks. If the number of blocks gets past
the size of the embedded bitmap, it will overlap memory blocks.
Also, the block_ptr() call used here to initialize the free block linked
list uses unrounded p->max_sz, meaning that it is initially not locating
dlist nodes within the same block boundaries as what is expected from
z_sys_mem_pool_block_alloc(). This opens the possibility for allocated
adjacent blocks to overwrite dlist nodes, leading to random crashes in
the future.
So a complete fix must round up p->max_sz here too.
Given that runtime usage of max_sz should always be rounded up, it is
then preferable to round it up once at compile time instead and avoid
further mistakes of that sort. The existing _ALIGN4() usage on p->max_sz
at run time are then redundant.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
If multithreading is disabled, thread_entry() never runs
since we cannot create threads; the non-multithreading case
was simply dead code.
Indicate to code coverage that CODE_UNREACHABLE should be
skipped.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This allows for printing long long values. Because the code size
increase may be significant, this is made optional on 32-bit targets.
On 64-bit targets this doesn't change the code much as longs and
long longs are the same size so it is always enabled in that case.
The test on MAXFLD has to be adjusted accordingly. Yet, its minimum
value wasn't large enough to store a full-scale octal value, so this
is fixed as well.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
On 64-bit systems the most notable difference is due to longs and
pointers being 64-bit wide. Therefore there must be a distinction
between ints and longs. Similar to the prf.c case, this patch properly
implements the h, hh, l, ll and z length modifiers as well as some small
cleanups.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
On 64-bit systems the most notable difference is due to longs and
pointers being 64-bit wide. Therefore there must be a distinction
between ints and longs.
This patch:
- Make support functions take a long rather than an int as this can
carry both longs and ints just fine.
- Use unsigned values in _to_x() to cover the full unsigned range
and avoid sign-extending big values. Negative values are already
converted to unsigned after printing the minus sign. This also makes
division and modulus operations slightly faster.
- Remove excessive casts around va_arg() and use proper types with it.
- Implement the l and z length modifiers as they're significant on
64-bit targets. While at it, throw in the z modifier as well.
Since they all come down to 32-bit values on 32-bit targets, the
added code should get optimized away as duplicate by the compiler
in that case.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Casting a pointer to an int produces warnings with 64-bit targets.
Furthermore, an int is not always the optimal memory element that
can be copied in that case.
Let's use uintptr_t to cast pointers to integers for alignment
determination purposes, and mem_word_t to denote the optimal memory
"word" that can be copied on the platform.
The mem_word_t definition is equivalent to uintptr_t by default.
However, some 32-bit targets such as ARM platforms with the LDRD/STRD
instructions could benefit from word_t being an uint64_t.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Per guidelines, all statements should have braces around them. We do not
have a CI check for this, so a few went in unnoticed.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The struct json_obj_descr definition allocates only 2 bits for type
alignment. Instead of using them literally minus 1 to encode 1, 2, or 4,
let's store the alignment's shift value instead so that 1, 2, 4 or 8 can
be encoded with the same 2 bits to accommodate 64-bit builds.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This extends the UpdateHub library code to allow the
use of IPV6 for communication.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
This extends the UpdateHub library code to allow the
use of CoAPS/DTLS for communication.
Refs: #13039.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
UpdateHub is an enterprise-grade solution which makes simple to
remotely update all your embedded devices in the field. It
handles all aspects related to sending Firmware Over-the-Air(FOTA)
updates with maximum security and efficiency, while you focus in
adding value to your product.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Corrected buffer pointer in LVGL zephyr_vdb_write function for
converting RGBA8888 to RGB888 pixel format.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
The 'Graphical user interface' menu currently contains just the
'LittlevGL Support' symbol and its indented children.
To remove one menu level, remove the 'Graphical user interface' menu,
rename the symbol to 'LittlevGL GUI library' (consistent with e.g.
'Logging' and 'Bluetooth'), and turn it into a 'menuconfig' symbol.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Previous version calculated rt_clock_base incorrectly by subtracting
clock_gettime from the specified time. Effectively the following
formula was used.
rt_clock_base := new_time - clock_gettime()
This is clearly incorrect when we consider what should happen if we
call clock_settime with the result of clock_gettime. It ought to be
approximately a no-op, but instead we end up zeroing the clock.
rt_clock_base := clock_gettime() - clock_gettime() = 0
This patch fixes clock_settime by instead using k_uptime_get to
calculate rt_clock_base, like so:
rt_clock_base := new_time - k_uptime_get()
Trying the earlier thought experiment we get:
rt_clock_base := clock_gettime() - k_uptime_get()
Using the definition of clock_gettime this expands to:
rt_clock_base := (rt_clock_base + k_uptime_get()) - k_uptime_get()
The two k_uptime_get() terms cancel out, leaving:
rt_clock_base := rt_clock_base
I.e. the no-op that we expect when calling clock_settime with
the result of clock_gettime.
Note: The bug is only observable when rt_clock_base is non-zero.
So when clock_settime is called for the first time, it will appear
to work correctly since rt_clock_base is initialized to 0.
Signed-off-by: Alexander Mihajlovic <alexander.mihajlovic@endian.se>
Add an option for building with newlib-nano library.
The newlib-nano library for ARM embedded processors is a part of the
GNU Tools for ARM Embedded Processors.
Add mem_alloc tests with newlib nano.
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
Use the new math_extras functions instead of calling builtins directly.
Change a few local variables to size_t after checking that all uses of
the variable actually expects a size_t.
Signed-off-by: Jakob Olesen <jolesen@fb.com>
Current code implement CONFIG_MAX_PTHREAD_COUNT as the maximum number
of POSIX threads that can ever be created, rather than the maximum
number of active POSIX threads. Use pthread_state of struct posix_thread
to track the state of posix thread in posix_thread_pool so that we can
reuse the unused posix thread.
Fixes#15516.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
According to POSIX, that's the header which defines this function.
Similarly, nothing in POSIX indicates that <time.h> should have
access to struct timeval, so it's removed (it's made accessible
to <sys/time.h> via <sys/_timeval.h> introduced earlier).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is implementation-level header which defines struct timeval, and
intended to be included by headers which need this structure. This
implementation scheme is compatible with Newlib, and thus provides a
step to use minlibc vs Newlib interchangeably.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Set to same default as regular stacks. This doesn't use
any extra memory until CMSIS_V2_THREAD_DYNAMIC_MAX_COUNT
is set. 0 is not a valid default if that is set.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Depending on configuration, this value could end up as
a variable and not an array symbol, causing a crash if
newlib decides to call _sbrk on behalf of a user thread,
which needs to perform arithmetic on it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Excerpt from the manual:
If ptr is NULL, then the call is equivalent to malloc(size) [...]
Without this commit, such calls end with a BUS FAULT.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Rename reserved function names in the subsys/ subdirectory except
for static _mod_pub_set and _mod_unbind functions in bluetooth mesh
cfg_srv.c which clash with the similarly named global functions.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Permission management no longer necessary, the former
parameter for the mutex is now simply ignored.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For systems without userspace enabled, these work the same
as a k_mutex.
For systems with userspace, the sys_mutex may exist in user
memory. It is still tracked as a kernel object, but has an
underlying k_mutex that is looked up in the kernel object
table.
Future enhancements will optimize sys_mutex to not require
syscalls for uncontended sys_mutexes, using atomic ops
instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
MISRA-C 8.10.2 defines essential operand types and how to handle them
through rules 10.1 .. 10.5. This commit adds an U to unsigned constants
to avoid implicit casts and make if/while statements evaluate a boolean
to avoid other types being casted to boolean.
MISRA-C rules 10.1, 10.2 and 10.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
fs_dirent.name is MAX_FILE_NAME + 1 bytes long, not PATH_MAX. Just
fixing it to avoid access invalid memory.
Coverity CID: 186037
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
We are reverting the changes in commit
55b3f05932 given build errors are seen
when fcntl.h is included, as it declares fcntl() as a non-static
function. The same function cannot be declared as both static and
non-static.
Instead, we avoid redefining fcntl() in lib/os/fdtable.c specifically
for case of the SimpleLink family, til we have support for the new
socket_op_vtable.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
Do not perform early level usage check. This can lead to situation
where block is seen as available on level when it was taken from
the other context.
Fixes: #14504
Signed-off-by: Pawel Dunaj <pawel.dunaj@nordicsemi.no>
Some function return values were not handled. Added assert in case
those functions return error. It is possible only if same ring buffer
instance is used without any protection from multiple contexts.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Maybe this is some "just in case" thing that got copied around. There's
no need to have a blank line at the beginning or end of Kconfig files.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When we build with newlib we don't set -nostdinc. In that case make
sure that we leave it to the toolchain to set the system include paths.
The one exception to leaving to the toolchain to set the system include
paths is the path to the newlib headers. Since we build
with -ffreestanding we need to make sure the newlib header path is the
before the toolchain headers. Otherwise the toolchain's 'freestanding'
headers get picked up and that causes issues (for example getting PRI*64
defined properly from inttypes.h due to __STDC_HOSTED__ being '0').
For newlib we accomplish this by having the only system header specified
by zephyr_system_include_directories() being just the newlib headers.
Note: for minlibc we leave things alone as things just happen to work as
the -I include of the libc headers takes precedence over -isystem so we
get the libc headers over the toolchain ones. For the newlib case it
appears that setting both -I and -isystem for the same dir causes the
-I to be ignored.
Fixes#14310
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Configure lvgl defaults for imx rt boards in their respective board
defconfigs rather than the lvgl sample application.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
For some reason we missed _zephyr_fputc in commit
4344e27c26. Rename _zephyr_fputc to just
zephyr_fputc and fixup associated code to build.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Commit 4344e27c26 changed the reserved
function names, but got the naming wrong for fwrite. Just use the
name zephyr_fwrite everywhere.
Fixes#14275
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Prevent speculative attacks with out-of-bounds fd
values.
Won't affect code generation for systems that don't
enable CONFIG_BOUNDS_CHECK_BYPASS_MITIGATION.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Changed the print format for unsigned 32-bit variables that produced
warnings when compiled with newlib instead of the standard C library.
Chose to replace %d with PRIu32 because the latter is more portable
and adapts to the types of the standard C libraries.
Tested with and without newlib, and with sanitycheck.
Signed-off-by: Dennis Wildmark <dennis.wildmark@assaabloy.com>
Appears within an 'if LVGL'.
'if FOO' is just shorthand for adding 'depends on FOO' to each item
within the 'if'. Dependencies on menus work similarly. There are no
"conditional includes" in Kconfig, so 'if FOO' has no special meaning
around a source. Conditional includes wouldn't be possible, because an
if condition could include (directly or indirectly) forward references
to symbols not defined yet.
Tip: When adding a symbol, check its dependencies in the menuconfig
('ninja menuconfig', then / to jump to the symbol). The menuconfig also
shows how the file with the symbol got included, so if you see
duplicated dependencies, it's easy to hunt down where they come from.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Remove case ranges from printk in order to clean up GNUisms
and make the code standards compliant.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
We used to leave byte-long placeholder symbols to ensure
that empty application memory sections did not cause
build errors that were very difficult to understand.
Now we use some relatively portable inline assembly to
generate a symbol, but don't take up any extra space.
The malloc and libc partitions are now only instantiated
if there is some data to put in them.
Fixes: #13923
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Added __weak keyword to to support overriding assert_post_action().
This allows system designers to change/augment the assert behaviour,
i.e. add logging to persistant storage of program counter, line
number etc, and/or change reboot behaviour.
Signed-off-by: Tim Sørensen (TIMS) <tims@oticon.com>
Exactly one caller of pthread_barrier_wait() should receive a return
value of PTHREAD_BARRIER_SERIAL_WAIT; all others should receive zero
(or an error code). Added a test to match.
Fixes: #9953
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
MISRA-C says that char type should not be used in arithmetically as the
data doesn't represent numbers.
MISRA-C rules 10.1 and 10.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
MISRA rules (see #11425) forbid recursive algorithms. In the case of
rb_walk(), it's not actually used anywhere but a test right now, so we
can simply disable the API when CONFIG_MISRA_SANE is defined. Mempool
had a (IMHO, fairly clever) tail recursive loop in bfree_recombine()
which can be trivially transformed into an only slightly uglier
iterative version.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
MISRA rules (see #9892) forbid alloca() and family, even though those
features can be valuable performance and memory size optimizations
useful to Zephyr.
Introduce a MISRA_SANE kconfig, which when true enables a gcc error
condition whenever a variable length array is used.
When enabled, the mempool code will use a theoretical-maximum array
size on the stack instead of one tailored to the current pool
configuration.
The rbtree code will do similarly, but because the theoretical maximum
is quite a bit larger (236 bytes on 32 bit platforms) the array is
placed into struct rbtree instead so it can live in static data (and
also so I don't have to go and retune all the test stack sizes!).
Current code only uses at most two of these (one in the scheduler when
SCHED_SCALABLE is selected, and one for dynamic kernel objects when
USERSPACE and DYNAMIC_OBJECTS are set).
This tunable is false by default, but is selected in a single test (a
subcase of tests/kernel/common) for coverage. Note that the I2C and
SPI subsystems contain uncorrected VLAs, so a few platforms need to be
blacklisted with a filter.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These get references by newlib builds in other toolchains, e.g.
gnuarmemb, and lack of them breaks linking. Tested that
tests/posix/fs and tests/posix/common actually work with these
changes.
Fixes: #13906
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Some more were added since the cleanup pass in June 2018. See e.g.
commit 2d50da70a1 ("drivers: ipm: Kconfig: Remove redundant 'default n'
properties") for a motivation. It also avoids people wondering whether
or not they need to put in 'default n'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
_impl__zephyr_write() was renamed to _impl__zephyr_write_stdout().
This wasn't caught by CI because we didn't have POSIX tests build
for newlib, but now we have.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
In case newlib is enabled, but POSIX subsys isn't, there're adhoc
implementations of read() and write() which work only with adhoc
stdin/stdout emulation layer. These are backed by system calls named
like "read" and "write". Rename all these functions and syscalls to
explicitly mention stdin/stdout in the names, to free namespace
for the implementation of generic read/write syscalls which will
integrate with POSIX fdtable.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The intent of this Kconfig is to allow libc stdout
functions like printf() to send their output to the
active console driver instead of discarding it.
This somehow evolved into preferring to use
printf() instead of printk() for all test case output
if enabled. Libc printf() implementation for both
minimal libc and newlib use considerably more stack
space than printk(), with nothing gained by using
them.
Remove all instances where we are conditionally
sending test case output based on this config, enable
it by default, and adjust a few tests that disabled
this because they were blowing stack.
printk() and vprintk() now work as expected for
unit_testing targets, they are just wrappers for
host printf().
Fixes: #13701
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Also, for now x86_64 does not support newlib, so do not enable newlib
for this arch until we have a solution.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
With newer newlib we get a build error with mqueue.h realted to mode_t.
Let's just let newlib define mode_t and have minimal libc also define
it in sys/types.h. So we remove the duplicated definition in
posix/unistd.h.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need a generic name for the partition containing
essential C library globals. We're going to need to
add the stack canary guard to this area so user mode
can read it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Both SDK 0.10.0-beta2 and the ARM gcc 2018q2 run into a build issue with
newlib and conflict definitions of mode_t type.
First we need to add some ifdef protection if mode_t is already defined
and set _MODE_T_DECLARED if we are the first to define it.
Secondarily, we rename include/posix/sys/types.h to
include/posix/posix_types.h so that we aren't getting a name collusion
with the system sys/types.h and that we can easily and clearily include
it (which we need to do to pull in the info from newlib).
Fixes: #12224
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For now we are disabling support for POSIX lib on native posix arch. We
need to cleanup and support POSIX lib cleanly for hardware targets.
Once that is working properly we can look to support the feature on
native posix arch.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Just like with _Swap(), we need two variants of these utilities which
can atomically release a lock and context switch. The naming shifts
(for byte count reasons) to _reschedule/_pend_curr, and both have an
_irqlock variant which takes the traditional locking.
Just refactoring. No logic changes.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Implements osThreadJoin and osThreadDetach.
This implementation uses a semaphore to signal when a thread is
exiting so any join operations are signalled to continue. It supports
multiple join operations on a single thread, and ensures joins are
aborted if a thread is detached.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Newlib now defines a special z_newlib_partition containing
all globals relevant to newlib. Most of these are in libc.a
with a heap tracking variable in newlib's hooks.
* Both C libraries now expose a k_mem_partition containing the
bounds of the malloc heap arena. Threads that want to use
libc malloc() will need to add this to their memory domain.
* z_newlib_get_heap_bounds has been removed, in favor of the
memory partition for the heap arena
* ztest now includes the C library partitions in its memory
domain.
* The mem_alloc test now runs in user mode to prove that this
all works for both C libraries.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If an unitialized/zeroed optional attribute was passed to osThreadNew
the priority would be osThreadNone i.e. uninitialized. This causes an
ASSERT to be hit as the priority isn't valid (it is not between
osPriorityIdle and osPriorityISR).
The fix checks the passed in priority is not osPriorityNone and assigns
osPriorityNormal. This is the correct CMSIS behaviour.
The ASSERT will still be hit if the priority is invalid (<0).
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Fixed an issue whereby if an attribute structure was passed into a CMSIS
RTOS v2 'new' function with an invalid address i.e. NULL assigned to the
name (char*) member the memcpy at the end of each new function
would cause a segmentation fault i.e. read from an invalid
address.
This has been fixed by checking if the name is NULL and using the
default name from the init struct if it is. This is the same name
that would be used if not passing in the optional attr function
argument.
Changed the memcpy to strncpy to ensure that the copy does not read
beyond the end of the source string and changed the length from 16 to 15
(by means of a `sizeof(...)-1`) of the destination buffer to ensure that
it will always be nul-terminated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Implemented dynamic thread stacks for CMSIS threads by declaring an
array of default sized thread stacks. Allocation cannot be done on the
heap as some architectures require strict alignment for stacks so the
macro must be used to define the stack to ensure most compatibility.
Added a Kconfig variable to limit the number of dynamic threads on the
system (they also count towards total CMSIS thread count). This is so a
developer can have fine grained control over how many dynamic threads
can be allocated because all their stacks must be allocated up front so
could use a lot of memory needlessly if oversubscribed. The default
value is 0 which effectively disabled dynamic threads but also reduces
the memory impact to almost none.
Fixed an assert bug where thread_num was being tested against the
maximum allowed CMSIS threads - it previous checked for less than or
equal which actually (due to when the increment happens) allowed there
to be one more thread. The check now correctly uses less than and only
allowed up to the defined maximum.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Implemented dynamic allocation of memory pools in a similar to manner to
what was already implemented for message queues. Added all the same
checks on size vs. maximum allowed and current heap.
Added an additional Kconfig variable to define the maximum size of a
dynamically allocated memory pool.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Added some additional checks when creating a message queue to ensure the
size of the queue does not exceed the size of the buffer passed in via
the optional attributes.
Added a new Kconfig option to limit the maximum size of a message queue
dynamically allocated on the heap.
Added a check to ensure the heap is at least large enough to hold a
maximum size dynamically allocated queue.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Added Kconfig dependency that NUM_PREEMPT_PRIORITIES must be at least
osPriorityISR (56). This was enforced by a build assert message but not
decribed in the Kconfig.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
After #12732, 6904501173
asserts call k_panic.
Before this, the POSIX arch had its own hack in the
__ASSERT_POST implementation to terminate the process instead
of spining forever.
But the POSIX arch does implement k_panic properly, so there
is no need anymore for this hack.
=> Remove the special treatment for POSIX ARCH
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Replaced forever loop in assert with call to a function.
In post_assert_action() function, k_panic is called.
Forever loop was preventing logs to be printed and had behavior
ependent on the context (low prioriy thread - system continue to
ork, irq - system is blocked).
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
lib/ was starting to get messy and inconsitent. Files being either
dumped in the root or in sub-directories without a clear plan.
Move all library components into one single folder and call it 'os'.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
mq_maxmsg and mq_msgsize are defined to be of
type long in POSIX standard. So use long for
variables that hold its value in mq_open().
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
This patch adds a x86_64 architecture and qemu_x86_64 board to Zephyr.
Only the basic architecture support needed to run 64 bit code is
added; no drivers are added, though a low-level console exists and is
wired to printk().
The support is built on top of a "X86 underkernel" layer, which can be
built in isolation as a unit test on a Linux host.
Limitations:
+ Right now the SDK lacks an x86_64 toolchain. The build will fall
back to a host toolchain if it finds no cross compiler defined,
which is tested to work on gcc 8.2.1 right now.
+ No x87/SSE/AVX usage is allowed. This is a stronger limitation than
other architectures where the instructions work from one thread even
if the context switch code doesn't support it. We are passing
-no-sse to prevent gcc from automatically generating SSE
instructions for non-floating-point purposes, which has the side
effect of changing the ABI. Future work to handle the FPU registers
will need to be combined with an "application" ABI distinct from the
kernel one (or just to require USERSPACE).
+ Paging is enabled (it has to be in long mode), but is a 1:1 mapping
of all memory. No MMU/USERSPACE support yet.
+ We are building with -mno-red-zone for stack size reasons, but this
is a valuable optimization. Enabling it requires automatic stack
switching, which requires a TSS, which means it has to happen after
MMU support.
+ The OS runs in 64 bit mode, but for compatibility reasons is
compiled to the 32 bit "X32" ABI. So while the full 64 bit
registers and instruction set are available, C pointers are 32 bits
long and Zephyr is constrained to run in the bottom 4G of memory.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Added glue logic to interface Zephyr with LittlevGL GUI library
This includes:
* KConfig options for all lvgl options
* Kernel & user space memory management
* Zephyr to lvgl FS call mapping
* Color space conversion function
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Following the standard GCC RISC-V convetion use __riscv for the RISC-V
specific define:
41d6b10e96/gcc/config/riscv/riscv-c.c (L37)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Used as a checksum on command messages when talking with MMC cards.
Implemented using the unwound bytewise implementation from
https://en.wikipedia.org/wiki/Computation_of_cyclic_redundancy_checks
which is a good mix of size and speed.
The API and naming matches lib/crc7.c in Linux.
Signed-off-by: Michael Hope <mlhx@google.com>
If any of the Zephyr version numbers went beyond 99, the "%2d" printf
specifiers would expand to fit and the string would run over the
memory on the stack used for os_str[].
Recent GCC versions (remember native_posix and x86_64 use the host
compiler) were actually detecting this and correctly issuing a warning
(but only if the 3-digit char value would overflow the actual array
size!), which was breaking sanitycheck for me on Fedora 28 and Ubuntu
18.04 build hosts. Pretty impresive warning.
As it happens this was wasteful anyway; we were spending bytes on the
stack (and in rodata to store the constant which, and the cycles
needed to copy it into place on the stack where it would be
overwritten immediately) when we could just snprintf() directly into
the buffer the user gave us.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Thread Flags are used to trigger execution states between threads.
These APIs provide functionalities like set, clear and wait.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Events are used to trigger execution states between threads.
These APIs provide functionalities like event set, clear and
wait.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
These APIs allow creating, allocating and freeing of mempools.
Note: "Mempool" in CMSIS actually means memslabs in Zephyr.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
These APIs provide the support of virtual timers. All timers
can be started, restarted, or stopped. Timers can be configured
as one-shot or periodic.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
APIs to introduce wait i.e osDelay and osDelayUntil are defined
here. They are analogous to k_sleep in the kernel.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Implement support for Kernel management APIs like
osKernelInitialize, osKernelGetTickCount, osKernelGetSysTimerCount
etc.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
According with MISRA-C the value returned by a non-void function has
to be used. As memcpy return is almost useless, we are explicitly
ignoring it.
MISRA-C rule 17.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
ioctl() just dispatches to the corresponding vmethod of an fd.
fcntl() handles fdtable-level operations (so far doesn't handle
actually, returning "not implemented" error), and forwards
fd-specific operations to ioctl vmethod just the same (i.e.
ioctl and fcntl operations share the same namespace, but otherwise
disjoint).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
As extend fdtable usage to more cases, there regularly arises a need
to forward ioctl/fcntl arguments to another ioctl vmethod, which is
complicated because it defined as taking variadic arguments. The only
portable solution is to convert variadic arguments to va_list at the
first point of entry from client code, and then pass va_list around.
To facilitate calling ioctl with variadic arguments from system code,
z_fdtable_call_ioctl() helper function is added.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>