The new API cannot be used from userspace because it is not merely a
wrapper around existing userspace-capable objects (threads and
queues), but instead requires much more complex and lower-level access
to memory that can't be touched from userspace. The vast majority of
work queue users are operating from privileged mode, so there's little
motivation to go through the pain and complexity of converting all
functions to system calls.
Copy the necessary pieces of the existing userspace work queue API out
and expose them with new names and types:
* k_work_handler_t becomes k_work_user_handler_t
* k_work becomes k_work_user
* k_work_q becomes k_work_user_q
etc. Because the replacement API cannot use the same types new API
names are also introduced to make it more clear that the userspace
work queue API is a separate functionality.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Attempts to reimplement the existing work API using a new work
implementation failed, primarily due to heavy use of whitebox testing
in validating the original API. Add a temporary Kconfig that will
select between the two implementations so we can use the same
identifiers but select which implementation they reference.
This commit just adds the selection infrastructure and uses it to
conditionalize the existing implementation in anticipation of the new
one in the next commit.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This introduces the support for CRC32C (Castagnoli) algorithm.
The generator polynomial used is 0x1EDC6F41UL.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
This makes cbprintf_nano.c much closer to the standard printf and
therefore more useful. The following are now implemented:
- right justification for everything (only for numbers previously)
- precision value for numbers, chars and strings
- width/precision passed as arguments with *
- "unlimited" padding length
- lower/uppercase hex output
- the #, + and ' ' flags are supported
And the code was heavily reworked to reduce its size as much as
possible to mitigate the size growth. Still, the binary resulting
from cbprintf_nano.c is now between 10% and 20% bigger depending on
the architecture. This is still far smaller than cbprintf_complete.c
which remains about twice as big on average even without FP support.
Many unit tests that were skipped with CONFIG_CBPRINTF_NANO are now
enabled, and a few more were added for good measure.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This reverts commit b6b6d39bb6.
With both commit 4690b8d5ec ("libc/minimal: fix malloc() allocated
memory alignment") and commit c822e0abbd ("libc/minimal: fix
realloc() allocated memory alignment") in place, there is no longer
a need for enforcing the big heap mode on every allocations.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Work items can be legally resubmitted from within their own handler.
Currently the p4wq detects this case by checking their thread field to
see if it's been set to NULL. But that's a race, because if the item
was NOT resubmitted then it no longer belongs to the queue and may
have been freed or reused or otherwise clobbered legally by user code.
Instead, steal a single bit in the thread struct for this purpose.
This patch adds a K_CALLBACK_STATE bit in user_options and documents
it in such a way (as being intended for "callback manager" utilities)
that it can't be used recursively or otherwise collide.
Fixes#32052
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The sys_heap_realloc() code falls back to allocating new memory
and copying the existing data over when it cannot adjust the size
in place. However the size of the data to copy should be the old
size and not the new size if we're extending the allocation.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The definition for realloc() says that it should return a pointer
to the allocated memory which is suitably aligned for any built-in
type.
Turn sys_heap_realloc() into a sys_heap_aligned_realloc() and use it
with __alignof__(z_max_align_t) to implement realloc() with proper
memory alignment for any platform.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
An assignment from one multi-word union field to another was not safe
from corruption. Copy the value out to a local value before storing it
to the preferred union field.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This allows applications that may not use minimal libc avoid the cost
of a second printf-like formatting infrastructure by using printfcb()
instead of printf() for output. It also helps make sure that the
formatting support (e.g. floats) is consistent between user-directed
output and the logging infrastructure.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Calculate crc32 4 bits at a time. The return value of the calculation is
identical to the previous 1 bit at a time implementation.
Results in a speed up of a factor 3 at the cost of using 64 bytes of
flash for a crc table.
Calculating crc32 of 128kB of flash on a 120MHz Kinetis MKE16F512
Cortex-M4 takes 99ms using the 1 bit at a time implementation, and 30ms
using the 4 bits at a time implementation.
The crc32 routine is used by subsys/canbus/canopen/canopen_program.c to
calculate crc of flash images.
Signed-off-by: Klaus H. Sorensen <khso@vestas.com>
This option allows forcing big heap mode. Useful on for getting 8-byte
aligned blocks on 32-bit machines.
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
The strategy used in z_heap_aligned_alloc() was to allocate an extra
align-sized memory block for storing a pointer to the memory heap.
This is wasteful in terms of memory usage when alignment is larger
than a pointer width. A loop is needed to find the initial memory
start when freeing it which isn't optimal either.
Instead, let's have sys_heap_aligned_alloc() rewind a pointer after
it is aligned to make just enough room for storing our heap reference.
This way the heap reference is always located immediately before the
aligned memory and any unused memory is returned to the heap.
The rewind and alignment values may coincide in which case only
the alignment is necessary anyway.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Provide data structures to capture a timestamp in two different
clocks, monitor the drift between those clocks, and using a base
instant with estimated drift convert between the clocks.
This provides the core technology to convert between system uptime and
an external continuous time scale like TAI (UTC without applying leap
seconds).
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Let's do it upfront only once for each entry point and dispense
with overflow checks later to keep the code simple.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
First, the maximum heap size must fit in 31 bits worth of chunks
because the internal 32-bit field holding the size is shared with
the `used` bit.
Then the mention of a 256-byte block in the doc is no longer
relevant. That pertained to the previous allocator implementation.
And ditto for the HEAP_MEM_POOL_MIN_SIZE kconfig option.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This adds a somewhat special purpose IPC mechanism. It's intended for
applications which have a "work queue" like architecture of discrete
callback items, but which need the ability to schedule those items
independently in separate threads across multiple CPUs. So P4 Work
items:
1. Can run at any Zephyr scheduler priority and with any deadline
(this feature assumes EDF scheduling is enabled)
2. Can be submitted at any time and from any context, including being
resubmitted from within their own handler.
3. Will preempt any lower priority work as soon as they are runnable,
according to the standard rules of Zephyr priority scheduling.
4. Run from a pool of worker threads that can be allocated efficiently
(i.e. you need as many as the number of CPUs plus the number of
preempted in-progress items, but no more).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The l length modifier can apply to the c format specifier; in that
case the expected value is of type wint_t. Minimal libc doesn't
define wint_t, and it is complex to do so correctly (must add
<wchar.h>, and use a lot of conditional tricks).
wint_t can differ from wchar_t in rank when wchar_t undergoes default
integral promotion, which it does on xtensa (wchar_t is unsigned
short). So we can use wchar_t as an approximation, except in va_arg
where we need to use a wider type: int covers this case.
Note that we still don't format wide characters, but we do want to
consume the correct amount of data for a default-promoted extended
character.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Whether char is signed or unsigned is toolchain and target specific.
Rather than assume it's signed (which is true for x86, but not for
ARM), do the right thing based on whether the minimum representable
value is less than zero.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
It may not be clear that the length modifiers reference native C types
with specific ranks. Document the core type for each modifier.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This function was designed to support the logging infrastructure's
need to copy values from va_list structures. It did not meet that
need, since some values need to be changed based on additional data
that is only available when the complete format specification is
examined. Remove the function as unnecessary.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Providing a literal width or precision that exceeds the non-negative
range of int does not appear to be rejected by the standard, but it
does produce a build diagnostic so we can't test it. Switch to an
equivalent form that doesn't affect line coverage.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Just like commit 0ae04f01b6 ("lib/os/heap: make some checks more
assertive") we shouldn't validate the externally provided align
argument only when CONFIG_SYS_HEAP_VALIDATE is set.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
If the new size amounts to the same number of chunks then:
- If right-chunk is used then we needlessly allocate new memory and
copy data over.
- If right-chunk is free then we attempt to split it with a zero size
which corrupts the prev/next list.
Make sure this case is properly handled and add a test for it.
While at it, let's simplify the code somewhat as well.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
If a precision flag is included for s formatting that bounds the
maximum output length, so we need to use strnlen rather than strlen to
get the amount of data to emit. With that flag we can't expect there
to be a terminating NUL following the text to print.
Also fix handling of an empty precision, which should behave as if a
precision of zero was provided.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
While documenting the float conversion code, I found there was room
for some optimization. In doing so I added test cases to cover edge
cases e.g. making sure proper rounding is applied and that no loss
of precision was introduced. Compiled code should be smaller and
faster.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Add an optimized realloc() implementation that can successfully expand
allocations in place if there exists enough free memory after the
supplied block.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The biggest required padding is equal to `align - chunk_header_bytes`
and not `align - 1` given that the header already contributes to the
padding.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
LLVM building for qemu_x86 appears to have an optimization bug where a
union that is assigned to hold values read from va_args() is inferred
to be a constant value, so is placed in ROM with an all-zero content.
Prevent this by packing the conversion state and the value union into
a single container structure that's stack allocated.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Although flags with pointers are not defined behavior, there is a
desire to have them work, so add a test and fix the complete
implementation so it passes.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Simplify the code to increase readability, and fix right-padding
for %p.
Also, the compiled code is smaller with those changes applied.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This fixes an issue where the %p specifier always generated "(nil)"
on SPARC. The failing test cases were:
tests/lib/sprintf/libraries.libc.sprintf
tests/kernel/common/kernel.common.misra
tests/kernel/common/kernel.common.tls
tests/kernel/common/kernel.common
The exact logic behind the issue has not been fully analyzed, but
it can be observed that this commit eliminates one occurrence of
undefined behavior. (Only allowed to read the last union field written.)
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
Using the same implementation as the rest of Zephyr reduces code size.
Update options and expected results for formatting test.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This commit adds a C99 stdio value formatter capability where
generated text is emitted through a callback. This allows generation
of arbitrarily long output without a buffer, functionality that is
core to printk, logging, and other system and application needs.
The formatter supports most C99 specifications, excluding:
* %Lf long double conversion
* wide character output
Kconfig options allow disabling features like floating-point
conversion if they are not necessary. By default most conversions are
enabled.
The original z_vprintk() implementation is adapted to meet the
interface requirements of cbvprintf, and made available as an opt-in
feature for space-constrained applications that do not need full
formatting support.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This reverts commit e812ee6c21.
This is the initial step towards replacing the core Zephyr formatting
infrastructure with a common functionally-complete solution.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Previously, ring buffer had capacity of provided buffer size - 1. This
trick was used to distinguish between empty and full states. It had one
drawback: ring buffer could not be used as a pool of equal sized buffers
(using ring_buf_put_claim and ring_buf_get_claim).
Reworked internals to use non wrapping head and tail. Since they are
non wrapping, there is no issue with distinguishing between empty and
full. Since this appraoch would be vulnerable to wrapping on 32 bit
boundary, added a mechanism which periodically reduces all indexes to
avoid 32 bit wrapping.
After this rework, buffer has one byte more capacity. Simple test shows
slight performance improvement.
Updated tests to reflect increased capacity and added test to check if
it is possible to continuesly allocated 2 buffers of half ring buffer
size.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The compiler doesn't need help here.
For example, gcc creates this on Aarch64:
_ldiv5:
ldr x1, [x0]
mov x2, -3689348814741910324
movk x2, 0xcccd, lsl 0
add x1, x1, 2
umulh x1, x1, x2
lsr x1, x1, 2
str x1, [x0]
ret
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The code that made aligned_alloc work with the 4-byte heap headers was
requesting a block of the correctly padded size, and correctly
aligning the output buffer within that memory, but it was using the
UNALIGNED chunk size for the buffer as the final size of the block
with splitting off the unused suffix. So the final chunk in the
buffer was could be incorrectly returned to the heap and reused,
leading to overlap.
Compute the chunk size of the output buffer based on the
already-aligned output pointer instead.
Initial investigation and fix from Andy Ross <andrew.j.ross@intel.com>.
I reworked his fix, created a test case, and stolen his commit log.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Replace all calls to the assert macro that comes from libc by calls to
__ASSERT_NO_MSG(). This is usefull as the former might be different
depending on the libc used and the later can be customized to reduce
flash footprint.
Signed-off-by: Xavier Chapron <xavier.chapron@stimio.fr>
Both operands of an operator in the arithmetic conversions
performed shall have the same essential type category.
Changes are related to converting the integer constants to the
unsigned integer constants
Signed-off-by: Aastha Grover <aastha.grover@intel.com>
Multiple calls of z_free_fd against fd with refcount equal 0 are causing
descriptor table entry leak by decrementing refcount below 0.
This patch prevents decrementing refcount below zero.
Signed-off-by: Grzegorz Kostka <grzegorz@mobility.cloud>
The vararg extraction for unmodified integers always used int, which
sign extends when assigned to the printk_val_t. Avoid the sign
extension for unsigned values.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Character class functions from ctype.h may be implemented as macros
where the argument is used to index an array of class flags. Using a
char value as an index produces diagnostics in some toolchains.
Explicitly cast the parameter to the type required by the API.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
shell_fprintf requires that formatted output be emitted with a
putchar()-like output function. Newlib does not provide such a
capability. Zephyr provides two solutions: z_prf() which is part of
minimal libc and handles floating point formatting, and z_vprintk()
which is core and does not support floating point.
Move z_prf() out of minimal libc into the core lib area, and use it
unconditionally in the shell.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
