Spin locks held for any lengthy duration prevent interrupts and
in a real time system where interrupts drive tasks this can be
problematic. Add an option to assert if a spin lock is held for
a duration longer than the configurable number of microseconds.
Signed-off-by: Tom Burdick <thomas.burdick@intel.com>
Wire this up the same way ASAN works. Right now it's support only by
recent clang versions (not gcc), and only in 64 bit mode. But it's
capable of detecting uninitialized data reads, which ASAN is not.
This support is wired into the sys_heap (and thus k_heap/k_malloc)
layers, allowing detection of heap misuse like use-after-free. Note
that there is one false negative lurking: due to complexity, in the
case where a sys_heap_realloc() call is able to shrink memory in
place, the now-unused suffix is not marked uninitialized immediately,
making it impossible to detect use-after-free of those particular
bytes. But the system will recover cleanly the next time the memory
gets allocated.
Also no attempt was made to integrate this handling into the newlib or
picolibc allocators, though that should hopefully be possible via
similar means.
Signed-off-by: Andy Ross <andyross@google.com>
This had bitrotten a bit, and didn't build as shipped. Current
libasan implementations want -fsanitize=address passed as a linker
argument too. We have grown a "lld" linker variant that needs the
same cmake treatment as the "ld" binutils one, but never got it. But
the various flags had been cut/pasted around to different places, with
slightly different forms. That's really sort of a mess, as sanitizer
support was only ever support with host toolchains for native_posix
(and AFAICT no one anywhere has made this work on cross compilers in
an embedded environment). And the separate "gcc" vs. "llvm" layers
were silly, as there has only ever been one API for this feature (from
LLVM, then picked up compatibly by gcc).
Pull this stuff out and just do it in one place in the posix arch for
simplicity.
Also recent sanitizers are trying to add instrumentation padding
around data that we use linker trickery to pack tightly
(c.f. SYS_INIT, STRUCT_SECTION_ITERABLE) and we need a way
("__noasan") to turn that off. Actually for gcc, it was enough to
just make the records const (already true for most of them, except a
native_posix init struct), but clang apparently isn't smart enough.
Finally, add an ASAN_RECOVER kconfig that enables the use of
"halt_on_error=0" in $ASAN_OPTIONS, which continues execution past the
first error.
Signed-off-by: Andy Ross <andyross@google.com>
This commit adds the `CODE_UNREACHABLE` hint at the end of the
assertion failure branch so that the compiler takes note of the assert
function not returning when an assertion fails.
This prevents the compiler from generating misguided warnings assuming
the asserted execution paths.
It also introduces the `ASSERT_TEST` Kconfig symbol, which indicates
that the "assert test mode" is enabled. This symbol may be selected by
the tests that require the assert post action function to return
without aborting so that the test can proceed.
Note that the `CODE_UNREACHABLE` hint is specified only when the assert
test mode is disabled in order to prevent the tests from crashing when
the assert post action function returns.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Move from using Kconfig GDBSTUB_SERIAL_BACKEND_NAME to a devicetree
chosen property ("zephyr,gdbstub-uart"). This is similar to a number
of other functions like "zephyr,shell-uart" or "zephyr,bt-uart".
Signed-off-by: Benjamin Björnsson <benjamin.bjornsson@gmail.com>
This will generate profile data that can be analyzed using gprof. When
you build the application (currently for native_posix only), after
running the application you will get a file "gmon.out" with the call
graph which can be processed with gprof:
gprof build/zephyr/zephyr.exe gmon.out > analysis.txt
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
f4df23c9 added dependency on ASSERT to some options prefixed
with ASSERT_ assuming that they are no used elsewhere. Turned
out that there are subsystem specific assert macros (e.g. BT_ASSERT)
which relies on those options. Removing the dependency.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Create wrapper for printk to avoid including printk.h in __assert.h.
__assert.h is used everywhere thus should not have dependency to
printk.h.
Cleanup assert Kconfig options.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
When immediate logging is used and optimization is off then bigger
stack is needed for thread analyzer. Adjusting the value.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Add option to include analysis of interrupt stack(s) when
threads are analyzed.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
CONFIG_OPENOCD_SUPPORT was deprecated in favor of
CONFIG_DEBUG_THREAD_INFO in Zephyr v2.6.0 and can now be removed.
Signed-off-by: Maureen Helm <maureen.helm@intel.com>
Adds Xtensa as supported architecture for coredump. Fixes
a few typos in documentation, Kconfig and a C file. Dumps
minimal set of registers shown by 'info registers' in GDB
for the sample_controller and ESP32 SOCs. Updates tests.
Signed-off-by: Lauren Murphy <lauren.murphy@intel.com>
This adds a kconfig to specify the buffer size for GDB packet
I/O. Some architectures may need a bigger buffer for the general
register packet, and we don't want it to overflow our buffer.
This also changes the packet read/write buffer to be allocated
outside of stack. Since the buffer can be large enough that it
won't fit inside the stack.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
With the introduction of `EXPERIMENTAL` and `WARN_EXPERIMENTAL` in
Zephyr all subsys/debug settings having `[EXPERIMENTAL]` in their
prompt has has been updated to include `select EXPERIMENTAL` so that
developers can enable warnings when experimental features are enabled.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Add a dependency on MULTITHREADING for the
STACK_SENTINEL feature, so it may not get
enabled in single-thread Zephyr builds.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Increase the default thread analyzer stack size. On ARM systems the
stack usage is higher with CONFIG_FPU enabled.
The default of 512 is not enough in this case and lead to stack
overflow.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Remove this intrusive tracing feature in favor of the new object tracing
using the main tracing feature in zephyr. See #33603 for the new tracing
coverage for all objects.
This will allow for support in more tools and less reliance on GDB for
tracing objects.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Remove the config BOOT_TIME_MEASUREMENT and corresponding #ifdef'd code
throughout (kernel/init.c, idle.c, core/common.S , reset.S, ... ) which
hold the extern hooks for z_timestamp_main and z_timestamp_idle in the
removed boot_time test suite.
Signed-off-by: Jennifer Williams <jennifer.m.williams@intel.com>
Spin lock validation is touching threads. Allow only when
multithreading is enabled.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The exported structures that were originally introduced for OpenOCD have
since then been reused for other debugger plugins, including PyOCD and
Segger J-Link.
Rename the Kconfig option and the implementation from openocd to debug
thread info, so that it reflects the fact that this is no longer
specifically tied to OpenOCD.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
the implementation of spinlock validation uses two LSB bits in the
bottom of a pointer union to store a CPU index, which only has space
for 4 CPUS. the MP_NUM_CPUS should be <= 4.
Signed-off-by: Watson Zeng <zhiwei@synopsys.com>
Add thread runtime statistics to the thread analyser.
With CONFIG_THREAD_RUNTIME_STATS enabled:
Booting from ROM..*** Booting Zephyr OS build zephyr-v2.4.0-2330-g77be0e93e65b ***
thread_a: Hello World from cpu 0 on qemu_x86!
Thread analyze:
thread_b : STACK: unused 740 usage 284 / 1024 (27 %); CPU: 0 %
thread_analyzer : STACK: unused 8 usage 504 / 512 (98 %); CPU: 0 %
thread_a : STACK: unused 648 usage 376 / 1024 (36 %); CPU: 98 %
idle 00 : STACK: unused 204 usage 116 / 320 (36 %); CPU: 0 %
thread_b: Hello World from cpu 0 on qemu_x86!
thread_a: Hello World from cpu 0 on qemu_x86!
thread_b: Hello World from cpu 0 on qemu_x86!
thread_a: Hello World from cpu 0 on qemu_x86!
thread_b: Hello World from cpu 0 on qemu_x86!
thread_a: Hello World from cpu 0 on qemu_x86!
thread_b: Hello World from cpu 0 on qemu_x86!
thread_a: Hello World from cpu 0 on qemu_x86!
Thread analyze:
thread_b : STACK: unused 648 usage 376 / 1024 (36 %); CPU: 7 %
thread_analyzer : STACK: unused 8 usage 504 / 512 (98 %); CPU: 0 %
thread_a : STACK: unused 648 usage 376 / 1024 (36 %); CPU: 9 %
idle 00 : STACK: unused 204 usage 116 / 320 (36 %); CPU: 82 %
thread_b: Hello World from cpu 0 on qemu_x86!
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
It implements gdb remote protocol to talk with a host gdb during the
debug session. The implementation is divided in three layers:
1 - The top layer that is responsible for the gdb remote protocol.
2 - An architecture specific layer responsible to write/read registers,
set breakpoints, handle exceptions, ...
3 - A transport layer to be used to communicate with the host
The communication with GDB in the host is synchronous and the systems
stops execution waiting for instructions and return its execution after
a "continue" or "step" command. The protocol has an exception that is
when the host sends a packet to cause an interruption, usually triggered
by a Ctrl-C. This implementation ignores this instruction though.
This initial work supports only X86 using uart as backend.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This adds a very primitive coredump mechanism under subsys/debug
where during fatal error, register and memory content can be
dumped to coredump backend. One such backend utilizing log
module for output is included. Once the coredump log is converted
to a binary file, it can be used with the ELF output file as
inputs to an overly simplified implementation of a GDB server.
This GDB server can be attached via the target remote command of
GDB and will be serving register and memory content. This allows
using GDB to examine stack and memory where the fatal error
occurred.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Sort entries alphabetically and cleanup top level menu for each
subsystem. Move stats subsystem Kconfig from debug into its own Kconfig.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This one was appearing in the top level Kconfig menu when viewed in
menuconfig. Move it to where it belongs.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The boot time measurement can also run with the HPET timer so there's
no reason to restrict it to APIC.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
In case of SMP (i.e. multiple execution units processing
the same list of tasks) we cannot use the same data structures for
getting data about active tasks as with just one processor (UP).
So until explicit support of SMP is added make sure we don't allow
to select both OPENOCD & SMP simultaneously.
Moreover starting from
commit a203d21962 ("kernel: remove legacy fields in _kernel")
this will lead to build-time error if MP_NUM_CPUS > 1.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Move rtt configuration options to drivers/debug and split the
systemview configuration.
drivers/debug will service for this class of drivers that are enabled in
debug mode only and provide a hardware interface to the system.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Tracing subsystem is growing and although related to debugging, it does
deserve to belong into its own subsystem.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add Kconfig option TRACING_TEST which can be used to
customize tracing packet format (currently supporting
string format and data format) for testing purpose.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
Add TRACING_ISR Kconfig to help high latency backend working well.
Currently the ISR tracing hook function is put at the begining and
ending of ISR wrapper, when there is ISR needed in the tracing path
(especially tracing backend), it will cause tracing buffer easily
be exhausted if async tracing method enabled. Also it will increase
system latency if all the ISRs are traced. So add TRACING_ISR to
enable/disable ISR tracing here. Later a filter out mechanism based
on irq number will be added.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
First, this commit adds user interface in tracing_format.h which
can trace both string format and data format packet.
Second, it adds method both for asynchronous and synchronous way.
For asynchronous method, tracing packet will be buffered in tracing
buffer first, tracing thread will output the stream data with the
help of tracing backend when tracing thread get scheduled.
Third, it adds UART and USB tracing backend for asynchronous
tracing method, and adds POSIX tracing backend for synchronous
tracing way.
Also it can receive command from host to dynamically enable and
disable tracing to have host capture tracing data conveniently.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
Add option to disable the assertion message, this makes all __ASSERT
behave as __ASSERT_NO_MSG instead.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add verbose option which would control if the assertion mechanism prints
any information at all. With this disabled they application will have to
use the stack-frame to locate the assertion location.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add Kconfig option to disable the conditional expression in the assert
that failed. This would save code space, and file and line provides
better information than the conditional expression in case where
the same expression would be asserted upon.
For example __ASSERT_NO_MSG(buf) wouldn't make much sense in
configuration where CONFIG_ASSERT_NO_FILE_INFO was enabled.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
SPIN_VALIDATE is, as it was previously, enabled per default when having
less than 4 CPUs and either having no flash or a flash size greater than
32kB.
Small targets, which needs to have asserts enabled, can chose to have
the spinlock validation enabled or not and thereby decide whether the
overhead added is acceptable or not.
Signed-off-by: Danny Oerndrup <daor@demant.com>
Added leak suppression, by implementing __lsan_default_suppressions
function, for SDL2 and X11 library which are used by the SDL display
driver.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Disable "at exit" memory leak check by LSAN if building for a 64-bit
target with GCC. This is need to fix a potential deadlock in GCCs
libasan implementation.
Fixes#20122
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Default behavior is to include __FILE__ info with all of the Zephyr
assert macros, __ASSERT, __ASSERT_NO_MSG and __ASSERT_LOC. Setting the
ASSERT_NO_FILE_INFO kconfig option, replaces the __FILE__ with an
empty string, thus removing the file information from the asserts.
The intention here is to allow for code space limited devices to run
with asserts enabled.
Signed-off-by: Danny Oerndrup <daor@demant.com>
