Our minimal C library makes an alias of UINT*_C() to
be __UINT*_C() and INT*_C() to __INT*_C(). However,
in mwdt, these are not defined by default, so define
them ourselves. We have similar fix for xcc: #31962
Signed-off-by: Watson Zeng <zhiwei@synopsys.com>
The K_HEAP_DEFINE macro would allow users to specify heaps that are
too small, leading to potential corruption events (though at least
there were __ASSERTs that would catch this at runtime if enabled).
It would be nice to put the logic to compute this value into the heap
code, but that isn't available in kernel.h (and we don't want to pull
it in as this header is already WAY to thick). So instead we just
hand-compute and document the choice. We can address bitrot problems
with a test.
(Tweaks to heap size asserts and correct size bounds from Nicolas Pitre)
Fixes#33009
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
work_q.c is not being built or used, it was replaced by user_work.c
which now has k_work_user_queue_start.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit removes the lock inside the newlib internal `_sbrk`
function, which is called by `malloc` when additional heap memory is
needed.
This lock is no longer required because any calls to the `malloc`
function are synchronised by the `__malloc_lock` and `__malloc_unlock`
functions.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit adds a lock implementation for the newlib heap memory
management functions (`malloc` and `free`).
The `__malloc_lock` and `__malloc_unlock` functions are called by the
newlib `malloc` and `free` functions to synchronise access to the heap
region.
Without this lock, making use of the `malloc` and `free` functions from
multiple threads will result in the corruption of the heap region.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
File has next violations:
MISRA 11_9_a
Use NULL instead of literal zero (0) as the null-pointer-constant
MISRA 11_9_b
Literal zero (0) shall not be used as the null-pointer-constant
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
File zephyr/lib/os/cbprintf_nano.c had operands with different types.
It caused Rule 10.4 violation.
Both operands of an operator in which the usual arithmetic conversions
are performed shall have the same essential type category.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
coding guidelines 10.4: casting operands to have same types
File zephyr/lib/os/cbprintf_nano.c had operands with different types.
It caused Rule 10.4 violation.
Both operands of an operator in which the usual arithmetic conversions
are performed shall have the same essential type category.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
removed cast to int
Do basic preparations for building code for ARCv3 HS6x
* add ISA_ARCV3 and CPU_HS6X config options
* add off_t type support for __ARC64__
* use elf64-littlearc format for linking
* use arc64 mcpu for CPU_HS6X
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Evgeniy Paltsev <PaltsevEvgeniy@gmail.com>
This introduces bit arrays as a new data type. This is different
than sys_bitfield as it is working on raw arrays of 32-bit
data. The bit arrays encode additional data inside the struct
to avoid going beyond the declared number of bits, and also
provides locking.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Previously, when no overwrite mode was used and there was no space
no packet was dropped. However, it should be allowed to drop skip
packet that may be added as padding at the end of the buffer.
Extended dropping scheme to drop skip packets in no overwrite mode.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Added early return from mpsc_pbuf_alloc when requested size
exceed the buffer capacity. Previously, in that case buffer
was falling into endless loop.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Currently P4WQ supports queues with sets of user-provided
worked threads of arbitrary numbers. These threads are started
immediately upon initialisation.
This patch adds support for 3 more thread implementation options:
1. queue per thread. It adds a K_P4WQ_ARRAY_DEFINE() macro which
initialises an array of queues and threads of the same number.
These threads are then uniquely assigned to respective queues.
2. delayed start. With this option threads aren't started
immediately upon queue initialisation. Instead a new function
k_p4wq_enable_static_thread() has to be called to enable those
threads individually.
3. queue per CPU. With this option the user can assign CPU masks
to threads when calling k_p4wq_enable_static_thread().
Otherwise the cpu_mask parameter to that function is ignored.
Currently enabling this option implies option 2 above. Also so
far to enable queues per CPU the user has to use
K_P4WQ_ARRAY_DEFINE(), which means this option also implies 1
above, but both these restrictions can be relaxed in the
future if required.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Work items in P4WQ currently belong to the user before submission
and after exit from the handler, therefore, unless the handler
re-submits the item, accessing it in p4wq_loop() in such cases
is racy. To fix this we re-define work item ownership. Now the
item belongs to the P4WQ core until the user calls
k_p4wq_wait(). If the work item has its .sync flag set, the
function will sleep until the handler completes processing the
work item or until the timeout expires. If .sync isn't set and
the handler hasn't processed the item yet, the function returns
-EBUSY.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
When SMP is disabled, the SMP initialisation level is
undefined, therefore a different level must be used.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Reboot functionality has nothing to do with PM, so move it out to the
subsys/os folder.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
onoff, p4wq, and sem had several places missing final else
statement in the if else if construct. This commit adds
else {} to comply with coding guideline 15.7.
Signed-off-by: Jennifer Williams <jennifer.m.williams@intel.com>
heap* had several places missing final else statement in the
if else if construct. This commit adds else {} to comply with
coding guideline 15.7.
Signed-off-by: Jennifer Williams <jennifer.m.williams@intel.com>
cbprintf_* had several places missing final elsestatement in the
if else if construct. This commit adds else {} to comply with
coding guideline 15.7.
Signed-off-by: Jennifer Williams <jennifer.m.williams@intel.com>
NIOS2 is using _image_rodata_start/_end in its linker script
to mark the boundaries of rodata. So they no loner need
special treatment.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The lib/os/ had several places missing final else
statement in the if else if construct. This commit adds
else {} or simple refactor to comply with coding guideline 15.7.
- cbprintf_complete.c
- cbprintf_nano.c
- heap-validate.c
- heap.c
- onoff.c
- p4wq.c
- sem.c
Also resolves the checkpatch issue of comments should align * on
each line.
Signed-off-by: Jennifer Williams <jennifer.m.williams@intel.com>
get_child does not return an essentially boolean type, so it has to be
properly checked against a pointer.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Move cmsis OS apis under subsystem/portability. Those are not libraries
and only serve to provide a level of abstraction using the CMSIS OS APIs
to existing Zephyr interfaces.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Added optional debug prints. Logging cannot be used because
mpsc pbuf is used by the logging.
Added option to clear packet memory after allocation. Option is
enabled in Kconfig.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Added module for storing variable length packets in a ring buffer.
Implementation assumes multiple producing contexts and single consumer.
API provides zero copy functionality with alloc, commit, claim, free
scheme.
Additionally, there are functions optimized for storing single word
packets and packets consisting of a word and a pointer. Buffer can work
in two modes: saturation or overwriting the oldest packets when buffer
has no space to allocate for a new buffer.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The if ... else if ... construct was missing the final else.
This commit refactors it to comply with coding guideline 15.7.
The logic is to check if used or free, and do not increment
for the reserved chunks (first/last) in the heap.
Signed-off-by: Jennifer Williams <jennifer.m.williams@intel.com>
Allow NULL data buffers to be provided to `ring_buf_get` and
`ring_buf_item_get`, in which case data will be discarded instead of
copied out to the user.
Fixes#33488.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
This functions is being called across the tree, no reason why it should
not be a public API.
The current usage violates a few MISRA rules.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Split ARM and ARM64 architectures.
Details:
- CONFIG_ARM64 is decoupled from CONFIG_ARM (not a subset anymore)
- Arch and include AArch64 files are in a dedicated directory
(arch/arm64 and include/arch/arm64)
- AArch64 boards and SoC are moved to soc/arm64 and boards/arm64
- AArch64-specific DTS files are moved to dts/arm64
- The A72 support for the bcm_vk/viper board is moved in the
boards/bcm_vk/viper directory
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
- When malloc() is called with a size of 0 we should not set errno
to ENOMEM as there is no actual allocation failure in that case.
This duplicates the realloc() behavior.
- Put unlock_ret assignments on separate lines, otherwise gcc complains
about unused variables when the tests on it are disabled.
- There NULL return added in 952970d6cb are completely pointless.
First, there is no reason for sys_mutex_unlock() to fail, and even
if it did, those returns would be blatent memory leaks. Remove them.
No one should blindly modify code just to make static code
analysers happy.
- Replace all CHECKIF() by explicit assertion statements to uniformize
those checks and drop the NULL returns entirely. We can't return
anything in the free() case, and there are no runtime conditions
for sys_mutex_lock() to sometimes succeed and sometimes fail anyway.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Consistently use ticks for timing purposes.
Fix retry logic.
Check flags when osFlagsWaitAll is not set.
Fixes#31103
Signed-off-by: Artur Lipowski <Artur.Lipowski@hidglobal.com>
Unified define used for handling sparc case in static and
runtime packaging. Reworked macro for storing argument in
static packaging.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Added parameter to CBPRINTF_STATIC_PACKAGE which indicates buffer
alignment offset compared to CBPRINTF_PACKAGE_ALIGNMENT. When offset
is set to 0, macro assumes that input buffer is aligned to
CBPRINTF_PACKAGE_ALIGNMENT. When offset is positive, macro assumes
that buffer address is shifted by given number of bytes to
CBPRINTF_PACKAGE_ALIGNMENT alignment.
Extended cbprintf_package to use len argument as alignment offset
indicator when calculating length only (package pointer is null).
Features are not available for xtensa platform which seems to
require 16 byte alignment from the package. It is only an assumption
due to lack of the documentation and may be fixed in the future.
Feature allows to avoid unnecessary padding when package is part of
a message and preceeded by a header of a known size. For example,
message header on 32 bit architecture has 12 bytes, long doubles are
not used so cbprintf requires 8 byte alignment. Without alignment
offset indicator, package containing just a string with one argument
would need 4 byte padding after the header and 4 byte padding after
the package. Message would be 32 bytes long. With alignment offset
indication both paddings are not needed and message is only 24 bytes
long.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This symbol is reserved and usage of reserved symbols violates the
coding guidelines. (MISRA 21.2)
NAME
exp, expf, expl - base-e exponential function
SYNOPSIS
#include <math.h>
double exp(double x);
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This symbol is reserved and usage of reserved symbols violates the
coding guidelines. (MISRA 21.2)
NAME
fgetpos, fseek, fsetpos, ftell, rewind - reposition a stream
SYNOPSIS
#include <stdio.h>
void rewind(FILE *stream);
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This symbol is reserved and usage of reserved symbols violates the
coding guidelines. (MISRA 21.2)
NAME
fgetpos, fseek, fsetpos, ftell, rewind - reposition a stream
SYNOPSIS
#include <stdio.h>
void rewind(FILE *stream);
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fix#32938 [Coverity CID :219508] "Unchecked return value in
lib/libc/minimal/source/stdlib/malloc.c"
The Coverity complains about sys_mutex_lock() which returns 0 if
locked. I added also the same check on returned value for
sys_mutex_unlock() which returns 0 if unlocked.
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
The size_t usage, especially in struct z_heap_bucket made the heap
header almost 2x bigger than it needs to be on 64-bit systems.
This prompted me to clean up our type usage to make the code more
efficient and easier to understand. From now on:
- chunkid_t is for absolute chunk position measured in chunk units
- chunksz_t is for chunk sizes measured in chunk units
- size_t is for buffer sizes measured in bytes
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The end marker chunk was represented by the len field of struct z_heap.
It is now renamed to end_chunk to make it more obvious what it is.
And while at it...
Given that it is used in size_too_big() to cap the allocation size
already, we no longer need to test the bucket index against the
biggest index possible derived from end_chunk in alloc_chunk(). The
corresponding bucket_idx() call is relatively expensive on some
architectures so avoiding it (turning it into a CHECK() instead) is
a good thing.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Turn sys_heap_dump() into sys_heap_print_info() to better reflect
what it actually does, and improve the information being printed.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This "else" clause was dead code, in a valid
tree it's not possible to have a node and
its child both be red.
Fix issue #33239.
Signed-off-by: Ningx Zhao <ningx.zhao@intel.com>
Added validation of alignment to cbprintf_package. Error is returned if
input buffer is not aligned to the largest argument.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
In applications like logging the call site where arguments to
formatting are available may not be suitable for performing the
formatting, e.g. when the output operation can sleep. Add API that
supports capturing data that may be transient into a buffer that can
be saved, and API that then produces the output later using the
packaged arguments.
[ Documentation and commit log from Peter Bigot. ]
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Any value passed to a function in <ctype.h> shall be
representable as an unsigned char or be the value EOF.
So changed type of variable to unsigned char.
Signed-off-by: Spoorthy Priya Yerabolu <spoorthy.priya.yerabolu@intel.com>
Now that the old API has been reimplemented with the new API remove
the old implementation and its tests.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The new API cannot be used from userspace because it is not merely a
wrapper around existing userspace-capable objects (threads and
queues), but instead requires much more complex and lower-level access
to memory that can't be touched from userspace. The vast majority of
work queue users are operating from privileged mode, so there's little
motivation to go through the pain and complexity of converting all
functions to system calls.
Copy the necessary pieces of the existing userspace work queue API out
and expose them with new names and types:
* k_work_handler_t becomes k_work_user_handler_t
* k_work becomes k_work_user
* k_work_q becomes k_work_user_q
etc. Because the replacement API cannot use the same types new API
names are also introduced to make it more clear that the userspace
work queue API is a separate functionality.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Attempts to reimplement the existing work API using a new work
implementation failed, primarily due to heavy use of whitebox testing
in validating the original API. Add a temporary Kconfig that will
select between the two implementations so we can use the same
identifiers but select which implementation they reference.
This commit just adds the selection infrastructure and uses it to
conditionalize the existing implementation in anticipation of the new
one in the next commit.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Several internal APIs wrote thread attributes (return value, mainly)
_after_ calling `z_ready_thread`. This is unsafe, at least in SMP,
because another core could have already picked up and run the thread.
Fixes#32800.
Signed-off-by: James Harris <james.harris@intel.com>
This introduces the support for CRC32C (Castagnoli) algorithm.
The generator polynomial used is 0x1EDC6F41UL.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
This library is going to be used by the shell module. Some shell users
are not satisfied with subcommands alone and need to use the options
for commands as well.
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordicsemi.no>
We expect to have more libraries with incopatible license. There must
be a common place for such software. It seems that lib/util is good
place for that.
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordicsemi.no>
This makes cbprintf_nano.c much closer to the standard printf and
therefore more useful. The following are now implemented:
- right justification for everything (only for numbers previously)
- precision value for numbers, chars and strings
- width/precision passed as arguments with *
- "unlimited" padding length
- lower/uppercase hex output
- the #, + and ' ' flags are supported
And the code was heavily reworked to reduce its size as much as
possible to mitigate the size growth. Still, the binary resulting
from cbprintf_nano.c is now between 10% and 20% bigger depending on
the architecture. This is still far smaller than cbprintf_complete.c
which remains about twice as big on average even without FP support.
Many unit tests that were skipped with CONFIG_CBPRINTF_NANO are now
enabled, and a few more were added for good measure.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This reverts commit b6b6d39bb6.
With both commit 4690b8d5ec ("libc/minimal: fix malloc() allocated
memory alignment") and commit c822e0abbd ("libc/minimal: fix
realloc() allocated memory alignment") in place, there is no longer
a need for enforcing the big heap mode on every allocations.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Work items can be legally resubmitted from within their own handler.
Currently the p4wq detects this case by checking their thread field to
see if it's been set to NULL. But that's a race, because if the item
was NOT resubmitted then it no longer belongs to the queue and may
have been freed or reused or otherwise clobbered legally by user code.
Instead, steal a single bit in the thread struct for this purpose.
This patch adds a K_CALLBACK_STATE bit in user_options and documents
it in such a way (as being intended for "callback manager" utilities)
that it can't be used recursively or otherwise collide.
Fixes#32052
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Commit 40016a6a92 ("libc/minimal: Use a sys_heap for the malloc
implementation") replaced sys_mem_pool_alloc() with sys_heap_alloc().
The problem is that those aren't equivalent. While the former did
guard against concurrent usage, the later doesn't.
Add the same locking around sys_heap_alloc() that used to be implicit
with sys_mem_pool_alloc().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The commit adds initialization of fs_dir_t variables in preparation
for fs_opendir function change that will require fs_dir_t object, passed
to the function, to be initialized before first usage.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The commit adds initialization of fs_dir_t variables in preparation
for fs_opendir function change that will require fs_dir_t object, passed
to the function, to be initialized before first usage.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The sys_heap_realloc() code falls back to allocating new memory
and copying the existing data over when it cannot adjust the size
in place. However the size of the data to copy should be the old
size and not the new size if we're extending the allocation.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The definition for realloc() says that it should return a pointer
to the allocated memory which is suitably aligned for any built-in
type.
Turn sys_heap_realloc() into a sys_heap_aligned_realloc() and use it
with __alignof__(z_max_align_t) to implement realloc() with proper
memory alignment for any platform.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The definition for malloc() says that it should return a pointer
to the allocated memory which is suitably aligned for any built-in
type. This requirement was lost in commit 0c15627cc1 ("lib: Remove
sys_mem_pool implementation") where the entire memory pool used to
have an explicit alignment of 16.
Fix this by allocating memory with sys_heap_aligned_alloc() using
__alignof__(z_max_align_t) which will automatically get the needed
alignment on each platform.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The commit adds initializations of fs_file_t variables in preparation
for fs_open function change that will require fs_file_t object, passed
to the function, to be initialized before first usage.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
An assignment from one multi-word union field to another was not safe
from corruption. Copy the value out to a local value before storing it
to the preferred union field.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This allows applications that may not use minimal libc avoid the cost
of a second printf-like formatting infrastructure by using printfcb()
instead of printf() for output. It also helps make sure that the
formatting support (e.g. floats) is consistent between user-directed
output and the logging infrastructure.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Calculate crc32 4 bits at a time. The return value of the calculation is
identical to the previous 1 bit at a time implementation.
Results in a speed up of a factor 3 at the cost of using 64 bytes of
flash for a crc table.
Calculating crc32 of 128kB of flash on a 120MHz Kinetis MKE16F512
Cortex-M4 takes 99ms using the 1 bit at a time implementation, and 30ms
using the 4 bits at a time implementation.
The crc32 routine is used by subsys/canbus/canopen/canopen_program.c to
calculate crc of flash images.
Signed-off-by: Klaus H. Sorensen <khso@vestas.com>
This option allows forcing big heap mode. Useful on for getting 8-byte
aligned blocks on 32-bit machines.
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
reallocarray() is defined in terms of realloc(). From OpenBSD manual
pages:
"Designed for safe allocation of arrays, the reallocarray()
function is similar to realloc() except it operates on nmemb
members of size size and checks for integer overflow in the
calculation nmemb * size."
The return value of sys_heap_realloc() is not compatible with that
of realloc().
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
Previously, newlib claimed all free physical memory in the
system.
Now, the kernel manages this, allowing for memory to be
used via k_mem_map() calls.
Establish an upper bound to how much newlib will try to
claim on system startup, instead of trying to take all
of it, allowing other parts of the system to also map
anonymous memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now draw heap memory from an anonymous memory mapping
instead of a hard-coded region past the kernel image,
which is no longer mapped by default.
Some readability cleanups were made to a particuarly
horrible set of nested ifdefs. A few types were adjusted.
sbrk()'s count argument is an intptr_t, not an int.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
directly convert ticks to nsecs in the clock_* posix
functions which will provide the best resolution the
system allows
Signed-off-by: Nicholas Lowell <nlowell@lexmark.com>
The strategy used in z_heap_aligned_alloc() was to allocate an extra
align-sized memory block for storing a pointer to the memory heap.
This is wasteful in terms of memory usage when alignment is larger
than a pointer width. A loop is needed to find the initial memory
start when freeing it which isn't optimal either.
Instead, let's have sys_heap_aligned_alloc() rewind a pointer after
it is aligned to make just enough room for storing our heap reference.
This way the heap reference is always located immediately before the
aligned memory and any unused memory is returned to the heap.
The rewind and alignment values may coincide in which case only
the alignment is necessary anyway.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Previously, newlib claimed all free physical memory in the
system.
Now, the kernel manages this, allowing for memory to be
used via k_mem_map() calls.
Establish an upper bound to how much newlib will try to
claim on system startup, instead of trying to take all
of it, allowing other parts of the system to also map
anonymous memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now draw heap memory from an anonymous memory mapping
instead of a hard-coded region past the kernel image,
which is no longer mapped by default.
Some readability cleanups were made to a particuarly
horrible set of nested ifdefs. A few types were adjusted.
sbrk()'s count argument is an intptr_t, not an int.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Macros like INT64_C(x) convert x to a constant integral expression,
i.e. one that can be used in preprocessor code. Implement wrappers
that use the GNUC intrinsics to perform the translation.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Provide data structures to capture a timestamp in two different
clocks, monitor the drift between those clocks, and using a base
instant with estimated drift convert between the clocks.
This provides the core technology to convert between system uptime and
an external continuous time scale like TAI (UTC without applying leap
seconds).
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Let's do it upfront only once for each entry point and dispense
with overflow checks later to keep the code simple.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Fixes: #28650
Linking with newlib now defines the following linker flags as:
```
${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}c
${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}gcc
c
```
This is needed because when linking with newlib on aarch64, then libgcc
has a link dependency to libc (strchr), but libc also has dependencies
to libgcc.
CMake is capable of handling circular link dependencies for CMake
defined static libraries, which can be further controlled using
`LINK_INTERFACE_MULTIPLICITY`.
However, libc and libgcc are not regular CMake libraries, and is seen as
linker flags by CMake, and thus symbol de-duplications will be
performed.
CMake link options cannot be used, as that will place those libs first
on the linker invocation. -Wl,--start-group is problematic as the
placement of -lc and -lgcc is not guaranteed in case later libraries are
also using -lc / -libbgcc as interface linker flags.
Thus, we resort to use
`${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}`
as this ensures the uniqueness and thus avoids symbol de-duplication
which means libc will be followed by libgcc, which is finally followed
by libc again.
It would have been possible to use `-lc` directly, but there is a risk
that an externally library is also adding `-lc` and thus de-duplication
and re-arrangement of this flag happens. This risk is in theory also
existing with this fix, but the long nature of this link flag with using
`${CMAKE_C_LINKER_WRAPPER_FLAG}` would likely indicate a similar fix and
thus those libraries will stay in order.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The 'fputs' has flaw in the implementation. It almost always
returns 'EOF' even if completed successfully.
This happens because we compare 'fwrite' return value which is
"number of members successfully written" (which is 1 in current
implementation) to the total string size:
----------------------------->8-----------------------
int fputs(const char *_MLIBC_RESTRICT string,
FILE *_MLIBC_RESTRICT stream)
{
int len = strlen(string);
int ret;
ret = fwrite(string, len, 1, stream);
return len == ret ? 0 : EOF;
}
----------------------------->8-----------------------
In result 'fputs' return 'EOF' in case of string length bigger
than 1.
There are several fixes possible, and one of the fixes is to
swap number of items (1) with size (string length) when we
are calling 'fwrite'. The only difference will be that
'fwrite' will return actual numbers of bytes written which
can be compared with the string length.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
First, the maximum heap size must fit in 31 bits worth of chunks
because the internal 32-bit field holding the size is shared with
the `used` bit.
Then the mention of a 256-byte block in the doc is no longer
relevant. That pertained to the previous allocator implementation.
And ditto for the HEAP_MEM_POOL_MIN_SIZE kconfig option.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This adds a somewhat special purpose IPC mechanism. It's intended for
applications which have a "work queue" like architecture of discrete
callback items, but which need the ability to schedule those items
independently in separate threads across multiple CPUs. So P4 Work
items:
1. Can run at any Zephyr scheduler priority and with any deadline
(this feature assumes EDF scheduling is enabled)
2. Can be submitted at any time and from any context, including being
resubmitted from within their own handler.
3. Will preempt any lower priority work as soon as they are runnable,
according to the standard rules of Zephyr priority scheduling.
4. Run from a pool of worker threads that can be allocated efficiently
(i.e. you need as many as the number of CPUs plus the number of
preempted in-progress items, but no more).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The l length modifier can apply to the c format specifier; in that
case the expected value is of type wint_t. Minimal libc doesn't
define wint_t, and it is complex to do so correctly (must add
<wchar.h>, and use a lot of conditional tricks).
wint_t can differ from wchar_t in rank when wchar_t undergoes default
integral promotion, which it does on xtensa (wchar_t is unsigned
short). So we can use wchar_t as an approximation, except in va_arg
where we need to use a wider type: int covers this case.
Note that we still don't format wide characters, but we do want to
consume the correct amount of data for a default-promoted extended
character.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Whether char is signed or unsigned is toolchain and target specific.
Rather than assume it's signed (which is true for x86, but not for
ARM), do the right thing based on whether the minimum representable
value is less than zero.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
It may not be clear that the length modifiers reference native C types
with specific ranks. Document the core type for each modifier.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This function was designed to support the logging infrastructure's
need to copy values from va_list structures. It did not meet that
need, since some values need to be changed based on additional data
that is only available when the complete format specification is
examined. Remove the function as unnecessary.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Providing a literal width or precision that exceeds the non-negative
range of int does not appear to be rejected by the standard, but it
does produce a build diagnostic so we can't test it. Switch to an
equivalent form that doesn't affect line coverage.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Just like commit 0ae04f01b6 ("lib/os/heap: make some checks more
assertive") we shouldn't validate the externally provided align
argument only when CONFIG_SYS_HEAP_VALIDATE is set.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
If the new size amounts to the same number of chunks then:
- If right-chunk is used then we needlessly allocate new memory and
copy data over.
- If right-chunk is free then we attempt to split it with a zero size
which corrupts the prev/next list.
Make sure this case is properly handled and add a test for it.
While at it, let's simplify the code somewhat as well.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
If a precision flag is included for s formatting that bounds the
maximum output length, so we need to use strnlen rather than strlen to
get the amount of data to emit. With that flag we can't expect there
to be a terminating NUL following the text to print.
Also fix handling of an empty precision, which should behave as if a
precision of zero was provided.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
While documenting the float conversion code, I found there was room
for some optimization. In doing so I added test cases to cover edge
cases e.g. making sure proper rounding is applied and that no loss
of precision was introduced. Compiled code should be smaller and
faster.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Use the core k_heap API pervasively within our tree instead of the
z_mem_pool wrapper that provided compatibility with the older mempool
implementation.
Almost all of this is straightforward swapping of one alloc/free call
for another. In a few cases where code was holding onto an old-style
"mem_block" a local compatibility struct with a single field has been
swapped in to keep the invasiveness of the changes down.
Note that not all the relevant changes in this patch have in-tree test
coverage, though I validated that it all builds.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add an optimized realloc() implementation that can successfully expand
allocations in place if there exists enough free memory after the
supplied block.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Mark all k_mem_pool APIs deprecated for future code. Remaining
internal usage now uses equivalent "z_mem_pool" symbols instead.
Fixes#24358
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The biggest required padding is equal to `align - chunk_header_bytes`
and not `align - 1` given that the header already contributes to the
padding.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Most of kernel files where declaring os module without providing
log level. Because of that default log level was used instead of
CONFIG_KERNEL_LOG_LEVEL.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
LLVM building for qemu_x86 appears to have an optimization bug where a
union that is assigned to hold values read from va_args() is inferred
to be a constant value, so is placed in ROM with an all-zero content.
Prevent this by packing the conversion state and the value union into
a single container structure that's stack allocated.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
When no message was get from kscan_msgq queue, the prev state
(x/y point) was processed as a new state. During process its
coordinates could be inverted or modified, depending on the
LVGL_POINTER_KSCAN_SWAP_XY, LVGL_POINTER_KSCAN_INVERT_X,
LVGL_POINTER_KSCAN_INVERT_Y or display orientation configuration.
In these cases, it could cause wrong input data.
Signed-off-by: Robin-Charles Guihéneuf <robin-charles@hotmail.fr>
Add support for abs with additional integer types.
This is needed to make LLVM quiet and stop warning about abs being used
with int64_t and such.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
So far data that went to stderr was simply dropped in case of minimal
libc. In case of newlib stderr was treated same like stdout
(e.g. fprintf(stderr, ...) was equivalent to fprintf(stdout, ...).
Extend filter on stream pointer to allow both stdout and stderr to pass
data to stdout hook (which is Zephyr console backend in most cases).
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Although flags with pointers are not defined behavior, there is a
desire to have them work, so add a test and fix the complete
implementation so it passes.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Simplify the code to increase readability, and fix right-padding
for %p.
Also, the compiled code is smaller with those changes applied.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This fixes an issue where the %p specifier always generated "(nil)"
on SPARC. The failing test cases were:
tests/lib/sprintf/libraries.libc.sprintf
tests/kernel/common/kernel.common.misra
tests/kernel/common/kernel.common.tls
tests/kernel/common/kernel.common
The exact logic behind the issue has not been fully analyzed, but
it can be observed that this commit eliminates one occurrence of
undefined behavior. (Only allowed to read the last union field written.)
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
The slab cmis_timer_slab is used to allocate objects of the type
"struct timer_obj", so it should be defined to use the compile-time
alignment requirement of "struct timer_obj", rather than 4.
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
This commit eliminates a compilation error by passing int to va_arg
rather than mode_t on SPARC.
Newlib sys/_types.h defines mode_t for SPARC as:
typedef unsigned short __mode_t;
GCC 10.2.0 gave the following error message and suggested solution:
mqueue.c: In function 'mq_open':
mqueue.c:61:21: error: 'mode_t' {aka 'short unsigned int'} is promoted
to 'int' when passed through '...' [-Werror]
61 | mode = va_arg(va, mode_t);
| ^
mqueue.c:61:21: note: (so you should pass 'int' not 'mode_t' {aka 'short
unsigned int'} to 'va_arg')
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
Using the same implementation as the rest of Zephyr reduces code size.
Update options and expected results for formatting test.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
All in-tree uses have been replaced by cbprintf, and the API was
private so there should be no out-of-tree users.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The minimal libc provided by Zephyr can use the Zephyr system
implementation rather than have its own implementation.
When combined with CBPRINTF_NANO some sprintf tests must be
skipped as they assume a more capable libc. Add an overlay
that supports testing this non-default combination.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This commit adds a C99 stdio value formatter capability where
generated text is emitted through a callback. This allows generation
of arbitrarily long output without a buffer, functionality that is
core to printk, logging, and other system and application needs.
The formatter supports most C99 specifications, excluding:
* %Lf long double conversion
* wide character output
Kconfig options allow disabling features like floating-point
conversion if they are not necessary. By default most conversions are
enabled.
The original z_vprintk() implementation is adapted to meet the
interface requirements of cbvprintf, and made available as an opt-in
feature for space-constrained applications that do not need full
formatting support.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This reverts commit e812ee6c21.
This is the initial step towards replacing the core Zephyr formatting
infrastructure with a common functionally-complete solution.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Previously, ring buffer had capacity of provided buffer size - 1. This
trick was used to distinguish between empty and full states. It had one
drawback: ring buffer could not be used as a pool of equal sized buffers
(using ring_buf_put_claim and ring_buf_get_claim).
Reworked internals to use non wrapping head and tail. Since they are
non wrapping, there is no issue with distinguishing between empty and
full. Since this appraoch would be vulnerable to wrapping on 32 bit
boundary, added a mechanism which periodically reduces all indexes to
avoid 32 bit wrapping.
After this rework, buffer has one byte more capacity. Simple test shows
slight performance improvement.
Updated tests to reflect increased capacity and added test to check if
it is possible to continuesly allocated 2 buffers of half ring buffer
size.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The compiler doesn't need help here.
For example, gcc creates this on Aarch64:
_ldiv5:
ldr x1, [x0]
mov x2, -3689348814741910324
movk x2, 0xcccd, lsl 0
add x1, x1, 2
umulh x1, x1, x2
lsr x1, x1, 2
str x1, [x0]
ret
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
abort() is an important runtime function, oftentimes used to signal
abnormal execution conditions in generic applications. Worse, they
may be used under such circumstances in e.g. compiler support
libraries, in which case lack of implementation of this function
will lead to link error.
Fixes: #29541
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The z_libc_partition was only enabled when newlib is being used,
and/or stack canaries are needed. This adds a hidden option
where this partition can be enabled if needed, regardless of
whether newlib is used or stack canaries are needed.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The code that made aligned_alloc work with the 4-byte heap headers was
requesting a block of the correctly padded size, and correctly
aligning the output buffer within that memory, but it was using the
UNALIGNED chunk size for the buffer as the final size of the block
with splitting off the unused suffix. So the final chunk in the
buffer was could be incorrectly returned to the heap and reused,
leading to overlap.
Compute the chunk size of the output buffer based on the
already-aligned output pointer instead.
Initial investigation and fix from Andy Ross <andrew.j.ross@intel.com>.
I reworked his fix, created a test case, and stolen his commit log.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Code should be using k_spinlock_key_t and not 'struct k_spinlock_key'.
With recent change to redefine struct k_spinlock_key we see this code
break because it wasn't using the correct type.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Default buffer mode is setup by fopen depending on isatty value.
Expect only 0, 1 & 2 to be tty for CONFIG_POSIX_API cases.
This way regular files are opened in block buffering mode (instead
of line buffering mode) which really speed up fread/fwrite
operations on FS.
Signed-off-by: Arnaud Mouiche <arnaud.mouiche@invoxia.com>
Using fopen() in application failed to build when configured with
CONFIG_NEWLIB_LIBC=y
CONFIG_POSIX_API=y
Signed-off-by: Arnaud Mouiche <arnaud.mouiche@invoxia.com>
Replace all calls to the assert macro that comes from libc by calls to
__ASSERT_NO_MSG(). This is usefull as the former might be different
depending on the libc used and the later can be customized to reduce
flash footprint.
Signed-off-by: Xavier Chapron <xavier.chapron@stimio.fr>
The eventfd implementation suffers from various shortcomings
and it is not thread safe.
This commit addresses the following aspects of eventfd:
* make read() and write() atomic in respect to each other
* POLLIN after creating eventfd with initval != 0 shall be set
* blocking and nonblocking modes shall have the same effect on poll()
* add support for POLLOUT
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
We must round up to the nearest microsecond in order to fulfill the
nanosleep(2) API requirement of sleeping for *at least* that many
nanoseconds.
The only platform with an upper-bound check right now is Nordic.
Fixes#28483
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
Both operands of an operator in the arithmetic conversions
performed shall have the same essential type category.
Changes are related to converting the integer constants to the
unsigned integer constants
Signed-off-by: Aastha Grover <aastha.grover@intel.com>
When rotation is 90 or 270 degrees X and Y resolution values will also
be swapped, so we need to take that into account.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Change how we handle the case of
CONFIG_CMSIS_V2_THREAD_DYNAMIC_MAX_COUNT=0 so that we don't create
a zero length array. Instead we can just ifdef out the code associated
with handling a dynamic stack allocation.
Fixes#28397
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Kscan coordinates are transformed in case display is rotated so that
frames of reference are aligned.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Add new Kconfig options to allow kscan axes swap and inversion. These
options are useful to align display and touch frame of reference. If a
touch API is ever introduced these options could be moved there.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Multiple calls of z_free_fd against fd with refcount equal 0 are causing
descriptor table entry leak by decrementing refcount below 0.
This patch prevents decrementing refcount below zero.
Signed-off-by: Grzegorz Kostka <grzegorz@mobility.cloud>
The vararg extraction for unmodified integers always used int, which
sign extends when assigned to the printk_val_t. Avoid the sign
extension for unsigned values.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Character class functions from ctype.h may be implemented as macros
where the argument is used to index an array of class flags. Using a
char value as an index produces diagnostics in some toolchains.
Explicitly cast the parameter to the type required by the API.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
shell_fprintf requires that formatted output be emitted with a
putchar()-like output function. Newlib does not provide such a
capability. Zephyr provides two solutions: z_prf() which is part of
minimal libc and handles floating point formatting, and z_vprintk()
which is core and does not support floating point.
Move z_prf() out of minimal libc into the core lib area, and use it
unconditionally in the shell.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The new fd entry should be reserved by incrementing its reference count
in z_reserve_fd() instead of z_finalize_fd() in order to avoid having
the same one being returned in a concurrent call. If for some reason
the fd is not finalized after z_reserve_fd() is called, it can be
freed via z_free_fd(), which would decrement the reference count.
Fixes#27721
Signed-off-by: Vincent Wan <vwan@ti.com>
LVGL objects have been alphabetically sorted. The aim of this change is
to help locating objects as well as keeping track of them.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
LVGL Kconfig settings have been splitted into more granular units in
order to improve readability and maintenance.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Align all Kconfig option names with LVGL names. The followed rule:
LV_(.*) -> CONFIG_LVGL_(.*).
Also replaced LVGL boolean configuration entries using if/else/endif
with direct IS_ENABLED macro.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Do not route close() calls via ioctl() as that is error prone
and quite pointless. Instead create a callback for close() in
fdtable and use it directly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The on-off manager infrastructure is designed to robust asynchronous
transition between binary states where multiple clients may be
initiating a transition from any context. The actual transition is
performed using a manager that tracks the current state and pending
operations. Requests are initiated by passing a reference to an
onoff_client object that holds client state including the notification
mechanism.
This API may be used in subsystems where the transitions for a
particular driver are always synchronous and isr-ok, e.g. setting a
SoC-controlled GPIO. In this situation the full on-off manager
infrastructure is wasteful. All we need is a record of the service
state: off, active count, or error.
Add a data structure and an API that can be used to replace the onoff
manager functionality in a situation where all transitions are isr-ok
and synchronous while retaining compatible behavior from the client
perspective.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Use proper refcounting instead of magic value in obj field
when checking whether the fd is still in use. This will make
sure that if fd is shared between two threads, we do not
release it too soon.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Include directories for ${ARCH} is not specified correctly.
Several places in Zephyr, the include directories are specified as:
${ZEPHYR_BASE}/arch/${ARCH}/include
the correct line is:
${ARCH_DIR}/${ARCH}/include
to correctly support out of tree archs.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Zephyr introduced subsys/mgmt folder for MCU management. Move UpdateHub
to this newly and dedicated space.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
This set of functions seem to be there just because of historical
reasons, stemming from Kbuild. They are non-obvious and prone to errors,
so remove them in favor of the `_ifdef()` ones with an explicit
`CONFIG_` condition.
Script used:
git grep -l _if_kconfig | xargs sed -E -i
"s/_if_kconfig\(\s*(\w*)/_ifdef(CONFIG_\U\1\E \1/g"
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The fs_open flags has been changed to accept open flags, which requires
changes to open(...) to support the new flags.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit changes signature of open function from:
int open(const char *name, int flags)
to
int open(const char *name, int flags, ...)
Currently existing two argument invocations should not require any
rework.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The flash_img_int return value is not checked for fail conditions.
This can result on useless download attempts once image will not
be properly recorded. Add return value check and on error execute
default treatment.
Fixes#26992.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The struct pollfd context variable is not proper initialized and index
is out-of-bounds. Adjusts index to be inside scope boundary.
Fixes#26993.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Update LVGL to version 7.0.2. Notable changes in v7 include:
- New drawing system (note that it uses much more ROM than previous
versions)
- New style system
- Some objects have been renamed (current changes do not align yet
Zephyr Kconfig settings with LVGL)
- New fonts with more sizes (e.g. Montserrat, replacing Roboto)
- Theme changes (most have been removed, default is now Material)
Note that constant defaults have been aligned with LVGL.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Given socket offloading is now implemented under the fd's vtable, we can
directly use the default fcntl implementation.
Signed-off-by: Vincent Wan <vwan@ti.com>
MISRA-C Rule 5.3 states that identifiers in inner scope should
not hide identifiers in outer scope.
In the function sys_heap_alloc(), the variable "chunksz"
collide with function named chunksz(). So rename those variable.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Suppress the coverity warning on using the semaphore as
this semaphore is used and freed only in this function.
Fixes: #18960
Signed-off-by: David Leach <david.leach@nxp.com>
Just as NULL pointers should not be dereferenced, they should
not be called either.
Fixes 26723
Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
This whole code block is ifdef'ed around
CONFIG_NEWLIB_LIBC_ALIGNED_HEAP_SIZE being NOT defined,
remove as this can never be true.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We've come a long way since this was written to implement
generic ram bounds definitions and MPU capabilities,
use them here.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Set actual display size, obtained via the display driver, when using
static rendering buffers. If the actual screen size is not set an
out-of-bound write could occur in case the maximum resolution settings
for LVGL are larger than the actual screen resolution.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
So far semaphore was used with possible values in range 0 to
UINT32_MAX. Each write resulted in semaphore increment. As an example
after two writes and single read eventfd counter was correctly zeroed,
but semaphore counter was not. This means that poll() signalled at this
stage POLLIN (semaphore counter was > 0), but it clearly should
not (eventfd counter == 0). Blocking version of read() was also
returning immediately, returning 0 as previous eventfd counter.
Change read_sem to be a binary semaphore, which counter represents
eventfd counter being zero (when semaphore counter == 0) or
non-zero (when semaphore counter == 1). Try to take the semaphore in
eventfd read() and decrement eventfd counter when semaphore was ready.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Previously, if the arena size was zero, malloc would always fail.
However, the log message was only visible if debug messages were
enabled. Logging an error will hopefully make it more obvious that
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE should be >= if the minimal
libc and malloc are both used.
Fixes#26720
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
After commit 8a6b02b5bf ("lib/os/heap: some code simplification in
sys_heap_aligned_alloc()") it is no longer required to have a "big"
heap for aligned allocations to work on 32-bit targets. While the
natural alignment for returned memory has an offset of 4 within a chunk
unit due to the smaller header size, returning to a chunkid from a
memory pointer with an offset of 8 will fall back onto the proper chunk
number once the 4 is substracted and then divided by 8.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The code is doing a split in split_alloc(), adding the leftover to the
free list, then splitting the suffix away in sys_heap_aligned_alloc(),
removing the former leftover from the free list, combining it with the
suffix and finally adding the combined chunk back to the free list.
Instead, let's have each allocator do their own splitting only once by
moving the split_alloc() processing upstream rather than downstream.
This also allows for the "used" flag to be set only once at the end
rather than being overwritten along the way.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Instead of limiting the excess split-off to sufficiently large chunks
in split_alloc(), let's allow normal allocations to create "solo free
headers" just like with aligned allocations. There is no point leaving
them in the allocated chunk if the user didn't ask for it. Doing so
makes them eligible for merging at the next opportunity and potentially
reusable sooner.
Also make the validation code aware of them.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
One fundamental validation criteria is to never have consecutive free
chunks. If that ever happens we failed to merge them. That means a free
chunk must always be surrounded by used chunks.
It is a pain to extend valid_chunk() with new rules as it is.
So a VALIDATE() macro is introduced to make things easier to work with.
It also allows for isolating each test, possibly making VALIDATE() into
__ASSERT() to determine exactly which test is tripping when debugging.
Finally, because of that new validation rule, sys_heap_validate() must
be modified so not to use valid_chunk() while it is flipping all the
"used" flags. So let's run valid_chunk() up front before alterating
chunk headers.
Now sys_heap_validate() has become justifiably more expensive and a few
emulated targets are about to bust the tests/lib/heap test timeout. So
bump the timeout as well.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This makes the code cleaner wrt bucket_idx() usage on chunks for which
solo_free_header() is true. In such case the bucket_idx() computation
is useless, and potentially undefined anyway.
In the same vain, move the clearing of the used flag out of
free_chunks() as only one of its callers actually needs that.
Makes free_chunks singular as there is only one chunk (potentially
spanning multiple chunk units) to free.
Also some cosmetic changes for better code uniformity.
No functional changes.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Currently printk isn't synchronized except at the byte output level,
leading to interleaving of messages on SMP systems that try to log
simultaneously. This is actually fairly amusing, and actually helpful
occasionally to validate inter-CPU contention down to the "few cycles"
level.
Still, when you're printing data you need to read, you need to be able
to read it. Put a spinlock around each buffered line. This has to
happen in a few places, as there are three different code paths taken
for !USERSPACE, syscall, and user mode.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The width for %p on 32-bit targets should be 8 regardless of
CONFIG_PRINTK64. Adjust the test accordingly.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Some checks in sys_heap_init() depend on the externally provided size
parameter. If the check fails, this would be a bug outside of the heap
code and therefore should be flagged despite the value of
CONFIG_SYS_HEAP_VALIDATE.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Add support for 64 bit conversions in a uniformly expressable way by
printing values backwards into a buffer on the stack first. This
allows all operations to work on the low bits of the value and so the
code doesn't need to care (beyond the size of that buffer) about the
word size. This trick also doesn't care about the specifics of the
base value, so in the process this unifies the decimal and hex printk
conversion code to a single function.
This comes at a mild cost in CPU cycles to the decimal converter and
somewhat higher cost to hex (because it's now doing a full div/mod
operation instead of shifting and masking). And stack usage has grown
by a few words to hold the temporary. But the benefits in code size
are substantial (e.g. ~250 bytes of .text on arm32).
Note that this also contains a change to tests/kernel/common to
address what appears to have been a bug in the original converters.
The printk test uses a format string that looks like "%-4x%-2p" and
feeds it the literal arguments "0xABCDEF" and "(char *)42".
Now... clearly both those results are going to overflow the 4 and
2-byte field sizes, so there shouldn't be any whitespace between these
fields. But the test was written to expect two spaces, inexplicably
(yes, I checked: POSIX-compatible printf implementations don't have
those spaces either).
The new code is definitely doing the right thing, so fix the test
instead.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The current CoAP implementation not perform any checks including
duplicated packets. This add block sequency verification and a
timer to ensures that slow networks works apropriately.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The current implementation uses a fixed value for max retries. That
value could be good for an wired network like Ethernet. However,
wireless network can suffer with higher packet collision, low reception
signal etc. This refacts the variable to be defined at Kconfig. This
way max retries can be adjust conform the current media.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The hints variable is used without a defined state. This fill the struct
with zeros to set variable at a well known state.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Current log only prints default log level. Add LOG_LEVEL at updatehub
to switch between log variations based on CONFIG_UPDATEHUB_LOG_LEVEL.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Add support for a C11-style aligned_alloc() in the heap
implementation. This is properly optimized, in the sense that unused
prefix/suffix data around the chosen allocation is returned to the
heap and made available for general allocation.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Miscellaneous refactoring and simplification. No behavioral changes:
Make split_alloc() take and return chunk IDs and not memory pointers,
leaving the conversion between memory/chunks the job of the higher
level sys_heap_alloc() API. This cleans up the internals for code
that wants to do allocation but has its own ideas about what to do
with the resulting chunks.
Add split_chunks() and merge_chunks() utilities to own the linear/size
pointers and have split_alloc() and free_chunks() use them instead of
doing the list management directly.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This struct is taking up most of the heap's constant footprint overhead.
We can easily get rid of the list_size member as it is mostly used to
determine if the list is empty, and that can be determined through
other means.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Make the LEFT_SIZE field first and SIZE_AND_USED field last (for an
allocated chunk) so they sit right next to the allocated memory. The
current chunk's SIZE_AND_USED field points to the next (right) chunk,
and from there the LEFT_SIZE field should point back to the current
chunk. Many trivial memory overflows should trip that test.
One way to make this test more robust could involve xor'ing the values
within respective accessor pairs. But at least the fact that the size
value is shifted by one bit already prevent fooling the test with a
same-byte corruption.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
We already have chunk #0 containing our struct z_heap and marked as
used. We can add a partial chunk at the very end that is also marked
as used. By doing so there is no longer a need for checking heap
boundaries at run time when merging/splitting chunks meaning fewer
conditionals in the code's hot path.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
It is possible to remove a few fields from struct z_heap, removing
some runtime indirections by doing so:
- The buf pointer is actually the same as the struct z_heap pointer
itself. So let's simply create chunk_buf() that perform a type
conversion. That type is also chunk_unit_t now rather than u64_t so
it can be defined based on CHUNK_UNIT.
- Replace the struct z_heap_bucket pointer by a zero-sized array at the
end of struct z_heap.
- Make chunk #0 into an actual chunk with its own header. This allows
for removing the chunk0 field and streamlining the code. This way
h->chunk0 becomes right_chunk(h, 0). This sets the table for further
simplifications to come.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
By storing the used flag in the LSB, it is no longer necessary to have
a size_mask variable to locate that flag. This produces smaller and
faster code.
Replace the validation check in chunk_set() to base it on the storage
type.
Also clarify the semantics of set_chunk_size() which allows for clearing
the used flag bit unconditionally which simplifies the code further.
The idea of moving the used flag bit into the LEFT_SIZE field was
raised. It turns out that this isn't as beneficial as it may seem
because the used bit is set only once i.e. when the memory is handed off
to a user and the size field becomes frozen at that point. Modifications
on the leftward chunk may still occur and extra instructions to preserve
that bit would be necessary if it were moved there.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Let's provide accessors for getting and setting every field to make the
chunk header layout abstracted away from the main code. Those are:
SIZE_AND_USED: chunk_used(), chunk_size(), set_chunk_used() and
chunk_size().
LEFT_SIZE: left_chunk() and set_left_chunk_size().
FREE_PREV: prev_free_chunk() and set_prev_free_chunk().
FREE_NEXT: next_free_chunk() and set_next_free_chunk().
To be consistent, the former chunk_set_used() is now set_chunk_used().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
First, some renames to make accessors more explicit:
size() --> chunk_size()
used() --> chunk_used()
free_prev() --> prev_free_chunk()
free_next() --> next_free_chunk()
Then, the return type of chunk_size() is changed from chunkid_t to
size_t, and chunk_used() from chunkid_t to bool.
The left_size() accessor is used only once and can be easily substituted
by left_chunk(), so it is removed.
And in free_list_add() the variable b is renamed to bi so to be
consistent with usage in sys_heap_alloc().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The library supports the declaration of JSON arrays as both nested and
top-level elements. However, as the provided encoding functions
json_obj_encode() and json_obj_encode_buf() interpret all input
structures as objects, top-level arrays are encoded as
{"<field_name>":[{...},...,{...}]}
instead of
[{...},...,{...}].
Add new functions json_arr_encode() and json_arr_encode_buf() that
enable top-level JSON array encoding.
Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
The version as shipped in Newlib itself is coded a bit sloppily for an
embedded environment. We thus want to override it (and make it weak, to
allow user apps to override it in turn, if needed). The desired
properties of the implementation are:
1. It should call _write() (Newlib implementation calls write()).
2. It should be minimal (Newlib implementation allocates message
on the stack, i.e. misses "static const").
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Search for unused eventfd object and just remember its instance in loop
body. Initialize object later, to make it distinct from "search
phase". This change is basically an improvement for readability.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Anytime a file descriptor context object is updated, we need to
reset its access permissions and initialization state. This
is the most centralized place to do it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Fix variable-size string copy patch that introduced a runtime bug that
causes a bus fault.
Fixes#24853.
Signed-off-by: Tahir Akram <mtahirbutt@hotmail.com>
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Based on the current platform a warning can raise becase of missing
string.h include file.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The conversion from DT_FLASH_AREA to FLASH_AREA macros don't add the
storage flash_map.h include file.
Fixes: #25332
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Convert with a combo of scripts and by hand fixups:
git grep -l DT_FLASH_AREA_.*_ID | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_ID/FLASH_AREA_ID(\L\1)/'
git grep -l DT_FLASH_AREA_.*_OFFSET | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_OFFSET/FLASH_AREA_OFFSET(\L\1)/'
git grep -l DT_FLASH_AREA_.*_SIZE | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_SIZE/FLASH_AREA_SIZE(\L\1)/'
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Update to new timeout api. Without this change UpdateHub don't build
anymore.
Fixes: #25230
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Mostly trivial search-and-replace, except for pthread_rwlock.c, where
we need spread timeout over 2 semaphore operations.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Mostly simple. Note that the CMSIS RTOS2 API specifies timeout values
in system ticks instead of milliseconds, so the conversions here are
able to elide a conversion that the original code had to do. That's a
good thing, but does mean that in practice runtime behavior will not
be 1:1 identical.
Also note that the switch away from legacy timeouts involved a change
to 64 bit timeouts by default, which pushed
tests/portability/cmsis_rtos_v2 over the limit on qemu_xtensa.
Unfortunately CMSIS stacks have a fixed limit we can't increase, so I
turned off 64 bit timeouts (CMSIS apps won't need them by definition
anyway -- their API is 32 bit).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
No complexity here. The CMSIS API was always in milliseconds, needs
nothing but a few wrapper macros for kernel timeout arguments.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
DTLS without peer verification offers no security whatsoever (and is
arguably worse than not using DTLS in the first place).
Change the verification option to require this peer verification. To
use this, it may be necessary to install and use a root certificate.
Signed-off-by: David Brown <david.brown@linaro.org>
Move defines for _RAM_ADDR, _RAM_SIZE, _ROM_ADDR, and _ROM_ADDR into
the linker.ld and thus remove dts_fixup.h. We rework to use
DT_REG_ADDR and DT_REG_SIZE on DT_CHOSEN(zephyr_sram) and
DT_CHOSEN(zephyr_flash).
Also fixup use of _RAM_ADDR/_RAM_SIZE in newlib/libc-hooks.c.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace DT_PHYS_RAM_ADDR and DT_RAM_SIZE with DT_REG_ADDR/DT_REG_SIZE
for the DT_CHOSEN(zephyr_sram) node.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The bounds check failed to account for the additional space required
for the terminating NUL after the encoded value was written.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This implements a file descriptor used for event notification that
behaves like the eventfd in Linux.
The eventfd supports nonblocking operation by setting the EFD_NONBLOCK
flag and semaphore operation by settings the EFD_SEMAPHORE flag.
The major use case for this is when using poll() and the sockets that
you poll are dynamic. When a new socket needs to be added to the poll,
there must be some way to wake the thread and update the pollfds before
calling poll again. One way to solve it is to have a timeout set in the
poll call and only update the pollfds during a timeout but that is not
a very nice solution. By instead including an eventfd in the pollfds,
it is possible to wake the polling thread by simply writing to the
eventfd.
Signed-off-by: Tobias Svehagen <tobias.svehagen@gmail.com>
The previous architecture proved unable to support user expectations,
so the API has been rebuilt from first principles. Backward
compatibility cannot be maintained for this change.
Key changes include:
* Formerly the service-provided transition functions were allowed to
sleep, and the manager took care to not invoke them from ISR
context, instead returning an error if unable to initiate a
transition. In the new architecture transition functions are
required to work regardless of calling context: it is the service's
responsibility to guarantee the transition will proceed even if it
needs to be transferred to a thread. This eliminates state machine
complexities related to calling context.
* Constants identifying the visible state of the manager are exposed
to clients through both notification callbacks and a new monitor API
that allows clients to be notified of all state changes.
* Formerly the release operation was async, and would be delayed for the
last release to ensure a client would exist to be notified of any
failures. It is now synchronous.
* Formerly the cancel operation would fail on the last client associated
with a transition. The cancel operation is now synchronous.
* A helper function is provided to safely synchronously release a
request regardless of whether it has completed or is in progress,
satisfying the use case underlying #22974.
* The user-data parameter to asynchronous notification callbacks has
been removed as user data can be retrieved from the CONTAINER_OF
the client data.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Fix thread fault, on user mode, when reading variable rt_clock_base.
For the moment, clock_settime is left without system call:
we don't want to expose clock_settime without figuring out access
control
Signed-off-by: Julien D'Ascenzio <julien.dascenzio@paratronic.fr>
Improve buffer overflow security on probe_cb. This ensures that socket
buffer have fixed lenght and content received by COAP fills properly on
metadata buffer. After that, ensures that metadata content is a valid
string with length lower than metadata size.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
A malformed JSON payload that is received from an UpdateHub server
may trigger memory corruption in the Zephyr OS. This could result
in a denial of service in the best case, or code execution in the
worst case.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The existing mem_pool implementation has been an endless source of
frustration. It's had alignment bugs, it's had racy behavior. It's
never been particularly fast. It's outrageously complicated to
configure statically. And while its fragmentation resistance and
overhead on small blocks is good, it's space efficiencey has always
been very poor due to the four-way buddy scheme.
This patch introduces sys_heap. It's a more or less conventional
segregated fit allocator with power-of-two buckets. It doesn't expose
its level structure to the user at all, simply taking an arbitrarily
aligned pointer to memory. It stores all metadata inside the heap
region. It allocates and frees by simple pointer and not block ID.
Static initialization is trivial, and runtime initialization is only a
few cycles to format and add one block to a list header.
It has excellent space efficiency. Chunks can be split arbitrarily in
8 byte units. Overhead is only four bytes per allocated chunk (eight
bytes for heaps >256kb or on 64 bit systems), plus a log2-sized array
of 2-word bucket headers. No coarse alignment restrictions on blocks,
they can be split and merged (in units of 8 bytes) arbitrarily.
It has good fragmentation resistance. Freed blocks are always
immediately merged with adjacent free blocks. Allocations are
attempted from a sample of the smallest bucket that might fit, falling
back rapidly to the smallest block guaranteed to fit. Split memory
remaining in the chunk is always returned immediately to the heap for
other allocation.
It has excellent performance with firmly bounded runtime. All
operations are constant time (though there is a search of the smallest
bucket that has a compile-time-configurable upper bound, setting this
to extreme values results in an effectively linear search of the
list), objectively fast (about a hundred instructions) and amenable to
locked operation. No more need for fragile lock relaxation trickery.
It also contains an extensive validation and stress test framework,
something that was sorely lacking in the previous implementation.
Note that sys_heap is not a compatible API with sys_mem_pool and
k_mem_pool. Partial wrappers for those (now-) legacy APIs will appear
later and a deprecation strategy needs to be chosen.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The original API was misnamed, as the intent was to provide a manager
that decoupled state management from the service that needed to be
turned on or off. Update all the names, shortening them where
appropriate removing unncessary internal components like _service.
Also remove some API that misled developers into believing that onoff
managers are normally expected to be exposed directly to consumers.
While this is a use case, in most situations there are service or
client-specific actions that need to be coupled to transition events.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
k_poll() for a signal is often desired for notification of completion
of asynchronous operations, but there are APIs where it may be
necessary to invoke "asynchronous" operations from contexts where
sleep is disallowed, or before the kernel has been initialized.
Extract the general notification solution from the on-off service into
a utility that can be used for other APIs.
Also move documentation out to a resource management section.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Extracted transition functions from onoff structure to external one
which allows to keep them in flash.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The resource table is needed by the Linux kernel OS
for a rpmsg generic support, but is also recognised by OpenAMP.
This table allows to add trace based on the RAM console
and to support rpmsg protocol.
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@st.com>
Add a k_timeout_t type, and use it everywhere that kernel API
functions were accepting a millisecond timeout argument. Instead of
forcing milliseconds everywhere (which are often not integrally
representable as system ticks), do the conversion to ticks at the
point where the timeout is created. This avoids an extra unit
conversion in some application code, and allows us to express the
timeout in units other than milliseconds to achieve greater precision.
The existing K_MSEC() et. al. macros now return initializers for a
k_timeout_t.
The K_NO_WAIT and K_FOREVER constants have now become k_timeout_t
values, which means they cannot be operated on as integers.
Applications which have their own APIs that need to inspect these
vs. user-provided timeouts can now use a K_TIMEOUT_EQ() predicate to
test for equality.
Timer drivers, which receive an integer tick count in ther
z_clock_set_timeout() functions, now use the integer-valued
K_TICKS_FOREVER constant instead of K_FOREVER.
For the initial release, to preserve source compatibility, a
CONFIG_LEGACY_TIMEOUT_API kconfig is provided. When true, the
k_timeout_t will remain a compatible 32 bit value that will work with
any legacy Zephyr application.
Some subsystems present timeout (or timeout-like) values to their own
users as APIs that would re-use the kernel's own constants and
conventions. These will require some minor design work to adapt to
the new scheme (in most cases just using k_timeout_t directly in their
own API), and they have not been changed in this patch, instead
selecting CONFIG_LEGACY_TIMEOUT_API via kconfig. These subsystems
include: CAN Bus, the Microbit display driver, I2S, LoRa modem
drivers, the UART Async API, Video hardware drivers, the console
subsystem, and the network buffer abstraction.
k_sleep() now takes a k_timeout_t argument, with a k_msleep() variant
provided that works identically to the original API.
Most of the changes here are just type/configuration management and
documentation, but there are logic changes in mempool, where a loop
that used a timeout numerically has been reworked using a new
z_timeout_end_calc() predicate. Also in queue.c, a (when POLL was
enabled) a similar loop was needlessly used to try to retry the
k_poll() call after a spurious failure. But k_poll() does not fail
spuriously, so the loop was removed.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Kernel timeouts have always been a 32 bit integer despite the
existence of generation macros, and existing code has been
inconsistent about using them. Upcoming commits are going to make the
timeout arguments opaque, so fix things up to be rigorously correct.
Changes include:
+ Adding a K_TIMEOUT_EQ() macro for code that needs to compare timeout
values for equality (e.g. with K_FOREVER or K_NO_WAIT).
+ Adding a k_msleep() synonym for k_sleep() which can continue to take
integral arguments as k_sleep() moves away to timeout arguments.
+ Pervasively using the K_MSEC(), K_SECONDS(), et. al. macros to
generate timeout arguments.
+ Removing the usage of K_NO_WAIT as the final argument to
K_THREAD_DEFINE(). This is just a count of milliseconds and we need
to use a zero.
This patch include no logic changes and should not affect generated
code at all.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
After a success image download, UpdateHub needs inform MCUboot that
must test new image and then, on success, commit this new image. This
add missing upgrade request call step and fixes the upgarde flow.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
The current version aborts update when found last transfer block. Now,
system checks only at end of coap block transfer total size and install
if download is ok.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
The MAX_PAYLOAD_SIZE must reflect the size of COAP_BLOCK_x. This is
necessary becase BLOCK size represents max payload size. The current
value create inconsistencies for coap lib. The same way,
MAX_DOWNLOAD_DATA must allocate sufficient space for MAX_PAYLOAD_SIZE
plus all space for coap header etc.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
This commit changes the behaviour of the CMSIS-RTOS periodic timers to
have an initial timeout equal to the periodic timeout instead of
executing the callback function directly when calling the
osTimerStart(...); function.
This behavioural change is according to the CMSIS-RTOS specification.
Signed-off-by: Måns Ansgariusson <Mans.Ansgariusson@AssaAbloy.com>
Since we already have similarly licensed 3-clause BSD files in the tree,
and in particular in our minimal libc, move the fnmatch functionality
from ext/ to lib/.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This reverts commit 8739517107.
Pull Request #23437 was merged by mistake with an invalid manifest.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Private type, internal to the kernel, not directly associated
with any k_object_* APIs. Is the return value of z_object_find().
Rename to struct z_object.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rather than stuffing various values in a uintptr_t based on
type using casts, use a union for this instead.
No functional difference, but the semantics of the data member
are now much clearer to the casual observer since it is now
formally defined by this union.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Adding the ability to set and get pthread names by defining
some non-standard extension functions that were first
introduced by Glibc.
Similar to zephyr thread naming, these allow for thread
tracking and debugging even when using the more portable
posix API.
Though Glibc was the originator, the current POSIX functions
have return codes based on Oracle's adopted spec, so these
functions follow suit. The Oracle and Glibc function
prototypes match.
Signed-off-by: Nicholas Lowell <nlowell@lexmark.com>
timespec_to_timeoutms calls clock_gettime that requires
CONFIG_POSIX_CLOCK. ifdef this function to avoid undefined reference.
Fixes#20137
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The existing stack_analyze APIs had some problems:
1. Not properly namespaced
2. Accepted the stack object as a parameter, yet the stack object
does not contain the necessary information to get the associated
buffer region, the thread object is needed for this
3. Caused a crash on certain platforms that do not allow inspection
of unused stack space for the currently running thread
4. No user mode access
5. Separately passed in thread name
We deprecate these functions and add a new API
k_thread_stack_space_get() which addresses all of these issues.
A helper API log_stack_usage() also added which resembles
STACK_ANALYZE() in functionality.
Fixes: #17852
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
With the change in SDK 0.11.1 to newlib to remove
-DMISSING_SYSCALL_NAMES we now need to implement a version of
_gettimeofday. Previously with pre SDK 0.11.1 we had a recursive mess
of _gettimeofday_r -> gettimeofday -> _gettimeofday_r. (which are all
implemented in newlib and thus we didn't get a link error).
With SDK 0.11.1 we have: _gettimeofday_r -> _gettimeofday. And we
should provide a version of _gettimeofday.
Fixes#22484
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
On xtensa we always need to implement the reentrant fs syscall
functions. So remove the #ifndef CONFIG_POSIX_API protection around
them and add needed externs.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The xcc specific reentrant syscall implementations are actually useful
for xtensa in general. So move that code from being specific to
intel_s1000 / xcc into generic newlib/libc-hooks.c. This is in prep
for the Zephyr SDK dropping -DMISSING_SYSCALL_NAMES which will make
its version of newlib on xtensa match behavior with xcc.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Adds support for an optional lvgl touch input device using the zephyr
keyboard scan interface. This can be used with the ft5336 touch panel
driver, which returns single touch coordinates through the kscan
driver callback.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Introduce HAS_NEWLIB_LIBC_NANO Kconfig option that the toolchain
specific Kconfig (gnuarmemb & zephyr 0.11) can select to convey that the
feature is supported.
This removes the need to if protect the NEWLIB_LIBC_NANO Kconfig with:
if "$(ZEPHYR_TOOLCHAIN_VARIANT)" = "gnuarmemb"
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
There are various situations where it's necessary to support turning
devices on or off at runtime, includin power rails, clocks, other
peripherals, and binary device power management. The complexity of
properly managing multiple consumers of a device in a multithreaded
system suggests that a shared implementation is desirable. This
commit provides an API that supports managing on-off resources.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
The CONFIG_ prefixes were missing.
Found with a work-in-progress scripts/kconfig/lint.py check.
These are defined in lib/gui/lvgl/Kconfig.objects.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Adds support for the BGR565 pixel format to lvgl. This fixes the lvgl
sample for mimxrt10{50,60,64}_evk boards, which were broken when the
mcux elcdif display driver was modified in commit
9041b0f119 to return the BGR565 pixel
format instead of RGB565.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
`TLS_PEER_VERIFY` and `TLS_DTLS_ROLE` options accept specific values,
yet no symbols were defined for them. In result, magic numbers were used
in several places, making the code less readable.
Fix this issue, by adding the missing symbols to the `socket.h` header,
and using them in places where related socket options are set.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Completely remove the file info and condition expression from the
the print statement if they are not enabled. This saves a little code
space which adds up when there are many assert calls.
In bluetooth shell test this saves around 4.5k bytes.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The intention of disabling CONFIG_PRINTK is that all
invocations of it will compile to nothing, saving a lot
of runtime overhead and footprint since all the format
strings are completely dropped; instances of printk()
and related functions are no-ops.
However, some subsystems need snprintk() for string
processing, since the snprintf() implementations in even
minimal C library are too costly in text footprint or
stack usage for some applications. This processing is
required for the application to even function.
This patch continues to have disabling CONFIG_PRINTK to
cause the non snprintk functions to become no-ops, but
now we always compile the necessary bits for snprintk(),
relying on gc-sections to discard them if unused.
z_vprintk() is now unconditionally defined in the header
since it is not tied to any particular output sink and
is intended for users who know exactly what they are
doing (it's in zephyr private scope).
Relates to: #21564
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Severely memory constrained systems with known allocation patterns can
benefit from providing their own implementation of malloc with
specifically tuned bucket sizes. Provide a switch to allow users to
replace the default malloc implementation with their own.
Signed-off-by: Josh Gao <josh@jmgao.dev>
Remove leading/trailing blank lines in .c, .h, .py, .rst, .yml, and
.yaml files.
Will avoid failures with the new CI test in
https://github.com/zephyrproject-rtos/ci-tools/pull/112, though it only
checks changed files.
Move the 'target-notes' target in boards/xtensa/odroid_go/doc/index.rst
to get rid of the trailing blank line there. It was probably misplaced.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Mark the old time conversion APIs deprecated, leave compatibility
macros in place, and replace all usage with the new API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Promote the private z_arch_* namespace, which specifies
the interface between the core kernel and the
architecture code, to a new top-level namespace named
arch_*.
This allows our documentation generation to create
online documentation for this set of interfaces,
and this set of interfaces is worth treating in a
more formal way anyway.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit refactors kernel and arch headers to establish a boundary
between private and public interface headers.
The refactoring strategy used in this commit is detailed in the issue
This commit introduces the following major changes:
1. Establish a clear boundary between private and public headers by
removing "kernel/include" and "arch/*/include" from the global
include paths. Ideally, only kernel/ and arch/*/ source files should
reference the headers in these directories. If these headers must be
used by a component, these include paths shall be manually added to
the CMakeLists.txt file of the component. This is intended to
discourage applications from including private kernel and arch
headers either knowingly and unknowingly.
- kernel/include/ (PRIVATE)
This directory contains the private headers that provide private
kernel definitions which should not be visible outside the kernel
and arch source code. All public kernel definitions must be added
to an appropriate header located under include/.
- arch/*/include/ (PRIVATE)
This directory contains the private headers that provide private
architecture-specific definitions which should not be visible
outside the arch and kernel source code. All public architecture-
specific definitions must be added to an appropriate header located
under include/arch/*/.
- include/ AND include/sys/ (PUBLIC)
This directory contains the public headers that provide public
kernel definitions which can be referenced by both kernel and
application code.
- include/arch/*/ (PUBLIC)
This directory contains the public headers that provide public
architecture-specific definitions which can be referenced by both
kernel and application code.
2. Split arch_interface.h into "kernel-to-arch interface" and "public
arch interface" divisions.
- kernel/include/kernel_arch_interface.h
* provides private "kernel-to-arch interface" definition.
* includes arch/*/include/kernel_arch_func.h to ensure that the
interface function implementations are always available.
* includes sys/arch_interface.h so that public arch interface
definitions are automatically included when including this file.
- arch/*/include/kernel_arch_func.h
* provides architecture-specific "kernel-to-arch interface"
implementation.
* only the functions that will be used in kernel and arch source
files are defined here.
- include/sys/arch_interface.h
* provides "public arch interface" definition.
* includes include/arch/arch_inlines.h to ensure that the
architecture-specific public inline interface function
implementations are always available.
- include/arch/arch_inlines.h
* includes architecture-specific arch_inlines.h in
include/arch/*/arch_inline.h.
- include/arch/*/arch_inline.h
* provides architecture-specific "public arch interface" inline
function implementation.
* supersedes include/sys/arch_inline.h.
3. Refactor kernel and the existing architecture implementations.
- Remove circular dependency of kernel and arch headers. The
following general rules should be observed:
* Never include any private headers from public headers
* Never include kernel_internal.h in kernel_arch_data.h
* Always include kernel_arch_data.h from kernel_arch_func.h
* Never include kernel.h from kernel_struct.h either directly or
indirectly. Only add the kernel structures that must be referenced
from public arch headers in this file.
- Relocate syscall_handler.h to include/ so it can be used in the
public code. This is necessary because many user-mode public codes
reference the functions defined in this header.
- Relocate kernel_arch_thread.h to include/arch/*/thread.h. This is
necessary to provide architecture-specific thread definition for
'struct k_thread' in kernel.h.
- Remove any private header dependencies from public headers using
the following methods:
* If dependency is not required, simply omit
* If dependency is required,
- Relocate a portion of the required dependencies from the
private header to an appropriate public header OR
- Relocate the required private header to make it public.
This commit supersedes #20047, addresses #19666, and fixes#3056.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
A double-free could cause very hard to find bugs when using the mempool
allocator as the same memory would end up being allocated twice
afterwards.
Now that bits in the block bitmap are cleared only when actually freeing
a block, we may simply ensure those bits are still set before clearing
them, effectively catching most double-free cases.
The alloc_bit_is_set() function is made static inline so that when
assertion checks are disabled the compiler won't complain about unused
code.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This prevents MINIMAL_LIBC from being selected by the user (in the
menuconfig or in a configuration file) when REQUIRES_FULL_LIBC is y.
'default' on a choice only determines the default selection, not what
symbols can be selected.
It's helpful to think of Kconfig in terms of someone going into the
menuconfig and making changes.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Clean up space errors and use a consistent style throughout the Kconfig
files. This makes reading the Kconfig files more distraction-free, helps
with grepping, and encourages the same style getting copied around
everywhere (meaning another pass hopefully won't be needed).
Go for the most common style:
- Indent properties with a single tab, including for choices.
Properties on choices work exactly the same syntactically as
properties on symbols, so not sure how the no-indentation thing
happened.
- Indent help texts with a tab followed by two spaces
- Put a space between 'config' and the symbol name, not a tab. This
also helps when grepping for definitions.
- Do '# A comment' instead of '#A comment'
I tweaked Kconfiglib a bit to find most of the stuff.
Some help texts were reflowed to 79 columns with 'gq' in Vim as well,
though not all, because I was afraid I'd accidentally mess up
formatting.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Not a top-level zephyr core API and tied to third party environment, so
move it to where the code is in lib/updatehub.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There are two set of code supporting x86_64: x86_64 using x32 ABI,
and x86 long mode, and this consolidates both into one x86_64
architecture and SoC supporting truly 64-bit mode.
() Removes the x86_64:x32 architecture and SoC, and replaces
them with the existing x86 long mode arch and SoC.
() Replace qemu_x86_64 with qemu_x86_long as qemu_x86_64.
() Updates samples and tests to remove reference to
qemu_x86_long.
() Renames CONFIG_X86_LONGMODE to CONFIG_X86_64.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Added in commit ccd1c21824 ("lib/cmsis_rtos_v1: Implement support for
thread APIs"), then never used.
Found with a script.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Was impossible to enable due to a typo. Fix it.
Found with a script (LVGL_OBJ_WINDOW was unused besides
being enabled in tests/lib/gui/lvgl/prj.conf).
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When small blocks are recombined to create a single block at a shallower
level, it is sufficient to remove those blocks from the free list. There
is no need to mark those small blocks as allocated in the bitmap.
This, in turn, removes the need to mark small blocks back as unallocated
when splitting up a big blocks as they'll already be so marked.
Only the first small block needs to be marked allocated and the
remaining blocks only need to be added to the free list.
This makes the code smaller and more efficient, especially since those
removed bit manipulations were located within loops.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This turns the free-bit flag into an alloc-bit flag effectively
reversing its semantic. This is to make further changes more natural
and easier to understand.
No need to clear the alloc bits at init time as they're located in .bss
and all clear already.
The code remains functionally equivalent after this change.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Use the int_literal_to_timeout Coccinelle script to convert literal
integer arguments for kernel API timeout parameters to the standard
timeout value representations.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The main and idle threads, and their associated stacks,
were being referenced in various parts of the kernel
with no central definition. Expose these in kernel_internal.h
and namespace with z_ appropriately.
The main and idle threads were being defined statically,
with another variable exposed to contain their pointer
value. This wastes a bit of memory and isn't accessible
to user threads anyway, just expose the actual thread
objects.
Redundance MAIN_STACK_SIZE and IDLE_STACK_SIZE defines
in init.c removed, just use the Kconfigs they derive
from.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
z_set_thread_return_value is part of the core kernel -> arch
interface and has been renamed to z_arch_thread_return_value_set.
z_set_thread_return_value_with_data renamed to
z_thread_return_value_set_with_data for consistency.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The realloc function was a bit too intimate with the mempool accounting.
Abstract that knowledge away and move it where it belongs.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Stop linking interface libraries against zephyr_interface. This is
cargo cult code that in practice does nothing.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Newlib has it defined in sys/timespec.h, and thus per the established
conventions, everything else relies on it being there. Specifically,
minimal libc acquires sys/timespec.h with a similar definition, and
POSIX headers rely on that header. Still with a workaround for old
Newlib version as used by Xtensa (but all infrastructure for that is
already there; actually, this patch removes duplicate similar-infra,
which apparently didn't work as expected by now, so now we have a
single workaround, not 2 different once).
To emphasize a point, now there 2 headers:
sys/_timespec.h, defining struct timespec, and
sys/timespec.h, defining struct itimerspec
That's how Newlib has it, and what we faithfully embrace and follow,
because otherwise, there will be header conflicts depending on
various libc and POSIX subsys options.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Allow to enable individual POSIX components, like Pthreads.
CONFIG_POSIX_API now just enables all of individual POSIX components,
and sets up environment suitable to easily port POSIX applications to
Zephyr.
Fixes: #12965
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Some modules use snprintk to format the settings keys. Unfortunately
snprintk is tied with printk which is very large for some embedded
systems.
To be able to have settings enabled without also enabling printk
support, change creation of settings key strings to use bin2hex, strlen
and strcpy instead.
A utility function to make decimal presentation of a byte value is
added as u8_to_dec in lib/os/dec.c
Add new Kconfig setting BT_SETTINGS_USE_PRINTK
Signed-off-by: Kim Sekkelund <ksek@oticon.com>
The algorithm for converting broken-down civil time to seconds in the
POSIX epoch time scale would produce undefined behavior on a toolchain
that uses a 32-bit time_t in cases where the referenced time could not
be represented exactly.
However, there are use cases in Zephyr for civil time conversions
outside the 32-bit representable range of 1901-12-13T20:45:52Z through
2038-01-19T03:14:07Z inclusive.
Add new API that specifically returns a 64-bit signed seconds count, and
revise the existing API to detect out-of-range values and convert them
to a diagnosible error.
Closes#18465
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
timeutil_timegm() does not modify the passed structure, so it should
indicate that in the signature (even though the GNU extension does not).
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
static_assert was not added to C until C11. Zephyr builds default to
C99. To preserve compatibility with newlib avoid defining the
macro at standard levels where it did not exist.
Relates to #17738 and #11754.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The semi-automated API changes weren't checkpatch aware. Fix up
whitespace warnings that snuck into the previous patches. Really this
should be squashed, but that's somewhat difficult given the structure
of the series.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These calls are buildable on common sanitycheck platforms, but are not
invoked at runtime in any tests accessible to CI. The changes are
mostly mechanical, so the risk is low, but this commit is separated
from the main API change to allow for more careful review.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The ARM embedded toolchain has 2 newlib based libc build variants, one
that utilizes the "nano" configuration which is more in line with the
Zephyr SDK. Make the "nano" cfg the default if newlib is enabled to
match closer how the Zephyr SDK behaves.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
To make sure that entry in fs.c:desc_array[] is freed. Note that
freeing an entry in fdtable is handled by generic implementation
of close().
Fixes: #17231
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
pthread_mutex_init() just redirects to Zephyr kernel primitive, for
initializing structure fields. So, use the knowledge that it can't
fail (for as long as structure pointer is initialized, and here it's
from pre-allocated array), and ignore return value of
pthread_mutex_init()
Coverity-CID: 203542
Fixes: #18371
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The solution from #14312 of using -isystem to prioritize the position of
the libc directory bypasses the effect of -ffreestanding with respect to
libc symbols expected to be present in a non-hosted environment.
Further, it breaks C++ with the ARM Embedded toolchain as the system
fails to find the right file with #include_next.
Use a more fine-grained solution that explicitly includes the underlying
newlib header required for <inttypes.h> support before moving on to
include the next available one, whether system or non-system.
Closes#17564
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Follow the approach of newlib to use a file sys/_types.h to specify the
underlying type for POSIX/libc types that must be provided in multiple
headers. The identifier for this type is in the reserved namespace.
Use this type rather than a specific standard type in all headers that
need to provide the type under its public name.
Remove the inclusion of <sys/types.h> from headers that should not bring
in all symbols present in that header, replacing it with the standard
boilerplate to expose the specific symbols that are required.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
time_t and suseconds_t are defined in time.h and sys/types.h. Handle
the duplication by adding ifdef protection around them similar to what
is being done for other types.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Similar to how other sub-libraries are defined in Zephyr tree, e.g.
"fs", "lgvl", etc. This is supposed to help with the need to
explicitly add posix include path to each and every application using
POSIX subsys.
Fixes: #15627
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is consistent with how newlib headers are treated, and will
have effect of ninlibc headers to be further down in the include
order. This is important, because some POSIX subsys headers
override those of libc. Without this change, we can't streamline
POSIX build config using zephyr_interface_library_named() cmake
directive, because includes will be in wrong order.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Historically, it used to be "PTHREAD", which is no longer true, as
POSIX subsys offers much more functionality than just Pthreads. Use
detailed name, like "posix_subsys", to avoid possible confusion with
ARCH_POSIX-related matters.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
These functions are useful for determining prefixes, as with file system
paths. They are required by littlefs.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
struct tm has fields that were not being set by the implementation,
causing the test to fail when the uninitialized values were compared
with a static initialized result. Zero the structure before filling it.
Closes#17794
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
By the latest convention, libc's define struct timespec in
sys/_timespec.h. This is consistent with Newlib and ensures
about errors due to redefinitions.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Per POSIX, open() is defined in <fcntl.h>. fcntl.h in turn comes from
the underlying libc, either newlib, or minimal libc.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
That's the header which is supposed to define them, there was even
FIXME on that in mqueue.h.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
POSIX subsys defines struct timespec in <time.h> (as POSIX public
API requires), but newlib defines in in sys/_timespec.h, which
inevitably leads to inclusion order and redifinition conflicts.
Follow newlib way and define it in single place, sys/_timespec.h,
which belongs to libc namespace. Thus, we move current definition
to minimal libc, and will use either minlibc's or newlib's
definition, instead of trying to redefine it.
This is similar to the introduction of sys/_timeval.h done earlier.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Newlib libc already provides sys/stat.h, so trying to have sys/stat.h
on the level of POSIX subsys inevitable leads to include order and
definition conflicts. Instead (as most of other sys/* includes)
should come from the underlying libc.
While moving, made unrelated change of removing #include <kernel.h>,
to accommodate the change reviewers.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
For systems with userspace, the sys_sem exist in user memory working
as counter semaphore for user mode thread. The implemention of sys_sem
is based on k_futex. And the majority of the synchronization operations
are performed in user mode to reduce the calling of system call.
And for systems without userspace enabled, sys_sem behaves like k_sem.
Fixes: #15139.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
User mode isn't allowed to generate a panic and this would
lead to a confusing privilege violation exception.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a generic API to provide the inverse operation for gmtime and as a
home for future generic time-related functions that are not in POSIX.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Implement the conversion from UNIX time to broken-down civil time per
the gmtime() and gmtime_r() functions.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Provide definitions for a subset of the standard time types that must be
provided by this file, in anticipation of supporting civil time in
Zephyr.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
The mempool allocator implementation recursively breaks a memory block
into 4 sub-blocks until it minimally fits the requested memory size.
The size of each sub-blocks is rounded up to the next word boundary to
preserve word alignment on the returned memory, and this is a problem.
Let's consider max_sz = 2072 and n_max = 1. That's our level 0.
At level 1, we get one level-0 block split in 4 sub-blocks whose size
is WB_UP(2072 / 4) = 520. However 4 * 520 = 2080 so we must discard the
4th sub-block since it doesn't fit inside our 2072-byte parent block.
We're down to 3 * 520 = 1560 bytes of usable memory.
Our memory usage efficiency is now 1560 / 2072 = 75%.
At level 2, we get 3 level-1 blocks, and each of them may be split
in 4 sub-blocks whose size is WB_UP(520 / 4) = 132. But 4 * 132 = 528
so the 4th sub-block has to be discarded again.
We're down to 9 * 132 = 1188 bytes of usable memory.
Our memory usage efficiency is now 1188 / 2072 = 57%.
At level 3, we get 9 level-2 blocks, each split into WB_UP(132 / 4)
= 36 bytes. Again 4 * 36 = 144 so the 4th sub-block is discarded.
We're down to 27 * 36 = 972 bytes of usable memory.
Our memory usage efficiency is now 972 / 2072 = 47%.
What should be done instead, is to round _down_ sub-block sizes
not _up_. This way, sub-blocks still align to word boundaries, and
they always fit within their parent block as the total size may
no longer exceed the initial size.
Using the same max_sz = 2072 would yield a memory usage efficiency of
99% at level 3, so let's demo a worst case 2044 instead.
Level 1: 4 sub-blocks of WB_DN(2044 / 4) = 508 bytes.
We're down to 4 * 508 = 2032 bytes of usable memory.
Our memory usage efficiency is now 2032 / 2044 = 99%.
Level 2: 4 * 4 sub-blocks of WB_DN(508 / 4) = 124 bytes.
We're down to 16 * 124 = 1984 bytes of usable memory.
Our memory usage efficiency is now 1984 / 2044 = 97%.
Level 3: 16 * 4 sub-blocks of WB_DN(124 / 4) = 28 bytes.
We're down to 64 * 28 = 1792 bytes of usable memory.
Our memory usage efficiency is now 1792 / 2044 = 88%.
Conclusion: if max_sz is a power of 2 then we get 100% efficiency at
all levens in both cases. But if not, then the rounding-up method has
a far worse degradation curve than the rounding-down method, wasting
more than 50% of memory in some cases.
So let's round sub-block sizes down rather than up, and remove
block_fits() which purpose was to identify sub-blocks that didn't
fit within their parent block and is now useless.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Since commit 39cd2ebef7 ("malloc: make sure returned memory is
properly aligned") the size of struct sys_mem_pool_block size is
rounded up to the next word boundary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Move duplicate hex2bin and add bin2hex function so that application can
use the functions and avoid code duplication.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The space or plus prefix must appear when requested even with INF and
NAN. And no zero-padding in that case.
Also, 0.0 and -0.0 are distinct values. It is necessary to display
the minus sign with a negative zero.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The precision parameter to the %g conversion indicates the maximum
number of significant digits and not the number of digits to appear
after the radix character. Here's a few examples this patch fixes:
expected before
----------------------------------------------------------
printf("%.3g", 150.12) 150 150.12
printf("%.2g", 150.1) 1.5e+02 150.1
printf("%#.3g", 150.) 150. 150.000
printf("%#.2g", 15e-5) 0.00015 0.00
printf("%#.4g", 1505e-7) 0.0001505 0.0002
printf("%#.4g", 1505e-8) 1.505e-05 1.5050e-05
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The code accounts only for 2 exponent digits even though the exponent
may grow up to 308. Before this change, printf("%g", 1e300) would
produce "1e+N0".
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The on-stack work buffer occupies 201 bytes by default. Now that we've
made the code able to cope with virtually unlimited width and precision
values, we can reduce stack usage to its strict minimum i.e. 25 bytes.
This allows for some additional sprintf tests exercizing wide results.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Even if the code used to limit the precision to the on-stack buffer
size, it was still possible to do:
printf("%f", 1.0e300);
which would overflow the stack and crash the program. Let fix this issue
and remove the precision limitation by recording the number of zeroes to
insert while converting the value and generating those zeroes only
when outputting the data.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Zero-padding of integers took place in the on-stack buffer before
justification. Let's perform that padding on the fly while sending
out data instead.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The z_prf() function currently allocates a 200-byte buffer on the
stack to copy strings into, and then perform left/right alignment
and padding. Not only this is a pretty large chunk of stack usage,
but this imposes limitations on field width and string length. Also
the string is copied not only once but _thrice_ making this code
less than optimal.
Let's rework the code to get rid of both the field width limit and
string length limit, as well as the two extra memory copy instances.
While at it, let's fixes printf("%08s", "abcd") which used to
produce "0000abcd".
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Mimic the glibc behavior when encountering an unknown conversion
specifier rather than silently skipping it.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This makes for nicer code by avoiding repetitions of the same pattern.
Changes to come will make more use of it.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Some cleanups before further changes:
- Remove dead leftover from the "case 's'" code.
- Remove needless parents and casts.
- Remove "register" qualifier as it is ignored. The compiler knows
better these days.
- Adjust tabs assuming standard 8-columns tab spacing.
- Make multi-line comments start with "/*" on a line of its own.
- Make the format string const to match prototypes in other files.
- Declare boolean variable and parameters as bool.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This reverts commit 2a63e342f4.
This needs to be reverted as otherwise the type of ssize_t will be
"unsigned long" which is not correct.
(gdb) ptype ssize_t
type = unsigned long
For example this check would fail in that case
ssize_t foo(void)
{
return -1;
}
...
if (foo() < 0) {
printk("This is never called\n");
}
Fixes#17378
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Removed lvgl sources from CMakefile.txt and only keep zephyr glue
logic.
Further added lvgl module to west.yml.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Compilers (at least gcc and clang) already provide max value definitions
for basic types. It makes sense to rely on them to properly support
both 32-bit and 64-bit builds.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The accounting data stored at the beginning of a memory block used by
malloc must push the returned memory address to a word boundary. This
is already the case on 32-bit systems, but not on 64-bit systems where
e.g. struct k_mem_block_id still has a size of 4.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The current CMSIS v2 implementation is clearly assuming that timeout
arguments being passed to e.g. osDelay() are in units of Zephyr ticks,
not milliseconds as specified by ARM or (inconsistently) assumed by
our test code.
Most tests work with the ~100 Hz default tick rate, but they tend to
fail on precision issues at higher tick rates. Force the CMSIS v2
applications to be 1000 Hz for now as a workaround, and detect the
mismatch as a build failure.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The "bits" field in struct sys_mem_pool_lvl is unioned with a pointer.
That leaves more space for inline free bits on 64-bit targets.
Let's declare it as an array and adjust its size based on the pointer
size. On 32-bit targets the generated code remains identical.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Minimum alignment and rounding must be done on a word boundary. Let's
replace _ALIGN4() with WB_UP() which is equivalent on 32-bit targets,
and 64-bit aware.
Also enforce a minimal alignment on the memory pool. This is making
a difference mostly on64-bit targets where the widely used 4-byte
alignment is not sufficient.
The _ALIGN4() macro has no users left so it is removed.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This function doesn't do anything, and only exists so that
it can be overridden later, exclude from coverage reports.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
move misc/reboot.h to power/reboot.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/stack.h to debug/stack.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/speculation.h to sys/speculation.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/slist.h to sys/slist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/rb.h to sys/rb.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/printk.h to sys/printk.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mutex.h to sys/mutex.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mempool.h to sys/mempool.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mempool_base.h to sys/mempool_base.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/math_extras.h to sys/math_extras.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/libc-hooks.h to sys/libc-hooks.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/fdtable.h to sys/fdtable.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/errno_private.h to sys/errno_private.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move ring_buffer.h to sys/ring_buffer.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move display.h to drivers/display.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move hwinfo.h to drivers/hwinfo.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move flash.h to drivers/flash.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move json.h to data/json.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move crc.h to sys/crc.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move base64.h to sys/base64.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move fs.h to fs/fs.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This adds the necessary bits to utilize the x86_64 toolchain
built by sdk-ng for x86_64 when toolchain variant is either
zephyr or xtools. This allows decoupling the builds from
the host toolchain.
Newlib is also available with this toolchain so remove
the Kconfig restriction on CONFIG_NEWLIB_LIBC.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
types.h was wrongly defining unsigned as signed and following
undefining it. This definition was not being used anywhere though.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In ARM builds with support for user mode, i.e. with
CONFIG_USERSPACE=y, we need to align the beginning
of the heap space, to respect the ARM MPU region
alignment requirements.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
USED_RAM_END_ADDR is not used when Kconfig option
CONFIG_NEWLIB_LIBC_ALIGNED_HEAP_SIZE is defined,
therefore, we do not need to define the macro in
that specific case.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Compilers (at least gcc and clang) already provide definitions to
create standard types and their range. For example, __INT16_TYPE__ is
normally defined as a short to be used with the int16_t typedef, and
__INT16_MAX__ is defined as 32767. So it makes sense to rely on them
rather than hardcoding our own, especially for the fast types where
the compiler itself knows what basic type is best.
Using compiler provided definitions makes even more sense when dealing
with 64-bit targets where some types such as intptr_t and size_t must
have a different size and range. Those definitions are then adjusted
by the compiler directly.
However there are two cases for which we should override those
definitions:
* The __INT32_TYPE__ definition on 32-bit targets vary between an int
and a long int depending on the architecture and configuration.
Notably, all compilers shipped with the Zephyr SDK, except for the
i586-zephyr-elfiamcu variant, define __INT32_TYPE__ to a long int.
Whereas, all Linux configurations for gcc, both 32-bit and 64-bit,
always define __INT32_TYPE__ as an int. Having variability here is
not welcome as pointers to a long int and to an int are not deemed
compatible by the compiler, and printing an int32_t defined with a
long using %d makes the compiler to complain, even if they're the
same size on 32-bit targets. Given that an int is always 32 bits
on all targets we might care about, and given that Zephyr hardcoded
int32_t to an int before, then we just redefine __INT32_TYPE__ and
derrivatives to an int to keep the peace in the code.
* The confusion also exists with __INTPTR_TYPE__. Looking again at the
Zephyr SDK, it is defined as an int, even even when __INT32_TYPE__ is
initially a long int. One notable exception is i586-zephyr-elf where
__INTPTR_TYPE__ is a long int even when using -m32. On 64-bit targets
this is always a long int. So let's redefine __INTPTR_TYPE__ to always
be a long int on Zephyr which simplifies the code, works for both
32-bit and 64-bit targets, and mimics what the Linux kernel does.
Only a few print format strings needed adjustment.
In those two cases, there is a safeguard to ensure the type we're
enforcing has the right size and fail the build otherwise.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The free block bitmap uses either extra memory specified by a pointer
in struct sys_mem_pool_lvl or the space occupied by that pointer
directly if the bitmap length is small enough to fit it.
But the test is wrong. the inline bitmap should be used if the number
of required bits is smaller or _equal_ to the pointer size. Not doing so
would wrongly bounce the free block bitmap to extra memory when the
number of blocks is exactly 32, which is in disagreement with
Z_MPOOL_LBIT_WORDS() that correctly returns 0 in that case.
In theory that mean that this bug would causes an overflow of the free
block bitmap whenever one level has exactly 32 blocks. But right now
there is a separate bug fixed separately that over-sizes the extra block
bitmap mitigating this bug.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The block_fits() predicate was borked. It would check that a block
fits within the bounds of the whole heap. But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward. It needs to fit inside the PARENT block that it was
split from.
What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap. That's bad.
Change the API of block_fits() a little so it can extract the parent
region and do this properly.
Fixes#15279. Passes test introduced in #16728 to demonstrate what
seems like the same issue.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In z_sys_mem_pool_block_alloc() the size of the first level block
allocation is rounded up to the next 4-bite boundary. This means one
or more of the trailing blocks could overlap the free block bitmap.
Let's consider this code from kernel.h:
#define K_MEM_POOL_DEFINE(name, minsz, maxsz, nmax, align) \
char __aligned(align) _mpool_buf_##name[_ALIGN4(maxsz * nmax) \
+ _MPOOL_BITS_SIZE(maxsz, minsz, nmax)]; \
The static pool allocation rounds up the product of maxsz and nmax not
size of individual blocks. If we have, say maxsz = 10 and nmax = 20,
the result of _ALIGN4(10 * 20) is 200. That's the offset at which the
free block bitmap will be located.
However, because z_sys_mem_pool_block_alloc() does this:
lsizes[0] = _ALIGN4(p->max_sz);
Individual level 0 blocks will have a size of 12 not 10. That means
the 17th block will extend up to offset 204, 18th block up to 216, 19th
block to 228, and 20th block to 240. So 4 out of the 20 blocks are
overflowing the static pool area and 3 of them are even located
completely outside of it.
In this example, we have only 20 blocks that can't be split so there is
no extra free block bitmap allocation beyond the bitmap embedded in the
sys_mem_pool_lvl structure. This means that memory corruption will
happen in whatever data is located alongside the _mpool_buf_##name
array. But even with, say, 40 blocks, or larger blocks, the extra bitmap
size would be small compared to the extent of the overflow, and it would
get corrupted too of course.
And the data corruption will happen even without allocating any memory
since z_sys_mem_pool_base_init() stores free_list pointer nodes into
those blocks, which in turn may get corrupted if that other data is
later modified instead.
Fixing this issue is simple: rounding on the static pool allocation is
"misparenthesized". Let's turn
_ALIGN4(maxsz * nmax)
into
_ALIGN4(maxsz) * nmax
But that's not sufficient.
In z_sys_mem_pool_base_init() we have:
size_t buflen = p->n_max * p->max_sz, sz = p->max_sz;
u32_t *bits = (u32_t *)((u8_t *)p->buf + buflen);
Considering the same parameters as above, here we're locating the extra
free block bitmap at offset `buflen` which is 20 * 10 = 200, again below
the reach of the last 4 memory blocks. If the number of blocks gets past
the size of the embedded bitmap, it will overlap memory blocks.
Also, the block_ptr() call used here to initialize the free block linked
list uses unrounded p->max_sz, meaning that it is initially not locating
dlist nodes within the same block boundaries as what is expected from
z_sys_mem_pool_block_alloc(). This opens the possibility for allocated
adjacent blocks to overwrite dlist nodes, leading to random crashes in
the future.
So a complete fix must round up p->max_sz here too.
Given that runtime usage of max_sz should always be rounded up, it is
then preferable to round it up once at compile time instead and avoid
further mistakes of that sort. The existing _ALIGN4() usage on p->max_sz
at run time are then redundant.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
If multithreading is disabled, thread_entry() never runs
since we cannot create threads; the non-multithreading case
was simply dead code.
Indicate to code coverage that CODE_UNREACHABLE should be
skipped.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This allows for printing long long values. Because the code size
increase may be significant, this is made optional on 32-bit targets.
On 64-bit targets this doesn't change the code much as longs and
long longs are the same size so it is always enabled in that case.
The test on MAXFLD has to be adjusted accordingly. Yet, its minimum
value wasn't large enough to store a full-scale octal value, so this
is fixed as well.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
On 64-bit systems the most notable difference is due to longs and
pointers being 64-bit wide. Therefore there must be a distinction
between ints and longs. Similar to the prf.c case, this patch properly
implements the h, hh, l, ll and z length modifiers as well as some small
cleanups.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
On 64-bit systems the most notable difference is due to longs and
pointers being 64-bit wide. Therefore there must be a distinction
between ints and longs.
This patch:
- Make support functions take a long rather than an int as this can
carry both longs and ints just fine.
- Use unsigned values in _to_x() to cover the full unsigned range
and avoid sign-extending big values. Negative values are already
converted to unsigned after printing the minus sign. This also makes
division and modulus operations slightly faster.
- Remove excessive casts around va_arg() and use proper types with it.
- Implement the l and z length modifiers as they're significant on
64-bit targets. While at it, throw in the z modifier as well.
Since they all come down to 32-bit values on 32-bit targets, the
added code should get optimized away as duplicate by the compiler
in that case.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Casting a pointer to an int produces warnings with 64-bit targets.
Furthermore, an int is not always the optimal memory element that
can be copied in that case.
Let's use uintptr_t to cast pointers to integers for alignment
determination purposes, and mem_word_t to denote the optimal memory
"word" that can be copied on the platform.
The mem_word_t definition is equivalent to uintptr_t by default.
However, some 32-bit targets such as ARM platforms with the LDRD/STRD
instructions could benefit from word_t being an uint64_t.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Per guidelines, all statements should have braces around them. We do not
have a CI check for this, so a few went in unnoticed.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The struct json_obj_descr definition allocates only 2 bits for type
alignment. Instead of using them literally minus 1 to encode 1, 2, or 4,
let's store the alignment's shift value instead so that 1, 2, 4 or 8 can
be encoded with the same 2 bits to accommodate 64-bit builds.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This extends the UpdateHub library code to allow the
use of IPV6 for communication.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
This extends the UpdateHub library code to allow the
use of CoAPS/DTLS for communication.
Refs: #13039.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
UpdateHub is an enterprise-grade solution which makes simple to
remotely update all your embedded devices in the field. It
handles all aspects related to sending Firmware Over-the-Air(FOTA)
updates with maximum security and efficiency, while you focus in
adding value to your product.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Corrected buffer pointer in LVGL zephyr_vdb_write function for
converting RGBA8888 to RGB888 pixel format.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
The 'Graphical user interface' menu currently contains just the
'LittlevGL Support' symbol and its indented children.
To remove one menu level, remove the 'Graphical user interface' menu,
rename the symbol to 'LittlevGL GUI library' (consistent with e.g.
'Logging' and 'Bluetooth'), and turn it into a 'menuconfig' symbol.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Previous version calculated rt_clock_base incorrectly by subtracting
clock_gettime from the specified time. Effectively the following
formula was used.
rt_clock_base := new_time - clock_gettime()
This is clearly incorrect when we consider what should happen if we
call clock_settime with the result of clock_gettime. It ought to be
approximately a no-op, but instead we end up zeroing the clock.
rt_clock_base := clock_gettime() - clock_gettime() = 0
This patch fixes clock_settime by instead using k_uptime_get to
calculate rt_clock_base, like so:
rt_clock_base := new_time - k_uptime_get()
Trying the earlier thought experiment we get:
rt_clock_base := clock_gettime() - k_uptime_get()
Using the definition of clock_gettime this expands to:
rt_clock_base := (rt_clock_base + k_uptime_get()) - k_uptime_get()
The two k_uptime_get() terms cancel out, leaving:
rt_clock_base := rt_clock_base
I.e. the no-op that we expect when calling clock_settime with
the result of clock_gettime.
Note: The bug is only observable when rt_clock_base is non-zero.
So when clock_settime is called for the first time, it will appear
to work correctly since rt_clock_base is initialized to 0.
Signed-off-by: Alexander Mihajlovic <alexander.mihajlovic@endian.se>
Add an option for building with newlib-nano library.
The newlib-nano library for ARM embedded processors is a part of the
GNU Tools for ARM Embedded Processors.
Add mem_alloc tests with newlib nano.
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
Use the new math_extras functions instead of calling builtins directly.
Change a few local variables to size_t after checking that all uses of
the variable actually expects a size_t.
Signed-off-by: Jakob Olesen <jolesen@fb.com>
Current code implement CONFIG_MAX_PTHREAD_COUNT as the maximum number
of POSIX threads that can ever be created, rather than the maximum
number of active POSIX threads. Use pthread_state of struct posix_thread
to track the state of posix thread in posix_thread_pool so that we can
reuse the unused posix thread.
Fixes#15516.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
According to POSIX, that's the header which defines this function.
Similarly, nothing in POSIX indicates that <time.h> should have
access to struct timeval, so it's removed (it's made accessible
to <sys/time.h> via <sys/_timeval.h> introduced earlier).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is implementation-level header which defines struct timeval, and
intended to be included by headers which need this structure. This
implementation scheme is compatible with Newlib, and thus provides a
step to use minlibc vs Newlib interchangeably.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Set to same default as regular stacks. This doesn't use
any extra memory until CMSIS_V2_THREAD_DYNAMIC_MAX_COUNT
is set. 0 is not a valid default if that is set.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Depending on configuration, this value could end up as
a variable and not an array symbol, causing a crash if
newlib decides to call _sbrk on behalf of a user thread,
which needs to perform arithmetic on it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Excerpt from the manual:
If ptr is NULL, then the call is equivalent to malloc(size) [...]
Without this commit, such calls end with a BUS FAULT.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Rename reserved function names in the subsys/ subdirectory except
for static _mod_pub_set and _mod_unbind functions in bluetooth mesh
cfg_srv.c which clash with the similarly named global functions.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Permission management no longer necessary, the former
parameter for the mutex is now simply ignored.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For systems without userspace enabled, these work the same
as a k_mutex.
For systems with userspace, the sys_mutex may exist in user
memory. It is still tracked as a kernel object, but has an
underlying k_mutex that is looked up in the kernel object
table.
Future enhancements will optimize sys_mutex to not require
syscalls for uncontended sys_mutexes, using atomic ops
instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
MISRA-C 8.10.2 defines essential operand types and how to handle them
through rules 10.1 .. 10.5. This commit adds an U to unsigned constants
to avoid implicit casts and make if/while statements evaluate a boolean
to avoid other types being casted to boolean.
MISRA-C rules 10.1, 10.2 and 10.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
fs_dirent.name is MAX_FILE_NAME + 1 bytes long, not PATH_MAX. Just
fixing it to avoid access invalid memory.
Coverity CID: 186037
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
We are reverting the changes in commit
55b3f05932 given build errors are seen
when fcntl.h is included, as it declares fcntl() as a non-static
function. The same function cannot be declared as both static and
non-static.
Instead, we avoid redefining fcntl() in lib/os/fdtable.c specifically
for case of the SimpleLink family, til we have support for the new
socket_op_vtable.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
Do not perform early level usage check. This can lead to situation
where block is seen as available on level when it was taken from
the other context.
Fixes: #14504
Signed-off-by: Pawel Dunaj <pawel.dunaj@nordicsemi.no>
Some function return values were not handled. Added assert in case
those functions return error. It is possible only if same ring buffer
instance is used without any protection from multiple contexts.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Maybe this is some "just in case" thing that got copied around. There's
no need to have a blank line at the beginning or end of Kconfig files.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When we build with newlib we don't set -nostdinc. In that case make
sure that we leave it to the toolchain to set the system include paths.
The one exception to leaving to the toolchain to set the system include
paths is the path to the newlib headers. Since we build
with -ffreestanding we need to make sure the newlib header path is the
before the toolchain headers. Otherwise the toolchain's 'freestanding'
headers get picked up and that causes issues (for example getting PRI*64
defined properly from inttypes.h due to __STDC_HOSTED__ being '0').
For newlib we accomplish this by having the only system header specified
by zephyr_system_include_directories() being just the newlib headers.
Note: for minlibc we leave things alone as things just happen to work as
the -I include of the libc headers takes precedence over -isystem so we
get the libc headers over the toolchain ones. For the newlib case it
appears that setting both -I and -isystem for the same dir causes the
-I to be ignored.
Fixes#14310
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Configure lvgl defaults for imx rt boards in their respective board
defconfigs rather than the lvgl sample application.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
For some reason we missed _zephyr_fputc in commit
4344e27c26. Rename _zephyr_fputc to just
zephyr_fputc and fixup associated code to build.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Commit 4344e27c26 changed the reserved
function names, but got the naming wrong for fwrite. Just use the
name zephyr_fwrite everywhere.
Fixes#14275
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Prevent speculative attacks with out-of-bounds fd
values.
Won't affect code generation for systems that don't
enable CONFIG_BOUNDS_CHECK_BYPASS_MITIGATION.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Changed the print format for unsigned 32-bit variables that produced
warnings when compiled with newlib instead of the standard C library.
Chose to replace %d with PRIu32 because the latter is more portable
and adapts to the types of the standard C libraries.
Tested with and without newlib, and with sanitycheck.
Signed-off-by: Dennis Wildmark <dennis.wildmark@assaabloy.com>
Appears within an 'if LVGL'.
'if FOO' is just shorthand for adding 'depends on FOO' to each item
within the 'if'. Dependencies on menus work similarly. There are no
"conditional includes" in Kconfig, so 'if FOO' has no special meaning
around a source. Conditional includes wouldn't be possible, because an
if condition could include (directly or indirectly) forward references
to symbols not defined yet.
Tip: When adding a symbol, check its dependencies in the menuconfig
('ninja menuconfig', then / to jump to the symbol). The menuconfig also
shows how the file with the symbol got included, so if you see
duplicated dependencies, it's easy to hunt down where they come from.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Remove case ranges from printk in order to clean up GNUisms
and make the code standards compliant.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
We used to leave byte-long placeholder symbols to ensure
that empty application memory sections did not cause
build errors that were very difficult to understand.
Now we use some relatively portable inline assembly to
generate a symbol, but don't take up any extra space.
The malloc and libc partitions are now only instantiated
if there is some data to put in them.
Fixes: #13923
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Added __weak keyword to to support overriding assert_post_action().
This allows system designers to change/augment the assert behaviour,
i.e. add logging to persistant storage of program counter, line
number etc, and/or change reboot behaviour.
Signed-off-by: Tim Sørensen (TIMS) <tims@oticon.com>
Exactly one caller of pthread_barrier_wait() should receive a return
value of PTHREAD_BARRIER_SERIAL_WAIT; all others should receive zero
(or an error code). Added a test to match.
Fixes: #9953
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
MISRA-C says that char type should not be used in arithmetically as the
data doesn't represent numbers.
MISRA-C rules 10.1 and 10.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
MISRA rules (see #11425) forbid recursive algorithms. In the case of
rb_walk(), it's not actually used anywhere but a test right now, so we
can simply disable the API when CONFIG_MISRA_SANE is defined. Mempool
had a (IMHO, fairly clever) tail recursive loop in bfree_recombine()
which can be trivially transformed into an only slightly uglier
iterative version.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
MISRA rules (see #9892) forbid alloca() and family, even though those
features can be valuable performance and memory size optimizations
useful to Zephyr.
Introduce a MISRA_SANE kconfig, which when true enables a gcc error
condition whenever a variable length array is used.
When enabled, the mempool code will use a theoretical-maximum array
size on the stack instead of one tailored to the current pool
configuration.
The rbtree code will do similarly, but because the theoretical maximum
is quite a bit larger (236 bytes on 32 bit platforms) the array is
placed into struct rbtree instead so it can live in static data (and
also so I don't have to go and retune all the test stack sizes!).
Current code only uses at most two of these (one in the scheduler when
SCHED_SCALABLE is selected, and one for dynamic kernel objects when
USERSPACE and DYNAMIC_OBJECTS are set).
This tunable is false by default, but is selected in a single test (a
subcase of tests/kernel/common) for coverage. Note that the I2C and
SPI subsystems contain uncorrected VLAs, so a few platforms need to be
blacklisted with a filter.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These get references by newlib builds in other toolchains, e.g.
gnuarmemb, and lack of them breaks linking. Tested that
tests/posix/fs and tests/posix/common actually work with these
changes.
Fixes: #13906
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Some more were added since the cleanup pass in June 2018. See e.g.
commit 2d50da70a1 ("drivers: ipm: Kconfig: Remove redundant 'default n'
properties") for a motivation. It also avoids people wondering whether
or not they need to put in 'default n'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
_impl__zephyr_write() was renamed to _impl__zephyr_write_stdout().
This wasn't caught by CI because we didn't have POSIX tests build
for newlib, but now we have.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
In case newlib is enabled, but POSIX subsys isn't, there're adhoc
implementations of read() and write() which work only with adhoc
stdin/stdout emulation layer. These are backed by system calls named
like "read" and "write". Rename all these functions and syscalls to
explicitly mention stdin/stdout in the names, to free namespace
for the implementation of generic read/write syscalls which will
integrate with POSIX fdtable.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The intent of this Kconfig is to allow libc stdout
functions like printf() to send their output to the
active console driver instead of discarding it.
This somehow evolved into preferring to use
printf() instead of printk() for all test case output
if enabled. Libc printf() implementation for both
minimal libc and newlib use considerably more stack
space than printk(), with nothing gained by using
them.
Remove all instances where we are conditionally
sending test case output based on this config, enable
it by default, and adjust a few tests that disabled
this because they were blowing stack.
printk() and vprintk() now work as expected for
unit_testing targets, they are just wrappers for
host printf().
Fixes: #13701
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Also, for now x86_64 does not support newlib, so do not enable newlib
for this arch until we have a solution.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
With newer newlib we get a build error with mqueue.h realted to mode_t.
Let's just let newlib define mode_t and have minimal libc also define
it in sys/types.h. So we remove the duplicated definition in
posix/unistd.h.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need a generic name for the partition containing
essential C library globals. We're going to need to
add the stack canary guard to this area so user mode
can read it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Both SDK 0.10.0-beta2 and the ARM gcc 2018q2 run into a build issue with
newlib and conflict definitions of mode_t type.
First we need to add some ifdef protection if mode_t is already defined
and set _MODE_T_DECLARED if we are the first to define it.
Secondarily, we rename include/posix/sys/types.h to
include/posix/posix_types.h so that we aren't getting a name collusion
with the system sys/types.h and that we can easily and clearily include
it (which we need to do to pull in the info from newlib).
Fixes: #12224
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For now we are disabling support for POSIX lib on native posix arch. We
need to cleanup and support POSIX lib cleanly for hardware targets.
Once that is working properly we can look to support the feature on
native posix arch.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Just like with _Swap(), we need two variants of these utilities which
can atomically release a lock and context switch. The naming shifts
(for byte count reasons) to _reschedule/_pend_curr, and both have an
_irqlock variant which takes the traditional locking.
Just refactoring. No logic changes.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Implements osThreadJoin and osThreadDetach.
This implementation uses a semaphore to signal when a thread is
exiting so any join operations are signalled to continue. It supports
multiple join operations on a single thread, and ensures joins are
aborted if a thread is detached.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Newlib now defines a special z_newlib_partition containing
all globals relevant to newlib. Most of these are in libc.a
with a heap tracking variable in newlib's hooks.
* Both C libraries now expose a k_mem_partition containing the
bounds of the malloc heap arena. Threads that want to use
libc malloc() will need to add this to their memory domain.
* z_newlib_get_heap_bounds has been removed, in favor of the
memory partition for the heap arena
* ztest now includes the C library partitions in its memory
domain.
* The mem_alloc test now runs in user mode to prove that this
all works for both C libraries.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If an unitialized/zeroed optional attribute was passed to osThreadNew
the priority would be osThreadNone i.e. uninitialized. This causes an
ASSERT to be hit as the priority isn't valid (it is not between
osPriorityIdle and osPriorityISR).
The fix checks the passed in priority is not osPriorityNone and assigns
osPriorityNormal. This is the correct CMSIS behaviour.
The ASSERT will still be hit if the priority is invalid (<0).
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Fixed an issue whereby if an attribute structure was passed into a CMSIS
RTOS v2 'new' function with an invalid address i.e. NULL assigned to the
name (char*) member the memcpy at the end of each new function
would cause a segmentation fault i.e. read from an invalid
address.
This has been fixed by checking if the name is NULL and using the
default name from the init struct if it is. This is the same name
that would be used if not passing in the optional attr function
argument.
Changed the memcpy to strncpy to ensure that the copy does not read
beyond the end of the source string and changed the length from 16 to 15
(by means of a `sizeof(...)-1`) of the destination buffer to ensure that
it will always be nul-terminated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Implemented dynamic thread stacks for CMSIS threads by declaring an
array of default sized thread stacks. Allocation cannot be done on the
heap as some architectures require strict alignment for stacks so the
macro must be used to define the stack to ensure most compatibility.
Added a Kconfig variable to limit the number of dynamic threads on the
system (they also count towards total CMSIS thread count). This is so a
developer can have fine grained control over how many dynamic threads
can be allocated because all their stacks must be allocated up front so
could use a lot of memory needlessly if oversubscribed. The default
value is 0 which effectively disabled dynamic threads but also reduces
the memory impact to almost none.
Fixed an assert bug where thread_num was being tested against the
maximum allowed CMSIS threads - it previous checked for less than or
equal which actually (due to when the increment happens) allowed there
to be one more thread. The check now correctly uses less than and only
allowed up to the defined maximum.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Implemented dynamic allocation of memory pools in a similar to manner to
what was already implemented for message queues. Added all the same
checks on size vs. maximum allowed and current heap.
Added an additional Kconfig variable to define the maximum size of a
dynamically allocated memory pool.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Added some additional checks when creating a message queue to ensure the
size of the queue does not exceed the size of the buffer passed in via
the optional attributes.
Added a new Kconfig option to limit the maximum size of a message queue
dynamically allocated on the heap.
Added a check to ensure the heap is at least large enough to hold a
maximum size dynamically allocated queue.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
Added Kconfig dependency that NUM_PREEMPT_PRIORITIES must be at least
osPriorityISR (56). This was enforced by a build assert message but not
decribed in the Kconfig.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
After #12732, 6904501173
asserts call k_panic.
Before this, the POSIX arch had its own hack in the
__ASSERT_POST implementation to terminate the process instead
of spining forever.
But the POSIX arch does implement k_panic properly, so there
is no need anymore for this hack.
=> Remove the special treatment for POSIX ARCH
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Replaced forever loop in assert with call to a function.
In post_assert_action() function, k_panic is called.
Forever loop was preventing logs to be printed and had behavior
ependent on the context (low prioriy thread - system continue to
ork, irq - system is blocked).
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
lib/ was starting to get messy and inconsitent. Files being either
dumped in the root or in sub-directories without a clear plan.
Move all library components into one single folder and call it 'os'.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
mq_maxmsg and mq_msgsize are defined to be of
type long in POSIX standard. So use long for
variables that hold its value in mq_open().
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
This patch adds a x86_64 architecture and qemu_x86_64 board to Zephyr.
Only the basic architecture support needed to run 64 bit code is
added; no drivers are added, though a low-level console exists and is
wired to printk().
The support is built on top of a "X86 underkernel" layer, which can be
built in isolation as a unit test on a Linux host.
Limitations:
+ Right now the SDK lacks an x86_64 toolchain. The build will fall
back to a host toolchain if it finds no cross compiler defined,
which is tested to work on gcc 8.2.1 right now.
+ No x87/SSE/AVX usage is allowed. This is a stronger limitation than
other architectures where the instructions work from one thread even
if the context switch code doesn't support it. We are passing
-no-sse to prevent gcc from automatically generating SSE
instructions for non-floating-point purposes, which has the side
effect of changing the ABI. Future work to handle the FPU registers
will need to be combined with an "application" ABI distinct from the
kernel one (or just to require USERSPACE).
+ Paging is enabled (it has to be in long mode), but is a 1:1 mapping
of all memory. No MMU/USERSPACE support yet.
+ We are building with -mno-red-zone for stack size reasons, but this
is a valuable optimization. Enabling it requires automatic stack
switching, which requires a TSS, which means it has to happen after
MMU support.
+ The OS runs in 64 bit mode, but for compatibility reasons is
compiled to the 32 bit "X32" ABI. So while the full 64 bit
registers and instruction set are available, C pointers are 32 bits
long and Zephyr is constrained to run in the bottom 4G of memory.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Added glue logic to interface Zephyr with LittlevGL GUI library
This includes:
* KConfig options for all lvgl options
* Kernel & user space memory management
* Zephyr to lvgl FS call mapping
* Color space conversion function
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Following the standard GCC RISC-V convetion use __riscv for the RISC-V
specific define:
41d6b10e96/gcc/config/riscv/riscv-c.c (L37)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Used as a checksum on command messages when talking with MMC cards.
Implemented using the unwound bytewise implementation from
https://en.wikipedia.org/wiki/Computation_of_cyclic_redundancy_checks
which is a good mix of size and speed.
The API and naming matches lib/crc7.c in Linux.
Signed-off-by: Michael Hope <mlhx@google.com>
If any of the Zephyr version numbers went beyond 99, the "%2d" printf
specifiers would expand to fit and the string would run over the
memory on the stack used for os_str[].
Recent GCC versions (remember native_posix and x86_64 use the host
compiler) were actually detecting this and correctly issuing a warning
(but only if the 3-digit char value would overflow the actual array
size!), which was breaking sanitycheck for me on Fedora 28 and Ubuntu
18.04 build hosts. Pretty impresive warning.
As it happens this was wasteful anyway; we were spending bytes on the
stack (and in rodata to store the constant which, and the cycles
needed to copy it into place on the stack where it would be
overwritten immediately) when we could just snprintf() directly into
the buffer the user gave us.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Thread Flags are used to trigger execution states between threads.
These APIs provide functionalities like set, clear and wait.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Events are used to trigger execution states between threads.
These APIs provide functionalities like event set, clear and
wait.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
These APIs allow creating, allocating and freeing of mempools.
Note: "Mempool" in CMSIS actually means memslabs in Zephyr.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
These APIs provide the support of virtual timers. All timers
can be started, restarted, or stopped. Timers can be configured
as one-shot or periodic.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
APIs to introduce wait i.e osDelay and osDelayUntil are defined
here. They are analogous to k_sleep in the kernel.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Implement support for Kernel management APIs like
osKernelInitialize, osKernelGetTickCount, osKernelGetSysTimerCount
etc.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
According with MISRA-C the value returned by a non-void function has
to be used. As memcpy return is almost useless, we are explicitly
ignoring it.
MISRA-C rule 17.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
ioctl() just dispatches to the corresponding vmethod of an fd.
fcntl() handles fdtable-level operations (so far doesn't handle
actually, returning "not implemented" error), and forwards
fd-specific operations to ioctl vmethod just the same (i.e.
ioctl and fcntl operations share the same namespace, but otherwise
disjoint).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
As extend fdtable usage to more cases, there regularly arises a need
to forward ioctl/fcntl arguments to another ioctl vmethod, which is
complicated because it defined as taking variadic arguments. The only
portable solution is to convert variadic arguments to va_list at the
first point of entry from client code, and then pass va_list around.
To facilitate calling ioctl with variadic arguments from system code,
z_fdtable_call_ioctl() helper function is added.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The function atomic_set return the previous value of the
target. Sometimes this value is irrelevant, e.g when initializing a
variable.
As MISRA-C rule 17.7 requires that the value returned by a non-void
function must be used, we have to explicitly ignore some cases.
MISRA-C rule 17.7
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This allows for workqueues to be started in user mode.
No additional kernel objects or system calls are defined
other than starting the workqueue in user mode; for
permission purposes the embedded queue and thread objects
are sufficient.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Similar to the last patch, there was a spot in block recombination
where the lock would be released while the combined block was being
held allocated. That means that when recombining a single top-level
block, it was possible for the entire heap to look allocated.
Make the combination and re-addition of the larger block atomic.
Requires a little surgery to the structure of the code, so this is a
little more involved than the earlier fix.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The mempool operations need to be atomic, but because of latency
concerns (the allocator is intended for use in an ISR) the locking was
designed to be as minimal as possible. And it... mostly got it right.
All the list handling was correctly synchronized. The merging of four
child blocks into a parent block was atomic. The splitting of a block
into four children was atomic.
BUT: there was a moment between the allocation of a large block and
the re-addition of its three unused children where the lock was being
released. This meant that another context (e.g. an ISR that just
fired, interrupting the existing call to k_mem_pool_alloc()) would see
some memory "missing" that wasn't actually allocated. And if this
happens to have been the top level block, it's entirely possible that
the whole heap looks empty, even though the other allocator might have
been doing only the smallest allocation!
Fix that by making the "remove a block then add back the three
children we don't use" into an atomic step. We can still relax the
lock between levels as we split the subblocks further.
(Finally, note that this trick allows a somewhat cleaner API as we can
do our "retry due to race" step internally by walking back up the
block size list instead of forcing our caller to do it via that weird
-EAGAIN return value.)
Fixes#11022
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Private kernel data structure which should not be accessible to
userspace threads. Mark with __kernel.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
FD method tables contain function pointers, and thus should be
const and reside in ROM. This patch fixes all cases of FD vtable
definitions: for POSIX FS API and for sockets.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If we don't have Newlib, the more or less POSIX library, it's unclear
how to deal with POSIX stdin/stdout/stderr at all.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is simplistic implementation which just redirects to (likewise
simplistic) implementation in lib/libc/newlib/libc-hooks.c. This
should be replaced with bindings to "real console", but what should
be a "real console" is so far discussed, at the RFC stage.
This implementation goes into the fdtable.c itself to keep all those
things nicely static. (This is again likely will change when we have
"real console", but again, it's so far not clear where it would
belong, so at least avoid creating random files to be deleted later).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
read/write/etc. are defined in case CONFIG_POSIX_API is defined, and
we shouldn't provide duplicates.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
All the handling of POSIX file descriptors is now done by fdtable.c.
fs.c still manages its own table of file structures of the underlying
fs lib.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The table allows to wrap read/write (i.e. POSIX-compatible) semantics
of any I/O object in POSIX-compatible fd (file descriptor) handling.
Intended I/O objects include files, sockets, special devices, etc.
The table table itself consists of (underlying obj*, function table*)
pairs, where function table provides entries for read(), write, and
generalized ioctl(), where generalized ioctl handles all other
operations, up to and including closing of the underlying I/O object.
Fixes: #7405
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
k_poll_signal was being used by both, struct and function. Besides
this being extremely error prone it is also a MISRA-C violation.
Changing the function to contain a verb, since it performs an action
and the struct will be a noun. This pattern must be formalized and
followed and across the project.
MISRA-C rules 5.7 and 5.9
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Fix a compile warning if we build using int types defined to match the
compiler. We get the following warnings:
lib/mempool/mempool.c: In function ‘sys_mem_pool_alloc’:
lib/mempool/mempool.c:317:48: warning: passing argument 3 of ‘_sys_mem_pool_block_alloc’ from incompatible pointer type [-Wincompatible-pointer-types]
if (_sys_mem_pool_block_alloc(&p->base, size, &level, &block,
^
lib/mempool/mempool.c:221:5: note: expected ‘u32_t * {aka long unsigned int *}’ but argument is of type ‘int *’
int _sys_mem_pool_block_alloc(struct sys_mem_pool_base *p, size_t size,
^~~~~~~~~~~~~~~~~~~~~~~~~
lib/mempool/mempool.c:317:56: warning: passing argument 4 of ‘_sys_mem_pool_block_alloc’ from incompatible pointer type [-Wincompatible-pointer-types]
if (_sys_mem_pool_block_alloc(&p->base, size, &level, &block,
^
lib/mempool/mempool.c:221:5: note: expected ‘u32_t * {aka long unsigned int *}’ but argument is of type ‘int *’
int _sys_mem_pool_block_alloc(struct sys_mem_pool_base *p, size_t size,
^~~~~~~~~~~~~~~~~~~~~~~~~
Make local variables block & level u32_t to match what
_sys_mem_pool_block_alloc expects.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This reverts commit 25fb2302f1.
The bluetooth l2cap code was using these errno values but changed to
using more standard EPERM instead, so lets remove the defines since
nothing uses them.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
write() function is not supposed to change buffer passed to it, so
propagate const pointer param to all write-like functions used/defined
in this file.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Some third-party components include this file without really needing
any symbols from it. Presence of this file allows to build them
against minimal libc, whereas previously they forced Newlib.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Placing it at sys/fcntl.h was due to mimicking internal newlib's
layout, but what we need is this file at the standard location,
for reuse.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Extended ring buffer to allow storing raw bytes in it. API has been
extended keeping 'data item' mode untouched.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Deprecate API prefixed with sys_ring_buf_ and rename it
to ring_buf_item_ since this API is not a typical ring buffer
but ring buffer of data items (metadata + 32bit words).
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
For read/write/lseek, use size_t and off_t types, as mandated by
POSIX:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/unistd.h.html
Also, prototypes of unistd.h functions should not depend on
CONFIG_POSIX_FS, as (many) of them deal with generic I/O, not with
files in filesystem per se.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Fixed some Kconfig inconsistencies around THREAD_CUSTOM_DATA,
POLL and NUM_PREEMPT_PRIORITIES.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
It so happened that previously CONFIG_PTHREAD_IPC served this role.
But pthreads and IPC is only parts of POSIX, orthogonal to other
services.
Move CONFIG_POSIX_FS, etc. out from CONFIG_PTHREAD_IPC.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Calling pthread_join() with current thread would lead
to deadlock. Adding check for it and to return
appropriate error code.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
Under GNU C, sizeof(void) = 1. This commit merely makes it explicit u8.
Pointer arithmetics over void types is:
* A GNU C extension
* Not supported by Clang
* Illegal across all ISO C standards
See also: https://gcc.gnu.org/onlinedocs/gcc/Pointer-Arith.html
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
ENOTSUP is not being used correctly in
pthread_attr_setschedparam(), hence
replaced its check for EINVAL instead.
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
Added EAGAIN error code in pthread_create()
with fixing the EINVAL return as it is
limited to attribute checking.
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
Added return of ESRCH error code in
pthread_getschedparam() when the
specified thread could not be found.
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
Change APIs that essentially return a boolean expression - 0 for
false and 1 for true - to return a bool.
MISRA-C rule 14.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Make if statement using pointers explicitly check whether the value is
NULL or not.
The C standard does not say that the null pointer is the same as the
pointer to memory address 0 and because of this is a good practice
always compare with the macro NULL.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Contains defines enough to compile BSD Sockets subsystem. Values are
compatible with Newlib.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Add a private variable `rt_clock_base` that can be used to determine a
real-time clock by using the `k_uptime_get` clock. Once `clock_settime`
is added, this can allow us to have a meaningful real time clock.
Signed-off-by: David Brown <david.brown@linaro.org>
Provide an implementation of gettimeofday(). This uses clock_gettime()
with the CLOCK_REALTIME parameter, which is currently unimplemented, but
will allow clients to call this function once this functionality has
been implemented.
Signed-off-by: David Brown <david.brown@linaro.org>
Use the asynchronous version of mbox_put instead of the
synchronous one. Also, add an error check in osMailPut.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Add few missing NULL checks to avoid crash. Also, minor
refactor of signal code and disable osFeature_Wait to
signify osWait function not implemented.
Signed-off-by: Praful Swarnakar <praful.swarnakar@intel.com>
k_msg_get returns only three possible values, and
osErrorValue is not in osMessageGet spec, hence
removing this unhit else case.
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
The memory occupied by posix_thread objects are not significant.
Hence, no point in using dynamic allocation.
Addresses #8717.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
stacksize is an unsigned integer and hence there's no need to
check whether it is >= 0 since it is always true. This fixes
the Github issue #9637.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Replace an else-if case in osSemaphoreWait with
else to account for both EBUSY and EAGAIN return
values from k_sem_take. The return value would be
0 for osSemaphoreWait in both cases.
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
When a mempool is created with a large number of maximum-size blocks,
the logic for initializing max_inline_level (i.e. when to union the
bitmask with the pointer and when to use the pointer directly) was
wrong. The default state was "zero", which implies that level 0
should be inlined, but that's wrong with >32 base blocks.
Additionally, the type was unsigned, making the "level zero is a
pointer" situation impossible to represent.
Fixes#6727
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add osErrorTimeoutResource as return value when message
cannot be put in queue during waiting period. Also set
message value only when message is received.
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
Several code guidelines recommend using uppercase L instead of letter
l (ell) because it can easily be confused with the digit 1 (one).
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Fix the osSignalWait timeout calculation in cases when
waiting on more than one signal event.
Signed-off-by: Praful Swarnakar <praful.swarnakar@intel.com>
Consistently use
config FOO
bool/int/hex/string "Prompt text"
instead of
config FOO
bool/int/hex/string
prompt "Prompt text"
(...and a bunch of other variations that e.g. swapped the order of the
type and the 'prompt', or put other properties between them).
The shorthand is fully equivalent to using 'prompt'. It saves lines and
avoids tricking people into thinking there is some semantic difference.
Most of the grunt work was done by a modified version of
https://unix.stackexchange.com/questions/26284/how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some
of the rarer variations had to be converted manually.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Signals are used to trigger execution states between threads.
These APIs provide functionalities like signal set, clear and
wait.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
These APIs allow creating, allocating and freeing
of mempools.
Note: "Mempool" in CMSIS actually means memslabs in Zephyr.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
These APIs provide the support of virtual timers. All timers
can be started, restarted, or stopped. Timers can be configured
as one-shot or periodic.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
This API is used to fetch the kernel system timer as 32-bit value.
This is analogous to k_cycle_get_32 in the kernel.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
The read/write implementations call directly into the console drivers
using the hook mechanism, causing faults if invoked from user mode.
Add system calls for read() and write() such that we do a privilege
elevation first.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The stdout console implementations for minimal libc call directly into
the various console drivers (depending on what specifc hooks are
registered) causing faults when invoked from user mode. This happens,
for example, when using printf() which eventually ends up calling
fputc().
The proper solution is to ensure privileges have been elevated before
the _stdout_hook is called. This was already done for printk().
puts() and fputs() have now been re-defined in terms of the
fputc() and fwrite() functions, which are now system calls.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The errno "variable" is required to be thread-specific.
It gets defined to a macro which dereferences a pointer
returned by a kernel function.
In user mode, we cannot simply read/write the thread struct.
We do not have thread-local storage mechanism, so for now
use the lowest address of the thread stack to store this
value, since this is guaranteed to be read/writable by
a user thread.
The downside of this approach is potential stack corruption
if the stack pointer goes down this far but does not exceed
the location, since a fault won't be generated in this case.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Added 4 new pthread_key APIs for thread-specific data
key creation, deletion, setting and getting the values.
Added a key list to the posix_struct for threads.
Added pthread_once API.
Signed-off-by: Niranjhana N <niranjhana.n@intel.com>
We utilize defines like -ESHUTDOWN in the network stack. To support
this errno value with newlib we need to enable
__LINUX_ERRNO_EXTENSIONS__.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If we use newlib the isdigit (and other similar functions) return an
error as char can possibly be viewed as signed:
usr/include/ctype.h:57:54: error: array subscript has type ‘char’ [-Werror=char-subscripts]
#define __ctype_lookup(__c) ((__ctype_ptr__+sizeof(""[__c]))[(int)(__c)])
Explicity cast to unsigned char so we deal with both this warning and
possible warning when -Wpointer-sign is enabled.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For some reason %F wasn't supported initially. Its simple enough to
handle the case difference in infinity and NaN handling to add support
for %F.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The C standard says that %f should use '[-]inf' or '[-]infinity' (which
style is implementation defined) for infinity handling and '[-]nan' for
NaN.
We where adding a '+' and had the wrong case for 'inf' and 'nan'.
Before -> After
+INF -> inf
-INF -> -inf
NaN -> nan
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For %{e,E,g,G} conversion specifiers the C standard says the exponent
contains at least two digits, and only as many digits are necessary. So
instead of 1.234000e-001 we should have 1.234000e-01.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
memcpy copies upto (rc-1)th index but the write of NULL character
to the string is at (rc+1)th index skipping (rc)th index.
The fix addresses this as well.
CID: 186491
Fixes Issue #8280
Signed-off-by: Subramanian Meenakshi Sundaram <subbu147@gmail.com>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Also simplify the default on STDOUT_CONSOLE. Defaults can be arbitrary
expressions, not just fixed values.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The charmap table used by strncasecmp() not only used precious 256
bytes of ROM, it also had wrong mappings outside the ASCII range
(123..218).
Rewrite strncasecmp() to call tolower() instead; might be a tiny wee
little bit slower than the current version, but it's not used in any
performance-sensitive parts of the code to justify the waste.
This reduces the ROM footprint for the ws_echo_server sample by ~224
bytes.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Both variables were used (with the same value) interchangeably
throughout CMake files and per the discussion in GH issue,
ZEPHYR_BASE is preferred.
Also add a comment with explanation of one vs. the other.
Tested by building hello_world for several boards ensuring no errors.
Fixes#7173.
Signed-off-by: Alex Tereschenko <alext.mkrs@gmail.com>
lib/libc/minimal/source/CMakeLists.txt and
lib/libc/minimal/source/stdout/CMakeLists.txt was introduced in
12f8f7616 but it is not used by the build system. CMakeLists.txt in
the parent dir lib/libc/minimal/CMakeLists.txt adds C files to the
target with the lines like:
${CMAKE_CURRENT_SOURCE_DIR}/source/stdlib/atoi.c
${CMAKE_CURRENT_SOURCE_DIR}/source/stdlib/strtol.c
To make other empty CMakeLists.txt explicit, this commit adds a
comment line to them.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
'default N' should have been 'default n', though they happen to have the
same effect here, due to undefined Kconfig symbols ('N') evaluating to
'n' in a boolean sense.
Kconfig bool symbols implicitly default to 'n', so remove the default
rather than fixing it.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The minimal libc source files have been added to 'app'. The Zephyr
build system should not be adding source files to the 'app' library
unless necessary.
This patch creates a new Zephyr CMake Library in lib/libc/minimal and
adds the sources to it.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Use k_uptime_get() to compute both tv_sec and tv_nsec members
of timespec structure.
Fixes#8009
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Make sure the name string is NULL terminated in the readdir().
CID: 186037
Fixes Issue #7733
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
When we introduced NEWLIB_LIBC_ALIGNED_HEAP_SIZE in commit
42a2c96422. We accidently had the Kconfig
symbol depend on CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT the leading
'CONFIG_' shouldn't exist.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The pthread mutex changes went in with an adaptation to build with the
new wait queue API, but they did it by using the old dlist hooks
directly through typecasting and union assignment. That... is sort of
the opposite of the intent to having the new API be abstracted. The
pthread code worked, but failed once wait queues (on x86) stopped
being dlists.
Simple fix once I saw the problem, anyway.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The scheduler priq implementation was taking advantage of a subtle
behavior of the way the tree presents the order of its arguments (the
node being inserted is always first). But it turns out the tree got
that wrong in one spot.
As this was subtle voodoo to begin with, it should have been
documented first. Similarly add a little code to the test case to
guarantee this in the future.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This constant should be defined in limits.h. Define it in limits.h in
the minimal libc, and use the definition found in newlib's includes.
Values in newlib includes range from 1024 to 4096.
The rationale is that all code should use the same value; having
buffers specified with different sizes will lead to interoperability
and out of bounds array writes.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Add IEEE 1003.1 Posix Style file system API support.
These API's will internally use corresponding Zephyr
File System API's.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
There were multiple spots where code was using the _wait_q_t
abstraction as a synonym for a dlist and doing direct list management
on them with the dlist APIs. Refactor _wait_q_t into a proper opaque
struct (not a typedef for sys_dlist_t) and write a simple wrapper API
for the existing usages. Now replacement of wait_q with a different
data structure is much cleaner.
Note that there were some SYS_DLIST_FOR_EACH_SAFE loops in mailbox.c
that got replaced by the normal/non-safe macro. While these loops do
mutate the list in the code body, they always do an early return in
those circumstances instead of returning into the macro'd for() loop,
so the _SAFE usage was needless.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Works mostly like the list enumeration macros. Implemented by fairly
clever alloca trickery and some subtle "next node" logic. More
convenient for many uses, can be early-exited, but has somewhat larger
code size than rb_walk().
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The implementation of fwrite() in the minimal libc does not increment
the source pointer, and thus always print the same character.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
pthread_attr_init() should not return EBUSY as per POSIX spec
so fixed this by return ENOMEM if the attr pointer is NULL.
Also fixed the attribute initialization logic by copying the
init_pthread_attrs to the attr.
Fixes Issue #7480
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
The _thread_entry() is not really a part of the kernel but a part of
the zephyr's C runtime support library. Hence moving just the
function to lib/thread_entry.c
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
MPU devices that enforce power-of-two alignment now
specify the size of the buffer used for the newlib heap.
This buffer will be properly aligned and a pointer
exposed in a kernel header, such that it can be added
to a user thread's memory domain configuration if
necessary.
MPU devices that don't have these restrictions allocate
the heap as normal.
In all cases, if an MPU/MMU region needs to be programmed,
the z_newlib_get_heap_bounds() API will return the necessary
information.
Given how precious MPU regions are, no automatic programming
of the MPU is done; applications will need to do this as
needed in their memory domain configurations.
On x86, the x86 MMU-specific code has been moved to arch/x86
using the new z_newlib_get_heap_bounds() API.
Fixes: #6814
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Newlib uses any RAM between _end and the bounds of physical
RAM for the _sbrk() heap. Set up a user-writable region
so that this works properly on x86.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Calling POSIX exit() function in Zephyr w/newlib leads to printing
"exit" to stdout followed by infinite loop. That message was
printed without a newline though, leading to confusing artifacts
in the console output.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This trades a little bit over 40 bytes (on x86) of text for a lot of
savings in rodata. This is accomplished by using bitfields to pack the
field name length, offset, alignment, and the type tag into a single
32-bit unsigned integer instead of scattering this information into
four different integers.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Fix potential overflow of interger expression for by fixing
variable type to s64_t.
CID: 185275
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
The POSIX layer had a simple ready_one_thread() utility. Move this to
the scheduler API (with a prepended underscore -- it's an internal
API) so that it can be synchronized along with the rest of the
scheduler.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Almost everywhere this was called, it was immediately followed by
_abort_thread_timeout(), for obvious reasons. The only exceptions
were in timeout and k_timer expiration (unifying these two would be
another good cleanup), which are peripheral parts of the scheduler and
can plausibly use a more "internal" API.
So make the common case the default, and expose the old behavior as
_unpend_thread_no_timeout(). (Along with identical changes for
_unpend_first_thread) Saves code bytes and simplifies scheduler
surface area for future synchronization work.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Originally, pthread_cond_signal() was written to yield even in
circumstances where the current thread is at a cooperative priority
and would not expect to be context-switched out until it blocks. This
makes sense, as in most cases you want the newly signaled thread to
get a chance to run as soon as possible.
On further reflection (and also because it complicates the scheduler),
I think that's wrong. The point to cooperative scheduling is that it
allows the cooperative code to make synchronization assumptions about
exactly when it might yield to other threads, and having arbitrary
APIs be "preemption points" like this complicates that analysis
significantly.
Use _reschedule() like other code does.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Now that other work has eliminated the two cases where we had to do a
reschedule "but yield even if we are cooperative", we can squash both
down to a single _reschedule() function which does almost exactly what
legacy _Swap() did, but wrapped as a proper scheduler API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Recent changes have eliminated most use of _Swap() in favor of higher
level scheduler abstractions. We can remove the header too.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Everywhere the current thread is pended, the code is going to have to
do a _Swap() soon afterward, yet the scheduler API exposed these as
separate steps. Unify this pattern everywhere it appears, which saves
some code bytes and gets _Swap() out of the general scheduler API at
zero cost.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There was a somewhat promiscuous pattern in the kernel where IPC
mechanisms would do something that might effect the current thread
choice, then check _must_switch_threads() (or occasionally
__must_switch_threads -- don't ask, the distinction is being replaced
by real English words), sometimes _is_in_isr() (but not always, even
in contexts where that looks like it would be a mistake), and then
call _Swap() if everything is OK, otherwise releasing the irq_lock().
Sometimes this was done directly, sometimes via the inverted test,
sometimes (poll, heh) by doing the test when the thread state was
modified and then needlessly passing the result up the call stack to
the point of the _Swap().
And some places were just calling _reschedule_threads(), which did all
this already.
Unify all this madness. The old _reschedule_threads() function has
split into two variants: _reschedule_yield() and
_reschedule_noyield(). The latter is the "normal" one that respects
the cooperative priority of the current thread (i.e. it won't switch
out even if there is a higher priority thread ready -- the current
thread has to pend itself first), the former is used in the handful of
places where code was doing a swap unconditionally, just to preserve
precise behavior across the refactor. I'm not at all convinced it
should exist...
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The compiler can remove the NULL check since the dereference happens
before it (and assume that the pointer is always valid).
Coverity-Id: 185281
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Returns true if the specified node is in the tree. Allows the tree to
be used for "set" style semantics along with a lessthan_fn that simply
compares the nodes by their address.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
A balanced tree implementation for Zephyr as we grow into bigger
regimes where simpler data structures aren't appropriate.
This implements an intrusive balanced tree that guarantees O(log2(N))
runtime for all operations and amortized O(1) behavior for creation
and destruction of whole trees. The algorithms and naming are
conventional per existing academic and didactic implementations, c.f.:
https://en.wikipedia.org/wiki/Red%E2%80%93black_tree
The implementation is size-optimized to prioritize runtime memory
usage. The data structure is intrusive, which is to say the struct
rbnode handle is intended to be placed in a separate struct the same
way other such structures (e.g. Zephyr's dlist list) and requires no
data pointer to be stored in the node. The color bit is unioned with
a pointer (fairly common for such libraries). Most notably, there is
no "parent" pointer stored in the node, the upper structure of the
tree being generated dynamically via a stack as the tree is recursed.
So the overall memory overhead of a node is just two pointers,
identical with a doubly-linked list.
Code size above dlist is about 2-2.5k on most architectures, which is
significant by Zephyr standards but probably still worthwhile in many
situations.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Move posix layer from 'kernel' to 'lib' folder as it is not
a core kernel feature.
Fixed posix header file dependencies as part of the move and
also removed NEWLIBC related macros from posix headers.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
We would like to offer the capability to have memory pool heap data
structures that are usable from user mode threads. The current
k_mem_pool implementation uses IRQ locking and system-wide membership
lists that make it incompatible with user mode constraints.
However, much of the existing memory pool code can be abstracted to some
common functions that are used by both k_mem_pool and the new
sys_mem_pool implementations.
The sys_mem_pool implementation has the following differences:
* The alloc/free APIs work directly with pointers, no internal memory
block structures are exposed to the end user. A pointer to the source
pool is provided for allocation, but freeing memory just requires the
pointer and nothing else.
* k_mem_pool uses IRQ locks and required very fine-grained locking in
order to not affect system latency. sys_mem_pools just use a semaphore
to protect the pool data structures at the API level, since there aren't
implications for system responsiveness with this kind of concurrency
control.
* sys_mem_pools do not support the notion of timeouts for requesting
memory.
* sys_mem_pools are specified at compile time with macros, just like
kernel memory pools. Alternative forms of specification at runtime
will be a later enhancement.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
As per the Apache v2 License, state changes made to the original code in
the modified version of the files.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Since base64 is such a simple and commonly used feature it makes no
sense to build the whole of mbedTLS for it. Instead take the
implementation that comes with mbedTLS and import it as a native library
outside of ext/ for all to use directly.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
* ring_bufffer is in lib, so move the Kconfig out of the kernel.
* move one Kconfig used for json to lib/Kconfig alongside other
Kconfigs.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This is a minor change that makes the data pointer const and shifts
the length to a size_t to match the other CRC functions.
Signed-off-by: Michael Hope <mlhx@google.com>
We want to support other toolchain not based on GCC, so the variable is
confusing, use ZEPHYR_TOOLCHAIN_VARIANT instead.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The existing version of crc16_ccitt() is actually CRC-16/AUG-CCITT and
gives different results to Linux, Contiki, and the CRC unit in the
SAM0 SOC. This version matches Linux.
Note that this is an incompatible API change.
Signed-off-by: Michael Hope <mlhx@google.com>
Enable stdio to work by default if Newlib is used as libc - it's
reasonable expectation that if full-fledged libc (like Newlib) is
selected, then printf() works out of the box.
Fixes: #5566
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Add abs function to the minimal libc. This is present in
NEWLIB_LIBC, but adding it here avoid to make a dependency
with NEWLIB_LIBC.
Signed-off-by: Vincent Veron <vincent.veron@st.com>
CROSS_COMPILE is a KBuild feature that was dropped during the CMake
migration. It is now re-introduced. Documentation for it is still
lacking, but at least it now behaves as expected.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This code is commonly used in the Linux kernel for reporting a
retryable error like a failed CRC. This name and value is already
present in Linux and newlib.
Signed-off-by: Michael Hope <mlhx@google.com>
When building a native application, we use the host provided libc, so do
not build minimal libc or newlib.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
The C11 standard requires this. From 7.2 "Diagnostics <assert.h>"
paragraph 1:
> The header <assert.h> defines the assert and static_assert macros...
paragraph 3:
> The macro
> static_assert
> expands to _Static_assert.
Since static_assert is a keyword in C++11, don't define it if C++.
Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
The C standard requires assert() to be a void result, so you
could write something like:
return assert(x), x;
From the C11 standard (7.2 Diagnostic <assert.h>):
> If NDEBUG is defined as a macro name at the point in the source file
> where <assert.h> is included, the assert macro is defined simply as
> #define assert(ignore) ((void)0)
Signed-off-by: Thiago Macieira <thiago.macieira@intel.com>
This was causing an unaligned pointer read on some architectures,
leading to crashes. This could be alternatively solved by rounding
the size to the nearest power of 2, but this wouldn't work with
packed structs.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This appears to be a bug in GCC: when an anonymous union contains
anonymous structs, GCC issues a warning that a field in one of the
anonymous structs has not been initialized. Fix by making the
structs not anonymous.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
append_bytes_to_buf() already writes a NUL byte; no need to call
append_bytes() again with "" and size 1.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This header is included by some files provided by ESP-IDF. Nothing
from this header file is actually used: it's only being added allow
things to compile with the minimal libc.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Since JSON_OBJ_DESCR_ARRAY is suitable only for arrays of primitives,
add JSON_OBJ_DESCR_OBJ_ARRAY (and a ..._NAMED variant), to allow users
to handle arrays of objects.
Having a macro is important, given the unintuitive space optimization
used for storing the offset to the structure element containing the
number of elements in the array.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This function currently fails when decoding an array with number of
elements exactly equal to the maximum available in the struct.
To fix this, move the check for if the current field is past the end
of the array to just before attempting to decode a value. This allows
the last element to be followed by a JSON_TOK_LIST_END token in the
case that the array is full, and the function to return success.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The JSON library doesn't properly encode arrays whose elements are of
object type. Fix that.
This fix avoids allocating a temporary descriptor on the stack, and
keeps the size of struct json_obj_descr unchanged, by preserving an
unintuitive size optimization made by the library. See the comments
in the patch for more details.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This (and JSON_OBJ_DESCR_ARRAY_NAMED) are really intended for handling
arrays of primitive type only. They don't allow users to declare
descriptors for arrays of objects. Clarify this in the Doxygen.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Move all characters to "char" type: no implicit conversions between
"unsigned char", "u8_t", etc.
Tested with ISSM 2016.2.085.
Jira: ZEP-2159
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The set of valid JSON field names is larger than the set of C
identifiers. This can result in structure field names which pack
decoded JSON values which necessarily differ from the field names in
the JSON.
Support this by adding _NAMED variants to each of the JSON_OBJ_DESCR_*
helper macros. For example, JSON_OBJ_DESCR_PRIM_NAMED allows users to
declare a descriptor field for a primitive type, whose structure field
name is different from the JSON field name.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Newlib names this function __errno(), so if we want Zephyr to work
with Newlib seamlessly, it's better to just follow Newlib's naming
convention for Zephyr's own minimal libc.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Currently, json_escape() allocates a temporary buffer on the stack
that's the size of the string being escaped.
Stack space is precious and longer JSON strings can run into the
hundreds of bytes, so re-implement this routine to escape in place.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
There are already helper macros for declaring descriptor fields of
object and array type. Add one for primitive types as well.
The fact that the JSON test code defines one proves that it's useful,
so there should be one provided for other users.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Convert code to use u{8,16,32,64}_t and s{8,16,32,64}_t instead of C99
integer types.
Jira: ZEP-2051
Change-Id: I74bc6384c4090f4ae322e3aa151874f583a5fe73
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is a start to move away from the C99 {u}int{8,16,32,64}_t types to
Zephyr defined u{8,16,32,64}_t and s{8,16,32,64}_t. This allows Zephyr
to define the sized types in a consistent manor across all the
architectures we support and not conflict with what various compilers
and libc might do with regards to the C99 types.
We introduce <zephyr/types.h> as part of this and have it include
<stdint.h> for now until we transition all the code away from the C99
types.
We go with u{8,16,32,64}_t and s{8,16,32,64}_t as there are some
existing variables defined u8 & u16 as well as to be consistent with
Zephyr naming conventions.
Jira: ZEP-2051
Change-Id: I451fed0623b029d65866622e478225dfab2c0ca8
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If we use newlib the isdigit (and other similar functions) return an
error as char can possibly be viewed as signed:
usr/include/ctype.h:57:54: error: array subscript has type ‘char’ [-Werror=char-subscripts]
#define __ctype_lookup(__c) ((__ctype_ptr__+sizeof(""[__c]))[(int)(__c)])
Being explicit about the char being unsigned char deals with this.
Change-Id: If2416218220ef5b29f1a69470cbcc6b4fd49ef86
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Boolean values were being decoded using the descriptor type rather than
the value type.
Jira: ZEP-1607
Change-Id: I0c9324ee705af973ccf738e92785820c3a5fb692
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The function to ignore spaces was not being called, so some tokens had
whitespace in the beginning. They were correctly lexed, but parsing
could eventually fail.
Jira: ZEP-1607
Change-Id: I796596143895fa0fa652641f56af9a03e7a65b7a
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Comparing *endptr with '\0' will always be true before replacing
*token->end with prev_end.
Jira: ZEP-1607
Change-Id: I224129586e15380d3919bfba3db4fcf38c28cb07
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
It has been suggested in a review to use a simple function with a
switch statement instead of the table trick.
Jira: ZEP-1607
Change-Id: I5290de175021bfa8642334548ece8266d4c137f0
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Roll the loop in an accept_run() function and use it to match "rue" and
"alse" depending on the first character of the token. Use that to lex
"ull" after finding "n" as well. This reduces the code slightly.
Jira: ZEP-1607
Change-Id: Iec8ff6ae2fb79e7fe65d476d1574c5943d23e14f
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Serializing an object in JSON is quite tricky to do by hand, and with
an array of descriptor structs, there's enough information to do that
programatically.
The encoder takes a callback function, so that one can be written to
write bytes to, for instance, a struct net_buf. This way, there's no
guesswork to determine the buffer size, reducing the possibility of
overflowing the stack.
Jira: ZEP-1607
Change-Id: I5ccf1012e46c1db32fcfdf2ecee4a1ef44c927d5
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Parse arrays and nested objects.
Array parsing is limited to items of the same type, and requires an array
with fixed number of elements. Elements can be of any type supported by
the parser, including arrays and objects.
The return value of json_obj_parse() won't be that helpful: the nth bit
will only be set if the object has been fully decoded.
Jira: ZEP-1607
Change-Id: I472e402ae3f36a1bd1505decc0313f74cbfa2e07
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This is a minimal JSON parser (and string encoder helper). This has
been originally written for the NATS client sample project, but since
it's a generic bit of code, it's also being provided as a library
outside the NATS application source.
It's limited (no support for arrays, nested objects, only integer
numbers, etc), but it is sufficient for the NATS protocol to work.
Jira: ZEP-1012
Change-Id: Ibfe64aa1884e8763576ec5862f77e81b4fd54b69
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Add __printf_like attribute to printf style functions in minimal libc to
enable the compiler checking this provides. We fixup the associated
issues that are now found by utilizing these checks.
Change-Id: I74ac0d0345782463d9fb454f7161d6b4af211ba5
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The isalnum() primitive is used by the NATS protocol implementation to
vaildate some of the inputs.
This uses primitives that were already in place.
Change-Id: Ib53eeb7ae002a42f5b6aa8d4fc61baca029a042d
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Dummy time.h to fulfill the compilations requirements of certain
libraries i.e. mbedTLS
Change-Id: I07e66dbf07337b935dabe9eecdf1be3850bbf394
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
This patch adds in the include to get the CONFIG_SRAM definitions on
systems which are using device tree generation.
Change-Id: Ie61efbcdfc900a2c682a2fb8bbaecb61071a20f8
Signed-off-by: Andy Gross <andy.gross@linaro.org>
As it turns out Xtensa SDK headers also define _Restrict, causing
havoc. As this was intended to be a private macro, rename it to something
less likely to cause a collision.
Change-Id: I0a7501a1af8cf87efb096872a91a7b44bd2bbdca
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Each GCC target backend is at liberty to define its own SIZE_TYPE. GCC
uses this for various purposes, not lease it drives the machinery that
spits out format specifier diagnostics when format specifiers are
applied to objects with inappropriate type. GCC exposes the current
definition of SIZE_TYPE via the preprocessor symbol __SIZE_TYPE__.
The GCC build processes also generates various standard library header
files that directyle expose stanard types in a form consistent with
the current configuration of GCC. Conventionally standard library
build processes (for glibc and newlib) pick up the header files
generated by the GCC build.
In the minimal libc we have no such build process, we don't pick up
the header files that the GCC build process generated. Instead we
define our own alternative header files and align them with GCC
manually.
The current definition of ssize_t in minimal libc is out of step with
GCC which means that any use of the %z[du] format modifier will issue
a diagnostic.
We replace the open coded architecture detection in minimal libc and
use GCCs __SIZE_TYPE__ directly.
Change-Id: I63b5e17bee4f4ab83d49e492e58efd3bafe76807
Signed-off-by: Marcus Shawcroft <marcus.shawcroft@arm.com>
tests: fs: Fix printf warning when using newlib
Current code uses %ld format specifier to print data of
type ssize_t. This causes type warnings when built with
newlib. The correct format specifier to be used for
ssize_t is %zd.
Change-Id: I02a3c628e3d6e8a36a09cd694220406d8faf1730
Signed-off-by: Ramesh Thomas <ramesh.thomas@intel.com>
Replace the existing Apache 2.0 boilerplate header with an SPDX tag
throughout the zephyr code tree. This patch was generated via a
script run over the master branch.
Also updated doc/porting/application.rst that had a dependency on
line numbers in a literal include.
Manually updated subsys/logging/sys_log.c that had a malformed
header in the original file. Also cleanup several cases that already
had a SPDX tag and we either got a duplicate or missed updating.
Jira: ZEP-1457
Change-Id: I6131a1d4ee0e58f5b938300c2d2fc77d2e69572c
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
added USED_RAM_SIZE and MAX_HEAP_SIZE definitions for
SOC_RISCV32_QEMU and SOC_RISCV32_PULPINO.
Otherwise, not passing sanitycheck
Change-Id: Ia32b12e1694dc472e9f7f9eb10c5f2e12e928c3a
Signed-off-by: Jean-Paul Etienne <fractalclone@gmail.com>
When retrieving the payload length of the payload, there was a mistake,
what was already in the buffer (buf->len) was being considered twice,
net_buf_tailroom() already takes buf->len into account, resulting in
incorrect values.
Change-Id: I3b78d55abca4a448cab5e035b9d66352a3c59110
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
This patch introduces a k_sem that will block until:
- data is received, or
- the user-provided timeout expires
This change allows us to simplify our previous DNS client
implementation.
This change is related to ZEP-1357 because we are refactoring the
DNS client API removing the continuous update of the net_context_recv
routine that seems to be causing issues after the kernel's update.
Jira: ZEP-1357
Change-Id: If01c9274ac8f096f0095a2872f86be2e007212ee
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
This commit updates some DNS client private routines to simplify
function signatures and reduce stack usage. Updated routines now
use the dns_context structure.
Change-Id: Ic0d347ea9d610e85eed4179aee08955cf2302436
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
This commit introduces the dns_context structure.
This new structure will reduce stack overhead due to
the simplication of the dns_resolve routine signature.
Furthermore, the timeout parameter is now int32_t
instead of uint32_t.
The dns sample application is also updated.
Change-Id: I5d789656bacbd23c4654edce5d116a88dc42c354
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
Moved all libc Kconfigs to where the code is and remove the default
Kconfig for selecting the minimal libc. Minimal libc is now the default
if nothing else is configured in.
Removed the options for extended libc, this obviously was restricting
features in the minimal libc without a good reason, most of the
functions are available directly when using newlib, so there is no
reason why we need to restrict those in minimal libc.
Jira: ZEP-1440
Change-Id: If0a3adf4314e2ebdf0e139dee3eb4f47ce07aa89
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
In order to keep the initialization process light-weight, remove
net_buf_pool_init() and instead perform the initialization of the pool
and buffers in a "lazy" manner. This means storing more information
in the pool, and removing any 'const' members from net_buf. Since
there are no more const members in net_buf the buffer array can be
declared with __noinit, which further reduces initialization overhead.
Change-Id: Ia126af101c2727c130651b697dcba99d159a1c76
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
If receiving a malformed MQTT packet with less than 5 bytes it's
possible to get a read one byte behind buf.
Change-Id: I34425add57c937c8fd9df5bf7b72af092d6f5f32
Signed-off-by: Stig Bjørlykke <stig@bjorlykke.org>
Until now it has been necessary to separately define a k_fifo and
an array of buffers when creating net_buf pools. This has been a bit
of an inconvenience as well as blurred the line of what exactly
constitutes the "pool".
This patch removes the NET_BUF_POOL() macro and replaces it with a
NET_BUF_POOL_DEFINE() macro that internally expands into the buffer
array and new net_buf_pool struct with a given name:
NET_BUF_POOL_DEFINE(pool_name, ...);
Having a dedicated context struct for the pool has the added benefit
that we can start moving there net_buf members that have the same
value for all buffers from the same pool. The first such member that
gets moved is the destroy callback, thus shrinking net_buf by four
bytes. Another potential candidate is the user_data_size, however
right not that's left out since it would just leave 2 bytes of padding
in net_buf (i.e. not influence its size). Another common value is
buf->size, however that one is also used by net_buf_simple and can
therefore not be moved.
This patch also splits getting buffers from a FIFO and allocating a
new buffer from a pool into two separate APIs: net_buf_get and
net_buf_alloc, thus simplifying the APIs and their usage. There is no
separate 'reserve_head' parameter anymore when allocating, rather the
user is expected to call net_buf_reserve() afterwards if something
else than 0 headroom is desired.
Change-Id: Id91b1e5c2be2deb1274dde47f5edebfe29af383a
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit adds HTTP message handling support for Zephyr.
So, no network routines are involved at this level.
To add HTTP message handling support for Zephyr, we explored the
following options:
1. Importing an external project and perhaps adapting it to fit our
requirements.
The criteria to pick one codebase among all the available projects
are: licensing, correctness and performance.
2. Writing our own implementation from scratch.
We decided to import an external project instead of implementing our
own parser, mainly due to code maturity and correctness. It could take
more time to obtain a production-ready parser from scratch than adapting
a state-of-art library.
The following is a list of some projects offering similar functionality.
lighttpd (many files)
* License: revised BSD license
* Supported: active
* Comments: this parser can't be integrated to Zephyr due to
dependencies that currently are not satisficed by our SDK.
nginx (src/http/ngx_http_parse.c)
* License: 2-clause BSD-like
* Supported: very active
* Comments: this parser can't be integrated to Zephyr due to
dependencies that currently are not satisficed by our SDK.
wget (src/http-parse.c)
* License: GPL 3.0
* Supported: very active
* Comments: this code can't be included in Zephyr due to
licensing issues
curl (lib/http.c)
* License: MIT/X derivate, see:
https://curl.haxx.se/docs/copyright.html
* Supported: very active
* Comment: it must be forked and adapted to run in Zephyr.
It is not optimized for low-power devices.
nodejs http-parser (http_parser.c)
* License: nginx license (2-clause BSD-like) and MIT license
* Supported: very active
* Comments: optimized with performance in mind.
From https://github.com/nodejs/http-parser: "It does
not make any syscalls nor allocations, it does not buffer data,
it can be interrupted at anytime. It only requires about 40
bytes of data per message stream."
So, nodejs/http-parser looks a very good choice for Zephyr. In this
commit, we integrate nodejs' parser to Zephyr.
Origin: https://github.com/nodejs/http-parser/releases/tag/v2.7.1https://github.com/nodejs/http-parser/archive/v2.7.1.tar.gz
NOTE:
This patch reformats the http_parser files to reduce checkpatch
warnings. Changes made in this refactoring are available at:
Repo: https://gitlab.com/santes/http_parser/commits/refactoring1
Commit: 9ccfaa23f1c8438855211fa902ec8e7236b702b1
Jira: ZEP-346
Jira: ZEP-776
Change-Id: I29b1d47f323a5841cd4d0a2afbc2cc83a0f576f0
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
To avoid the risk of overflowing when dealing with retransmission
timeouts, increase the size of their representation to 32-bits.
Change-Id: I7c9c1e00c41f5ba75e19b0fd4527f273852eb85f
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
This commit adds the MQTT high-level API with Quality-of-Service
support. The following MQTT messages are covered by this commit:
CONNECT (tx), DISCONNECT (tx), PUBACK (tx, rx), PUBCOMP (tx, rx),
PUBREC (tx, rx), PUBREL (tx, rx), PUBLISH (tx), PINGREQ (tx),
SUBSCRIBE (tx), UNSUBSCRIBE (tx), CONNACK (rx), PINGRESP (rx),
SUBACK (rx) and UNSUBACK (rx).
Where 'tx' stands for transmission: routines that create and send
messages. 'rx' stands for reception: routines that receive an RX
buffer from the IP stack and parse the MQTT mesage contained in
that buffer.
Jira: ZEP-365
Jira: ZEP-591
Jira: ZEP-856
Change-Id: Ibee701a298127eb713aa3fde5aaf7d089ecd1b9d
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
These cflags were only needed when using the old network stack.
Change-Id: I660e397b2648137450c45d4f2edc8ec6ec7ae774
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
RFC6690[1] defines a lightweight format for listing and querying
resources and their relationships.
The RFC defines an '.well-known/core' resource that will list the
resources and their associated metadata. It also allows resources to
filtered by their attributes.
The implementation uses the fact that resources are organized in an
array: only the resources present in the array after the
"ZOAP_WELL_KNOWN_CORE_RESOURCE" will be considered, this allows a
primitive form of visibility control for the attributes.
[1] https://tools.ietf.org/html/rfc6690
Change-Id: I2bc21ddf45f20e1f749d8ac36d247474fdaa9d64
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Add an alternative to zoap_packet_get_payload(), that instead of
returning a byte array, returns the net_buf (with the COAP_MARKER
added, if needed) associated with the packet, positioned so the
application can add more data.
Change-Id: I7c955ef42f5ef8406d77da994d1673e6a69b0b6b
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
This commit adds support for the MQTT protocol v3.1.1.
Specifically, this commit allows a Zephyr application to create
the following MQTT messages:
CONNACK, CONNECT, PUBLISH, PUBACK, PUBREC, PUBREL, PUBCOMP, UNSUBACK,
SUBSCRIBE, SUBACK, UNSUBSCRIBE, PINGREQ, PINGRESP, and DISCONNECT.
Furthermore, the following messages can be parsed by the routines
provided by this commit:
CONNACK, CONNECT, PUBLISH, PUBACK, PUBREC, PUBREL, PUBCOMP, UNSUBACK,
SUBSCRIBE, SUBACK, PINGREQ, PINGRESP and DISCONNECT.
NOTE: client behavior (routines with network access) and QoS will be
integrated in future patches.
The MQTT v3.1.1 specification can be found at:
http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html
Origin: Original
Jira: ZEP-365
Jira: ZEP-591
Jira: ZEP-856
Change-Id: Ie0c179370cea22f7554564692bc426a8d5c419d2
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
Current net_nbuf_write() api just appends data to last fragment. And
doesn't write data based on offset. That's why renaming this api.
New net_nbuf_write() apis based on offset will be coming soon.
Change-Id: Ie8e13e5f6091a279b62b6d8b0b3928a5187e75b0
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
This commit adds the '+' operator that keeps symmetry with the line
below.
Change-Id: Icb2a5f22b5202597e3e0cc252436b422ce7b44a2
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
Most applications will want to use randomly generated tokens, add a
helper for that.
Change-Id: If2a6b1d96596024afd2d2ce8e3632900adfe9c0f
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
This ports zoap to the native stack.
Just for reference, and totally not scientific, here are the numbers
using the old stack:
$ size outdir/qemu_x86/zephyr.elf
text data bss dec hex filename
34657 10316 16916 61889 f1c1 outdir/qemu_x86/zephyr.elf
With yaip:
$ size outdir/qemu_x86/zephyr.elf
text data bss dec hex filename
30575 9148 6164 45887 b33f outdir/qemu_x86/zephyr.elf
Jira: ZEP-818
Change-Id: I7992a3e2af7d419081ee5a64d7cc2d49fb628ead
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
The "Unsupported Content-Format" error was missing from the list of
supported errors.
Change-Id: I208d79f8949838187b877eaa0a53597d8a5bc6cb
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
This commit adds support the DNS client API on top of the new
native IP stack. Some features of this implementation are:
- Support for IPv4 and IPv6
- Support for multiple concurrent queries. A net_buf structure is
required per context. See the DNS_RESOLVER_ADDITIONAL_BUF_CTR
configuration variable
Origin: Original
Jira: ZEP-793
Jira: ZEP-855
Jira: ZEP-975
Change-Id: I351a636462a1b78a412c9bce1ef3cd0fa6223a52
Signed-off-by: Flavio Santes <flavio.santes@intel.com>
snprintf() implements the ability to foce a negative value through the
(unsigned) size_t len parameter to allow the formatter to use a
maximum size string.
This is point less, we don't have as much memory and this is a recipe
for all kinds of vulnerabilities.
Kill the whole thing, the testcase it represents and thank Coverity
for finding this thing. Whatever use it had before, it has no more.
Change-Id: If422246548664699d8aa328a1b9304ef13cab7ea
Coverity-ID: 131625
Coverity-ID: 131626
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
Coverity reported a block of deadcode in _prf() that seems to be a
leftover carcass from a previous time. Replaced with a comment in case
someone decides it was needed back.
Change-Id: Id97e84f3279f807e6188371f27f6af157e6d5038
Coverity-ID: 131631
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
When an option code or length representation is encoded in a 16-bit
value, the access was wrong.
Coverity-CID: 151963
Change-Id: Ie7741998cbde348ccf490a6686e68a1ace99920e
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
This is a tentative fix for CID 93807, a valid Coverity warning;
however the code is valid too.
We can choose to silence the warning or rewrite the code in a way that
makes it more verbose but keeps Coverity happy.
Coverity complains about doing an implicit fallthrough in switch case
statement. I prefer patching the code to make it explicit, as the
compiler will optimize out, to avoid having to constantly filter out
the checker's warnings.
Coverity-CID: 93807
Change-Id: I7be334d48567bf52fc2b21de043310e0f73b72db
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
If newlib is configured with --enable-newlib-nano-formatted-io,
floating-point support is split out of the formatted I/O code into
weak functions which are not linked by default. This leads to a smaller
code by about 16~20k when using newlib "printf" and/or "sscanf" but not
using floating point I/O.
Programs that need floating-point I/O support must explicitly request
linking of one or both of the floating-point functions:
_printf_float or _scanf_float.
This can be done at link time using the -u option which can be passed
to either gcc or ld.
Implemented via new configuration options:
CONFIG_NEWLIB_LIBC_FLOAT_PRINTF
CONFIG_NEWLIB_LIBC_FLOAT_SCANF
Change-Id: I57f9d9f02e6d21d6011d14de7153b1d3ba6f6e32
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
This will add basic support for sending bodies of data that exceed the
size of a single UDP packet.
Block-wise transfers are defined in the recently adopted RFC 7959[1].
The RFC defines four options, two negotiating the block transfer, and
two for informing the size of the transfer. Depending whether the packet
is a request or a response, each option is defined as
"control" (informative) or descriptive (describes what's in the
payload).
Change-Id: Ic71275558c4afed0298d20e8712f76d53904f89f
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
strncmp() expects pointers of type 'char *', we could cast option.value
to 'char *', but we can use memcmp() instead, which has the benefit of
being simpler.
Change-Id: I8c4ee4401712f3617c134d8e5b6d84e8f5cc4e1d
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
EWOULDBLOCK is an old error code from BSD. Not much uses it, and on basically
all modern systems it's defined to the same value as EAGAIN, which is the
System V value for the same condition.
Jira: ZEP-982
Change-Id: I5435ce55fa47f5bd2fac5d881b5b195b025f48a2
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
A good number of option values represent numbers, so add these helpers
so applications can avoid repeating this.
Change-Id: Ied2a844c51808dcafe751a77492d00f2063de7d6
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
uIP keeps the port separated from the IP addresses, so if the
application wants to communicate with a remote endpoint we must also
have the port information available.
Change-Id: I8e2b01fe5717166e1f9cebcc74b2056325b8ccc3
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
This adds support for observing resources, for client and server side.
For the server side we augment the resource struct so it can hold
information about each interested observer.
For client side, observing a resource abstracted as an reply that
can be called multiple times.
Change-Id: If3f0b41e302cff357ab891e6e91ec2d41579fb92
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
As there is only one response token, we can do this only once at the
beginning of the function, instead of every iteration.
Change-Id: Ibb324a1189929227bd1eb9837c5d330ff8c8dac2
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
There were a few lines where the alignment was wrong.
Change-Id: I474976c218ac28564dfe9dcda0e0687ed110834e
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
According to commit b71a8a4591 and Jira: ZEP-733
(libc: remove stddef.h which is provided by the compiler),
the stddef.h in zephyr code is removed and it's provided
by the compiler. The original stddef.h includes two head
files, null.h and size_t.h, which are also useless now.
So remove these two deprecated files, in case conflicting
definition.
Change-Id: Ie7163fdbd23c32759425b50f3deff2a57cc051a9
Signed-off-by: Qiu Peiyang <peiyangx.qiu@intel.com>
This is a CoAP implementation tailored for Zephyr's requirements, it
tries to use memory predictably by exposing its control structures to
the user (so the user only pays for the features that are used) and
having a lightweight packet representation (the trade-off is that
adding options is not as efficient as it could be, if there were more
information available).
Change-Id: I6f74146c4626a0c554f50b42f163a076e82805ba
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Remove the function wrappers around the 64 bit math and just use C
syntax natively, combining ops where appropriate (e.g. there was a
sequence implementing "(x<<2+x)<<2" to do "multiply by 10"). The
_ldiv5 and _rlrshift routines are non-standard ops that provide useful
abstraction, so they remain as separate functions.
Change-Id: I4d83847348fdd7be09887b833c8ccbd2aa1e4182
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The _to_float() implementation had a somewhat kludgey hand-written 64
bit math implementation, which is unhelpful on Zephyr as all our
toolchains provide a working uint64_t runtime. This is at best just
dupicated code from libgcc, and at worst less efficient.
This patch replaces the existing 64 bit minilibrary but keeps the
uint32_t[2] API as is for ease of validation and review.
One exception is _ldiv5, a specialized divide-by-five implementation.
The 64 bit division routines are large on some architectures (ARM and
ARC in particular), not pulled in by a default Zephyr build, and will
swamp the benefit from this patch. So this includes a
refactored/improved _ldiv5 which leverages libgcc for multiword shifts
instead of just using raw division.
Note also the "noinline" attribute on _ladd(). This is a workaround
for an apparent compiler bug when built with -Og or -Os (hand-hacking
the Makefiles to build with -O0 works), perhaps due to my aliasing the
int array with a long long. This will go away in phase 2.
Change-Id: I63e8c82dabe2bfaa75b63ddb59e5f11d51be538e
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The _to_float routine was apparently written to be able to take a 32
bit float bit representationa as well as a 64 bit double. But in a
printf routine, that can never happen per the C standard (where floats
are always promoted to doubles in varargs context).
This was just hard-configured to 1 at the top of the file, and nothing
else in the project sets "DOUBLE" to try to change it. Just remove
it. If we ever want code to convert a float to a double in memory so
we can use this routine, we have it in libgcc. Or even in hardware on
the FPU where available.
Change-Id: I796814c0fce3ce96faa34fde8da411a28c826699
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Hex, octal and decimal all had separately implemented reduction loops
to generate strings. With only a little work these can all be unified
to a single implementation that works with an arbitrary base.
Performance is probably a little lower owing to the fact that
hex/octal now requires a division per character, and the extra
"reverse the string" trick at the end of the conversion. But code
size savings are substantial.
Change-Id: I11ff376aeca1483f974d328271e19918221b2a41
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The 'z' length specifier is the appropriate one to be used with size_t
(%zu) and ssize_t (%zd) types. Having support for this in our libc
means that we can utilize the compiler format string checks
(__printf_like) without getting warnings of incorrect format
specifiers for size_t and ssize_t variables.
Change-Id: I73fec0145692e0a59934cab548caf24c1c16a3df
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This implements a subset of the standard inttypes.h, based on what
other functionality exists in minimal libc.
Change-Id: Ib5685a6da13768ee46acbfca734d145f7018b9e0
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The default offsetof() implementation generates a warning
(variably modified <variable> at file scope) when used in
to define the size of an array. By using this builtin with
GCC we avoid the warning and make sure no variable-size
arrays are used.
Change-Id: Iae215f777241f7daaa061067230086dffaa8311d
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This is an adaptation of
net/ip/tinydtls/platform-specific/config-zephyr.h to allow external
imports such as KSDK to include assert.h.
Change-Id: I0afee37deb79447363037ba6b4bb9cdbc629be3a
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
The strstr function finds the first occurrence of a substring
in another string, null terminated strings are not compared, this
function is added for compability for porting other libraries (like
mbedtls)
Jira: ZEP-327
Origin: http://www.leidinger.net/freebsd/dox/libkern/html/d3/d29/
strstr_8c_source.html
Change-Id: I52aac218ce0bd86373ec60f5afc49a92c85f6319
Signed-off-by: Sergio Rodriguez <sergio.sf.rodriguez@intel.com>
We get these out of system.h instead. A clause in libc-hooks.c
for newlib added since we don't get RAM size from
CONFIG_SRAM_BASE_ADDRESS.
Change-Id: Ic35113395b951f625e8e29658afe19c525037964
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some variants of newlib build and expect namespace protected stubs
(typically having an underscore prefix). To support such newlib variants
change all the stubs to the namespace protect version and use function
aliases to support the nonprotected namespace version.
Change-Id: I6a4162eca949afec96b152ffe6f60b87c4496c4d
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
We only need to implement fstat(), so drop the _fstat implementation and
have fstat() match the newlib docs for minimal implementation and only
set st_mode = S_IFCHR.
Change-Id: Iba9042707d1ee5975ab98293cfe20e2996b17c05
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Tinycrypt is maintained at github and thus should be treated as an
external library and hosted under ext/.
Change-Id: I4c4a3bcdacf01d4922919e5ea1f9dec21a19cd37
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
ecc_make_key declaration has random size of NUM_ECC_DIGITS * 2 but
definition has (and use) only NUM_ECC_DIGITS.
Change-Id: I18f0d7992b21a2ed7ed99851b1b795cff0a08a10
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
For CMSIS we now have HAS_CMSIS which needs to be added to the
SoC definition.
Instead of changing the main Makefile we now include a sub-Makefile
with all related header and library paths that are hosted in
ext/
Move redifintion of LIB_INCLUDE_DIR later to get variables defined
in Makefile.toolchain.*
Change-Id: I9f90f90247c2a66b4565427b89d4e1d4dd5c9622
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Convert leading whitespace into tabs in Kconfig files. Also replaced
double spaces between config and <prompt>.
Change-Id: I341c718ecf4143529b477c239bbde88e18f37062
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Cleanup main Makefile and remove all library related code to
lib/ to better support the increasing number of libraries and
to keep the main Makefile clean from library dependencies.
Jira: ZEP-308
Change-Id: Id83cf309020604b8eab8d80cad0021905d5b5f7a
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
tinycrypt was built using the lib- scripts without any real benefit. We
also had a wrong placement of the Kconfig files under misc/ and a Kconfig
file for Crypto that was never used before.
Change-Id: I82d5902d92e7c06e10a95f418d9ead3cbcabcce4
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Although it's unclear why x86 has a different naming convention,
this scales better.
Change-Id: I939b9d4d04b1833391304700a7c12c9c8607192f
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The RAM config symbols need to be updated as they were named by the
commit:
1a1f7fd arc: make SRAM/DCCM values configurable
Change-Id: Ieeb06de2f77b4c9e10a0bc32d8318834ce150f5e
Signed-off-by: Bogdan Davidoaia <bogdan.m.davidoaia@intel.com>
Basic build framework for Nios2. Everything is stubbed out,
we just want to have a build going so that we can start to
parallelize implementation tasks.
This patch is not intended to be functional, but should be
able to produce a binary for all the nanokernel-based
sanity checks.
Change-Id: I12dd8ca4a2273f7662bee46175822c9bbd99202a
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When capping the the absolute value of the width modifier in printf(),
it must first be cast to an 'unsigned'. This stems from the fact that
in two's complement, not all negative numbers have a positive counterpart.
Change-Id: I3e6f92f68ab1b8dab48bbf883c5ad4b078a93f87
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Add definition for the POSIX standard off_t type.
Change-Id: I1142428a3d226d641a8628cbba71cb3ea341ef92
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
There's no need to have a separate file for this, and we'll be adding
other types like off_t here soon as well.
Change-Id: I40629a5a0fba7af44828eaeead294e4e55844bb0
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Some parts of Newlib, notably the locale handling stuff, will try to
call open(), and if it's not provided, any application that for some
reason is bringing in that code will fail to link.
Having a non-working implementation keeps that code working.
Change-Id: I28345dabb93431d6b80c839b23a46b7f99dc8734
Signed-off-by: Iván Briano <ivan.briano@intel.com>
Use linker symbol and board configs to determine the start
and extent of remaining RAM present in a board and use
it as newlib's heap.
Change-Id: I7128cf2857664331d83f212f27e8af7ad3bb8936
Signed-off-by: Jithu Joseph <jithu.joseph@intel.com>
While we don't have a proper heap that can make use of all the
available RAM, make it possible for applications using Newlib to
configure the size of the heap exposed via the sbrk() hook.
Change-Id: I4e3193c1f2df0ace1dbc5b1f6ceb2cdc61479762
Signed-off-by: Iván Briano <ivan.briano@intel.com>
Add definition for ssize_t that may be useful to represent sizes with
variables that also need to be able to have negative values (e.g. to
represent errors).
Change-Id: I52ec69591ccfd760021dad38f5ba1b1ebe707ea5
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Summary lines follow the @brief tag instead of the @file tag.
This prevents doxygen build warnings such as ...
The name xxx supplied as the second argument in the \file
statement is not an input file
Change-Id: I1014586ad21be12e14aa1d2a942e6b8a11211795
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Common ecc.c code was not compiled resulting in following link error:
crypto/tinycrypt/lib.a(ecc_dh.o): In function `ecc_make_key':
crypto/tinycrypt/source/ecc_dh.c:50: undefined reference to `vli_set'
crypto/tinycrypt/source/ecc_dh.c:51: undefined reference to `curve_n'
crypto/tinycrypt/source/ecc_dh.c:51: undefined reference to `vli_sub'
crypto/tinycrypt/source/ecc_dh.c:54: undefined reference to `curve_n'
crypto/tinycrypt/source/ecc_dh.c:54: undefined reference to `vli_cmp'
crypto/tinycrypt/source/ecc_dh.c:53: undefined reference to `vli_cond_set'
crypto/tinycrypt/source/ecc_dh.c:56: undefined reference to `vli_isZero'
crypto/tinycrypt/source/ecc_dh.c:62: undefined reference to `curve_G'
...
Change-Id: Ib590fd7330753c0ae8ef54159b0f2b7461b5b38e
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
The libc 'ctype.h' header file is not supposed to be automatically
included when including 'stdlib.h'.
Change-Id: I821a9946894572a7b82804b1569b7b18c24316db
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Adding in a README file for the external library of TinyCrypt providing
details for origin, commit id, and where to find the original.
Source: Original to Zephyr Project
Change-Id: Ibc7ec33f7f459e8df88978b5b4505e67a2141998
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Updates the minimal libc headers for differences between the C and C++
languages. This includes ...
1. Conditionally defining "bool", "true" and "false" as they are
already keywords in C++.
2. Making the definition of NULL language dependent.
3. Using the _Restrict macro instead of the restrict keyword as
restrict exists in C, but not in C++.
4. Changing the definition of size_t so that it is compatible with
what the compiler expects when building the new operator stubs
(as it varies by architecture).
Change-Id: I37ff058a60b90a05f96e9dd6f61d454d143041ce
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Consolidates the definitions of size_t in the minimal libc library.
This prevents code duplication.
Change-Id: I996990ad9093ebec1f9ba0045d14319e1a243e70
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Consolidates definitions of NULL in the minimal libc library.
This prevents code duplication.
Change-Id: Ia4a2bde1329d66e7c83afeab806a39b22704ab48
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
Adds extern "C" { } blocks to header files so that they can be
safely used by C++ source files.
Change-Id: Ia4db0c36a5dac5d3de351184a297d2af0df64532
Signed-off-by: Peter Mitsis <peter.mitsis@windriver.com>
This patch renames the 'exit' function from newlib/libc-hooks.c to
'_exit' since this is the correct name of the newlib system call.
This patch fixes some linking errors that occur when an applications
uses abort() or assert().
Change-Id: I593e5ec5dc0f84dbbebe4aceb38703256e140914
Signed-off-by: Andre Guedes <andre.guedes@intel.com>
Add a simple implementation of isprint() which is used to test for a
printable character.
Change-Id: I0ebca10ec0f8e43ee245f6508c5b82c6e207bd32
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Provides proper access to the per-thread errno variable, by using the
_get_errno() call.
Users can now do:
errno = EINVAL;
printk("errno: %d\n", errno);
Change-Id: I0ef365199656d002623b39b7f45f14f561501375
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
The previous implementation mistakenly kept outputting the first
character of the string endlessly.
Change-Id: I299c627a52158218be8e88c952935edb87a636fe
Suggested-by: Tom Yeon <tom.yeon@windriver.com>
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Change-Id: I34a54230bc4a63c8a4391d03ff530835910c3705
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Change-Id: Ib3f69be9f9273e57952a3ebceebc82d84c607c64
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Change-Id: I6da43e41f9c6efee577b70513ec368ae3cce0144
Signed-off-by: Dan Kalowsky <daniel.kalowsky@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>