Add SYS_POWER_ prefix to HAS_STATE_SLEEP_, HAS_STATE_DEEP_SLEEP_
options to align them with names of power states they control.
Following is a detailed list of string replacements used:
s/HAS_STATE_SLEEP_(\d)/HAS_SYS_POWER_STATE_SLEEP_$1/
s/HAS_STATE_DEEP_SLEEP_(\d)/HAS_SYS_POWER_STATE_DEEP_SLEEP_$1/
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This commit cleans up names of system power management functions by
assuring that:
- all functions start with 'sys_pm_' prefix
- API functions which should not be exposed to the user start with '_'
- name of the function hints at its purpose
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
There exists SoCs, e.g. STM32L4, where one of the low power modes
reduces CPU frequency and supply voltage but does not stop the CPU. Such
power modes are currently not supported by Zephyr.
To facilitate adding support for such class of power modes in the future
and to ensure the naming convention makes it clear that the currently
supported power modes stop the CPU this commit renames Low Power States
to Slep States and updates the documentation.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Coverity was complaining that this function was not being checked only
in a specific case.
Coverity CID: 183066
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The 14 individual cases that use these four config files are now
passing reliably when SMP is enabled, after the "Mark sleeping threads
suspended" scheduler fix. Turn it back on.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
For obvious performance reasons, scheduler state changes (other than
aborting a thread) do not cause synchronous interrupts on the other
CPU. Doing a k_thread_wakeup() means that the current CPU will run it
synchronously if it's high priority, but if you want to see it run on
the other cores you need to wait for them to reach a scheduling point
on their own.
The test was written to assume that k_thread_wakeup() is synchronous,
but that's not right, and it needs to spin a bit. This bug was always
present in the test, but masked by a bug in the way that k_sleep() was
handled on SMP. See #9506.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
A few more test cases that are measurably unreliable when run in SMP.
For the most part these work most of the time (though the semaphore
one was pretty borderline -- I measured about 25% failures), but are
measurably unstable against the backdrop of known qemu instability.
Something is clearly going on and we need to come back to these to fix
threadsafety issues.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add qemu_x86_64 to the platform whitelist so that this will actually
be built and tested with sanitycheck.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
There was a missing 'z_' renaming to
z_is_thread_prevented_from_running which would have caused
sanitycheck to fail but it is not being built at the moment.
Fix this first.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Most CPUs have instructions like LOCK, LDREX/STREX, etc which
allows for atomic operations without locking interrupts that
can be invoked from user mode without complication. They typically
use compiler builtin atomic operations, or custom assembly
to implement them.
However, some CPUs may lack these kinds of instructions, such
as Cortex-M0 or some ARC. They use these C-based atomic
operation implementations instead. Unfortunately these require
grabbing a spinlock to ensure proper concurrency with other
threads and ISRs. Hence, they will trigger an exception when
called from user mode.
For these platforms, which support user mode but not atomic
operation instructions, the atomic API has been exposed as
system calls.
Some of the implementations in atomic_c.c which can be instead
expressed in terms of other atomic operations have been removed.
The kernel test of atomic operations now runs in user mode to
prove that this works.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test isn't SMP-safe and won't pass reliably on x86_64 by default
(though it does pass often enough to get CI passes on most things, it
fails spuriously in ways that aren't timing related). Turn off the
second CPU. Fixes#14501
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Qemu just can't handle 1000 Hz ticks. On our CI machines, CONFIG_HZ
on the host (which is the limit of timing precision for things like
idle wakeups and signal delivery, both of which qemu seems to use for
timing) is 250. When the mismatch gets this large, we start seeing
artifacts like interrupts being delivered "in the past" (i.e. code
sees a z_clock_elapsed() value of "2" ticks before getting a
z_clock_announce() call for "1").
As it happens, this test doesn't actually require timing with that
precision, it just wants "lots of context switching" to exercise the
threadsafety of the mem_pool APIs. So decrease the tick rate to the
100Hz default, but put a loop counter in the worker threads to force
them to do 10x more work, keeping the number of preemptions constant.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing device_set_power_state() API works only in synchronous
mode and this is not desirable for devices(ex: Gyro) which take
longer time (few 100 mSec) to suspend/resume.
To support async mode, a new callback argument is added to the API.
The device drivers can asynchronously suspend/resume and call the
callback function upon completion of the async request.
This commit adds the missing callback parameter to all the drivers
to make it compliant with the new API.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
We needed to add support for the RV32M1_LPTMR_TIMER to the test so its
knows what the IRQ of the timer is.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The various tests would all do a "wait for threads to exit" step
before checking the results, but this was implemented with a simple
busy wait that turns out to need careful tuning (because there was
busy waiting in the threads).
Rather than try to synchronize this, white box the issue (it's a low
level SMP test, after all) by spinning on the thread states directly
watching for the kernel to flag them dead. The downside here is that
if the process fails for some reason we'll get a hang and a timeout
reported from sanitycheck and not a synchronous ztest assertion. But
in return, successful tests run much faster and I don't need to worry
about how to tune them for IPI latency on different platforms.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This case was predicated on a mistake. The behavior of k_wakeup() has
always been NOT to wake up threads that are "pending" on a wait queue,
only ones blocked on a timeout in k_sleep(). As written, this test
case could never pass.
(Really there's no good reason for that. It seems reasonable to me to
expect wakeup to work symmetrically, and the docs are sort of
ambiguous on the subject. But the code in k_wakeup() is clear:
threads flagged pending get an early exit and the call becomes a
noop.)
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There was a test-created thread that wasn't including this. It's a
huge stack and doesn't overflow (though I thought briefly that it
was), but it's a rule that we need to have that buffer and I'm trying
to fix these as I find them.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Minnowboard should not run the XIP test as it doesn't execute-in-place.
Updated the test specification to exclude Minnowboard.
Fixes#14099.
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
Fix multiple definitions of `ram_console'. The ram_console
array is already defined in drivers/console/ram_console.c.
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@st.com>
These tests fail on hardware. An appropriate issue will be filed on
GitHub, but it doesn't make sense to hold the CI from going green.
Fixes#13960.
Signed-off-by: Piotr Zierhoffer <pzierhoffer@antmicro.com>
We want to show that performing various memory domain
operations, and then either dropping to user mode, or
swapping to a user thread in the same domain, has the
correct memory policy for the user context.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Removing the build_only option for tickless broke CI (for reasons
unrelated to the new tests I added in the prior commit).
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
In some circumstances (e.g., a tickless kernel), k_timer_remaining_get()
would not account for time passed that didn't involve clock interrupts.
This adds a simple fix for that, and adds a test case. In addition, the
return value of k_timer_remaining_get() is clamped at 0 in the case of
overdue timers and the API description is adjusted to reflect this.
Fixes: #13353
Signed-off-by: Charles E. Youse <charles.youse@intel.com>
This test was written to wait on a fifo with a timeout, return, and
check the timing between the start and end using k_cycle_get_32() to
see that it didn't run long. But timeouts expire on tick boundaries,
and so if tick expires between the start of the test and the entry to
k_fifo_get(), the timeout will take one full tick longer than expected
due to aliasing.
As it happened this passed everywhere except nRF (whose cycle timer is
32 kHz and thus more susceptible to coarser aliasing like this), and
even there it passed for a while until the spinlock validation layer
went in and added just enough time to the userspace code paths
(i.e. the code between the start time fetch and the point where the
fifo blocks takes longer) to open the window and push us over the
limit.
The workaround here is just to add a k_sleep(1) call, which is
guaranteed to block and wake up synchronously at the next tick.
Fixes#13289
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
(Chunk 2 of 3 - this patch was split across pull requests to address
CI build time limitations)
Zephyr has always been a uniprocessor system, and its kernel tests are
rife with assumptions and outright dependence on single-CPU operation
(for example: "low priority threads will never run until this high
priority thread blocks" -- not true if there's another processor to
run it!)
About 1/3 of our tests fail right now on x86_64 when dual processor
operation is made default. Most of those can probably be recovered on
a case-by-case basis with simple changes (and a few of them might
represent real bugs in SMP!), but for now let's make sure the full
test suite passes by turning the second CPU off. There's still plenty
of SMP coverage in the remaining cases.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This commit removes the #ifdefs for ARM platforms in
tests/kernel/fatal/main.c, as all the tests suite can be
executed for platforms supporting the ARM and the NXP MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Commit 0cc362f873 ("tests/kernel: Simplify timer spinning") was
added to work around a qemu bug with dropped interrupts on x86_64.
But it turns out that the tick alignment that the original
implementation provided (fundamentally, it spins waiting on the timer
driver to report tick changes) was needed for correct operation on
nRF52.
The effectively revert that commit (and refactors all the spinning
into a single utility) and replaces it with a workaround targeted to
qemu on x86_64 only. Fixes#11721
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
(Chunk 1 of 3 - this patch was split across pull requests to address
CI build time limitations)
Zephyr has always been a uniprocessor system, and its kernel tests are
rife with assumptions and outright dependence on single-CPU operation
(for example: "low priority threads will never run until this high
priority thread blocks" -- not true if there's another processor to
run it!)
About 1/3 of our tests fail right now on x86_64 when dual processor
operation is made default. Most of those can probably be recovered on
a case-by-case basis with simple changes (and a few of them might
represent real bugs in SMP!), but for now let's make sure the full
test suite passes by turning the second CPU off. There's still plenty
of SMP coverage in the remaining cases.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
MISRA rules (see #9892) forbid alloca() and family, even though those
features can be valuable performance and memory size optimizations
useful to Zephyr.
Introduce a MISRA_SANE kconfig, which when true enables a gcc error
condition whenever a variable length array is used.
When enabled, the mempool code will use a theoretical-maximum array
size on the stack instead of one tailored to the current pool
configuration.
The rbtree code will do similarly, but because the theoretical maximum
is quite a bit larger (236 bytes on 32 bit platforms) the array is
placed into struct rbtree instead so it can live in static data (and
also so I don't have to go and retune all the test stack sizes!).
Current code only uses at most two of these (one in the scheduler when
SCHED_SCALABLE is selected, and one for dynamic kernel objects when
USERSPACE and DYNAMIC_OBJECTS are set).
This tunable is false by default, but is selected in a single test (a
subcase of tests/kernel/common) for coverage. Note that the I2C and
SPI subsystems contain uncorrected VLAs, so a few platforms need to be
blacklisted with a filter.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This commit extends the arm_irq_vector_table test,
so it can run successfully in nRF9160-based platforms.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adds the Clock Control Interrupt Service
Routine into the customized vector table, when building
for nRF52X-based platforms. As a result, the interrupts
generated by the clock control will not interfere with
the test.
Fixes#13823.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Minor typo and style fixes in the test logging, stressing
that the test is applicable for Cortex-M MCUs, in general.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In order to make this test easy to extend for additional
Cortex-M-based platforms, we apply the following minor
refactoring to the test:
- we introduce the _ISR_OFFSET macro to denote the offset
inside the interrupts' vector table (starting from IRQ
line 0) of the first manually installed ISR.
- we move the asserts that ensure the validity of the custom
vector table to build-time and place them in the beginning
of the text, outside source code.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
(Chunk 3 of 3 - this patch was split across pull requests to address
CI build time limitations)
Zephyr has always been a uniprocessor system, and its kernel tests are
rife with assumptions and outright dependence on single-CPU operation
(for example: "low priority threads will never run until this high
priority thread blocks" -- not true if there's another processor to
run it!)
About 1/3 of our tests fail right now on x86_64 when dual processor
operation is made default. Most of those can probably be recovered on
a case-by-case basis with simple changes (and a few of them might
represent real bugs in SMP!), but for now let's make sure the full
test suite passes by turning the second CPU off. There's still plenty
of SMP coverage in the remaining cases.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Reworked platform_whitelist to enable the "test kernel.device" for
qemu_x86_64
kernel.device.pm is not yet enabled for qemu_x86_64 because
there is a link error
undefined symbol `_DEVICE_STRUCT_SIZEOF'
referenced in expression
Signed-off-by: Cinly Ooi <cinly.ooi@intel.com>
The intent of this Kconfig is to allow libc stdout
functions like printf() to send their output to the
active console driver instead of discarding it.
This somehow evolved into preferring to use
printf() instead of printk() for all test case output
if enabled. Libc printf() implementation for both
minimal libc and newlib use considerably more stack
space than printk(), with nothing gained by using
them.
Remove all instances where we are conditionally
sending test case output based on this config, enable
it by default, and adjust a few tests that disabled
this because they were blowing stack.
printk() and vprintk() now work as expected for
unit_testing targets, they are just wrappers for
host printf().
Fixes: #13701
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
CPU_LPS_n name used to indicate a low power state is cryptic and
incorrect. The low power states act on the whole SoC and not exclusively
on the CPU. This patch renames CPU_LPS_n states to LOW_POWER_n. Also
HAS_ pattern for Kconfig options is used in favor of a non standard
_SUPPORTED. Naming of deep sleep states was adjusted accordingly.
Following is a detailed list of string replacements used:
s/SYS_POWER_STATE_CPU_LPS_(\d)_SUPPORTED/HAS_STATE_LOW_POWER_$1/
s/SYS_POWER_STATE_CPU_LPS_(\d)/SYS_POWER_STATE_LOW_POWER_$1/
s/SYS_POWER_STATE_DEEP_SLEEP_(\d)_SUPPORTED/HAS_STATE_DEEP_SLEEP_$1/
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This commit removes dependency on SYS_POWER_LOW_POWER_STATES_SUPPORTED,
SYS_POWER_DEEP_SLEEP_STATES_SUPPORTED Kconfig options. Power management
SYS_POWER_LOW_POWER_STATES, SYS_POWER_DEEP_SLEEP_STATES options depend
now directly on specific power states supported by the given SoC. This
simplifies maintenance of SoC Kconfig files.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Test was failing on nios2 with:
../app/libapp.a(test_stack_contexts.c.obj): in function `tstack_pop':
/home/galak/git/zephyr/tests/kernel/stack/stack_api/src/test_stack_contexts.c:31:
warning: unable to reach (null) (at 0x004002f4) from the global pointer
(at 0x004082fc) because the offset (-32776) is out of the allowed range,
-32678 to 32767
Fixes#13595
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit fixes a test in kernel/mem_protect/userspace,
which was attempting to read from an address that was not
necessarily within the image memory range, causing faults
in ARM TrustZone-enabled builds.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit disables system-level power management in the device power
management test as it is not used.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Some of power states used numerical suffix while otthers not.
This commit adds proper suffix to all power state names.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
f
This commit simplifies OS <-> Application interface controlling power
management. In the previous approach application-based PM required
overriding sys_suspend() and sys_resume() functions. As these functions
actually implemented power state change, in such case application
basically had to provide own implementation of all PM-related stuff,
which was not portable and hard to maintain.
This commit changes this scheme: The sys_suspend() and sys_resume()
are now system functions while the application could either use
built-in power management policies or provide its own. All details
of power mode switching are now handled by the OS.
Also, this commit cleans up the Kconfig options related to system-level
power management grouping them under common CONFIG_SYS_PM_ prefix.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
We weren't testing whether stack overflows in user mode
were correctly reported.
A more aggressive stack overflow logic is enabled if
HW-based stack overflow detection is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Upon hard/soft irq or exception entry/exit, handle transitions
off or onto the trampoline stack, which is the only stack that
can be used on the kernel side when the shadow page table
is active. We swap page tables when on this stack.
Adjustments to page tables are now as follows:
- Any adjustments for stack memory access now are always done
to the user page tables
- Any adjustments for memory domains are now always done to
the user page tables
- With KPTI, resetting a page now clears the present bit
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The test assumes that the last to IRQ number will be free, this isn't a
valid assumption and now that we detect multiple ISRs registering for
the some IRQ line, we see failures because of this assumption on some
platforms. Exclude those platforms from this test for the time being.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The SYS_POWER_LOW_POWER_STATE_SUPPORTED and SYS_POWER_LOW_POWER_STATE
suggests one low power state but these options control multiple
low power state. This commit uses plural in the names to indicate
that.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The new spinlock validation features combined with spinlockification
have increased stack usage a bit in CONFIG_ASSERT builds, but this is
a good feature we want to keep. This test was bumping into limits, so
increase the size from 512 to 640 bytes.
Unfortunately, this is also a huge test that creates a LOT of those
stacks across different test cases, so that minor bump blows us past
the 64k SRAM limit on a bunch of boards. So unify all those stacks
that are only ever used in one case at a time so the memory can be
shared. Now there's one fixed stack, named "tstack", and one array
"tstacks". Much smaller.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These functions, for good design reason, take a locking key to
atomically release along with the context swtich. But there's still a
common pattern in code to do a switch unconditionally by passing
irq_lock() directly. On SMP that's a little hurtful as it spams the
global lock. Provide an _unlocked() variant for
_Swap/_reschedule/_pend_curr for simplicity and efficiency.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
We want a _Swap() variant that can atomically release/restore a
spinlock state in addition to the legacy irqlock. The function as it
was is now named "_Swap_irqlock()", while _Swap() now refers to a
spinlock and takes two arguments. The former will be going away once
existing users (not that many! Swap() is an internal API, and the
long port away from legacy irqlocking is going to be happening mostly
in drivers) are ported to spinlocks.
Obviously on uniprocessor setups, these produce identical code. But
SMP requires that the correct API be used to maintain the global lock.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The power management framework used two different abstractions
to describe power states. The SYS_PM_* given coarse information
what kind of power state (low power or deep sleep) was used,
while the SYS_POWER_STATE_* abstraction provided information
about particular power mode.
This commit removes the SYS_PM_* abstraction as the same
information is already carried in SYS_POWER_STATE_*.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
CONFIG_APPLICATION_MEMORY was a stopgap feature that is
being removed from the kernel. Convert tests and samples
to use the application shared memory feature instead,
in most cases using the domain set up by ztest.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some tests instantiate a lot of thread objects. These
were not tagged with __kernel, and
CONFIG_APPLICATION_MEMORY was enabled, so the kernel was
not adding them to the kernel object database.
However, with CONFIG_APPLICATION_MEMORY disabled, this
overflowed the default max number of thread objects (16).
Increase the max to 32 for these particular tests.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We want CONFIG_APPLICATION_MEMORY specifically disabled
for this test, but it was being transitively selected by
CONFIG_TEST_USERSPACE which defaults to on for CONFIG_TEST.
Turn it off so that disabling application memory in the
config actually has an effect.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The test assumes that the last to IRQ numbers will be free, this isn't a
valid assumption and now that we detect multiple ISRs registering for
the some IRQ line, we see failures because of this assumption on some
platforms. Exclude those platforms from this test for the time being.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
PAE tables introduce the NX bit which is very desirable
from a security perspetive, back in 1995.
PAE tables are larger, but we are not targeting x86 memory
protection for RAM constrained devices.
Remove the old style 32-bit tables to make the x86 port
easier to maintain.
Renamed some verbosely named data structures, and fixed
incorrect number of entries for the page directory
pointer table.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit moves the definition of IRQ_LINE(..) macro from
interrupt.h into nested_irq.c, and adds some inline comments
documenting the use of it.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Very simple test for thread CPU masks. While this is a SMP feature,
the implementation doesn't actually depend on SMP so we can test it
right here in the thread_apis test.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The sys_dlist_insert_*() functions had a behavior where a NULL
argument for the insertion position to sys_dlist_insert_after/before()
was interpreted as "the end of the list". We never used that
convention (except in one spot internal to dlist.h which was not
itself used anywhere), and of course already have an API for appending
and prepending to a list.
In practice this was a performance disaster. The NULL check is
virtually never provable statically by the compiler, so that test and
branch is present always. And worse, the check and call to another
function was pushing this beyond the complexity limit for gcc to
inline a function (at -Os optimization anyway), forcing us to use
function calls for what should be a ~8 instruction sequence. The
upshot is that dlist insertions were 2-3x slower than they needed to
be.
Deprecate these older APIs and introduce a new sys_dlist_insert() call
which can be much better optimized.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This board is unmaintained and unsupported. It is not known to work and
has lots of conditional code across the tree that makes code
unmaintainable.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There are no longer per-partition initialization functions.
Instead, we iterate over all of them at boot to set up the
derived k_mem_partitions properly.
Some ARC-specific hacks that should never have been applied
have been removed from the userspace test.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The public APIs for application shared memory are now
properly documented and conform to zephyr naming
conventions.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The app shared memory macros for declaring domains provide
no value, despite the stated intentions.
Just declare memory domains using the standard APIs for it.
To support this, symbols declared for app shared memory
partitions now are struct k_mem_partition, which can be
passed to the k_mem_domain APIs as normal, instead of the
app_region structs which are of no interest to the end
user.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Several places in the code have constructions like this:
if (bool_variable) {
atomic_set_bit(flags, FLAG);
} else {
atomic_clear_bit(flags, FLAG);
}
To reduce the amount of code for such situations, introduce a new
atomic_set_bit_to() helper which lets you condense the above five
lines to a single one:
atomic_set_bit_to(flags, FLAG, bool_variable);
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The original implementation allows a list to be corrupted by list
operations on the removed node. Existing code attempts to avoid this by
using external state to determine whether a node is in a list, but this
is fragile and fails when the state that holds the flag value is changed
after the node is removed, e.g. in preparation for re-using the node.
Follow Linux in invalidating the link pointers in a removed node. Add
API so that detection of particpation in a list is available at the node
abstraction.
This solution relies on the following steady-state invariants:
* A node (as opposed to a list) will never be adjacent to itself in a
list;
* The next and prev pointers of a node are always either both null or
both non-null.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Minor adjustments are done to the nRF clock_control and rtc_timer
drivers to make them usable on nRF9160 as well.
The arm_irq_vector_table test code is modified only because it uses
the function that has been renamed in the nrf_rtc_timer driver.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
printk is supposed to be very lean, but should at least not
print garbage values. Now when a 64-bit integral value is
passed in to be printed, 'ERR' will be reported if it doesn't
fit in 32-bits instead of truncating it.
The printk documentation was slightly out of date, this has been
updated.
Fixes: #7179
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These were being truncated to 32-bits, and only 8
hex digits were supported.
An extraneous printk() at the beginning of the test
which was not being tested in any way has been removed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Disabled the CONFIG_COVERAGE for benchmarks and other tests.
This is needed because it interferes with normal behavior of the
test case.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
These tests need to use stack size as a function of
CONFIG_TEST_EXTRA_STACKSIZE. These test will fail when
CONFIG_COVERAGE is enabled.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This builds with a host compiler, not one from the SDK, and so no
newlib library is available. There is work to enable newlib detection
at and above the cmake level. This patch can be reverted when that
lands.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There is actually nothing wrong with this test code idiom. But it's
tickling a qemu emulator bug with the hpet driver and x86_64[1]. The
rapidly spinning calls to k_uptime_get_32() need to disable
interrupts, read timer hardware state and enable them. Something goes
wrong in qemu with this process and the timer interrupt gets lost.
The counter blows right past the comparator without delivering its
interrupt, and thus the interrupt won't be delivered until the counter
is next reset in idle after exit from the busy loop, which is
obviously too late to interrupt the timeslicing thread.
Just replace the loops with a single call to k_busy_wait(). The
resulting code ends up being much simpler anyway. An added bonus is
that we can remove the special case handling for native_posix (which
was an entirely unrelated thing, but with a similar symptom).
[1] But oddly not the same emulated hardware running with the same
driver under the same qemu binary when used with a 32 bit kernel.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This architecture doesn't support stack canaries. In fact the gcc
-fstack-protect features don't seem to be working at all. I'm
guessing it's an x32 ABI mismatch?
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This patch adds a x86_64 architecture and qemu_x86_64 board to Zephyr.
Only the basic architecture support needed to run 64 bit code is
added; no drivers are added, though a low-level console exists and is
wired to printk().
The support is built on top of a "X86 underkernel" layer, which can be
built in isolation as a unit test on a Linux host.
Limitations:
+ Right now the SDK lacks an x86_64 toolchain. The build will fall
back to a host toolchain if it finds no cross compiler defined,
which is tested to work on gcc 8.2.1 right now.
+ No x87/SSE/AVX usage is allowed. This is a stronger limitation than
other architectures where the instructions work from one thread even
if the context switch code doesn't support it. We are passing
-no-sse to prevent gcc from automatically generating SSE
instructions for non-floating-point purposes, which has the side
effect of changing the ABI. Future work to handle the FPU registers
will need to be combined with an "application" ABI distinct from the
kernel one (or just to require USERSPACE).
+ Paging is enabled (it has to be in long mode), but is a 1:1 mapping
of all memory. No MMU/USERSPACE support yet.
+ We are building with -mno-red-zone for stack size reasons, but this
is a valuable optimization. Enabling it requires automatic stack
switching, which requires a TSS, which means it has to happen after
MMU support.
+ The OS runs in 64 bit mode, but for compatibility reasons is
compiled to the 32 bit "X32" ABI. So while the full 64 bit
registers and instruction set are available, C pointers are 32 bits
long and Zephyr is constrained to run in the bottom 4G of memory.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These files were relying on _thread_essential_set() from
kernel_internal.h, but not including it directly. New architectures
won't transitively include things the same way.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
With the new implementation we do not need a NULL terminated list
of kobjects. Therefore the list will only contain valid entries
of kobjects.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The test_timer_periodicity test is racy and subject to initial state
bugs. The operation of that test is to:
1. Start a timer with a known period
2. Take the current time with k_uptime_get()
3. Wait for the timer to fire with k_timer_status_sync()
4. Check that the current time minus start time is the period
But that's wrong, because a tick expiring between any of the first
three steps is going to skew the math (i.e. the timer will have
started on a different tick than the "start time").
And taking an interrupt lock around the process can't fix the issue,
because in the tickless world we live in k_uptime_get() is actually a
realtime quanity based on a hardware counter and doesn't rely on
interrupt delivery.
Instead, use another timer object to synchronize the test start to a
driver tick, ensuring that even if the race is unfixable the initial
conditions are always correct.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Move to latest cmake version with many bug fixes and enhancements.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Keeping IRQ0 priority as 1 and IRQ1 priority as 0
so that system timer which of priority 0 in ARC
will be interrupted by IRQ1 of same priority.
In ARM, system timer is of priority 1, hence
making ISR0 priority as 2 and ISR1 priority as 1.
Thus system timer will always be interrupted by
ISR1 in both the architectures.
Fixes: #12147
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
k_busy_wait() call used in test expects time in us, but the test
is specifying wait in ms.
Also the test fails on NRF5 platform as the test hardcodes the
interrupts priority to 0 and 1 and assumes system timer to be of
priority 0 which is not the case in NRF5 platforms as per
@pizi-nordic where system timer is at priority 1. Hence changing
test interrupts to 1 and 2.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
In the wake of dfa7a354ff2a31fea8614b3876b051aadc30b242, where
the inclusions for MPU APIs were clean-up, we need to directly
include arm_core_mpu_dev.h in the userspace test suite, which
invokes arm_core_mpu_enable/disable(), directly. The same is
already done for ARC MPU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This allows for workqueues to be started in user mode.
No additional kernel objects or system calls are defined
other than starting the workqueue in user mode; for
permission purposes the embedded queue and thread objects
are sufficient.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
System Power Management is only supported in Tickless Idle mode.
This patch modifies Kconfig dependencies to ensure System Power
Management option selects Tickless Idle one.
Fixes: #11046
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
The gen_isr_table test now tries to install two dynamic
IRQ handlers.
RISCV32 has a workaround due to limited number of SW
triggerable interrupts that can be configured.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rewritten Xtensa CCOUNT driver along the lines of all the other new
drivers. The new API permits much smaller code.
Notably: The Xtensa counter is a 32 bit up-counter with a comparator
register. It's in some sense the archetype of this kind of timer as
it's the simplest of the bunch (everything else has quirks: NRF is
very slow and 24 bit, HPET has a runtime frequency detection, RISC-V
is 64 bit...). I should have written this one first.
Note also that this includes a blacklist of the xtensa architecture on
the tests/driver/ipm test. I'm getting spurious failures there where
a k_sem_take() call with a non-zero timeout is being made out of the
console output code in interrupt context. This seems to have nothing
to do with the timer; I suspect it's because the old timer drivers
would (incorrectly!) call z_clock_announce() in non-interrupt context
in some contexts (e.g. "expiring really soon"). Apparently this test
(or something in the IPM or Xtensa console code) was somehow relying
on that on Xtensa. But IPM is a Quark thing and there's no particular
reason to run this test there.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This test was written with an outrageously long timeout of 25 seconds.
That blows right through the 32 bit cycle counter on qemu_cortex_m3[1]
and produces an essentially random delay instead of the desired
number, causing a hang with the new SysTick driver in tickless mode.
Push the number down so it doesn't overflow. The root cause, though,
is that k_busy_wait() can take arguments it can't handle. It ought to
have an outer loop or something so that it can spin for INT_MAX
milliseconds correctly.
[1] Which has a 12MHz clock rate. Many hardware implementations are
much faster still.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
When TICKLESS_KERNEL is enabled, the current time in ticks is based on
a hardware counter and not interrupt delivery (which is the whole
point of tickless), so irq-locking does not prevent time from
advancing. Disable this test in that configuration.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Qemu doesn't like tickless. By default[1] it tries to be realtime as
vied by the host CPU -- presenting read values from hardware cycle
counters and interrupt timings at the appropriate real world clock
times according to whatever the simulated counter frequency is. But
when the host system is loaded, there is always the problem that the
qemu process might not see physical CPU time for large chunks of time
(i.e. a host OS scheduling quantum -- generally about the same size as
guest ticks!) leading to lost cycles.
When those timer interrupts are delivered by the emulated hardware at
fixed frequencies without software intervention, that's not so bad:
the work the guest has to do after the interrupt generally happens
synchronously (because the qemu process has just started running) and
nothing notices the dropout.
But with tickless, the interrupts need to be explicitly programmed by
guest software! That means the driver needs to be sure it's going to
get some real CPU time within some small fraction of a Zephyr tick of
the right time, otherwise the computations get wonky.
The end result is that qemu tends to work with tickless well on an
unloaded/idle run, but not in situations (like sanitycheck) where it
needs to content with other processes for host CPU.
So, add a flag that drivers can use to "fake" tickless behavior when
run under qemu (only), and enable it (only!) for the small handful of
tests that are having trouble.
[1] There is an -icount feature to implement proper cycle counting at
the expense of real-world-time correspondence. Maybe someday we might
get it to work for us.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In the POSIX architecture, with the inf_clock "SOC", time does
not pass while the CPU is running. Tests that require time to pass
while busy waiting should call k_busy_wait() or in some other way
set the CPU to idle. This test was setting the CPU to idle while
waiting for the next time slice. This is ok if the system tick
(timer) is active and awaking the CPU every system tick period.
But when configured in tickless mode that is not the case, and the
CPU was set to sleep for an indefinite amount of time.
This commit fixes it by using k_busy_wait(a few microseconds) inside
that busy wait loop instead.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
In the POSIX architecture, with the inf_clock "SOC", time does
not pass while the CPU is running. Tests that require time to pass
while busy waiting should call k_busy_wait() or in some other way
set the CPU to idle. This test was setting the CPU to idle while
waiting for the next time slice. This is ok if the system tick
(timer) is active and awaking the CPU every system tick period.
But when configured in tickless mode that is not the case, and the
CPU was set to sleep for an indefinite amount of time.
This commit fixes it by using k_busy_wait(a few microseconds) inside
that busy wait loop instead.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
In the POSIX architecture, with the inf_clock "SOC", time does
not pass while the CPU is running. Tests that require time to pass
while busy waiting should call k_busy_wait() or in some other way
set the CPU to idle. This test was setting the CPU to idle while
waiting for the next time slice. This is ok if the system tick
(timer) is active and awaking the CPU every system tick period.
But when configured in tickless mode that is not the case, and the
CPU was set to sleep for an indefinite amount of time.
This commit fixes it by using k_busy_wait(a few microseconds) inside
that busy wait loop instead.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
In the POSIX architecture, with the inf_clock "SOC", time does
not pass while the CPU is running. Tests that require time to pass
while busy waiting should call k_busy_wait() or in some other way
set the CPU to idle. This test was setting the CPU to idle while
waiting for the next time slice. This is ok if the system tick
(timer) is active and awaking the CPU every system tick period.
But when configured in tickless mode that is not the case, and the
CPU was set to sleep for an indefinite amount of time.
This commit fixes it by using k_busy_wait(a few microseconds) inside
that busy wait loop instead.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
In the POSIX architecture, with the inf_clock "SOC", time does
not pass while the CPU is running. Tests that require time to pass
while busy waiting should call k_busy_wait() or in some other way
set the CPU to idle. This test was setting the CPU to idle while
waiting for the next time slice. This is ok if the system tick
(timer) is active and awaking the CPU every system tick period.
But when configured in tickless mode that is not the case, and the
CPU was set to sleep for an indefinite amount of time.
This commit fixes it by using k_busy_wait(a few microseconds) inside
that busy wait loop instead.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Some minor style and typo fixes in
tests/kernel/mem_protect/userspace/src/main.c.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
k_poll_signal was being used by both, struct and function. Besides
this being extremely error prone it is also a MISRA-C violation.
Changing the function to contain a verb, since it performs an action
and the struct will be a noun. This pattern must be formalized and
followed and across the project.
MISRA-C rules 5.7 and 5.9
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
There was an struct and a variable called _kernel. This is error prone
and a MISRA-C violation. It is changing the struct to have a unique
identifier.
MISRA-C rule 5.8
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In the POSIX architecture, with the inf_clock "SOC", time does
not pass while the CPU is running. Tests that require time to pass
while busy waiting should call k_busy_wait() or in some other way
set the CPU to idle. This test was setting the CPU to idle while
waiting for the next time slice. This is ok if the system tick
(timer) is active and awaking the CPU every system tick period.
But when configured in tickless mode that is not the case, and the
CPU was set to sleep for an indefinite amount of time.
This commit fixes it by using k_busy_wait(a few microseconds) inside
that busy wait loop instead.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
In the POSIX architecture, with the inf_clock "SOC", time does
not pass while the CPU is running. Tests that require time to pass
while busy waiting should call k_busy_wait() or in some other way
set the CPU to idle. This test was setting the CPU to idle while
waiting for the next time slice. This is ok if the system tick
(timer) is active and awaking the CPU every system tick period.
But when configured in tickless mode that is not the case, and the
CPU was set to sleep for an indefinite amount of time.
This commit fixes it by using k_busy_wait(a few microseconds) inside
that busy wait loop instead.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
In the POSIX architecture, with the inf_clock "SOC", time does
not pass while the CPU is running. Tests that require time to pass
while busy waiting should call k_busy_wait() or in some other way
set the CPU to idle. This test was setting the CPU to idle while
waiting for the next time slice. This is ok if the system tick
(timer) is active and awaking the CPU every system tick period.
But when configured in tickless mode that is not the case, and the
CPU was set to sleep for an indefinite amount of time.
This commit fixes it by using k_busy_wait(a few microseconds) inside
that busy wait loop instead.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Enhance test to validate a scenario where k_thread_name_set()
with NULL as thread ID should set thread name to current
thread.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
This test was failing on nrf52810_pca10040 due to lack of RAM.
It was a side effect of increasing the privilege stack size.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
When using an IDE (e.g. Eclipse, Qt Creator), the project name gets
displayed. This greatly simplifies the navigation between projects when
having many of them open at the same time. Naming every project "NONE"
defeats this functionality.
This patch tries to use sensible project names while not duplicating
too much of what is already represented in the path. This is done by
using the name of the directory the relevant CMakeLists.txt file is
stored in. To ensure unique project names in the samples (and again, in
the tests folder) folder, small manual adjustments have been done.
Signed-off-by: Reto Schneider <code@reto-schneider.ch>
This is a new test and we have riscv32 failing on that all of the
sudden. Disabling while we look into it and identify if that is a
testcase issue or not.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This test was written to assume that on idle the CPU would wake up on
the next tick boundary because of the timer interrupt. No such
interrupt arrives in tickless mode and it hangs forever.
A more whiteboxy test involving setting a clock timout will have to be
written for this feature if we want to keep it on tickless systems.
Alternatively we could move this test out of tests/kernel/context and
always disable tickless.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The theory behind this test seems to be that taking an IRQ lock should
prevent the advance of the kernel's tick counter. That works on
traditional timers only. In tickless mode the timer hardware/driver
is expected to be able to give us an answer for time independent of
interrupt delivery, so the test fails spuriously. The "bug" detected
is a feature of tickless!
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
I was pretty careful, but these snuck in. Most of them are due to
overbroad string replacements in comments. The pull request is very
large, and I'm too lazy to find exactly where to back-merge all of
these.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This test needs just a tiny bit of extra stack. 512 bytes isn't
enough on x86 with the most recent set of timer patches.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
If the idle code was detecting that it needed to sleep for less than
CONFIG_SYS_TICKLESS_IDLE_THRESH, then it would never call
z_clock_set_timeout() at all, which means that the system would never
wake up unless it already had a timeout scheduled! Apparently we
lacked a test case to detect this condition.
Honestly this seems like a crazy feature to me. There's no benefit in
delivering needless tick announcements. If the system has the
capacity to enter deeper sleep for long timeouts, that's already
exposed via the PM APIs, the timer subsystem needn't be involved.
But... we actually have a test (tickless_concept) that looks at this,
so support it for now and consider deprecation later.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The system tick count is a 64 bit quantity that gets updated from
interrupt context, meaning that it's dangerously non-atomic and has to
be locked. The core kernel clock code did this right.
But the value was also exposed to the rest of the universe as a global
variable, and virtually nothing else was doing this correctly. Even
in the timer ISRs themselves, the interrupts may be themselves
preempted (most of our architectures support nested interrupts) by
code that wants to set timeouts and inspect system uptime.
Define a z_tick_{get,set}() API, eliminate the old variable, and make
sure everyone uses the right mechanism.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This was another "global variable" API. Give it function syntax too.
Also add a warning, because on nRF devices (at least) the cycle clock
runs in kHz and is too slow to give a precise answer here.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The existing API defined sys_clock_{hw_cycles,ticks}_per_sec as simple
"variables" to be shared, except that they were only real storage in
certain modes (the HPET driver, basically) and everywhere else they
were a build constant.
Properly, these should be an API defined by the timer driver (who
controls those rates) and consumed by the clock subsystem. So give
them function syntax as a stepping stone to get there.
Note that this also removes the deprecated variable
_sys_clock_us_per_tick rather than give it the same treatment.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
bat_commit is an old and obsolete tag that has not been maintained over
time and was supposed to serve a purpose that is obsolete now. Also
rename core tag with kernel.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fixed condition and wrong Kconfig name, shoud be CONFIG_CPU_HAS_NXP_MPU
instead of only CPU_HAS_NXP_MPU.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This test is intended to verify the interrupt nesting.
Interrupt nesting feature allows an ISR to be preempted
in mid-execution if a higher priority interrupt is signaled.
The lower priority ISR resumes execution once the higher
priority ISR has completed its processing.
Signed-off-by: Ajay Kishore <ajay.kishore@intel.com>
The $srctree environment variable gives the path relative to which
'(o)source' statements work (the current directory is used if $srctree
is unset). It is set to $ZEPHYR_BASE in cmake/kconfig.cmake, so there's
no need to qualify the source of Kconfig.zephyr in sample Kconfig files
(or in external projects).
All 'source's in Zephyr assume that the Zephyr root directory is used as
the srctree as well, and would break otherwise.
Remove the $(ZEPHYR_BASE)s to make it clearer that all 'source'
statements work relative to the Zephyr root. There was some user
confusion on IRC.
Also explain how things work in the documentation.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This commit updates the mem_domain_apis_test sample and the
mem_protect test, so they can compile and execute in ARMv8-M
platforms, which do not support the P_RW_U_RO access permissions
combination (privileged read/write, unprivileged read-only). The
modification consists of, simply, selecting a different access
permission (P_RO_U_RO) when building for ARMv8-M MPUs with the
unmodified ARM MPU architecture.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
There is no guarantee of wake-up order when multiple threads
are woken up on the same tick. Hence, modified the tests
accordingly.
Fixes#8159.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Under GNU C, sizeof(void) = 1. This commit merely makes it explicit u8.
Pointer arithmetics over void types is:
* A GNU C extension
* Not supported by Clang
* Illegal across all ISO C standards
See also: https://gcc.gnu.org/onlinedocs/gcc/Pointer-Arith.html
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
It is no longer necessary to set the KCONFIG_ROOT variable when the
KConfig file is in the application root directory.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
To improve the code coverage on native posix, adding CONFIG_SCHED_MULTIQ
for scheduler api tests.
Extracting a separate prj_native_posix.conf file for the scheduler test,
which validates the "multi queue" scheduler on native posix.
Signed-off-by: Ajay Kishore <ajay.kishore@intel.com>
The test case was supposed to access the privileged stack area
but instead it was accessing the stack guard region.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This patch updates the alignment for the memory domain partitions.
Also update the stack size for qemu_cortex_m3.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This commit removes all MPU-related (ARM_CORE_MPU and NXP_MPU)
options exept ARM_MPU, which becomes master switch controlling
MPU support on ARM.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Set CONFIG_USERSPACE in the prj.conf to ensure its set, right now
getting CONFIG_USERSPACE depends on tests/Kconfig setting it.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This test is intended to validate k_pipe_alloc_init()
and k_pipe_cleanup(), when CONFIG_USERSPACE is not defined.
Also added test to validate pending reader and pending writer
feature in pipe.
Signed-off-by: Ajay Kishore <ajay.kishore@intel.com>
With the new Kconfig preprocessor (described in
https://github.com/torvalds/linux/blob/master/Documentation/kbuild/
kconfig-macro-language.txt), the syntax for expanding environment
variables is $(FOO) rather than $FOO.
$(FOO) is a general preprocessor variable expansion, which falls back to
environment variables if the variable isn't set (like in Make). It can
also be used in prompts, 'comment's, etc.
The old syntax will probably be supported forever in Kconfiglib for
backwards compatibility, but might as well make it consistent now that
people might start using the preprocessor more.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The BT threads are interfering with the main thread priority selection
and the test fails semi-spuriously on NRF5x boards with "threads ran
too soon" (i.e. not an EDF failure per se, but the fact that the new
threads at K_LOWEST_APPLICATION_PRIO are running instead of the test
thread). This is a reasonable workaround for testing the
SCHED_DEADLINE ordering behavior, though.
Fixes#9843
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Simple test for CONFIG_SCHED_DEADLINE. It creates a bunch of threads
at randome deadlines but within the same priority, and validates that
they run in the correct order.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Building with !MULTITHREADING is designed for bootloaders and similar
minimal-functionality use cases. It's pathologically silly to combine
it with MMU drivers and address space partitioning, even though on
some architectures that technically works (on ARM, it seems not to).
The test intent was to disable this originally, but it turns out that
doesn't work. There is a TEST_USERSPACE kconfig symbol that also
needs to be explicitly turned off, otherwise it will reselect
USERSPACE against our wishes.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Fixes the gen_isr_table kernel test on mimxrt1050_evk by using data and
instruction synchronization barriers instead of disabling compiler
optimization on arm platforms. According to [1] section 4.5, "if a
pended interrupt request needs to be recognized immediately after being
enabled in the NVIC, add a DSB instruction and then an ISB instruction"
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dai0321a/BIHJDAAE.html
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
This adds some test cases where the pipe buffer is smaller than
the size of data being pushed through the pipe.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
For ARC MPU version 3, the defined partitions are not added to MPU
when appmem_init_app_memory is doning app_bss_zero().
So need to disable mpu first to allow appmem_init_app_memory to
access all partitions.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Add more stack for this test, it was failing and hidden by sanitycheck
(which needs to be fixed somewhere else).
Fixes#9664
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The stack size was way too less. Increasing the size to minimum
of 512 for all platforms.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Assisning system heap to the current thread.
And validate allocation and free memory from the same system
heap memory pool.
Signed-off-by: Ajay Kishore <ajay.kishore@intel.com>
irq_lock returns an unsigned int, though, several places was using
signed int. This commit fix this behaviour.
In order to avoid this error happens again, a coccinelle script was
added and can be used to check violations.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Add testcase for validating poll events by manipultaing thread
state to improve code coverage. Also, add multiple threads to
wait on same event.
Signed-off-by: Praful Swarnakar <praful.swarnakar@intel.com>
Prepend the text 'cmake_minimum_required(VERSION 3.8.2)' into the
application and test build scripts.
Modern versions of CMake will spam users with a deprecation warning
when the toplevel CMakeLists.txt does not specify a CMake
version. This is documented in bug #8355.
To resolve this we include a cmake_minimum_required() line into the
toplevel build scripts. Additionally, cmake_minimum_required is
invoked from within boilerplate.cmake. The highest version will be
enforced.
This patch allows us to afterwards change CMake policy CMP000 from OLD
to NEW which in turn finally rids us of the verbose warning.
The extra boilerplate is considered more acceptable than the verbosity
of the CMP0000 policy.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This commit replaces exact time compassion by a range check, allowing
the tests to pass on platforms which needs rounding in __ticks_to_ms()
and _ms_to_ticks().
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
The test read_kobject_user_pipe() is called twice in
the test suite. There is no need of calling same test
twice. Removing the extra call.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
This adds two test cases to create dynamic threads, and one test
case to make sure permissions are set correctly.
Origin: Original
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The kernel.queue.poll test fails if CONFIG_MAX_THREAD_BYTES is larger
than 2, complaining about no memory for semaphore object. Turns out
the memory pool is not large enough. So make it a bit larger.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Add descriptions and doxygen groups for app_memory,
stack_protection, stack_randomization and
obj_validation.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
Test that we can define our own system calls in application code
and that fault handling works properly.
Additional tests for base system call infrastructure, outside of
specific system calls, go here.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Test to verify k_thread_user_mode_enter() when usermode is
not enabled or supported by architecture. The thread which calls
k_thread_user_mode_enter() with CONFIG_USERSPACE disabled or
architecture doesn't support usermode, should be marked
as usermode and if it is essential, then it has to be cleared.
This is added to improve code coverage.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
Move k_thread_foreach() API test from tests/kernel/profiling to
tests/kernel/threads/thread_apis.
Fixes#7966
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Summary: revised attempt at addressing issue 6290. The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains. Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications. This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.
Overview: The current patch uses qualifiers to group data into
subsections. The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.
Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main. This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.
Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.
In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated. This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file. This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.
Usage:
- Requires: app_memory/app_memdomain.h .
- _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
- _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
- These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
- To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
- To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
- To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
- Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
- After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
- The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
Example:
/* create partition at top of file outside functions */
app_mem_partition(part0);
/* create domain */
app_mem_domain(dom0);
_app_dmem(dom0) int var1;
_app_bmem(dom0) static volatile int var2;
int main()
{
init_part_part0();
init_app_memory();
init_domain_dom0(part0);
add_thread_dom0(k_current_get());
...
}
- If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:
FOR_EACH(app_mem_partition, part0, part1, part2);
or, for multiple domains, similarly:
FOR_EACH(app_mem_domain, dom0, dom1);
Similarly, the init_part_* can also be used in the macro:
FOR_EACH(init_part, part0, part1, part2);
Testing:
- This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board. It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards. These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
- When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT. This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
- This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.
Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon). In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses. Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.
Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component. This commit
seperates the Kconfig definition from the definition used for the
conditional code. The change is in response to changes in the
way the build system treats definitions. The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives. A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM. By addining the default linker script
the prebuild stages link properly prior to the python script running
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
Added test to cover the case where the app can start the timer
even before the previous one is expired. In this case the timer
will start with latest settings or params.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This test is intended to validate k_msgq_alloc_init()
and k_msgq_cleanup(), when CONFIG_USERSPACE is not defined.
Also added test to validate k_msgq_get() api, if any thread is
pending to write in message queue.
Signed-off-by: Ajay Kishore <ajay.kishore@intel.com>
Modify test to cover k_queue_insert() and k_queue_alloc_prepend(),
and allocation failure/success scenario.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
This test is intended to validate k_stack_cleanup() and
k_stack_alloc_init(). Passed stack pointer in k_stack_alloc_init()
is statically defined.
Signed-off-by: Ajay Kishore <ajay.kishore@intel.com>
Set device state to DEVICE_PM_ACTIVE_STATE before making it busy.
Also improves the kernel/device.c coverage.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
On some architectures tick time cannot be expressed as integer
number of microseconds, introducing error in calculations using
sys_clock_us_per_tick variable.
This commit deprecates the sys_clock_us_per_tick variable and
replaces its usage by more precise calculations based on
sys_clock_hw_cycles_per_sec and sys_clock_ticks_per_sec.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
This commit replaces _TICK_ALIGN correction in the test (which was based
on simple division), by more precise estimation using __ticks_to_ms()
and _ms_to_ticks() functions.
This commit fixes#8899.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
Add test description, RTM links and doxygen links for common,
interrupt and boot page table test cases.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
Add test case description and doxygen groups for tracebility.
Add references to APIs being tested in timer component.
Signed-off-by: Praful Swarnakar <praful.swarnakar@intel.com>
Updated test description for tickless test cases, grouped test cases
as per doxygen requirements and some uncrustify's cosmetic changes.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
The kernel incorrectly assumed, that system timer frequency is always
divisible without remainder by couple "natural" tick rates (like 100).
As result on some SoCs, time calculations was not correct, producing
strange effects (invalid sleep times, incorrect k_uptime_get() etc.).
This commit enables accurate, but costly (using 64-bit math) tick <-> ms
conversion if the selected tick interval is not exact due to hardware
limitations.
Also, this commit fixes tests in which removed _ms_per_tick were used.
Signed-off-by: Piotr Zięcik <piotr.ziecik@nordicsemi.no>
These two tests ask for lots of priority levels, more than the 32
maximum allowed by SCHED_MULTIQ (which is by design: if you have
requirements like that DUMB or SCALABLE are better choices due to the
RAM overhead of MULTIQ), so the build will fail on boards that defined
MULTIQ as default.
Don't let the platform choose the scheduler backend, ask for SCALABLE
explicitly.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The SSE and SSE_FP_MATH configs exist only in the x86 architecture, so
extract them to a separate prj_x86.conf file for the fp_sharing test.
Fixes Kconfig warnings when building the test for frdm_k64f:
- warning: attempt to assign the value "y" to the undefined symbol SSE
- warning: attempt to assign the value "y" to the undefined symbol
SSE_FP_MATH
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
When adding the nRF52810, which has 24KB of RAM, some of the tests don't
compile anymore due to lack of SRAM. Address this by either filtering
the test out or reducing the amount of memory allocation.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Restructured the test, added description and enhanced
semaphore count logic to check for semaphores created
only in the test.
Fixes: #7106
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
The ARRAY_SIZE() utility macro will actually test the parameter types,
and ensure that it is only called with arrays, and not arrays decayed
to pointers.
Changes were performed with a simple Coccinelle script.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This is a feature Ben added so you could use Zephyr's arch layer to
bootstrap things like bootloaders without sucking in the whole kernel.
And it's worked until now.
But we never had a test for it, and I just broke it with the scheduler
rework. Add a trivial test just to make sure this continues to link
and run. Longer term it would be nice to have some kind of size
metric here to guarantee that the feature stays lean and doesn't pull
in needless code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Previously, ARC .config's would get built for this test, giving Kconfig
warnings along the lines of
warning: NUM_IRQS ... was assigned the value "3" but got the value
"38". Check its dependencies...
Add an 'arch_whitelist: arm' so that .configs only get built for ARM.
These warnings will soon be turned into errors.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The test kernel.sched.preempt was hanging in the posix arch,
due to a busy wait loop in wakeup_src_thread() added in
a803af2fa7.
We fix it by halting the cpu to let time pass in the posix
arch.
Reenabling the testcase in this board by reverting
e8a906c29c
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
The native_posix board does model irq_offload properly now
and therefore this test can be executed without problems.
So let's enable it.
Related to commit:
86b5364335
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Because the address and size alignment of MPUv2,
limite the thread numbers for emsk_em7d_v22.
If not, build will faill because of DCCM overflow
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
Even CONFIG_HW_STACK_PROTECTION is no here,
it is still yes as it will be re-selected by
CONFIG_TEST_HW_STACK_PROTECTION in tests/Kconfig.
So the correct setting here is:
CONFIG_TEST_HW_STACK_PROTECTION=n
This fixes#8092 (case1)
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The return value from k_fifo_get() might be NULL in some situations,
so protect against that.
Coverity-ID: 186190
Coverity-ID: 186058
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Fail in tests where we have an OOPS or a panic. Right now and in many
cases we continue and test case might be reported as PASS.
Cases that have the tag ignore_faults will ignore those faults (cases
that are testing faults for example).
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Since on ARM CONFIG_NUM_IRQS option has no prompt, it cannot be properly
overridden by a prj.conf fragment. Instead make it have a prompt for
this particular test to be able to override it properly.
Fixes#8200
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
`mmsg` should be fully initialized prior to calling k_mbox_get(). The
mailbox implementation (mainly, mbox_message_match()) will look inside
the second parameter passed to k_mbox_get() in order to determine if
which pending messages should be returned to the caller.
Fixes Valgrind warning listed in #7478.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Scheduler choice is subtle across yield and k_sleep(), add calls to
those to the state table and validate that we're making the right
decisions.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
True stack sizes may be rounded up, instead of using a multiplier
just fetch the true stack size and add one to it, just one byte
over should produce an error.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Commit 4ef36a4b54 ("tests/kernel/mem_slab: Fix memory overcommit")
caught this error, but missed the fact that there are two slabs that
need to be resized. I also failed to properly explain (or, to be
honestly, fully understand) the deadlock condition, so add a nice big
comment explaining it.
Basically: you have a bunch of threads that can allocate all but one
of their blocks before trying to allocate their last one and pending.
There must be at least one block left so all the threads don't
symmetrically go to sleep waiting on each other.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Call k_thread_foreach only once from _sys_soc_suspend()
otherwise it will flood the console with stack dumps. As per
the test implementation, the one time call happens through
test_call_stacks_analyze_idle test case.
Also removed the the stack size comparision logic from
thread_callback() as the actual size allocated could be
different from what is requested based on the Kconfig option
CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT
Fixes Issue #7858
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This test spawned 4 threads all of which try to allocate 3 blocks from
the same mem_slab before freeing any, leading to a maximum of 12
in-flight allocations. But the slab contained only 3 blocks!
Most of the time it passed, but CI caught it failing on occasion,
possibly more often now due to recent scheduler changes. Fixes#8069
(hopefully).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The idea behind this test is to race two CPUs against each other,
validating that each is truly running simultaneously. But it just
assumed that the other thread/cpu would start synchronously as soon as
k_thread_create() returned.
Normally, that works fine. But while debugging I added some code that
was slowing down entry to the other thread (or maybe the return from
k_thread_create() into the main thread) long enough to allow one
thread to get a significant head start. That breaks the logic in the
test and things were inexplicably "failing".
Put a spin loop around the count so that the main thread can start
counting to within the memory system's ability to inform it of the
change from the other thread.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
* because stack analysis is required, so STACK_CHECK must be
turned off. No HW_STACK_PROTECTION has no impact on current test
* If CONIFG_USERSPACE, the real stack size is bigger than the declared
stack size
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
In arc, privileged stack is merged into defined stack. So
the real stack size should add privileged stack size.
Signed-off-by: Wayne Ren <wei.ren@synopsys.com>
The test was using ztest incorrectly exposing everything as one single
test function. We now have multiple tests that can be tracked back to
features and requirements.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
We were referring to old function names and still using the task
terminology which can be confusing.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This test exaustively tests preemption points between threads of all
priority classes (cooperative, preemptible, and metairq), done both
from a synchronous reschedule (via k_sem_give() and from interrupt
context (via irq_offload()), and with and without the sched_lock()
held. It then detects the next thread that runs and validates vs. the
documented priority rules.
Note that there is a whitelisted case on ARM, where irq_offload()
seems not to be working like a true interrupt (it always returns to
the interrupted context and doesn't seem to hit the normal exception
return path which can context switch). And native_posix is excluded
because of failures and the fact that it's actually never possible to
truly preempt a thread there (they run to completion inside _Swap()
et. al. and then block themselves). Both of these should be fixable
in the future but don't (seem to) directly relate to this test.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The generation of Stack Corruptions reports is, now, supported
in ARM SOCs with the ARM MPU (CONFIG_ARM_MPU). Therefore, this
commit removes the workaround for ARM architecture in
tests/kernel/fatal/ and keeps it only for SOCs with the NXP MPU
(CONFIG_MXU_MPU).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Zephyr code routinely assumes conventional ILP32/LP64 integer
behavior, and occasionally relies on it to perform some nice tricks.
This is despite the fact that this behavior (while pervasively adopted
and in use on all architectures we care about supporting) isn't
actually guaranteed by the language standard which allows much looser
semantics than actual exist on hardware.
Put it into the intmath section of this test as a build time thing.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
An errant commit accidentally disabled all testing of
hardware-based stack protection. Restore it, and work
around a problem with how these kinds of exceptions are
reported on ARM until #7706 is fixed.
We need to globally disable user mode due to how the
select statements in Kconfig work, the stack sentinel
is incompatible with user mode.
Some build warnings when compiling as native_posix
fixed.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
A test was trying to add the maximum number of partitions,
but when the domain was initialized there was already one
added which needed to be accounted for to avoid an
assertion failing.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add description to test cases in tests/kernel/mem_heap,
tests/kernel/mem_slab and tests/kernel/mem_pool
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
These tests had very small stacks, and the rbtree scheduler on
qemu_x86 (which does need a little extra stack room, though not much)
is bumping up against the limit. Increase by ~128 bytes in most
cases. In the case of the mbox_api test, there are other platforms
(which don't use the tree) which are right against the limit already
and will fail to link with a larger stack, so bump it for qemu_x86
only.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Remove unstructured and unused doxygen groups for tests. We will now add
doxygen comments per test function and follow a more structured
grouping.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
k_poll is now accessible from user mode. A memory allocation takes place
from the caller's resource pool to copy the provided poll_events
array; this can be large enough to make allocating it on the stack
not preferable.
k_poll_signal are now proper kernel objects. Two APIs have been added,
one to reset the signaled state and one to check the current signaled
state and result value.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
User mode may now use queue objects. Instead of embedding the kernel's
linked list information directly in the data item, a container struct
is allocated from the caller's resource pool which is then added to
the queue. The new sflist type is now used to store a flag indicating
whether a data item needs to be freed when removed from the queue.
FIFO/LIFOs are derived from k_queues and have had allocator functions
added.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Similar to what has been done with pipes and message queues,
user mode can't be trusted to provide a buffer for the kernel
to use. Remove k_stack_init() as a syscall and offer
k_stack_alloc_init() which allocates a buffer from the caller's
resource pool.
Fixes#7285
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
User mode can't be trusted to provide a memory buffer to
k_msgq_init(). Introduce k_msgq_alloc_init() which allocates
the buffer out of the calling thread's resource pool and expose
that as a system call instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
User mode can't be trusted to provide the kernel buffers for
internal use. The syscall for k_pipe_init() has been removed
in favor of a new API to draw the buffer memory from the
calling thread's resource pool.
K_PIPE_DEFINE() now properly locates the allocated buffer into
kernel memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Dynamic kernel objects no longer is hard-coded to use the kernel
heap. Instead, objects will now be drawn from the calling thread's
resource pool.
Since we now have a reference counting mechanism, if an object
loses all its references and it was dynamically allocated, it will
be automatically freed.
A parallel dlist is added for efficient iteration over the set of
all dynamic objects, allowing deletion during iteration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Forthcoming patches will dual-purpose an object's permission
bitfield as also reference tracking for kernel objects, used to
handle automatic freeing of resources.
We do not want to allow user thread A to revoke thread B's access
to some object O if B is in the middle of an API call using O.
However we do want to allow threads to revoke their own access to
an object, so introduce a new API and syscall for that.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If a variable is declared extern first, the name and type
information is stored in a special DW_DIE_variable which
is then referenced by the actual instances via the
tag DW_AT_specification.
We now place extern variable instances in an extern environment
and use this data to fetch the name/type of the instances,
which do not have it (which is why they were being skipped).
As it turns out, the gross hack for the system workqueue was
due to this problem because of the extern declaration in
kernel.h.
Fixes: #6992
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a test case for k_thread_foreach API.
Replace deprecated k_call_stacks_analyze API with
k_thread_foreach for existing test cases.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Add few tests to check access permissions of memory partitions
of a memory domain, validate memory domain destroy.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
Group tests under 'Zephyr Tests' and only document the actual tests.
Create cross references to APIs being tested where applicable.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Also parse test documentation. When add tests to doxygen, we get
warnings about device.h macros not being defined. Exclude this now and
track this in issue #7367.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
For many tests, avoid splitting into files and put eveything in main.c.
For many of the tests, use main.c as the test source file to keep things
consistent.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The fp_sharing test has an option to control the number of iterations in
the pi calculation, which is used to adjust the duration of the test on
different platforms that may have significantly different execution
frequencies (e.g., qemu_x86 vs. frdm_k64f). The conversion to CMake did
not handle this option correctly and forced the same value for all
platforms.
The test now completes in about 5 minutes on frdm_k64f.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
As k_thread_cancel() is deprecated, we need to test if delayed thread
which is in wait queue can be cancelled from k_thread_abort().
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
The testcases presented here will test the following functionality
1. Inheritance of permission from parent thread to child.
2. Memory domain implementation.
3. Access permission for k objects.
The combinations of these test cases will cover some of the basic
usecases of the userspace mode.
These test cases are meant to be executed by any board with has
CONFIG_USERSPACE enabled.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Instead of completely excluding those tests, mark them as skipped and
provide an noop function that marks the test as skipped where test is
not supported.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
A red-black tree is maintained containing the metadata for all
dynamically created kernel objects, which are allocated out of the
system heap.
Currently, k_object_alloc() and k_object_free() are supervisor-only.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The only difference between this call and k_thread_abort() (beyond
some minor performance deltas) is that "cancel" will act as a noop in
cases where the thread has begun execution and will return an error.
"Abort" always succeeds, of course. That is inherently racy when used
as a "stop the thread" API: there's no way in general (or at all in
SMP situations) to know that you're calling this function "early
enough" to catch the thread before it starts.
Effectively, all k_thread_cancel() gives you that k_thread_abort()
doesn't is an indication about whether or not a thread has started.
There are many other ways to get that information that don't require
dangerous kernel APIs.
Deprecate this function. Zephyr's own code never used it except for
its own unit test.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Following tests were failing on a microcontroller with 32KB flash:
test-mbedtls
kernel.common
The min_flash option has been added in the test case yaml files.
Signed-off-by: Diego Sueiro <diego.sueiro@gmail.com>
This commit disables Bluetooth and adds a customized vector
table for nRF52X-based platforms in the irq_vector_table kernel
test, in order to prevent UsageFault during system timer
interrupts, and, therefore, let the test execute properly.
This commit fixes#6890.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add Cortex-M33 and Cortex-M7 in the list of supported
ARM MCUs for the arm_irq_vector_table test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
For posix layer implementation of message queue, we need to fetch
basic attributes of message queue. Currently this routine is not
present in Zephyr. So adding this routing into message queue.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
There is a typo in the area description of the testcase (kerne.XYZ vs
kernel.XYZ).
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
Remove arduino_101 from platform whitelist in testcase.yaml as all the
test cases are not meant to run on Arduino_101.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
The following test cases have been added for semaphore.
1. Test simple semaphore give/take from an isr.
2. Test simple semaphore give/take from a task.
3. Test semaphore take with no wait.
4. Test semaphore take with no wait and fails.
5. Test semaphore take with timeout and fails.
6. Test semaphore take with timeout.
7. Test semaphore take with timeout as forever
8. Test semaphore take with timeout from an isr.
9. Test semaphore take on multiple threads.
10. Test semaphore give/take from an isr.
11. Test semaphore multiple threads wait on a semaphore.
12. Test semaphore measure timeouts.
13. Test semaphore measure timeout when give is from another thread.
14. Test semaphore multiple sem take and timeouts.
15. Test semaphore multiple sem take with diff timeout & semaphore.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This test validates random number generator APIs that
is not related to kernel and should not be part of
kernel tests.
Signed-off-by: Praful Swarnakar <praful.swarnakar@intel.com>
The test validates the behavior of calling k_thread_start()
of thread which is already started. The thread has to start
execution only when its state is _THREAD_PRESTART.
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
Add testcases for following scenario
Test to check alert_recv(timeout) against the following cases
1. The current task times out while waiting for the event.
2. There is already an event waiting (signalled from a task).
3. The current task must wait on the event until it is signalled
from either another task or an ISR
Test to check alert_recv(K_FOREVER) against the following cases:
1. There is already an event waiting (signalled from a task and ISR).
2. The current task must wait on the event until it is signalled
from either another task or an ISR
Test to checks that the event handler is set up properly when
alert_event_handler_set() is called. It shows that event handlers
are tied to the specified event and that the return value from the
handler affects whether the event wakes a task waiting upon that
event
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
Add k_fifo kernel object timeout scenario tests like basic
k_fifo API tests with timeouts and tests which involve other
threads to get/put items from/into k_fifo with timeouts.
This test is inspired from test_stack legacy test from
Zephyr v1.7.0 release.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Add k_fifo kernel object usage scenario tests between thread
to thread and thread to ISR.
This test is inspired from test_fifo legacy test from
Zephyr v1.7.0 release.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Previously qemu_x86 was the only device to run this test in
userspace. With this patch, the pipe testcases can now
run on any device which has userspace enabed.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The following are the test cases added for pipe.
1. Test pipe APIs on single data element.
2. Test pipe APIs on multiple data elements.
3. Test pipe APIs with forever wait.
4. Test pipe APIs with timeout.
5. Test pipe APIs on an empty pipe.
6. Test pipe get API with forever timeout.
7. Test pipe get API with limited timeout.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
The test verifies the API functionality of _thread_essential_clear(),
_thread_essential_set() and _is_thread_essential()
Signed-off-by: Spoorthi K <spoorthi.k@intel.com>
This is a component of address space layout randomization that we can
implement even though we have a physical address space.
Support for upward-growing stacks omitted for now, it's not done
currently on any of our current or planned architectures.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
SRAM size is very small and so we cant fit the test-suite inside.
Hence disabling the execution on boards with very small RAM region.
Example: quark_d2000 & nucleo f030
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Added new test cases to increase the impact of the test cases.
The following are the brief description of the testcases:
1. Incorrect receiver address.
2. Incorrect transmit address.
3. Mbox_get timeout occurs when not able to retrive a msg.
4. Discard a msg by passing an invalid pool id.
5. Msg id mismatch between the receiver and transmitter.
6. Copy tx buffer to a new block in the pool.
7. Copy a big tx buffer to a block in the pool but no block
can fit it.
8. Dispose a msg as soon as it is read.
9. Free tx pool when we read the msg.
10. A Asynchronous put unblocks a waiting get.
11. A Asynchronous put sends a wrong address to a waiting get.
12. Multiple Asynchronous put populates the msg_q and mbox_get
retrives it.
13. Multiple waiting mbox_get and each put unblocks it one at a time.
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Modified the testcase for comparing the successive random
numbers generated by sys_rand32_get(). Also, added new configs
for verifying different sources of random number generation.
Signed-off-by: Praful Swarnakar <praful.swarnakar@intel.com>
The ICSR[NMIPENDSET] bit got renamed to ICSR[PENDNMISET] in the v8m
architecture. So we map SCB_ICSR_PENDNMISET_Msk to
SCB_ICSR_NMIPENDSET_Msk to the tests builds and functions.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Add a testcase where single work is submitted to
multiple queue. In this case handler invoked only
once as single work cannot be submitted to multiple
queue.
Add a test case which submit a work to a queue twice. This testcase
is added to test neagtive case when k_delayed_work_cancel() fails
in k_delayed_work_submit_to_queue API
Signed-off-by: Savinay Dharmappa <savinay.dharmappa@intel.com>
Added a test to check for the predictability with which
the timer expires depending on the period configured.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Add stack object usage scenario tests between thread
to thread and thread to ISR.
This test is inspired from test_stack legacy test from
Zephyr v1.7.0 release.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
The kernel.fatal.stack_protection was filtering on
ARCH_HAS_STACK_PROTECTION and that should be
CONFIG_ARCH_HAS_STACK_PROTECTION
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Add a test to verify that k_sleep() can be used to put
the calling thread to sleep for a specified number of
ticks during system initialization.
This test is inspired from legacy test_early_sleep test
from v1.7.0 release.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This test is POSIX based implementation of tests:kernel:pthread test.
It used POSIX APIs instead of Zephyr APIs.
Signed-off-by: Youvedeep Singh <youvedeep.singh@intel.com>
Get the reporting right and consistent with other tests. Use ztest
possible where possible and remove too many lines and confusing output.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move to a more cosnistent test naming using test_ to improve reporting
and parsing. Expand string tests and run them as separate ztest tests.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This test had to special case ARM, where error handlers are not
NORETURN functions. The xtensa/asm2 layer has the same behavior
(albeit for a different reason). Add it to the list, and clean up the
explanation a bit.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Simple SMP test to validate the two threads can be simultaneously
scheduled. Arranges things such that both threads are at different
priorities and never yield the CPU, so on a uniprocessor build they
cannot be fairly scheduled. Checks that both are nonetheless making
progress.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The xtensa-asm2 work included a patch that added nano_internal.h
includes in lots of places that needed to have _Swap defined, because
it had to break a cycle and this no longer got pulled in from the arch
headers.
Unfortunately those new includes created new and more amusing cycles
elsewhere which led to breakage on other platforms.
Break out the _Swap definition (only) into a separate header and use
that instead. Cleaner. Seems not to have any more hidden gotchas.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Simple test of spinlock semantics. Bounce between two CPUs locking
and releasing, validating that nothing changes at unexpected times.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
_Swap() is defined in nano_internal.h. Everything calls _Swap().
Pretty much nothing that called _Swap() included nano_internal.h,
expecting it to be picked up automatically through other headers (as
it happened, from the kernel arch-specific include file). A new
_Swap() is going to need some other symbols in the inline definition,
so I needed to break that cycle. Now nothing sees _Swap() defined
anymore. Put nano_internal.h everywhere it's needed.
Our kernel includes remain a big awful yucky mess. This makes things
more correct but no less ugly. Needs cleanup.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Split the search into two loops: in the common scenario, where device
names are stored in ROM (and are referenced by the user with CONFIG_*
macros), only cheap pointer comparisons will be performed.
Reserve string comparisons for a fallback second pass.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The read/write_kernel_stack tests are confusingly named and incorrectly
implemented for ARM; they are intended to test that user mode threads
cannot read or write their privileged stacks. The privileged stacks
on ARM are not relative to the user stack, and thus their location
cannot be computed from the user stack. To find the privileged stack on
ARM, we have to use _k_priv_stack_find(), which we do during setup
in test_main() rather than from the usermode thread itself. Accessing
thread_stack directly from the test function requires making it
non-static in ztest, so we also give it a ztest_ prefix to avoid
collisions with other test programs. Rename the test functions and
global pointer variable to more accurately reflect their purpose.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This patch adjusts the calculation of the overflow size for the kernel
stack tests which read/write to areas below the current user stack.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This PR includes the required changes in order to support
conditional compilation for Armv8-M architecture. Two
variants of the Armv8-M architecture are defined:
- the Armv8-M Baseline (backwards compatible with ARMv6-M),
- the Armv8-M Mainline (backwards compatible with ARMv7-M).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Added support in tests/kernel/tickless for ARCH_POSIX
and enabled this test for this architecture
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
If the systick period is < 5ms the clock testcase will
stall.
Added a note to warn whoever hits it.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Check the fault reason against the expected value.
This is presently architecture-specific, and possibly
reflects a bug on ARM (all faults end up with reason 0,
even though ARM does define a separate value for Oops).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Previously we were handling any fault during test execution as
a pass condition. Explicitly indicate when a fault is expected
and fail the test if we encounter an unexpected fault.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Tests system call memory buffer read/write validation using the
k_pipe_get() and k_pipe_put() calls from a userspace thread.
Specifically, this tests _SYSCALL_MEMORY_READ/WRITE checks
by the system call handler by attempting to read/write to a
kernel object.
write_kobject_user_pipe() attempts to write over a kernel object
by using the kernel object's location as the buffer to place
the data read from the pipe.
read_kobject_user_pipe() attempts to read a kernel object by using
the kernel object's location as the location of data to be placed
into the pipe.
Tested on qemu_x86 and frdm_k64, passes on both.
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Added three tests for kernel objects focusing on 1) revoking
access to a k_object that the thread does not have
permissions to access, 2) accessing a k_object after
permissions to access it were revoked, and 3) trying to
revoke access to a k_object from a parent thread by a
child thread. Additionally, added a test for
k_thread_user_mode_enter().
revoke_noperms_object() tests by calling
k_object_access_revoke() on a semaphore (kernel object) that it
does not have access to (ksem).
access_after_revoke() tests ability to access a semaphore after
access has been revoked by itself.
revoke_other_thread() tests whether a thread can revoke access
for an object for which it has permissions from a thread for
which it does not have permissions.
user_mode_enter() tests whether k_thread_user_mode_enter()
truly enters user mode.
Tested on qemu_x86 and frdm_k64 with pr-4974 applied, passes
on qemu_x86 but requires small fix for ARM (will submit
separately).
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Rename the nano_internal.h to kernel_internal.h and modify the
header file name accordingly wherever it is used.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Running this testcase on qemu without userspace enabled it
crashes. The testcase was modifing page table information
of the bss region. This in turn caused some variables to be
inaccessible. Fixed it by moving the page manipulation to a
different location.
GH-5646
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Make it possible to run in other posix boards.
By default, if the POSIX board does not define the TICK_IRQ
just run without that part of the test, printing a note.
The place where other POSIX boards should define it, is also
clear, and should be easy to keep those lines free from merge
conflicts in the future.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
BT does use a semaphore, which does cause the count of sempahores to
fail, disable BT here to only keep locally created objects.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
What this test actually does is verify internal APIs for manipulating
the MMU specifically on the X86. It is not compatible with other arches.
Moved to live with the rest of the memory protection tests.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The test case used a stack which was not aligned to 4kB. Hence an
assert was catching this issue.
GH-5539
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Use ztest API in legacy test to support ztest
framework and also update README according to new
output.
Signed-off-by: Punit Vara <punit.vara@intel.com>
Basic test for sys_kernel_version_get verifying macros work correctly
and we get the expected version parts using the macros.
Fixes#4777
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The following 3 testcases are blacklisted for the POSIX
arch / simple_process BOARD:
* tests/drivers/ipm : won't compile due to missing
__stdout_hook_install() [part of minimal libc]
(POSIX arch uses the native libc)
* tests/kernel/mem_protect/stackprot : will crash
"natively" when trying to corrupt the stack and therefore
will fail the testcase. The current understanding is that
the POSIX arch should let the native OS handle faults,
so they can be debugged with the native tools.
* samples/cpp_synchronization : it is not possible
to build cpp code yet on top of the posix arch
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Added small delay in each iteration of the critical_loop
loop for the posix arch:
For this arch this loop and critical_rtn would otherwise
run in 0 time and therefore the test would never finish.
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
test/timer/timer_api use k_busy_wait to implement the
tests' busy_wait_ms, for archs which require a different
type of busy waiting
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
For the POSIX arch we rely on the native OS to handle
segfaults, and stack overflows.
So that we can debug them with normal native tools.
Therefore these 2 are ifdef'ed for this arch in this test
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
Having posix headers in the default include path causes issues with the
posix port. Move to a sub-directory to avoid any conflicts.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add tests of the ability to read or write the stack of another thread.
Use semaphores for explicit synchronization of the start and end of the
other thread to ensure that the attempted stack access occurs while the
thread is alive. This ensures that the MMU/MPU has been configured at
least once to allow userspace access to the stack, and that any
removal of access upon thread termination has not yet occurred. This
therefore should exercise changing the MMU/MPU configuration to remove
access to the other thread's stack when switching back to our
thread.
Tested on qemu_x86 (pass) and on frdm_k64f (with and without the ARM
userspace patches; with them, the tests pass; without, they fail as
expected). Also, as with most of the other tests, if you replace
ztest_user_unit_test() with ztest_unit_test(), then the tests fail as
expected.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This patch removes the extraneous priv_insn test as it is a duplicate
of the following test that writes to the control register. For ARM,
unprivileged contexts which access control registers does not result
in a fault. It results in no modification of the register, so we have
to check that a modification occurred.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
This patch fixes the calculation of the privileged stack portion. The
ztest threads have a stack size of 2048. The privileged area resides in
the lowest 512 bytes. So use the definition of the stack size to get to
the right area.
Signed-off-by: Andy Gross <andy.gross@linaro.org>
Due to insufficient ISR stack memory the irq offload was
corrupting the memory.
GH-4766
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Testcase developed x86mmu specific, to validate
existing APIs. This checks for the PDE/PTE set
on the address and returns if some violation occurs or not.
Signed-off-by: Akhilesh Kumar Upadhyay <akhilesh.kumarx.upadhyay@intel.com>
Remove references to k_mem_pool_defrag and any related bits associated
with mem_pool defrag that don't make sense anymore.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is still work-in-progress, but putting it up in case it is
helpful to people working in this area and for early comments.
Add a set of tests to validate the expected security properties
of threads created with K_USER when CONFIG_USERSPACE=y. This can
be used as a regression test for architectures that already implement
this support and as a validation test for others.
I considered incorporating these tests into the existing protection
test, but decided against it since protection does not enable or rely
upon CONFIG_USERSPACE for its existing tests and passes on everything
that provides MPU or MMU support, even without full userspace support.
I also considered incorporating these tests into the existing
obj_validation test, but decided against it since obj_validation only
tests the object validation/permission logic, does not run any user
mode threads (or strictly depend on that support), and passes
on both x86 and arm today, unlike these tests. That said, I have no
strong objections if it would be preferable to fold these into it
(and perhaps rename it to be more general).
The current tests implemented in this test program verify the following
for a thread created with K_USER:
is_usermode: is running in usermode
priv_insn: cannot invoke privileged insns directly
write_control: cannot write to control registers
disable_mmu_mpu: cannot disable memory protections (MMU/MPU)
read_kernram: cannot read from kernel RAM
write_kernram: cannot write to kernel RAM
write_kernro: cannot write to kernel rodata
write_kerntext: cannot write to kernel text
read_kernel_data: cannot read __kernel-marked data
write_kernel_data: cannot write __kernel-marked data
read_kernel_stack: cannot read the kernel/privileged stack
write_kernel_stack: cannot write the kernel/privileged stack
pass_user_object: cannot pass a non-kernel object to a syscall
pass_noperms_object: cannot pass an object to a syscall without a grant
start_kernel_thread: cannot start a kernel (non-user) thread
Some of the tests overlap and could possibly be dropped, but it
seems harmless to retain them. The particular targets of read/write
tests are arbitrary other than meeting the test criteria and can be
changed (e.g. in data, rodata, or text) if desired to avoid coupling
to kernel implementation details that may change in the future.
On qemu_x86, all of the tests pass. And, if you replace all
occurrences of ztest_user_unit_test() with ztest_unit_test(), then
all of the tests fail (i.e. when the tests are run in kernel mode,
they all fail as expected). On frdm_k64f presently (w/o the arm
userspace patches), all of the tests fail except for write_kernro and
write_kerntext, as expected.
ToDo:
- Verify that a user thread cannot access data in another memory domain.
- Verify that a user thread cannot access another thread's stack.
- Verify that a user thread cannot access another thread's kobject.
- Verify that k_thread_user_mode_enter() transitions correctly.
- Verify that k_object_access_revoke() is enforced.
- Verify that syscalls return to user mode upon completion.
- Verify that a user thread cannot abuse other svc calls (ARM-specific).
- Other suggested properties we should be testing?
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
test_main() takes no arguments, so this was causing a fault
after returning from test_main due to the stack canary checking.
Before, the test run ends with:
PROJECT EXECUTION SUCCESSFUL
***** CPU Page Fault (error code 0x00000011)
Supervisor thread executed address 0x00400000
PDE: 0x027 Present, Writable, User, Execute Enabled
PTE: 0x80000000267 Present, Writable, User, Execute Disable
Current thread ID = 0x00401080
Faulting segment:address = 0x0008:0x00400000
eax: 0x00000000, ebx: 0x00000000, ecx: 0x0040b19c, edx: 0x000056df
esi: 0x00000000, edi: 0x00000000, ebp: 0x000051c0, esp: 0x0040b1d8
eflags: 0x246
Caught system error -- reason 6
After, the test run ends with:
PROJECT EXECUTION SUCCESSFUL
Reported-by: Joshua Domagalski <jedomag@tycho.ncsc.mil>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This patch do following things :
- fix checkpatch warnings
- replace conditions with ztest apis wherever necessary
Signed-off-by: Punit Vara <punit.vara@intel.com>
Make legacy test case use of ztest apis to support
ztest framework.
Reduce ztest stack size to 512 otherwise region 'SRAM'
will overflow for nucleo board.
Signed-off-by: Punit Vara <punit.vara@intel.com>
Added a case for ARC in the test so it builds. ARC MPU has execute
permision bit so we can enable the NO_EXECUTE_SUPPORT testing.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The end_sema k_sem was only initialized on one of the several paths
that used it, leading to some crazy clobber-the-run-queue behavior
that was dependent on linkage order (see the linked bug) when end_sema
and the pipe object were made non-static..
Adding a k_sem_init() call fixes the corrupt issue, but really the
right thing is to use the DEFINE macro, so do that instead. Note that
that the initializer changes the linkage order too (by putting the
semaphore in a separate segment), so... yeah, it's actually impossible
to prove that this patch in isolation resolves the issue seen without
manual validation.
Issue: https://github.com/zephyrproject-rtos/zephyr/issues/4366
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
This patch removes checkpatch warnings as well as
make use of ztest apis to convert legacy test to ztest.
Signed-off-by: Punit Vara <punit.vara@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This should clear up some of the confusion with random number
generators and drivers that obtain entropy from the hardware. Also,
many hardware number generators have limited bandwidth, so it's natural
for their output to be only used for seeding a random number generator.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Two tests were on the knife-edge of their current stack limit and
were overflowing when UART system calls were added and userspace
enabled.
Test case stack sizes are often pulled out of thin air, the current
value of 256 was just a guess.
Kick these stacks up to 384; verified with sanitycheck --all that
this doesn't break anything.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When the header file is located in the same directory as the source
file it is better to use a relative quote-include, e.g.
than a system include like
Avoiding the use of system includes in these cases is beneficial
because;
* The source code will be easier to build because there will be fewer
system include paths.
* It is easier for a user to determine where a quote-include header
file is located than where a system include is located.
* You are less likely to encounter aliasing issues if the list of
system include paths is minimized.
Authors:
Anas Nashif
Sebastian Bøe
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Using the PAE page tables it is possible to disable code execution
form RAM.
JIRA:ZEP-2511
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
main.c and test_thread_init.c merged.
All tests which don't require cooperative priorities now running in
user mode.
Userspace tag added to testcase.yaml.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Some unnecessary k_thread_abort() removed.
userspace tag added to testcase.yaml.
Suspend/resume, spawn_forever, and spawn_priority tests remain in
supervisor mode due to the priority requests they make.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Unnecessary k_thread_abort() removed from test_msgq_purge_when_put.
A single global msgq object is now shared instead of being declared
on thread stacks, except for an ISR test case which has had its
semaphore renamed.
Moved k_sem_init() call from msgq_thread() to test_msgq_thread()
to fix a race condition.
userspace tag added to testcase.yaml.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
main.c and test_sema_contexts.c merged
userspace tag added to testcase.yaml
stack-allocated semaphore in test_sema_thread2thread now just uses
the global semaphore with the same name.
ISR tests run in supervisor mode.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
main.c and test_alert_contexts.c merged.
User threads can't look inside the alert structures, so an extra
variable 'htype' introduced to track expectations for any given
alert object in alert_recv().
Alert objects have to be initialized by supervisor threads since
they register callbacks. An array of toplevel alert objects created
and initialized in test_main(), replacing the ones that used to
live on thread stacks.
Added userspace tag to testcase.yaml
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Main thread grants itself access to objects it or its children need
and does the rest of the test case in user mode.
Statically defined threads now all run in user mode, with permissions
granted via K_THREAD_ACCESS_GRANT().
Added userspace tag to testcase.yaml.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently this is defined as a k_thread_stack_t pointer.
However this isn't correct, stacks are defined as arrays. Extern
references to k_thread_stack_t doesn't work properly as the compiler
treats it as a pointer to the stack array and not the array itself.
Declaring as an unsized array of k_thread_stack_t doesn't work
well either. The least amount of confusion is to leave out the
pointer/array status completely, use pointers for function prototypes,
and define K_THREAD_STACK_EXTERN() to properly create an extern
reference.
The definitions for all functions and struct that use
k_thread_stack_t need to be updated, but code that uses them should
be unchanged.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
