Show we can measure free memory properly and map a page of
anonymous memory, which has been zeroed and is writable.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a conf file to make sure the kernel will use simple linked-list
ready queue as scheduling algorithm. This operation will increase module
testcase coverage and z_priq_dumb_add z_prj_dum_remove function are
called.
Signed-off-by: Ying ming <mingx.ying@intel.com>
This reverts commit b98058ecd0.
With icount finally working in QEMU for ARC these tests start to
pass reliably, so no need to exclude them any longer.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
This reverts commit 6f4f5b1fe5.
With icount finally working in QEMU for ARC these tests start to
pass reliably, so no need to exclude them any longer.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
This reverts commit 27d42f060d.
With icount finally working in QEMU for ARC these tests start to
pass reliably, so no need to exclude them any longer.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Increase the heap memory pool size in the
prj_armv8m_mpu_stack_guard.conf, to match
the value in the default configuration in
proj.conf (and fix an out-of memory issue
when allocating a kernel object).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Change subsystem to use struct pm_state with substate-id instead of
using only the power state category.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Migrate the whole pm subsystem to use new power states information
from power_state.h and get states and residency properties from
device tree.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Upcoming changes from Andrew that add a global timeout to the kernel
broke because of some voodoo behavior in the kernel/context test. It
will use arch_irq_disable() on the timer interrupt directly to prevent
interrupts and measure timekeeping in their absence. But some
architectures[1] don't reliably deliver interrupts that arrive, which
means that a running timeout that exists across this period will
result in a corrupt timeout queue.
Document that rule for architectures, move the offending test to the
end of the test suite (to minimize the chance of interacting with
other test code) and put a giant warning about the situation on it.
Long term, we may want to rework this test to do its job in other
ways.
[1] On x86, the interrupt disable happens at the IO-APIC level, while
interrupt latching and delivery is downstream in each CPU's Local
APIC. An IO-APIC masked interrupt is completely invisible to the APIC
and can never be delivered once the line goes low.
Fixes#31333
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Until #31333 is resolved, the periodic timer in the eviction
algorithm interacts with this test in such a way that the system
deadlocks.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If we evict enough pages to completely fill the backing store,
through APIs like k_mem_map(), z_page_frame_evict(), or
z_mem_page_out(), this will produce a crash the next time we
try to handle a page fault.
The backing store now always reserves a free storage location
for actual page faults.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
More to be added, but for now show that we can map more
anonymous memory than we physically have, and that reading/
writing to it works as expected.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Show we can measure free memory properly and map a page of
anonymous memory, which has been zeroed and is writable.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add some error condition or testing cases to verify whether the
robustness of API. Such as give a NULL to some API and check
the response if get result that we were expacted.
Signed-off-by: Jian Kang <jianx.kang@intel.com>
Add some testcases to test some failure scenario
to enhance the coverage of queue's source code.
And add the fatal error function to handler the
fatal error by ourself.
Signed-off-by: Ningx Zhao <ningx.zhao@intel.com>
Add some error case tesing such as invoke k_sem_take with duration
timeout or set input to NULL. This is check if API robust in error
condition handing.
Signed-off-by: Jian Kang <jianx.kang@intel.com>
When using Red/black tree ready queue as scheduling algorithm,
there are no limit to the number of priority levels. So set the
CONFIG_NUM_COOP_PRIORITIES to 30, testcase test_bad_prooritiesi()
will prove both cooperative and preemptive thread have no quantitative
limit.
Signed-off-by: Ying ming <mingx.ying@intel.com>
1. Add a null dynamic name testing for device_get_binding().
2. Add a driver which initialization failed in SYS_INIT.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
1. Remove the error test cases that trigger assertion.
2. Refine the NULL and invalid kobject parameter test case.
3. Use the common fatal error handler to reduce code.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
As FPU enalbed the printf code size is changed,
so increase main stack size to make test pass on NXP RT platforms
Signed-off-by: Hake Huang <hake.huang@oss.nxp.com>
Skip the memory mapping execution test case when code coverage enabled
for qemu_x86_64 platform. See issue #30434.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
The "sentinel" variant of this test runs the same code, but enables
the stack sentinel feature. Inexplicably, it's also disabling
TICKLESS_KERNEL, forcing a timer interrupt at every tick boundary.
That doesn't seem to be required for any test functionality I can see.
And worse, by changing that setting without adjusting the tick rate,
it runs afoul of more modern platforms which were designed with
tickless operation in mind. Specifically, the intel_adsp platforms
have a default tick rate of 50 kHz, which is just too fast for
reasonable operation. It leaves almost no time available for
application code and something falls behind and fails.
Just remove it.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Leftover from old renaming commits. This function is not private and
should not start with underscore.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Add some error test cases for spinlock, include:
1.Validate indentical spinlock cannot be used recursively.
2.Validate unlocking incorrect spinlock will trigger assertion.
3.Validate releasing incorrect spinlock will trigger assertion.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
For a while now, we've had two APIC drivers. The older was preserved
initially as the new (much smaller, "new style") code didn't have
support for Quark interrupt handling. But that's long dead now. Just
remove it.
Note that this migrates the one board using this driver (acrn) to
CONFIG_APIC_TIMER instead.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Add some testcases for stack source code coverage,
and add a fatal handler function to hand the error
by null parameter.
Signed-off-by: Ningx Zhao <ningx.zhao@intel.com>
Convert tests to DEVICE_{DT_}DEFINE instead of DEVICE_AND_API_INIT
so we can deprecate DEVICE_AND_API_INIT in the future.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Renamed to make its semantics clearer; this function maps
*physical* memory addresses and is not equivalent to
posix mmap(), which might confuse people.
mem_map test case remains the same name as other memory
mapping scenarios will be added in the fullness of time.
Parameter names to z_phys_map adjusted slightly to be more
consistent with names used in other memory mapping functions.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add some error case testing such as invoking mutex with null parameter
or using it interrupt context. This is for checking if API robust
enough in error condition handling.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
tls rely on both arch has tls and toolchain support tls, add filter:
CONFIG_TOOLCHAIN_SUPPORTS_THREAD_LOCAL_STORAGE for
some tests enabled tls.
Signed-off-by: Watson Zeng <zhiwei@synopsys.com>
Modify test .yaml file, to allow the .gap_filling test
variant to execute only on cortex-m33 platforms with
sufficient number of MPU regions. Copy pasting the
configuration from mem_protect/userspace test.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Skip the test_disable_mmu_mpu test case for
Cortex-M non-secure builds, since the test
may enter a BusFault which is not banked
between security states and the system
may hang.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Skip the scenario of accesing a faulty address
in test_string_nlen for Non-Secure Zephyr builds,
because accessing faulty addresses in this case
triggers SecureFault that may hang the system
completely.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
- Remove SYS_ prefix
- shorten POWER_MANAGEMENT to just PM
- DEVICE_POWER_MANAGEMENT -> PM_DEVICE
and use PM_ as the prefix for all PM related Kconfigs
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Use of a printk that supports floating point changes the stack
requirements causing kernel.common.stack_protection_arm_fpu_sharing to
fail. The test doesn't need this capability so revert to nano
formatting.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Use the core k_heap API pervasively within our tree instead of the
z_mem_pool wrapper that provided compatibility with the older mempool
implementation.
Almost all of this is straightforward swapping of one alloc/free call
for another. In a few cases where code was holding onto an old-style
"mem_block" a local compatibility struct with a single field has been
swapped in to keep the invasiveness of the changes down.
Note that not all the relevant changes in this patch have in-tree test
coverage, though I validated that it all builds.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Remove test cases that exercise the deprecated mem_pool features of
the pipe utility.
Note that this leaves comparatively few cases left, we should probably
audit coverage after this merges and rewrite tests that aren't
interdependent.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The mailbox and msgq utilities had API variants that could pass old
mem_pool blocks through the data structure. That API is being
deprected (and the features were obscure), so remove the internal
support.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The sys_mem_pool data structure is going away. And this test case
didn't actually do much. All it did was create a sys_mem_pool in the
app data section (I guess that's the "mem_protect" part?) and validate
that it was usable. We have tests for sys_heap to do that already
elsewhere anyway; no point in porting.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This test was written to use a TINY system heap (64 bytes) from which
it has to allocate on behalf of a userspace process. The change in
convention from mem_pool (where the byte count now includes metadata
overhead) means it runs out of space. Bump to 192 bytes. Still tiny.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These two test cases were making whitebox assumptions of both the
block header size and memory layout of an old-style k_mem_pool that
aren't honored by the k_heap allocator. They aren't testing anything
that isn't covered elsewhere.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The kernel resource pool is now a k_heap. There is a compatibility
API still, but this is a core test that should be exercising the core
API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The k_mem_pool allocator is no more, and the z_mem_pool compatibility
API is going away. The internal allocator should be a k_heap always.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These were implemented in terms of the mem_pool/block API directly
(for complicated reasons, the pointers returned from this API may have
been allocated from allocators other than the single system heap).
Have them use a k_heap instead.
Requires a tweak to one test which had hard-coded an assumption about
the header size.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Mark all k_mem_pool APIs deprecated for future code. Remaining
internal usage now uses equivalent "z_mem_pool" symbols instead.
Fixes#24358
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Remove the MEM_POOL_HEAP_BACKEND kconfig, treating it as true always.
Now the legacy mem_pool cannot be enabled and all usage uses the
k_heap/sys_heap backend.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Set work item's flag in pending state, it cannot be append to a
workqueue. Improve branch coverage of function k_work_submit_to_queue().
Signed-off-by: Ying ming <mingx.ying@intel.com>
When defining system calls, it is very important to ensure that
access to the API’s private data is done exclusively through system
call interfaces. Private kernel data should never be made available
to user mode threads directly. For example, the k_queue APIs were
intentionally not made available as they store bookkeeping
information about the queue directly in the queue buffers which are
visible from user mode.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
build_on_all here was supposed to be a smoke test to test building on
all platforms, it should not be used for more than 1 just test.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Adds a K_DELAYED_WORK_DEFINE, matching the K_WORK_DEFINE macro, with
accompanying Z_DELAYED_WORK_INITIALIZER macro.
Makes k_delayed_work_init a static inline function, like its K_WORK
counterpart.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
When adding the new partition to a memory domain the system must
assert that it does not overlap with any other existing partitions
in the domain.
Test to add new partition which has same start address as an
existing one, after that must happen an assertion error indicating
that new partition overlaps existing one.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Nothing in the API description the delayed work structure sanctions
direct reference to internal fields. Do not assume that a delayed
work item can be initialized in any way other than by invoking the
delayed work item init function. Do not assume that a delayed work
item can be submitted without delay by invoking k_work_submit() with a
reference to the contained work item.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
In test_pipe_user_thread2thread(), what should be tested is
the pipe, which allocated with k_object_alloc(), rather than
"pipe" and "kpipe". That two pipes are already teseted in
test_pipe_thread2thread().
Signed-off-by: Steven Wang <steven.l.wang@linux.intel.com>
Adds a new CONFIG_MPU which is set if an MPU is enabled. This
is a menuconfig will some MPU-specific options moved
under it.
MEMORY_PROTECTION and SRAM_REGION_PERMISSIONS have been merged.
This configuration depends on an MMU or MPU. The protection
test is updated accordingly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
CONFIG_FPU selects support for formatting floating point numbers,
which increases the stack requirements for cbprintf, causing this test
to overrun its stack.
Since this test doesn't format floating point numbers, use
CBPRINTF_NANO to revert to using the small-footprint formatter.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Tests that include floating-point format specifications may need
cbprintf FP support. Make sure it's available.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The test reads and writes outside the bounds of an array allocated on
the stack in check_input(). This commit disables the test on SPARC.
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
The BIT_INDEX() macro assumed little-endian. This commit adds
big-endian support, conditioned on the preprocessor define
CONFIG_BIG_ENDIAN.
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
Using the same implementation as the rest of Zephyr reduces code size.
Update options and expected results for formatting test.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
These tests were suppressed when KERNEL_COHERENCE=y because of a
feature collision with CONFIG_POLL that has since been fixed.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These test variants were there to test an older backend to the kernel
queue utility that used k_poll() as the blocking mechanism. That code
got removed a while back, so these tests were just dupicates of the
main cases now. Remove.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Some platforms may have multiple RAM regions which are
dis-continuous in the physical memory map. We really want
these to be in a continuous virtual region, and we need to
stop assuming that there is just one SRAM region that is
identity-mapped.
We no longer use CONFIG_SRAM_BASE_ADDRESS and CONFIG_SRAM_SIZE
as the bounds of kernel RAM, and no longer assume in the core
kernel that these are identity mapped at boot.
Two new Kconfigs, CONFIG_KERNEL_VM_BASE and
CONFIG_KERNEL_RAM_SIZE now indicate the bounds of this region
in virtual memory.
We are currently only memory-mapping physical device driver
MMIO regions so we do not need virtual-to-physical calculations
to re-map RAM yet. When the time comes an architecture interface
will be defined for this.
Platforms which just have one RAM region may continue to
identity-map it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Execute tests are disabled for RISC-V because is isn't able
to set an execution restriction. From RISC-V documentation:
"Instruction address-translation and protection are unaffected
by the setting of MPRV"
MPRV is used to apply memory protection restriction when CPU is
running in machine mode (kernel).
Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com>
Add a memory region allocation for RISCV architecture.
Also fix an arbitraty value which can't work with
RISC-V granularity.
Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com>
Add support for the following tests:
- test_write_control
- test_disable_mmu_mpu
- test_read_priv_stack
- test_write_priv_stack
Signed-off-by: Alexandre Mergnat <amergnat@baylibre.com>
Add doxygen comments for details of test_pipe_thread2thread().
By the way, plan to do the same thing to all test cases
in test_pipe_contexts.c.
Signed-off-by: Steven Wang <steven.l.wang@linux.intel.com>
We need to make sure that if we migrate a thread to another
memory domain, the migration process doesn't cause the target
thread to explode. This is mostly a concern on SMP systems;
the thread could be running on another CPU at the same time.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Do minor change of the descriptions and doxygen group name in order to
pave the way for generation the test specification.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
We can't control ticks accurately enough to detect the transition
between on a queue and being handled, so relax the checks to make
things pass.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Modify the gen_isr_table test case to using ztest. Although it was
split up to three test cases, the test logic and the tested platform
are totally the same as previous one.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
This test is a little subtle: it wants to spawn three threads to run
and be switched out by a timeslice interrupt. And it wants to consume
half a time slice itself before it starts running. And, because
timeslicing runs out of the same tick framework in the timer driver,
it needs to align to the start of a tick before the process starts.
And further: it does its own time math not in ticks but in timer
cycles, so it's quite sensitive to slop.
But it's "synchronize to tick boundary" code was actually
synchronizing to a CYCLE boundary, which is just wrong. And it was
doing this in the wrong order. It was resetting the timeslice first
and then synchronizing to a tick by spinning, which means that the
test was always going to begin as much as a tick late. Do the tick
synchronization (via a sleep) first.
Finally, the manager thread that was spawning the new threads lives at
the same priority as the highest priority child threads, which means
it can potentitially wake up on the semaphores that they are giving in
the middle of the test and consume CPU unexpectedly. Make sure it's
sleeping for the duration.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
There is a race condition between the child threads
exiting, and the child threads getting re-used in the
next scenario. This reproduces more often on SMP systems.
Close the race by joining on the child threads before
exiting any test scenario.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The existing testcase's doxygen describes are the general
implementation idea of a function.On this basis, adding
more descriptive statements to describe which conditions need
to be preset when running the testcase, which test techniques
are applied, and describe the testcase Design steps in detail.
Make it more readable.
Signed-off-by: Ying ming <mingx.ying@intel.com>
1. Add more detail info to make the purpose and process
of the test cases more clear which include test goal,
test step, input, judging criteria, constraints, etc.,
and these can be seen in our Zephyr documentations.
2. Add some negative test code.
Signed-off-by: YouhuaX Zhu <youhuax.zhu@intel.com>
1. Add more detail info to make the purpose and process
of the test cases more clear which include test goal,
test step, input, judging criteria, constraints, etc.,
and these can be seen in our Zephyr documentations.
2. Add more negative testcase.
Signed-off-by: YouhuaX Zhu <youhuax.zhu@intel.com>
This suite now uses far less memory and is much simpler.
We still maintain coverage of all the memory domain APIs
and ensure that the maximum number of partitions can be
applied.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The tests test_mem_part_auto_determ_size and
test_mem_part_auto_determ_size_per_mpu are supposed to
just be checking the construction of automatic memory
partitions.
test_mem_part_auto_determ_size had a bunch of extraneous
stuff covered by other test cases and reserved three
different thread stacks.
These two tests have been drastically simplified and
combined.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
test_mem_part_inherity_by_child_thr duplicates logic already
present in test_permission_inheritance. That test puts a
buffer called 'inherit_buf' in 'inherit_memory_partition'
and shows that it is accessible by a child thread by
writing to it.
Delete this unnecessary test.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Tests are now grouped in the C file they occur in.
test_mark_thread_exit_uninitialized no longer occurs twice.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
put all globals only used in this C file in static scope, which
revealed that a few of them were not used at all.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now just use two memory domains; the default domain and an
'alternate_domain' used for tests that need to handle a memory
domain switch.
Along the way the test code was simplified.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For compatibility layers like CMSIS where thread objects
are drawn from a pool, provide a context pointer to the
exited thread object so it may be freed.
This is somewhat obscure and has no supporting APIs or
overview documentation and should be considered a private
kernel feature. Applications should really be using
k_thread_join() instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a k_usleep() in test_timer_duration_period test to align ticks
before starting the timer. This fixes some rare off-by-1 failures.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
There are now two timer drivers available for various xtensa
platforms. Select based on their driver and not the architecture.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The k_poll implementation places a struct _poller on the stack and
shares it with other threads, which is incompatible with the
KERNEL_COHERENCE model of cached stacks.
Make this a hard build failure instead of a kconfig dependency for
clarity. The failures if a user actually enables both are subtle and
difficult to debug.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Ensure that both the main thread and any static threads are
properly assigned to the default memory domain.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This test is generating build warnings as it is making
checks that can never be false.
This reverts commit a4f1a5f58f.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Found out that important requirements are not tested by current
kernel objects tests. Decided to fix that situation
New added tests:
1. test_kobj_assign_perms_on_alloc_obj()
Create kernel object semaphore, dynamically allocate it from the
calling thread's resource pool.
Check that object's address is in bounds of that memory pool.
Then check the requestor thread will implicitly be assigned
permission on the allocated object by using
semaphore API k_sem_init()
2. test_no_ref_dyn_kobj_release_mem()
Dynamically allocated kernel objects whose access is controlled by
the permission system will use object permission as a reference count
If no threads have access to an object, the object's memory released.
3. test_krnl_obj_static_alloc_build_time()
Take addresses of the kernel objects which are statically allocated
during the build time and verify that they are not null.
That kernel objects shouldn't require manual
registration by the end user.
4. Clean-up. Removed unused variable from userspace test.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
I reviewed that test to find a bug root cause, unfortunately,
bug dissapeared, so nothing to fix, but I noticed several
misprints and wrong comment styles. It's something at least.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
This was causing stack usage to be right on the margin
for some platforms, without a clear reason why it
needs to be here (it was copied from another test case
which no longer exists).
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We don't need 3 different threads/stacks and the stack size
can be smaller, the threads don't do much.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Detection of transition from delayed to pending can fail in some cases
if the timeouts are not precisely managed.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The current implementation of delayed work will cancel and re-submit a
pending work item that is no-wait, putting it at the back of the
queue. Verify this behavior.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The current implementation of delayed work retains a pointer to the
queue unless the work item is successfully cancelled, preventing a
completed item from being resubmitted to a different queue. Confirm
this behavior and its workaround.
Also validates some unsuccessful cancel return values.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Pass a pointer to the work item member rather than casting the
augmented work item pointer to a base work item pointer.
Also the return type of k_work_pending() is bool, so use that rather
than comparing it to zero.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The memset in the 'blow_up_stack' function can be optimized
away as it is called in the end of the function on the buffer
allocated on the stack (so it has 'no' effect on program
execution)
The 'stack_smasher' call can be optimized away as it's results
isn't used anywhere and stack_smasher function has no visible
side effects.
Fix that by disabling optimization on these functions.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
We use several variables (like do_sleep, etc...) to share
statuses between threads, however they are not marked as
volatile. That may lead to their unexpected optimization
(tat really happens with ARC MWDT when loop with waiting
on the sleep timeout in 'wakeup_src_thread' is optimized
away). Fix that by defining these variables as volatile.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
The __attribute__((optimize("-O0"))) attribute is used to disable
optimization of some test functions. ARC MWDT toolchain doesn't
support it, however it supports __attribute__((optnone)) with
similar functionality.
Define __no_optimization attribute across all toolchains so it
can be used in tests.
NOTE: we don't define __no_optimization for XCC as it includes
GCC header with __no_optimization defined.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Compiler may optimize away write to RO region and following
readback so we won't trigger fault (that actually happens with
arc MWDT toolchain).
Add volatile to avoid that.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
The test_triggered_wait_expired test submits the items with
2*SUBMIT_WAIT timeout and waits for the timeout to expire
so the items are being worked on. It waits one SUBMIT_WAIT
and checks none of the items have started. Then waits
another SUBMIT_WAIT to check if they have all finished.
However, since the timeout is at 2*SUBMIT_WAIT, the work
queue may have just started going through the list of items.
This means some items may have started while others have not.
This results in the test failing as not all items have
finished. So lengthen the second sleep to allow items to
finish before checking.
Fixes#28589
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Add more detail description for test case of arch_curr_cpu() and
arch_sched_ipi(). This is in order to make the purpose and process of
the test cases more clear.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
Update pm test case to fix some error last time submission. Add test
case that simply check device_pm_enable and device_pm_disable interface.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
Add new tests to improve of the Zephyr QA testing of the memory
protection for memory domains and partitions.
I created new tests for memory protection->memory partitions for
the requirements which I think necessary to be tested.
I added Doxygen tag for each test to make it clear to understand
what each test is doing and how.
New tests for memory domains and partitions:
-test_mem_domain_api_kernel_thread_only()
By creating that test I wanted to prove that access to memory
domain APIs must be restricted only to supervisor threads.
At the same time I wanted to prove that system can support the
definition of memory domains.
-test_mem_part_auto_determ_size()
By creating that test I want to prove that system can automatically
determine application memory partition base addresses and sizes
at build time, determined by its contents. Also system can support
definition of memory partitions. At the same time test proves that OS
supports adding and removing a thread from its memory domain
assignment.
-test_mem_part_auto_determ_size_per_mmu()
That test is very important and it proves that memory partitions are
automatically sized and aligned per the constraints of the platform's
memory management hardware.
-test_mem_part_inheirt_by_child_thr()
Prove that child thread inherits memory domain assignment of its
parent.
-test_macros_obtain_names_data_bss()
Test system provides tools to obtain the names of the data and BSS
sections related to a particular application memory partition at
build time.
-test_mem_part_assign_bss_vars_zero()
Test that global data and BSS values can be assigned to application
memory partitions using macros at build time. Test that BSS values
will be zeroed at the build time.
1. According to the reviews made changes.
2. Switched test_mem_part_assert_add_overmax
and test_create_new_invalid_prio_thread_from_user
That way I exposed problem (bug) with assertion
in L171 kernel/mem_protect.c
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Show that trampolining thread self-aborts to the idle thread
works and that we have sufficiently set the idle stack size
for this, PM hooks, and dynamic kernel object cleanup.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
No functional change, just add some extra printouts and comments
to make it a little clearer the expected sequencing.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Reduce the error between the timer (which is tick-aligned) and
busy_wait (which is not) by aligning the busy_wait to start at
a tick boundary.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Some ARM platforms, now, enable HW Stack Protection by
default in the Board definition. So if some tests
need to run without stack protection, it is not
sufficient to disable TEST_HW_STACK_PROTECTION;
we need to explicitly disable HW_STACK_PROTECTION.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Move init_timer_data() out of k_usleep() tick alignment.
Compute rem_ticks just after busy_wait_ms() to avoid slew
due to 'now' and 'rem_ms' computations.
With slow CPU 32MHz: -2 Ticks.
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
Insert k_usleep(1) just before k_timer_start()
to guaranty tick alignment for step "test_timer_k_define"
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
When doing test_thread_join with OTHER_ABORT_TIMEOUT, the interval
between two k_uptime_get() includes the two k_thread_create() which
means the interval delta does not exactly count the time spent
in k_thread_join(). On x86_64 with userspace, time spent inside
k_thread_create() scales with memory size as it needs to create
a new page table for the thread. So to actually measure
the time spent in k_thread_join(), the locations where uptime is
obtained need to be moved.
Fixes#28549
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
nRF51 MCUs are Cortex-M0 running with a 16 MHz clock. The overhead of
work done in k_usleep() requires adding three more ticks (92 us) to the
expected loop iteration time. (Two ticks is enough on most boards, but
some require a little more time.)
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
- They all had the wrong prototype and hard-casts can sometimes
lead to problems
- Several renamed to something more descriptive
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Align to ticks so the first iteration sleeps long enough
(k_timer_start() rounds its duration argument down, not up,
to a tick boundary)
Fixes#28319
Signed-off-by: Alexandre Bourdiol <alexandre.bourdiol@st.com>
Add regex in testcase.yaml to verify the kernel will dump
thread id information and error type when exception occurs.
Signed-off-by: Ying ming <mingx.ying@intel.com>
Modify the location of the test case file because new
test cases need to be submitted. If the old test
cases are not in a folder, CI will fail and
prompts "the command exited with status 1".
Signed-off-by: Ying ming <mingx.ying@intel.com>
Add new test cases for timer to improve testing infrastructure.
Add different waiting time in existing cases. For new test cases,
restart timer and check for status of timer.
Signed-off-by: Jian Kang <jianx.kang@intel.com>
Add a test case of preemptive thread scheduling.
The scheduler will select the highest priority and
waiting longest thread to be the current thread.
Signed-off-by: Ying ming <mingx.ying@intel.com>
We try to invoke `ztest_test_pass()` from inside
a fatal exception in a child thread.
On SMP this can result in the next test case starting
on another CPU, re-using the child thread before it
has a chance to exit.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The implementations of the test cases had the wrong prototype.
The extern declarations (which were in a C file for some reason)
were correct.
I don't want to talk about the subtle code generation and stack
corruption issues that emerged from this which at one point made
me question my own sanity.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Work around an issue where the emulator ignores host OS
signals when inside a `wfi` instruction.
This should be reverted once this has been addressed in the
AARCH64 build of QEMU in the SDK.
See https://github.com/zephyrproject-rtos/sdk-ng/issues/255
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
HW Stack protection is required to successfully run the
stack overflow-related tests, so guard all these tests
inside #ifdef CONFIG_HW_STACK_PROTECTION. Otherwise this
test-suite fails for platforms that implement USERSPACE
but do not have HW_STACK_PROTECTION capability.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
em_starterkit_7d is not capable to generate error when access unmapped
address at kernel mode. So toggle off this part of test.
Signed-off-by: Yuguo Zou <yuguo.zou@synopsys.com>
- No longer call ztest_test_pass() out of a fatal exception,
as if this took place on some child thread, the next test
case could start on another CPU before the child has exited,
leading to issues if the child thread object is recycled
- Get rid of some unnecessary synchronization semaphores.
Use the scheduler and/or k_thread_join() instead.
- Simplify tests for read/write other threads not to spawn
a child thread and then take a fatal fault on the ztest
thread
- Add set_fault() clear_fault() as I do not enjoy typing.
Despite these variables being voliatile, a barrier is
needed to prevent re-ordering around non-volatile memory
access
- Don't call ztest_test_pass() from child thread in
test_user_mode_enter() due to possible races
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Possibly copypasta, or improvements to the test, either way
this test doesn't use that much RAM especially if memory
protection isn't active.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
lock_runtime is a stack variable whose contents could be completely
garbage, but only the 'locked' member was zeroed. zero the whole
thing to prevent spurious "recursive spinlock" errors from occasionally
popping up as the validation framework gets confused from garbage
data in the other memebers of this data structure.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Memory mapping, for now, will be a private kernel API
and is not intended to be application-facing at this time.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We no longer plan to support a split address space with
the kernel in high memory and per-process address spaces.
Because of this, we can simplify some things. System RAM
is now always identity mapped at boot.
We no longer require any virtual-to-physical translation
for page tables, and can remove the dual-mapping logic
from the page table generation script since we won't need
to transition the instruction point off of physical
addresses.
CONFIG_KERNEL_VM_BASE and CONFIG_KERNEL_VM_LIMIT
have been removed. The kernel's address space always
starts at CONFIG_SRAM_BASE_ADDRESS, of a fixed size
specified by CONFIG_KERNEL_VM_SIZE.
Driver MMIOs and other uses of k_mem_map() are still
virtually mapped, and the later introduction of demand
paging will result in only a subset of system RAM being
a fixed identity mapping instead of all of it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
In NPCX7M6FB, it uses some the IRQs at the end of the vector table,
for example, the irq 60 and 61 used for Multi-Input Wake-Up Unit (MIWU)
device by default, and conflicts with isr used for testing. Moving IRQs
for this test suite to solve the issue.
Signed-off-by: Mulin Chao <MLChao@nuvoton.com>
Some ARMv8-M platforms may come with only 8 (instead of 16)
MPU regions. In these platforms, by design, a memory domain
may contain up to 2 application memory partitions, when we
build with MPU_GAP_FILLING support. To be able to test this
valid configuration we slightly modify the test code in the
mem_protect suite, and add-remove the second partition (with
index-1) instead of the third (index-2).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We need to exclude the .gap_filling test from running on
ARMv8-M platforms with 8 MPU regions available, since the
userspace test defines and uses a memory domain whose number
of partitions exceed the maximum number of permitted partitions
in ARMv8-m SoCs with MPU_GAP_FILLING=y.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Adding the first list item in the same line as @details, creates a list
with a single item inside a paragraph, and another list with the
remaining items. What is wanted here is to have a single list with all
items, so the first item needs to be in a new line.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
We don't have use-cases and it introduces complexities with
allocating page tables on MMU systems.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Several of the values passed to the conversion failure diagnostic are
unsigned and/or 32-bit values, while all format specifiers are for
signed 64-bit integers. Make the specifiers consistent with the
argument.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Ancient 2-level IA32 page tables don't support "eXecute Disable".
Skip the test scenarios for them.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The Wait For Interrupt (WFI) instruction ARM Cortex-M1 CPU does not
operate as a powersave instruction. It is always executed as a NOP.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Extend check to determine a usable ARM NVIC IRQ line to verify that the
IRQ line is not always pending.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
There is nothing wrong with instance numbers and they are
recommended for use whenever possible, but this is an API
design problem because it's not always possible to get nodes
by instance number; in some cases, drivers need to get node
identifiers from node labels, for example.
Change these APIs (which are not yet in any Zephyr release)
to take node IDs instead of instance IDs.
Fixes: #26984
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Put message to a full queue or get message from an empty queue with
different timeout: K_NO_WAIT, a period of time, K_FOREVER.
Signed-off-by: Meng xianglin <xianglinx.meng@intel.com>
When thread is initialized and running z_object_validate
will return 0 for thread object and its thread stack object.
When thread exit, z_object_validate
will return -1 for thread object and its thread stack object.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Instead of replacing of copyright year with the new one,
necessary to add new to the existing one
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Instead of replacing of copyright year with the new one,
necessary to add new to the existing one
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Updated current tests tags to make them more informative.
1. test_mslab updated Doxygen tag
2. test_create_alt_thread updated Doxygen tag
3. test_sys_heap_mem_pool_assign updated Doxygen tag
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Modify current semaphore tests.
I checked the semaphore tests, and find out many gaps.
Overhaul semaphore tests:
1. Modify some tests
2.Doxygen tags update
3. Update text in zassert messages
4. Remove misprints
5. Test cases names change. Some test cases had a semaphore name in
their name, for example simple_sem, I removed it from the test
case names. Also some test cases used sema, some used word sem.
I decided to make standard short word for a semaphore sem
Detailed explanation of the changes:
-test_k_sema_init() -updated name to test_sem_init, updated doxygen
tag, updated zassert text
-test_sem_take_timeout() -updated doxygen tag, added zassert to check
that reset was correct, updated zassert text
-test_sem_take_timeout_fails() -updated doxygen tag, added zassert
to check that reset was correct, updated zassert text
-test_sem_take_timeout_forever() -updated doxygen tag, added zassert
to check that reset was correct, updated zassert text
-test_sem_take_multiple() -updated doxygen tag, modified that test,
added one more thread sem_tid_4, with high priority and added one
more semaphore high_prio_long_sem
-test_simple_sem_from_isr() -updated name to test_sem_give_from_isr,
updated doxygen tag, zassert text fix
-test_simple_sem_from_task() -updated name
to test_sem_give_from_thread, updated doxygen tag, zassert text fix
Tested on qemu_x86, qemu_x86_64, reel_board, and iotdk
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Add k_delayed_work_pending similar to k_work_pending to check if the
delayed work item has been submitted but not yet completed.
This would compliment the API since using k_work_pending or
k_delayed_work_remaining_get is not enough to check this condition.
This is because the timeout could have run out, but the timeout handler
not yet processed and put the work into the workqueue.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
There are predictable relationships between the actual size
of a stack object, the return value of K_*_STACK_SIZEOF() macros,
and the original size passed in when the stack was declared.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
These stacks are appropriate for threads that run purely in
supervisor mode, and also as stacks for interrupt and exception
handling.
Two new arch defines are introduced:
- ARCH_KERNEL_STACK_GUARD_SIZE
- ARCH_KERNEL_STACK_OBJ_ALIGN
New public declaration macros:
- K_KERNEL_STACK_RESERVED
- K_KERNEL_STACK_EXTERN
- K_KERNEL_STACK_DEFINE
- K_KERNEL_STACK_ARRAY_DEFINE
- K_KERNEL_STACK_MEMBER
- K_KERNEL_STACK_SIZEOF
If user mode is not enabled, K_KERNEL_STACK_* and K_THREAD_STACK_*
are equivalent.
Separately generated privilege elevation stacks are now declared
like kernel stacks, removing the need for K_PRIVILEGE_STACK_ALIGN.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Currently for informational purposes, although we do check that
the carveout is smaller than the stack_size.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
thread->stack_info is now much more well maintained. Make these
tests that validate that user mode has no access just outside
the bounds of it, instead of the entire object.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Check that the base of every stack object is properly
defined. This can get messed up if K_THREAD_STACK_ARRAY_DEFINE
isn't specified properly.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The core kernel computes the initial stack pointer
for a thread, properly aligning it and subtracting out
any random offsets or thread-local storage areas.
arch_new_thread() no longer needs to make any calculations,
an initial stack frame may be placed at the bounds of
the new 'stack_ptr' parameter passed in. This parameter
replaces 'stack_size'.
thread->stack_info is now set before arch_new_thread()
is invoked, z_new_thread_init() has been removed.
The values populated may need to be adjusted on arches
which carve-out MPU guard space from the actual stack
buffer.
thread->stack_info now has a new member 'delta' which
indicates any offset applied for TLS or random offset.
It's used so the calculations don't need to be repeated
if the thread later drops to user mode.
CONFIG_INIT_STACKS logic is now performed inside
z_setup_new_thread(), before arch_new_thread() is called.
thread->stack_info is now defined as the canonical
user-accessible area within the stack object, including
random offsets and TLS. It will never include any
carved-out memory for MPU guards and must be updated at
runtime if guards are removed.
Available stack space is now optimized. Some arches may
need to significantly round up the buffer size to account
for page-level granularity or MPU power-of-two requirements.
This space is now accounted for and used by virtue of
the Z_THREAD_STACK_SIZE_ADJUST() call in z_setup_new_thread.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now have a variant x86 build target that only is run
for tests tagged with "xip", which is this one.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
1. Found out that thread tests doesn't test next ideas of requirements,
which I think necessary to be tested and verified:
-the kernel need to prevent user threads creating new threads from
using thread or thread stack objects which are in an initialized state
-Upon thread exit, the kernel need to mark the exiting thread
and thread stack objects as uninitialized
Add new tests to test requirements above, that way we can cover more
features to be tested:
- test_new_user_thread_with_in_use_stack_obj()
- test_mark_thread_exit_uninitialized()
2. Modified test test_create_new_thread_from_user() to verify that
kernel provides new user threads access to their own thread object.
3. Also I added detailed Doxygen tags for each new test and existing
modified test.
4. Added Doxygen tag to the existing test test_stack_buffer, it
covers requirement:
-The kernel need to provide all threads read and write access to their
own stack memory buffer.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Inside function futex_wake() result of k_futex_wait() is not checked.
Coverity-CID: 211508
Fixes: #27149
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
Extend the gen_isr_table test suite to build and run
on Cortex-M baseline platforms. Add a few platforms
in the whitelist so the test builds and runs for some
common Baseline Cortex-M insluding the QEMU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Adding tags for ARC-variant of the test.
Rename test string to comply with ARM-variant name.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The Olimex STM32-h103 is a development board based on the STM32F103RB,
very similar to the stm32_mini, which was used as a reference for the
pinmux configuration.
Signed-off-by: Josep Puigdemont <josep.puigdemont@gmail.com>
Add new standalone futex test that verifies next requirements:
-Futex can be placed in user memory using ZTEST_BMEM
-User thread can write to futex value
-User threads can make wait/wake syscalls on it
Added detailed Doxygen tag with information about the test
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
1.Add some comments to describe functions performance
2.add a new testcase to implement push can be waited
when there are no items available.
Signed-off-by: Ningx Zhao <ningx.zhao@intel.com>
Exercise the public macros as well as device_map().
This test has a whitelist for whatever reason; add
mps2_an385 so that the !DEVICE_MMIO_IS_IN_RAM stuff
is tested.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
1. Add code change to the test_permission_inheritance() to let it
test that child thread can't access parent thread object. Now that test
tests one more related to it feature.
2. Add new Doxygen tags with informative descriptions about the kernel
objects tests. That will make reading and understanding kernel object
tests code easier.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
