MISRA rules (see #11425) forbid recursive algorithms. In the case of
rb_walk(), it's not actually used anywhere but a test right now, so we
can simply disable the API when CONFIG_MISRA_SANE is defined. Mempool
had a (IMHO, fairly clever) tail recursive loop in bfree_recombine()
which can be trivially transformed into an only slightly uglier
iterative version.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
MISRA rules (see #9892) forbid alloca() and family, even though those
features can be valuable performance and memory size optimizations
useful to Zephyr.
Introduce a MISRA_SANE kconfig, which when true enables a gcc error
condition whenever a variable length array is used.
When enabled, the mempool code will use a theoretical-maximum array
size on the stack instead of one tailored to the current pool
configuration.
The rbtree code will do similarly, but because the theoretical maximum
is quite a bit larger (236 bytes on 32 bit platforms) the array is
placed into struct rbtree instead so it can live in static data (and
also so I don't have to go and retune all the test stack sizes!).
Current code only uses at most two of these (one in the scheduler when
SCHED_SCALABLE is selected, and one for dynamic kernel objects when
USERSPACE and DYNAMIC_OBJECTS are set).
This tunable is false by default, but is selected in a single test (a
subcase of tests/kernel/common) for coverage. Note that the I2C and
SPI subsystems contain uncorrected VLAs, so a few platforms need to be
blacklisted with a filter.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In case newlib is enabled, but POSIX subsys isn't, there're adhoc
implementations of read() and write() which work only with adhoc
stdin/stdout emulation layer. These are backed by system calls named
like "read" and "write". Rename all these functions and syscalls to
explicitly mention stdin/stdout in the names, to free namespace
for the implementation of generic read/write syscalls which will
integrate with POSIX fdtable.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
When printk is used stack size expanding may be needed. This is
especially a problem for threads with small stacks.
Signed-off-by: Pawel Dunaj <pawel.dunaj@nordicsemi.no>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The macro RB_FOR_EACH_CONTAINER could run infinitely when the function
_rb_foreach_next returns NULL.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
We need a generic name for the partition containing
essential C library globals. We're going to need to
add the stack canary guard to this area so user mode
can read it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
* Newlib now defines a special z_newlib_partition containing
all globals relevant to newlib. Most of these are in libc.a
with a heap tracking variable in newlib's hooks.
* Both C libraries now expose a k_mem_partition containing the
bounds of the malloc heap arena. Threads that want to use
libc malloc() will need to add this to their memory domain.
* z_newlib_get_heap_bounds has been removed, in favor of the
memory partition for the heap arena
* ztest now includes the C library partitions in its memory
domain.
* The mem_alloc test now runs in user mode to prove that this
all works for both C libraries.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Replaced forever loop in assert with call to a function.
In post_assert_action() function, k_panic is called.
Forever loop was preventing logs to be printed and had behavior
ependent on the context (low prioriy thread - system continue to
ork, irq - system is blocked).
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The sys_dlist_insert_*() functions had a behavior where a NULL
argument for the insertion position to sys_dlist_insert_after/before()
was interpreted as "the end of the list". We never used that
convention (except in one spot internal to dlist.h which was not
itself used anywhere), and of course already have an API for appending
and prepending to a list.
In practice this was a performance disaster. The NULL check is
virtually never provable statically by the compiler, so that test and
branch is present always. And worse, the check and call to another
function was pushing this beyond the complexity limit for gcc to
inline a function (at -Os optimization anyway), forcing us to use
function calls for what should be a ~8 instruction sequence. The
upshot is that dlist insertions were 2-3x slower than they needed to
be.
Deprecate these older APIs and introduce a new sys_dlist_insert() call
which can be much better optimized.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Some of macros initially created in the logger has been moved
to util.h. This commit replaces custom macros with the one
from util.h
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Added macros for conditional code generation based on a flag.
Additionally, added macros for getting first and second argument
from variable list of arguments and getting all arguments except
the first one.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The original implementation allows a list to be corrupted by list
operations on the removed node. Existing code attempts to avoid this by
using external state to determine whether a node is in a list, but this
is fragile and fails when the state that holds the flag value is changed
after the node is removed, e.g. in preparation for re-using the node.
Follow Linux in invalidating the link pointers in a removed node. Add
API so that detection of particpation in a list is available at the node
abstraction.
This solution relies on the following steady-state invariants:
* A node (as opposed to a list) will never be adjacent to itself in a
list;
* The next and prev pointers of a node are always either both null or
both non-null.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
printk is supposed to be very lean, but should at least not
print garbage values. Now when a 64-bit integral value is
passed in to be printed, 'ERR' will be reported if it doesn't
fit in 32-bits instead of truncating it.
The printk documentation was slightly out of date, this has been
updated.
Fixes: #7179
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This is a custom Gcov implementation. Taking excerpts from gcc
gcc libgcc/libgcov.h and gcc/gcov-io.h.
Ported to zephyr by Ramakrishna Pallala <ramakrishna.pallala@intel.com>
and Adithya Baglody <adithya.nagaraj.baglody@intel.com>
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
This new macro will be able to do FOR_EACH with a fixed argument.
This fixed argument will always be called as the 2nd argument
to the function call(_fn).
Signed-off-by: Adithya Baglody <adithya.nagaraj.baglody@intel.com>
As extend fdtable usage to more cases, there regularly arises a need
to forward ioctl/fcntl arguments to another ioctl vmethod, which is
complicated because it defined as taking variadic arguments. The only
portable solution is to convert variadic arguments to va_list at the
first point of entry from client code, and then pass va_list around.
To facilitate calling ioctl with variadic arguments from system code,
z_fdtable_call_ioctl() helper function is added.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit reworks socket poll implementation to support multiple
socket implementations.
To achieve that, two ioctl poll helper requests were added:
ZFD_IOCTL_POLL_PREPARE and ZFD_IOCTL_POLL_UPDATE. The poll
implementation calls ioctl with these requests for each socket
requested in the fds table.
The first request is responsible for preparing k_poll_event objects
for specific socket. It can request to skip waiting in k_poll by
returning EALREADY through errno.
The latter request is responsible for processing outcome of k_poll for
each socket. It can request to retry the k_poll by returning EAGAIN
through errno.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit extends socket vtable, allowing to redirect socket calls to
alternate implementations (e.g. TLS sockets).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In C90 was introduced function prototype, that allows argument types
to be checked against parameter types, though it is not necessary
specify names for the parameters. MISRA-C requires names for function
prototype parameters, it claims that names can provide useful
information regarding the function interface.
MISRA-C rule 8.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The order of evaluation of function calls in the arguments of a
function. This is undefined (32)/ unspecified(15-18) in C99.
MISRA-C rule 13.2 does not allow that a value of an expression and its
side effects happens in not deterministic order to avoid these
undefined behaviors.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Previously, this macro after the main line would print a tab without
newline, leading to messy output. Also, as printk() was made to
return void, remove explicit casts to (void) in its calls.
Before:
tx_fifo: 0x20007298 42
ASSERTION FAIL [(len & 3) == 0 && len >= 4] @ eth_smsc911x.c:83:
eth_smsc9220_isr: 8 8
in RX FIFO: pkts: 1, bytes: 48
After:
tx_fifo: 0x20007298 42
ASSERTION FAIL [(len & 3) == 0 && len >= 4] @ eth_smsc911x.c:83
eth_smsc9220_isr: 8 8
in RX FIFO: pkts: 1, bytes: 48
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The macro RB_FOR_EACH_CONTAINER has a loop where the condition to stop
is whether the node is null or not. Explicitly checking it.
MISRA-C rule 14.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The table allows to wrap read/write (i.e. POSIX-compatible) semantics
of any I/O object in POSIX-compatible fd (file descriptor) handling.
Intended I/O objects include files, sockets, special devices, etc.
The table table itself consists of (underlying obj*, function table*)
pairs, where function table provides entries for read(), write, and
generalized ioctl(), where generalized ioctl handles all other
operations, up to and including closing of the underlying I/O object.
Fixes: #7405
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Macro is used to create contiguous bitmask between the
arguments passed to the macro.
BITS_PER_LONG is computed as the multiplication of predefined
macros `__CHAR_BIT__` and `__SIZEOF_LONG__`.
Both gcc and clang support these predefined macros.
With this change, replace the redundant defintions of
GENMASK with the new generic macro available.
Fixes#10843
Suggested-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
write() function is not supposed to change buffer passed to it, so
propagate const pointer param to all write-like functions used/defined
in this file.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit touches the C codebase and the python syscall generator.
The Z_GENLIST-macros expand to whole functions. Once expanded by the
preprocessor we notice a semicolon is put after the function body. But
ISO C99 does not allow extra ‘;’ outside of a function. Though this is
accepted by GCC with GNU extensions, it is not by Clang.
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
Change APIs that essentially return a boolean expression - 0 for
false and 1 for true - to return a bool.
MISRA-C rule 14.4
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Several functions in dlist were returning a boolean expression,
just changing these functions to return a boolean.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The result of both printk and vprintk are not used in any place.
MISRA-C says that the return of every non void function must be
checked.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
comparing int i with size_t size generates a sign-compare warning.
This commit solves the issue by giving i the type needed.
As older c standards do not allow to declare i after stack += 4 I
inserted the variable checked_stack that gets the type we need in the
comparison.
Signed-off-by: Alexander Polleti <metapsycholo@gmail.com>
SYS_MEM_POOL_KERNEL and SYS_MEM_POOL_USER are used by k_mem_pool flags
and should be defined as a bit mask.
It was defined as zero failing in all places checking for this
bit. e.g pool_irq_lock and pool_irq_unlock were not working correctly
because the check for this flag was always returning false.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When a mempool is created with a large number of maximum-size blocks,
the logic for initializing max_inline_level (i.e. when to union the
bitmask with the pointer and when to use the pointer directly) was
wrong. The default state was "zero", which implies that level 0
should be inlined, but that's wrong with >32 base blocks.
Additionally, the type was unsigned, making the "level zero is a
pointer" situation impossible to represent.
Fixes#6727
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
__ASSERT macro will either exit the program (POSIX port) or infint
loop. In both cases printk's return is not necessary.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
