Added validation of alignment to cbprintf_package. Error is returned if
input buffer is not aligned to the largest argument.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
In applications like logging the call site where arguments to
formatting are available may not be suitable for performing the
formatting, e.g. when the output operation can sleep. Add API that
supports capturing data that may be transient into a buffer that can
be saved, and API that then produces the output later using the
packaged arguments.
[ Documentation and commit log from Peter Bigot. ]
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Any value passed to a function in <ctype.h> shall be
representable as an unsigned char or be the value EOF.
So changed type of variable to unsigned char.
Signed-off-by: Spoorthy Priya Yerabolu <spoorthy.priya.yerabolu@intel.com>
Now that the old API has been reimplemented with the new API remove
the old implementation and its tests.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The new API cannot be used from userspace because it is not merely a
wrapper around existing userspace-capable objects (threads and
queues), but instead requires much more complex and lower-level access
to memory that can't be touched from userspace. The vast majority of
work queue users are operating from privileged mode, so there's little
motivation to go through the pain and complexity of converting all
functions to system calls.
Copy the necessary pieces of the existing userspace work queue API out
and expose them with new names and types:
* k_work_handler_t becomes k_work_user_handler_t
* k_work becomes k_work_user
* k_work_q becomes k_work_user_q
etc. Because the replacement API cannot use the same types new API
names are also introduced to make it more clear that the userspace
work queue API is a separate functionality.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Attempts to reimplement the existing work API using a new work
implementation failed, primarily due to heavy use of whitebox testing
in validating the original API. Add a temporary Kconfig that will
select between the two implementations so we can use the same
identifiers but select which implementation they reference.
This commit just adds the selection infrastructure and uses it to
conditionalize the existing implementation in anticipation of the new
one in the next commit.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Several internal APIs wrote thread attributes (return value, mainly)
_after_ calling `z_ready_thread`. This is unsafe, at least in SMP,
because another core could have already picked up and run the thread.
Fixes#32800.
Signed-off-by: James Harris <james.harris@intel.com>
This introduces the support for CRC32C (Castagnoli) algorithm.
The generator polynomial used is 0x1EDC6F41UL.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
This library is going to be used by the shell module. Some shell users
are not satisfied with subcommands alone and need to use the options
for commands as well.
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordicsemi.no>
We expect to have more libraries with incopatible license. There must
be a common place for such software. It seems that lib/util is good
place for that.
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordicsemi.no>
This makes cbprintf_nano.c much closer to the standard printf and
therefore more useful. The following are now implemented:
- right justification for everything (only for numbers previously)
- precision value for numbers, chars and strings
- width/precision passed as arguments with *
- "unlimited" padding length
- lower/uppercase hex output
- the #, + and ' ' flags are supported
And the code was heavily reworked to reduce its size as much as
possible to mitigate the size growth. Still, the binary resulting
from cbprintf_nano.c is now between 10% and 20% bigger depending on
the architecture. This is still far smaller than cbprintf_complete.c
which remains about twice as big on average even without FP support.
Many unit tests that were skipped with CONFIG_CBPRINTF_NANO are now
enabled, and a few more were added for good measure.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This reverts commit b6b6d39bb6.
With both commit 4690b8d5ec ("libc/minimal: fix malloc() allocated
memory alignment") and commit c822e0abbd ("libc/minimal: fix
realloc() allocated memory alignment") in place, there is no longer
a need for enforcing the big heap mode on every allocations.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Work items can be legally resubmitted from within their own handler.
Currently the p4wq detects this case by checking their thread field to
see if it's been set to NULL. But that's a race, because if the item
was NOT resubmitted then it no longer belongs to the queue and may
have been freed or reused or otherwise clobbered legally by user code.
Instead, steal a single bit in the thread struct for this purpose.
This patch adds a K_CALLBACK_STATE bit in user_options and documents
it in such a way (as being intended for "callback manager" utilities)
that it can't be used recursively or otherwise collide.
Fixes#32052
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Commit 40016a6a92 ("libc/minimal: Use a sys_heap for the malloc
implementation") replaced sys_mem_pool_alloc() with sys_heap_alloc().
The problem is that those aren't equivalent. While the former did
guard against concurrent usage, the later doesn't.
Add the same locking around sys_heap_alloc() that used to be implicit
with sys_mem_pool_alloc().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The commit adds initialization of fs_dir_t variables in preparation
for fs_opendir function change that will require fs_dir_t object, passed
to the function, to be initialized before first usage.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The commit adds initialization of fs_dir_t variables in preparation
for fs_opendir function change that will require fs_dir_t object, passed
to the function, to be initialized before first usage.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The sys_heap_realloc() code falls back to allocating new memory
and copying the existing data over when it cannot adjust the size
in place. However the size of the data to copy should be the old
size and not the new size if we're extending the allocation.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The definition for realloc() says that it should return a pointer
to the allocated memory which is suitably aligned for any built-in
type.
Turn sys_heap_realloc() into a sys_heap_aligned_realloc() and use it
with __alignof__(z_max_align_t) to implement realloc() with proper
memory alignment for any platform.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The definition for malloc() says that it should return a pointer
to the allocated memory which is suitably aligned for any built-in
type. This requirement was lost in commit 0c15627cc1 ("lib: Remove
sys_mem_pool implementation") where the entire memory pool used to
have an explicit alignment of 16.
Fix this by allocating memory with sys_heap_aligned_alloc() using
__alignof__(z_max_align_t) which will automatically get the needed
alignment on each platform.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The commit adds initializations of fs_file_t variables in preparation
for fs_open function change that will require fs_file_t object, passed
to the function, to be initialized before first usage.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
An assignment from one multi-word union field to another was not safe
from corruption. Copy the value out to a local value before storing it
to the preferred union field.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This allows applications that may not use minimal libc avoid the cost
of a second printf-like formatting infrastructure by using printfcb()
instead of printf() for output. It also helps make sure that the
formatting support (e.g. floats) is consistent between user-directed
output and the logging infrastructure.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Calculate crc32 4 bits at a time. The return value of the calculation is
identical to the previous 1 bit at a time implementation.
Results in a speed up of a factor 3 at the cost of using 64 bytes of
flash for a crc table.
Calculating crc32 of 128kB of flash on a 120MHz Kinetis MKE16F512
Cortex-M4 takes 99ms using the 1 bit at a time implementation, and 30ms
using the 4 bits at a time implementation.
The crc32 routine is used by subsys/canbus/canopen/canopen_program.c to
calculate crc of flash images.
Signed-off-by: Klaus H. Sorensen <khso@vestas.com>
This option allows forcing big heap mode. Useful on for getting 8-byte
aligned blocks on 32-bit machines.
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
reallocarray() is defined in terms of realloc(). From OpenBSD manual
pages:
"Designed for safe allocation of arrays, the reallocarray()
function is similar to realloc() except it operates on nmemb
members of size size and checks for integer overflow in the
calculation nmemb * size."
The return value of sys_heap_realloc() is not compatible with that
of realloc().
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
Previously, newlib claimed all free physical memory in the
system.
Now, the kernel manages this, allowing for memory to be
used via k_mem_map() calls.
Establish an upper bound to how much newlib will try to
claim on system startup, instead of trying to take all
of it, allowing other parts of the system to also map
anonymous memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now draw heap memory from an anonymous memory mapping
instead of a hard-coded region past the kernel image,
which is no longer mapped by default.
Some readability cleanups were made to a particuarly
horrible set of nested ifdefs. A few types were adjusted.
sbrk()'s count argument is an intptr_t, not an int.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
directly convert ticks to nsecs in the clock_* posix
functions which will provide the best resolution the
system allows
Signed-off-by: Nicholas Lowell <nlowell@lexmark.com>
The strategy used in z_heap_aligned_alloc() was to allocate an extra
align-sized memory block for storing a pointer to the memory heap.
This is wasteful in terms of memory usage when alignment is larger
than a pointer width. A loop is needed to find the initial memory
start when freeing it which isn't optimal either.
Instead, let's have sys_heap_aligned_alloc() rewind a pointer after
it is aligned to make just enough room for storing our heap reference.
This way the heap reference is always located immediately before the
aligned memory and any unused memory is returned to the heap.
The rewind and alignment values may coincide in which case only
the alignment is necessary anyway.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Previously, newlib claimed all free physical memory in the
system.
Now, the kernel manages this, allowing for memory to be
used via k_mem_map() calls.
Establish an upper bound to how much newlib will try to
claim on system startup, instead of trying to take all
of it, allowing other parts of the system to also map
anonymous memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now draw heap memory from an anonymous memory mapping
instead of a hard-coded region past the kernel image,
which is no longer mapped by default.
Some readability cleanups were made to a particuarly
horrible set of nested ifdefs. A few types were adjusted.
sbrk()'s count argument is an intptr_t, not an int.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Macros like INT64_C(x) convert x to a constant integral expression,
i.e. one that can be used in preprocessor code. Implement wrappers
that use the GNUC intrinsics to perform the translation.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Provide data structures to capture a timestamp in two different
clocks, monitor the drift between those clocks, and using a base
instant with estimated drift convert between the clocks.
This provides the core technology to convert between system uptime and
an external continuous time scale like TAI (UTC without applying leap
seconds).
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Let's do it upfront only once for each entry point and dispense
with overflow checks later to keep the code simple.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Fixes: #28650
Linking with newlib now defines the following linker flags as:
```
${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}c
${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}gcc
c
```
This is needed because when linking with newlib on aarch64, then libgcc
has a link dependency to libc (strchr), but libc also has dependencies
to libgcc.
CMake is capable of handling circular link dependencies for CMake
defined static libraries, which can be further controlled using
`LINK_INTERFACE_MULTIPLICITY`.
However, libc and libgcc are not regular CMake libraries, and is seen as
linker flags by CMake, and thus symbol de-duplications will be
performed.
CMake link options cannot be used, as that will place those libs first
on the linker invocation. -Wl,--start-group is problematic as the
placement of -lc and -lgcc is not guaranteed in case later libraries are
also using -lc / -libbgcc as interface linker flags.
Thus, we resort to use
`${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}`
as this ensures the uniqueness and thus avoids symbol de-duplication
which means libc will be followed by libgcc, which is finally followed
by libc again.
It would have been possible to use `-lc` directly, but there is a risk
that an externally library is also adding `-lc` and thus de-duplication
and re-arrangement of this flag happens. This risk is in theory also
existing with this fix, but the long nature of this link flag with using
`${CMAKE_C_LINKER_WRAPPER_FLAG}` would likely indicate a similar fix and
thus those libraries will stay in order.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The 'fputs' has flaw in the implementation. It almost always
returns 'EOF' even if completed successfully.
This happens because we compare 'fwrite' return value which is
"number of members successfully written" (which is 1 in current
implementation) to the total string size:
----------------------------->8-----------------------
int fputs(const char *_MLIBC_RESTRICT string,
FILE *_MLIBC_RESTRICT stream)
{
int len = strlen(string);
int ret;
ret = fwrite(string, len, 1, stream);
return len == ret ? 0 : EOF;
}
----------------------------->8-----------------------
In result 'fputs' return 'EOF' in case of string length bigger
than 1.
There are several fixes possible, and one of the fixes is to
swap number of items (1) with size (string length) when we
are calling 'fwrite'. The only difference will be that
'fwrite' will return actual numbers of bytes written which
can be compared with the string length.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
First, the maximum heap size must fit in 31 bits worth of chunks
because the internal 32-bit field holding the size is shared with
the `used` bit.
Then the mention of a 256-byte block in the doc is no longer
relevant. That pertained to the previous allocator implementation.
And ditto for the HEAP_MEM_POOL_MIN_SIZE kconfig option.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This adds a somewhat special purpose IPC mechanism. It's intended for
applications which have a "work queue" like architecture of discrete
callback items, but which need the ability to schedule those items
independently in separate threads across multiple CPUs. So P4 Work
items:
1. Can run at any Zephyr scheduler priority and with any deadline
(this feature assumes EDF scheduling is enabled)
2. Can be submitted at any time and from any context, including being
resubmitted from within their own handler.
3. Will preempt any lower priority work as soon as they are runnable,
according to the standard rules of Zephyr priority scheduling.
4. Run from a pool of worker threads that can be allocated efficiently
(i.e. you need as many as the number of CPUs plus the number of
preempted in-progress items, but no more).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The l length modifier can apply to the c format specifier; in that
case the expected value is of type wint_t. Minimal libc doesn't
define wint_t, and it is complex to do so correctly (must add
<wchar.h>, and use a lot of conditional tricks).
wint_t can differ from wchar_t in rank when wchar_t undergoes default
integral promotion, which it does on xtensa (wchar_t is unsigned
short). So we can use wchar_t as an approximation, except in va_arg
where we need to use a wider type: int covers this case.
Note that we still don't format wide characters, but we do want to
consume the correct amount of data for a default-promoted extended
character.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Whether char is signed or unsigned is toolchain and target specific.
Rather than assume it's signed (which is true for x86, but not for
ARM), do the right thing based on whether the minimum representable
value is less than zero.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
It may not be clear that the length modifiers reference native C types
with specific ranks. Document the core type for each modifier.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
