Wire this up the same way ASAN works. Right now it's support only by
recent clang versions (not gcc), and only in 64 bit mode. But it's
capable of detecting uninitialized data reads, which ASAN is not.
This support is wired into the sys_heap (and thus k_heap/k_malloc)
layers, allowing detection of heap misuse like use-after-free. Note
that there is one false negative lurking: due to complexity, in the
case where a sys_heap_realloc() call is able to shrink memory in
place, the now-unused suffix is not marked uninitialized immediately,
making it impossible to detect use-after-free of those particular
bytes. But the system will recover cleanly the next time the memory
gets allocated.
Also no attempt was made to integrate this handling into the newlib or
picolibc allocators, though that should hopefully be possible via
similar means.
Signed-off-by: Andy Ross <andyross@google.com>
The cbprintf formatter cbvprintf_exteral_formatter_func has a typo
in it with a missing 'n'. So add it.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
There is a spinlock used in the EFI console code for printing
one line string. It already made the log output being in order
under multi-cores, so it doesn't need a printk sync spinlock
again. Disable it while using EFI console as a log backend.
Fixes#47512.
Signed-off-by: Enjia Mai <enjia.mai@intel.com>
Fixing bug in free space calculation which was assuming 1 byte
padding and not 32 bit word padding. Bug could result in the
data corruption in certain scenario.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
xcc compiler complains about how fdtable variable is initialized:
"""
warning: missing braces around initialize
"""
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Use CONFIG_DCACHE_LINE_SIZE to determine distance between
fields modified by different cores.
Add option which specifies what is the data cache line
of the remote core. Maximum from local and remote cache
line sizes is used as distance and alignement.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
add a sys_mem_blocks_is_region_free procedure to test
if the block in question is free or taken
Signed-off-by: Marcin Szkudlinski <marcin.szkudlinski@intel.com>
Signed-off-by: Tomasz Leman <tomasz.m.leman@intel.com>
Since the retrieved heap memory statistics are identical to those of
the retrieved mem_block statistics, it makes sense to use a single
generic-named structure for both instead of two identical structures
with different names.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Both the current and maximum number of allocations in a given memory
blocked are tracked (and can be queried) when the
CONFIG_SYS_MEM_BLOCKS_RUNTIME_STATS Kconfig option is selected.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Following zephyr's style guideline, all if statements, including single
line statements shall have braces.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The function used an assert if n was 0. Instead
of using an assert, the function will now just
not do anything. The documentation has also
been updated to reflect this.
The reasoning for this is that the strlcpy function
this (sort of) implements for utf8 works the same way.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
MISRA C:2012 Rule 21.13 (Any value passed to a function in <ctype.h>
shall be representable as an unsigned char or be the value EOF).
Functions in <ctype.h> have undefined behavior if they are called with
any other value. Callers affected by this change are not prepared to
handle EOF anyway. The addition of these casts avoids the issue
and does not result in any performance penalty.
Signed-off-by: Abramo Bagnara <abramo.bagnara@bugseng.com>
Signed-off-by: Simon Hein <SHein@baumer.com>
MISRA C:2012 Rule 9.3 (Arrays shall not be partially initialized.)
Systematically use `{0}' to specify full 0 initialization
(not `{}', not `{0U}').
Signed-off-by: Abramo Bagnara <abramo.bagnara@bugseng.com>
Signed-off-by: Simon Hein <SHein@baumer.com>
Added functions which allow to use zero copy model for handling
data within the packet buffer.
Additionally, added handling of cache by adding option to keep rd_idx
in different cache line than wr_idx and data.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Picolibc doesn't have the non-standard printf support required for tagged
arguments in cbprintf. Disable this and use the format string parsing code
instead.
Signed-off-by: Keith Packard <keithp@keithp.com>
Picolibc already provides the functionality offered by cbprintf, so
there's no reason to use the larger and less functional version included
in zephyr.
Signed-off-by: Keith Packard <keithp@keithp.com>
When using picolibc, change vprintk to use picolibc's vfprintf instead of
cbvprintf.
Building samples/hello-world for qemu-cortex-m3.
old:
Memory region Used Size Region Size %age Used
FLASH: 9056 B 256 KB 3.45%
SRAM: 3960 B 64 KB 6.04%
IDT_LIST: 0 GB 2 KB 0.00%
new:
Memory region Used Size Region Size %age Used
FLASH: 7900 B 256 KB 3.01%
SRAM: 3960 B 64 KB 6.04%
IDT_LIST: 0 GB 2 KB 0.00%
Signed-off-by: Keith Packard <keithp@keithp.com>
There's no use of the 'count' field of the context, so remove it. Because
that's the only member of struct out_context, remove the whole struct.
Signed-off-by: Keith Packard <keithp@keithp.com>
MISRA C:2012 Rule 8.2 (Function types shall be in prototype form with
named parameters.)
Added missing parameter names.
Signed-off-by: Abramo Bagnara <abramo.bagnara@bugseng.com>
If system memcpy() is used, assert.h must be included. Fixes
a build warning on undeclared use of memcpy.
Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
MISRA C:2012 Rule 7.2 (A `u' or `U' suffix shall be applied to all
integer constants that are represented in an unsigned type)
Added missing `U' suffixes in constants that are involved in the
analyzed build, plus a few more not to introduce inconsistencies
with respect to nearby constants that are either unused in the
build (but implicitly unsigned) or are used and are immediately
converted to unsigned.
Signed-off-by: Abramo Bagnara <abramo.bagnara@bugseng.com>
The cast to narrow for %hhd support must be 'signed char' instead of 'char'
to support targets where 'char' is unsigned, as on riscv.
Signed-off-by: Keith Packard <keithp@keithp.com>
Add flags option to init call and a flag to use cache.
Add Kconfig choice to pick how to approach cache. Cache can be
enforced in all spsc_pbuf instances, disable in all, or runtime selected
based on configuration flag. Option is added to allow memory footprint
savings.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Move icmsg_buf to lib/os and rename to spsc_pbuf (Single Producer
Single Consumer Packet Buffer). It is a generic module and initially
was created as internal module for ipc service.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
This adds some bits to support tagged arguments to be used for
packaging. If enabled, the packaging function no longer looks at
the format strings to determine the types of arguments, but
instead, each argument is tagged with a type by preceding it
with another argument as type (integer). This allows the format
strings to be removed from the final binary to conserve space.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
For the error codes used only in __ASSERT() statements fix compilation
warnings like:
...
warning: variable 'err' set but not used [-Wunused-but-set-variable]
int err;
^
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
New Types:
* Added support for Generic Numeric type (float, 64-bit)
* Added support for Opaque string type.
* Added support parse Array data in object for seprate array parsing
New API for Json Array parsing Object 1 by 1:
* json_arr_separate_object_parse_init() init array parse
* json_arr_separate_parse_object() Parsing 1 Json Object
Rename token and lexer structures and publish those.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
Fixes following warning during compilation with llvm:
...
lib/os/mpsc_pbuf.c:428:8: warning: variable 'wrap' set but not used
[-Wunused-but-set-variable]
bool wrap;
^
1 warning generated.
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
In order to bring consistency in-tree, migrate all lib code to the new
prefix <zephyr/...>. Note that the conversion has been scripted, refer
to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
When in_len is 0 then length is calculated from the package and
assignment was missing.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Extend package copying functionality by adding function for converting
a package. Function gets callback+context pair and converted package
is part by part passed to that callback. Contrary to typical sprintf
callback which works on chars, callback works with buffers.
Existing cbprintf_package_copy function is implemented as static
inline and uses new cbprintf_package_convert API.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
sparse complains about cbprintf incompatible callback type and
incorrect size of struct __va_list. Add exceptions to silence those
errors.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Destination buffer size could be too small by one,
but null termination is still written. This could cause an
overwrite in contiguous memory without notice.
Signed-off-by: Rico Ganahl <rico.ganahl@bytesatwork.ch>
Besides the current allocated/free bytes, keep track of
the maximum allocated bytes to help determine the heap
size requirements. Also, provide a function to reset
the statistic.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
Some problems, as passing NULL when a context in expected,
always reflect to bugs. Such problems cannot be handled
in runtime. So the desired action is system panic.
Signed-off-by: Marcin Szkudlinski <marcin.szkudlinski@intel.com>
Some problems, as passing NULL when a context in expected,
always reflect to bugs. Such problems cannot be handled
in runtime. So the desired action is system panic.
Signed-off-by: Marcin Szkudlinski <marcin.szkudlinski@intel.com>
memory block should allow not only allocate memory but also
getting an arbitrary chosen part of memory.
Mixing of allocate and get, however possible, may be dangerous
because alloc may get any of memory. So be careful.
Signed-off-by: Marcin Szkudlinski <marcin.szkudlinski@intel.com>
As preparation for memory blocks to support continuous memory blocks
modify bitmap operation wrappers to support multiple bits alloc/free
Signed-off-by: Marcin Szkudlinski <marcin.szkudlinski@intel.com>
a method to check and set/clear a chosen region in a bitmap
if not previously set/cleared in a single atomic operation.
Useful for keeping track of resources usage, like memory banks
Signed-off-by: Marcin Szkudlinski <marcin.szkudlinski@intel.com>
