The current CoAP implementation not perform any checks including
duplicated packets. This add block sequency verification and a
timer to ensures that slow networks works apropriately.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The current implementation uses a fixed value for max retries. That
value could be good for an wired network like Ethernet. However,
wireless network can suffer with higher packet collision, low reception
signal etc. This refacts the variable to be defined at Kconfig. This
way max retries can be adjust conform the current media.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The hints variable is used without a defined state. This fill the struct
with zeros to set variable at a well known state.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Current log only prints default log level. Add LOG_LEVEL at updatehub
to switch between log variations based on CONFIG_UPDATEHUB_LOG_LEVEL.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Add support for a C11-style aligned_alloc() in the heap
implementation. This is properly optimized, in the sense that unused
prefix/suffix data around the chosen allocation is returned to the
heap and made available for general allocation.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Miscellaneous refactoring and simplification. No behavioral changes:
Make split_alloc() take and return chunk IDs and not memory pointers,
leaving the conversion between memory/chunks the job of the higher
level sys_heap_alloc() API. This cleans up the internals for code
that wants to do allocation but has its own ideas about what to do
with the resulting chunks.
Add split_chunks() and merge_chunks() utilities to own the linear/size
pointers and have split_alloc() and free_chunks() use them instead of
doing the list management directly.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
This struct is taking up most of the heap's constant footprint overhead.
We can easily get rid of the list_size member as it is mostly used to
determine if the list is empty, and that can be determined through
other means.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Make the LEFT_SIZE field first and SIZE_AND_USED field last (for an
allocated chunk) so they sit right next to the allocated memory. The
current chunk's SIZE_AND_USED field points to the next (right) chunk,
and from there the LEFT_SIZE field should point back to the current
chunk. Many trivial memory overflows should trip that test.
One way to make this test more robust could involve xor'ing the values
within respective accessor pairs. But at least the fact that the size
value is shifted by one bit already prevent fooling the test with a
same-byte corruption.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
We already have chunk #0 containing our struct z_heap and marked as
used. We can add a partial chunk at the very end that is also marked
as used. By doing so there is no longer a need for checking heap
boundaries at run time when merging/splitting chunks meaning fewer
conditionals in the code's hot path.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
It is possible to remove a few fields from struct z_heap, removing
some runtime indirections by doing so:
- The buf pointer is actually the same as the struct z_heap pointer
itself. So let's simply create chunk_buf() that perform a type
conversion. That type is also chunk_unit_t now rather than u64_t so
it can be defined based on CHUNK_UNIT.
- Replace the struct z_heap_bucket pointer by a zero-sized array at the
end of struct z_heap.
- Make chunk #0 into an actual chunk with its own header. This allows
for removing the chunk0 field and streamlining the code. This way
h->chunk0 becomes right_chunk(h, 0). This sets the table for further
simplifications to come.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
By storing the used flag in the LSB, it is no longer necessary to have
a size_mask variable to locate that flag. This produces smaller and
faster code.
Replace the validation check in chunk_set() to base it on the storage
type.
Also clarify the semantics of set_chunk_size() which allows for clearing
the used flag bit unconditionally which simplifies the code further.
The idea of moving the used flag bit into the LEFT_SIZE field was
raised. It turns out that this isn't as beneficial as it may seem
because the used bit is set only once i.e. when the memory is handed off
to a user and the size field becomes frozen at that point. Modifications
on the leftward chunk may still occur and extra instructions to preserve
that bit would be necessary if it were moved there.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Let's provide accessors for getting and setting every field to make the
chunk header layout abstracted away from the main code. Those are:
SIZE_AND_USED: chunk_used(), chunk_size(), set_chunk_used() and
chunk_size().
LEFT_SIZE: left_chunk() and set_left_chunk_size().
FREE_PREV: prev_free_chunk() and set_prev_free_chunk().
FREE_NEXT: next_free_chunk() and set_next_free_chunk().
To be consistent, the former chunk_set_used() is now set_chunk_used().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
First, some renames to make accessors more explicit:
size() --> chunk_size()
used() --> chunk_used()
free_prev() --> prev_free_chunk()
free_next() --> next_free_chunk()
Then, the return type of chunk_size() is changed from chunkid_t to
size_t, and chunk_used() from chunkid_t to bool.
The left_size() accessor is used only once and can be easily substituted
by left_chunk(), so it is removed.
And in free_list_add() the variable b is renamed to bi so to be
consistent with usage in sys_heap_alloc().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The library supports the declaration of JSON arrays as both nested and
top-level elements. However, as the provided encoding functions
json_obj_encode() and json_obj_encode_buf() interpret all input
structures as objects, top-level arrays are encoded as
{"<field_name>":[{...},...,{...}]}
instead of
[{...},...,{...}].
Add new functions json_arr_encode() and json_arr_encode_buf() that
enable top-level JSON array encoding.
Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
The version as shipped in Newlib itself is coded a bit sloppily for an
embedded environment. We thus want to override it (and make it weak, to
allow user apps to override it in turn, if needed). The desired
properties of the implementation are:
1. It should call _write() (Newlib implementation calls write()).
2. It should be minimal (Newlib implementation allocates message
on the stack, i.e. misses "static const").
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Search for unused eventfd object and just remember its instance in loop
body. Initialize object later, to make it distinct from "search
phase". This change is basically an improvement for readability.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Anytime a file descriptor context object is updated, we need to
reset its access permissions and initialization state. This
is the most centralized place to do it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Fix variable-size string copy patch that introduced a runtime bug that
causes a bus fault.
Fixes#24853.
Signed-off-by: Tahir Akram <mtahirbutt@hotmail.com>
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Based on the current platform a warning can raise becase of missing
string.h include file.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The conversion from DT_FLASH_AREA to FLASH_AREA macros don't add the
storage flash_map.h include file.
Fixes: #25332
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Convert with a combo of scripts and by hand fixups:
git grep -l DT_FLASH_AREA_.*_ID | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_ID/FLASH_AREA_ID(\L\1)/'
git grep -l DT_FLASH_AREA_.*_OFFSET | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_OFFSET/FLASH_AREA_OFFSET(\L\1)/'
git grep -l DT_FLASH_AREA_.*_SIZE | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_SIZE/FLASH_AREA_SIZE(\L\1)/'
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Update to new timeout api. Without this change UpdateHub don't build
anymore.
Fixes: #25230
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Mostly trivial search-and-replace, except for pthread_rwlock.c, where
we need spread timeout over 2 semaphore operations.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Mostly simple. Note that the CMSIS RTOS2 API specifies timeout values
in system ticks instead of milliseconds, so the conversions here are
able to elide a conversion that the original code had to do. That's a
good thing, but does mean that in practice runtime behavior will not
be 1:1 identical.
Also note that the switch away from legacy timeouts involved a change
to 64 bit timeouts by default, which pushed
tests/portability/cmsis_rtos_v2 over the limit on qemu_xtensa.
Unfortunately CMSIS stacks have a fixed limit we can't increase, so I
turned off 64 bit timeouts (CMSIS apps won't need them by definition
anyway -- their API is 32 bit).
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
No complexity here. The CMSIS API was always in milliseconds, needs
nothing but a few wrapper macros for kernel timeout arguments.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
DTLS without peer verification offers no security whatsoever (and is
arguably worse than not using DTLS in the first place).
Change the verification option to require this peer verification. To
use this, it may be necessary to install and use a root certificate.
Signed-off-by: David Brown <david.brown@linaro.org>
Move defines for _RAM_ADDR, _RAM_SIZE, _ROM_ADDR, and _ROM_ADDR into
the linker.ld and thus remove dts_fixup.h. We rework to use
DT_REG_ADDR and DT_REG_SIZE on DT_CHOSEN(zephyr_sram) and
DT_CHOSEN(zephyr_flash).
Also fixup use of _RAM_ADDR/_RAM_SIZE in newlib/libc-hooks.c.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace DT_PHYS_RAM_ADDR and DT_RAM_SIZE with DT_REG_ADDR/DT_REG_SIZE
for the DT_CHOSEN(zephyr_sram) node.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The bounds check failed to account for the additional space required
for the terminating NUL after the encoded value was written.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This implements a file descriptor used for event notification that
behaves like the eventfd in Linux.
The eventfd supports nonblocking operation by setting the EFD_NONBLOCK
flag and semaphore operation by settings the EFD_SEMAPHORE flag.
The major use case for this is when using poll() and the sockets that
you poll are dynamic. When a new socket needs to be added to the poll,
there must be some way to wake the thread and update the pollfds before
calling poll again. One way to solve it is to have a timeout set in the
poll call and only update the pollfds during a timeout but that is not
a very nice solution. By instead including an eventfd in the pollfds,
it is possible to wake the polling thread by simply writing to the
eventfd.
Signed-off-by: Tobias Svehagen <tobias.svehagen@gmail.com>
The previous architecture proved unable to support user expectations,
so the API has been rebuilt from first principles. Backward
compatibility cannot be maintained for this change.
Key changes include:
* Formerly the service-provided transition functions were allowed to
sleep, and the manager took care to not invoke them from ISR
context, instead returning an error if unable to initiate a
transition. In the new architecture transition functions are
required to work regardless of calling context: it is the service's
responsibility to guarantee the transition will proceed even if it
needs to be transferred to a thread. This eliminates state machine
complexities related to calling context.
* Constants identifying the visible state of the manager are exposed
to clients through both notification callbacks and a new monitor API
that allows clients to be notified of all state changes.
* Formerly the release operation was async, and would be delayed for the
last release to ensure a client would exist to be notified of any
failures. It is now synchronous.
* Formerly the cancel operation would fail on the last client associated
with a transition. The cancel operation is now synchronous.
* A helper function is provided to safely synchronously release a
request regardless of whether it has completed or is in progress,
satisfying the use case underlying #22974.
* The user-data parameter to asynchronous notification callbacks has
been removed as user data can be retrieved from the CONTAINER_OF
the client data.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Fix thread fault, on user mode, when reading variable rt_clock_base.
For the moment, clock_settime is left without system call:
we don't want to expose clock_settime without figuring out access
control
Signed-off-by: Julien D'Ascenzio <julien.dascenzio@paratronic.fr>
Improve buffer overflow security on probe_cb. This ensures that socket
buffer have fixed lenght and content received by COAP fills properly on
metadata buffer. After that, ensures that metadata content is a valid
string with length lower than metadata size.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
A malformed JSON payload that is received from an UpdateHub server
may trigger memory corruption in the Zephyr OS. This could result
in a denial of service in the best case, or code execution in the
worst case.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The existing mem_pool implementation has been an endless source of
frustration. It's had alignment bugs, it's had racy behavior. It's
never been particularly fast. It's outrageously complicated to
configure statically. And while its fragmentation resistance and
overhead on small blocks is good, it's space efficiencey has always
been very poor due to the four-way buddy scheme.
This patch introduces sys_heap. It's a more or less conventional
segregated fit allocator with power-of-two buckets. It doesn't expose
its level structure to the user at all, simply taking an arbitrarily
aligned pointer to memory. It stores all metadata inside the heap
region. It allocates and frees by simple pointer and not block ID.
Static initialization is trivial, and runtime initialization is only a
few cycles to format and add one block to a list header.
It has excellent space efficiency. Chunks can be split arbitrarily in
8 byte units. Overhead is only four bytes per allocated chunk (eight
bytes for heaps >256kb or on 64 bit systems), plus a log2-sized array
of 2-word bucket headers. No coarse alignment restrictions on blocks,
they can be split and merged (in units of 8 bytes) arbitrarily.
It has good fragmentation resistance. Freed blocks are always
immediately merged with adjacent free blocks. Allocations are
attempted from a sample of the smallest bucket that might fit, falling
back rapidly to the smallest block guaranteed to fit. Split memory
remaining in the chunk is always returned immediately to the heap for
other allocation.
It has excellent performance with firmly bounded runtime. All
operations are constant time (though there is a search of the smallest
bucket that has a compile-time-configurable upper bound, setting this
to extreme values results in an effectively linear search of the
list), objectively fast (about a hundred instructions) and amenable to
locked operation. No more need for fragile lock relaxation trickery.
It also contains an extensive validation and stress test framework,
something that was sorely lacking in the previous implementation.
Note that sys_heap is not a compatible API with sys_mem_pool and
k_mem_pool. Partial wrappers for those (now-) legacy APIs will appear
later and a deprecation strategy needs to be chosen.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The original API was misnamed, as the intent was to provide a manager
that decoupled state management from the service that needed to be
turned on or off. Update all the names, shortening them where
appropriate removing unncessary internal components like _service.
Also remove some API that misled developers into believing that onoff
managers are normally expected to be exposed directly to consumers.
While this is a use case, in most situations there are service or
client-specific actions that need to be coupled to transition events.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
k_poll() for a signal is often desired for notification of completion
of asynchronous operations, but there are APIs where it may be
necessary to invoke "asynchronous" operations from contexts where
sleep is disallowed, or before the kernel has been initialized.
Extract the general notification solution from the on-off service into
a utility that can be used for other APIs.
Also move documentation out to a resource management section.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Extracted transition functions from onoff structure to external one
which allows to keep them in flash.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
The resource table is needed by the Linux kernel OS
for a rpmsg generic support, but is also recognised by OpenAMP.
This table allows to add trace based on the RAM console
and to support rpmsg protocol.
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@st.com>
Add a k_timeout_t type, and use it everywhere that kernel API
functions were accepting a millisecond timeout argument. Instead of
forcing milliseconds everywhere (which are often not integrally
representable as system ticks), do the conversion to ticks at the
point where the timeout is created. This avoids an extra unit
conversion in some application code, and allows us to express the
timeout in units other than milliseconds to achieve greater precision.
The existing K_MSEC() et. al. macros now return initializers for a
k_timeout_t.
The K_NO_WAIT and K_FOREVER constants have now become k_timeout_t
values, which means they cannot be operated on as integers.
Applications which have their own APIs that need to inspect these
vs. user-provided timeouts can now use a K_TIMEOUT_EQ() predicate to
test for equality.
Timer drivers, which receive an integer tick count in ther
z_clock_set_timeout() functions, now use the integer-valued
K_TICKS_FOREVER constant instead of K_FOREVER.
For the initial release, to preserve source compatibility, a
CONFIG_LEGACY_TIMEOUT_API kconfig is provided. When true, the
k_timeout_t will remain a compatible 32 bit value that will work with
any legacy Zephyr application.
Some subsystems present timeout (or timeout-like) values to their own
users as APIs that would re-use the kernel's own constants and
conventions. These will require some minor design work to adapt to
the new scheme (in most cases just using k_timeout_t directly in their
own API), and they have not been changed in this patch, instead
selecting CONFIG_LEGACY_TIMEOUT_API via kconfig. These subsystems
include: CAN Bus, the Microbit display driver, I2S, LoRa modem
drivers, the UART Async API, Video hardware drivers, the console
subsystem, and the network buffer abstraction.
k_sleep() now takes a k_timeout_t argument, with a k_msleep() variant
provided that works identically to the original API.
Most of the changes here are just type/configuration management and
documentation, but there are logic changes in mempool, where a loop
that used a timeout numerically has been reworked using a new
z_timeout_end_calc() predicate. Also in queue.c, a (when POLL was
enabled) a similar loop was needlessly used to try to retry the
k_poll() call after a spurious failure. But k_poll() does not fail
spuriously, so the loop was removed.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Kernel timeouts have always been a 32 bit integer despite the
existence of generation macros, and existing code has been
inconsistent about using them. Upcoming commits are going to make the
timeout arguments opaque, so fix things up to be rigorously correct.
Changes include:
+ Adding a K_TIMEOUT_EQ() macro for code that needs to compare timeout
values for equality (e.g. with K_FOREVER or K_NO_WAIT).
+ Adding a k_msleep() synonym for k_sleep() which can continue to take
integral arguments as k_sleep() moves away to timeout arguments.
+ Pervasively using the K_MSEC(), K_SECONDS(), et. al. macros to
generate timeout arguments.
+ Removing the usage of K_NO_WAIT as the final argument to
K_THREAD_DEFINE(). This is just a count of milliseconds and we need
to use a zero.
This patch include no logic changes and should not affect generated
code at all.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
After a success image download, UpdateHub needs inform MCUboot that
must test new image and then, on success, commit this new image. This
add missing upgrade request call step and fixes the upgarde flow.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
The current version aborts update when found last transfer block. Now,
system checks only at end of coap block transfer total size and install
if download is ok.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
The MAX_PAYLOAD_SIZE must reflect the size of COAP_BLOCK_x. This is
necessary becase BLOCK size represents max payload size. The current
value create inconsistencies for coap lib. The same way,
MAX_DOWNLOAD_DATA must allocate sufficient space for MAX_PAYLOAD_SIZE
plus all space for coap header etc.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
This commit changes the behaviour of the CMSIS-RTOS periodic timers to
have an initial timeout equal to the periodic timeout instead of
executing the callback function directly when calling the
osTimerStart(...); function.
This behavioural change is according to the CMSIS-RTOS specification.
Signed-off-by: Måns Ansgariusson <Mans.Ansgariusson@AssaAbloy.com>
Since we already have similarly licensed 3-clause BSD files in the tree,
and in particular in our minimal libc, move the fnmatch functionality
from ext/ to lib/.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This reverts commit 8739517107.
Pull Request #23437 was merged by mistake with an invalid manifest.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Private type, internal to the kernel, not directly associated
with any k_object_* APIs. Is the return value of z_object_find().
Rename to struct z_object.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rather than stuffing various values in a uintptr_t based on
type using casts, use a union for this instead.
No functional difference, but the semantics of the data member
are now much clearer to the casual observer since it is now
formally defined by this union.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Adding the ability to set and get pthread names by defining
some non-standard extension functions that were first
introduced by Glibc.
Similar to zephyr thread naming, these allow for thread
tracking and debugging even when using the more portable
posix API.
Though Glibc was the originator, the current POSIX functions
have return codes based on Oracle's adopted spec, so these
functions follow suit. The Oracle and Glibc function
prototypes match.
Signed-off-by: Nicholas Lowell <nlowell@lexmark.com>
timespec_to_timeoutms calls clock_gettime that requires
CONFIG_POSIX_CLOCK. ifdef this function to avoid undefined reference.
Fixes#20137
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The existing stack_analyze APIs had some problems:
1. Not properly namespaced
2. Accepted the stack object as a parameter, yet the stack object
does not contain the necessary information to get the associated
buffer region, the thread object is needed for this
3. Caused a crash on certain platforms that do not allow inspection
of unused stack space for the currently running thread
4. No user mode access
5. Separately passed in thread name
We deprecate these functions and add a new API
k_thread_stack_space_get() which addresses all of these issues.
A helper API log_stack_usage() also added which resembles
STACK_ANALYZE() in functionality.
Fixes: #17852
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
With the change in SDK 0.11.1 to newlib to remove
-DMISSING_SYSCALL_NAMES we now need to implement a version of
_gettimeofday. Previously with pre SDK 0.11.1 we had a recursive mess
of _gettimeofday_r -> gettimeofday -> _gettimeofday_r. (which are all
implemented in newlib and thus we didn't get a link error).
With SDK 0.11.1 we have: _gettimeofday_r -> _gettimeofday. And we
should provide a version of _gettimeofday.
Fixes#22484
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
On xtensa we always need to implement the reentrant fs syscall
functions. So remove the #ifndef CONFIG_POSIX_API protection around
them and add needed externs.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The xcc specific reentrant syscall implementations are actually useful
for xtensa in general. So move that code from being specific to
intel_s1000 / xcc into generic newlib/libc-hooks.c. This is in prep
for the Zephyr SDK dropping -DMISSING_SYSCALL_NAMES which will make
its version of newlib on xtensa match behavior with xcc.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Adds support for an optional lvgl touch input device using the zephyr
keyboard scan interface. This can be used with the ft5336 touch panel
driver, which returns single touch coordinates through the kscan
driver callback.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Introduce HAS_NEWLIB_LIBC_NANO Kconfig option that the toolchain
specific Kconfig (gnuarmemb & zephyr 0.11) can select to convey that the
feature is supported.
This removes the need to if protect the NEWLIB_LIBC_NANO Kconfig with:
if "$(ZEPHYR_TOOLCHAIN_VARIANT)" = "gnuarmemb"
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
There are various situations where it's necessary to support turning
devices on or off at runtime, includin power rails, clocks, other
peripherals, and binary device power management. The complexity of
properly managing multiple consumers of a device in a multithreaded
system suggests that a shared implementation is desirable. This
commit provides an API that supports managing on-off resources.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
The CONFIG_ prefixes were missing.
Found with a work-in-progress scripts/kconfig/lint.py check.
These are defined in lib/gui/lvgl/Kconfig.objects.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Adds support for the BGR565 pixel format to lvgl. This fixes the lvgl
sample for mimxrt10{50,60,64}_evk boards, which were broken when the
mcux elcdif display driver was modified in commit
9041b0f119 to return the BGR565 pixel
format instead of RGB565.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
`TLS_PEER_VERIFY` and `TLS_DTLS_ROLE` options accept specific values,
yet no symbols were defined for them. In result, magic numbers were used
in several places, making the code less readable.
Fix this issue, by adding the missing symbols to the `socket.h` header,
and using them in places where related socket options are set.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Completely remove the file info and condition expression from the
the print statement if they are not enabled. This saves a little code
space which adds up when there are many assert calls.
In bluetooth shell test this saves around 4.5k bytes.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The intention of disabling CONFIG_PRINTK is that all
invocations of it will compile to nothing, saving a lot
of runtime overhead and footprint since all the format
strings are completely dropped; instances of printk()
and related functions are no-ops.
However, some subsystems need snprintk() for string
processing, since the snprintf() implementations in even
minimal C library are too costly in text footprint or
stack usage for some applications. This processing is
required for the application to even function.
This patch continues to have disabling CONFIG_PRINTK to
cause the non snprintk functions to become no-ops, but
now we always compile the necessary bits for snprintk(),
relying on gc-sections to discard them if unused.
z_vprintk() is now unconditionally defined in the header
since it is not tied to any particular output sink and
is intended for users who know exactly what they are
doing (it's in zephyr private scope).
Relates to: #21564
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Severely memory constrained systems with known allocation patterns can
benefit from providing their own implementation of malloc with
specifically tuned bucket sizes. Provide a switch to allow users to
replace the default malloc implementation with their own.
Signed-off-by: Josh Gao <josh@jmgao.dev>
Remove leading/trailing blank lines in .c, .h, .py, .rst, .yml, and
.yaml files.
Will avoid failures with the new CI test in
https://github.com/zephyrproject-rtos/ci-tools/pull/112, though it only
checks changed files.
Move the 'target-notes' target in boards/xtensa/odroid_go/doc/index.rst
to get rid of the trailing blank line there. It was probably misplaced.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Mark the old time conversion APIs deprecated, leave compatibility
macros in place, and replace all usage with the new API.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Promote the private z_arch_* namespace, which specifies
the interface between the core kernel and the
architecture code, to a new top-level namespace named
arch_*.
This allows our documentation generation to create
online documentation for this set of interfaces,
and this set of interfaces is worth treating in a
more formal way anyway.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit refactors kernel and arch headers to establish a boundary
between private and public interface headers.
The refactoring strategy used in this commit is detailed in the issue
This commit introduces the following major changes:
1. Establish a clear boundary between private and public headers by
removing "kernel/include" and "arch/*/include" from the global
include paths. Ideally, only kernel/ and arch/*/ source files should
reference the headers in these directories. If these headers must be
used by a component, these include paths shall be manually added to
the CMakeLists.txt file of the component. This is intended to
discourage applications from including private kernel and arch
headers either knowingly and unknowingly.
- kernel/include/ (PRIVATE)
This directory contains the private headers that provide private
kernel definitions which should not be visible outside the kernel
and arch source code. All public kernel definitions must be added
to an appropriate header located under include/.
- arch/*/include/ (PRIVATE)
This directory contains the private headers that provide private
architecture-specific definitions which should not be visible
outside the arch and kernel source code. All public architecture-
specific definitions must be added to an appropriate header located
under include/arch/*/.
- include/ AND include/sys/ (PUBLIC)
This directory contains the public headers that provide public
kernel definitions which can be referenced by both kernel and
application code.
- include/arch/*/ (PUBLIC)
This directory contains the public headers that provide public
architecture-specific definitions which can be referenced by both
kernel and application code.
2. Split arch_interface.h into "kernel-to-arch interface" and "public
arch interface" divisions.
- kernel/include/kernel_arch_interface.h
* provides private "kernel-to-arch interface" definition.
* includes arch/*/include/kernel_arch_func.h to ensure that the
interface function implementations are always available.
* includes sys/arch_interface.h so that public arch interface
definitions are automatically included when including this file.
- arch/*/include/kernel_arch_func.h
* provides architecture-specific "kernel-to-arch interface"
implementation.
* only the functions that will be used in kernel and arch source
files are defined here.
- include/sys/arch_interface.h
* provides "public arch interface" definition.
* includes include/arch/arch_inlines.h to ensure that the
architecture-specific public inline interface function
implementations are always available.
- include/arch/arch_inlines.h
* includes architecture-specific arch_inlines.h in
include/arch/*/arch_inline.h.
- include/arch/*/arch_inline.h
* provides architecture-specific "public arch interface" inline
function implementation.
* supersedes include/sys/arch_inline.h.
3. Refactor kernel and the existing architecture implementations.
- Remove circular dependency of kernel and arch headers. The
following general rules should be observed:
* Never include any private headers from public headers
* Never include kernel_internal.h in kernel_arch_data.h
* Always include kernel_arch_data.h from kernel_arch_func.h
* Never include kernel.h from kernel_struct.h either directly or
indirectly. Only add the kernel structures that must be referenced
from public arch headers in this file.
- Relocate syscall_handler.h to include/ so it can be used in the
public code. This is necessary because many user-mode public codes
reference the functions defined in this header.
- Relocate kernel_arch_thread.h to include/arch/*/thread.h. This is
necessary to provide architecture-specific thread definition for
'struct k_thread' in kernel.h.
- Remove any private header dependencies from public headers using
the following methods:
* If dependency is not required, simply omit
* If dependency is required,
- Relocate a portion of the required dependencies from the
private header to an appropriate public header OR
- Relocate the required private header to make it public.
This commit supersedes #20047, addresses #19666, and fixes#3056.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
A double-free could cause very hard to find bugs when using the mempool
allocator as the same memory would end up being allocated twice
afterwards.
Now that bits in the block bitmap are cleared only when actually freeing
a block, we may simply ensure those bits are still set before clearing
them, effectively catching most double-free cases.
The alloc_bit_is_set() function is made static inline so that when
assertion checks are disabled the compiler won't complain about unused
code.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This prevents MINIMAL_LIBC from being selected by the user (in the
menuconfig or in a configuration file) when REQUIRES_FULL_LIBC is y.
'default' on a choice only determines the default selection, not what
symbols can be selected.
It's helpful to think of Kconfig in terms of someone going into the
menuconfig and making changes.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Clean up space errors and use a consistent style throughout the Kconfig
files. This makes reading the Kconfig files more distraction-free, helps
with grepping, and encourages the same style getting copied around
everywhere (meaning another pass hopefully won't be needed).
Go for the most common style:
- Indent properties with a single tab, including for choices.
Properties on choices work exactly the same syntactically as
properties on symbols, so not sure how the no-indentation thing
happened.
- Indent help texts with a tab followed by two spaces
- Put a space between 'config' and the symbol name, not a tab. This
also helps when grepping for definitions.
- Do '# A comment' instead of '#A comment'
I tweaked Kconfiglib a bit to find most of the stuff.
Some help texts were reflowed to 79 columns with 'gq' in Vim as well,
though not all, because I was afraid I'd accidentally mess up
formatting.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Not a top-level zephyr core API and tied to third party environment, so
move it to where the code is in lib/updatehub.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There are two set of code supporting x86_64: x86_64 using x32 ABI,
and x86 long mode, and this consolidates both into one x86_64
architecture and SoC supporting truly 64-bit mode.
() Removes the x86_64:x32 architecture and SoC, and replaces
them with the existing x86 long mode arch and SoC.
() Replace qemu_x86_64 with qemu_x86_long as qemu_x86_64.
() Updates samples and tests to remove reference to
qemu_x86_long.
() Renames CONFIG_X86_LONGMODE to CONFIG_X86_64.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Added in commit ccd1c21824 ("lib/cmsis_rtos_v1: Implement support for
thread APIs"), then never used.
Found with a script.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Was impossible to enable due to a typo. Fix it.
Found with a script (LVGL_OBJ_WINDOW was unused besides
being enabled in tests/lib/gui/lvgl/prj.conf).
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When small blocks are recombined to create a single block at a shallower
level, it is sufficient to remove those blocks from the free list. There
is no need to mark those small blocks as allocated in the bitmap.
This, in turn, removes the need to mark small blocks back as unallocated
when splitting up a big blocks as they'll already be so marked.
Only the first small block needs to be marked allocated and the
remaining blocks only need to be added to the free list.
This makes the code smaller and more efficient, especially since those
removed bit manipulations were located within loops.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This turns the free-bit flag into an alloc-bit flag effectively
reversing its semantic. This is to make further changes more natural
and easier to understand.
No need to clear the alloc bits at init time as they're located in .bss
and all clear already.
The code remains functionally equivalent after this change.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Use the int_literal_to_timeout Coccinelle script to convert literal
integer arguments for kernel API timeout parameters to the standard
timeout value representations.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The main and idle threads, and their associated stacks,
were being referenced in various parts of the kernel
with no central definition. Expose these in kernel_internal.h
and namespace with z_ appropriately.
The main and idle threads were being defined statically,
with another variable exposed to contain their pointer
value. This wastes a bit of memory and isn't accessible
to user threads anyway, just expose the actual thread
objects.
Redundance MAIN_STACK_SIZE and IDLE_STACK_SIZE defines
in init.c removed, just use the Kconfigs they derive
from.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
z_set_thread_return_value is part of the core kernel -> arch
interface and has been renamed to z_arch_thread_return_value_set.
z_set_thread_return_value_with_data renamed to
z_thread_return_value_set_with_data for consistency.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The realloc function was a bit too intimate with the mempool accounting.
Abstract that knowledge away and move it where it belongs.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Stop linking interface libraries against zephyr_interface. This is
cargo cult code that in practice does nothing.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Newlib has it defined in sys/timespec.h, and thus per the established
conventions, everything else relies on it being there. Specifically,
minimal libc acquires sys/timespec.h with a similar definition, and
POSIX headers rely on that header. Still with a workaround for old
Newlib version as used by Xtensa (but all infrastructure for that is
already there; actually, this patch removes duplicate similar-infra,
which apparently didn't work as expected by now, so now we have a
single workaround, not 2 different once).
To emphasize a point, now there 2 headers:
sys/_timespec.h, defining struct timespec, and
sys/timespec.h, defining struct itimerspec
That's how Newlib has it, and what we faithfully embrace and follow,
because otherwise, there will be header conflicts depending on
various libc and POSIX subsys options.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Allow to enable individual POSIX components, like Pthreads.
CONFIG_POSIX_API now just enables all of individual POSIX components,
and sets up environment suitable to easily port POSIX applications to
Zephyr.
Fixes: #12965
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Some modules use snprintk to format the settings keys. Unfortunately
snprintk is tied with printk which is very large for some embedded
systems.
To be able to have settings enabled without also enabling printk
support, change creation of settings key strings to use bin2hex, strlen
and strcpy instead.
A utility function to make decimal presentation of a byte value is
added as u8_to_dec in lib/os/dec.c
Add new Kconfig setting BT_SETTINGS_USE_PRINTK
Signed-off-by: Kim Sekkelund <ksek@oticon.com>
The algorithm for converting broken-down civil time to seconds in the
POSIX epoch time scale would produce undefined behavior on a toolchain
that uses a 32-bit time_t in cases where the referenced time could not
be represented exactly.
However, there are use cases in Zephyr for civil time conversions
outside the 32-bit representable range of 1901-12-13T20:45:52Z through
2038-01-19T03:14:07Z inclusive.
Add new API that specifically returns a 64-bit signed seconds count, and
revise the existing API to detect out-of-range values and convert them
to a diagnosible error.
Closes#18465
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
timeutil_timegm() does not modify the passed structure, so it should
indicate that in the signature (even though the GNU extension does not).
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
static_assert was not added to C until C11. Zephyr builds default to
C99. To preserve compatibility with newlib avoid defining the
macro at standard levels where it did not exist.
Relates to #17738 and #11754.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The semi-automated API changes weren't checkpatch aware. Fix up
whitespace warnings that snuck into the previous patches. Really this
should be squashed, but that's somewhat difficult given the structure
of the series.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These calls are buildable on common sanitycheck platforms, but are not
invoked at runtime in any tests accessible to CI. The changes are
mostly mechanical, so the risk is low, but this commit is separated
from the main API change to allow for more careful review.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The ARM embedded toolchain has 2 newlib based libc build variants, one
that utilizes the "nano" configuration which is more in line with the
Zephyr SDK. Make the "nano" cfg the default if newlib is enabled to
match closer how the Zephyr SDK behaves.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
To make sure that entry in fs.c:desc_array[] is freed. Note that
freeing an entry in fdtable is handled by generic implementation
of close().
Fixes: #17231
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
pthread_mutex_init() just redirects to Zephyr kernel primitive, for
initializing structure fields. So, use the knowledge that it can't
fail (for as long as structure pointer is initialized, and here it's
from pre-allocated array), and ignore return value of
pthread_mutex_init()
Coverity-CID: 203542
Fixes: #18371
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The solution from #14312 of using -isystem to prioritize the position of
the libc directory bypasses the effect of -ffreestanding with respect to
libc symbols expected to be present in a non-hosted environment.
Further, it breaks C++ with the ARM Embedded toolchain as the system
fails to find the right file with #include_next.
Use a more fine-grained solution that explicitly includes the underlying
newlib header required for <inttypes.h> support before moving on to
include the next available one, whether system or non-system.
Closes#17564
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Follow the approach of newlib to use a file sys/_types.h to specify the
underlying type for POSIX/libc types that must be provided in multiple
headers. The identifier for this type is in the reserved namespace.
Use this type rather than a specific standard type in all headers that
need to provide the type under its public name.
Remove the inclusion of <sys/types.h> from headers that should not bring
in all symbols present in that header, replacing it with the standard
boilerplate to expose the specific symbols that are required.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
time_t and suseconds_t are defined in time.h and sys/types.h. Handle
the duplication by adding ifdef protection around them similar to what
is being done for other types.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Similar to how other sub-libraries are defined in Zephyr tree, e.g.
"fs", "lgvl", etc. This is supposed to help with the need to
explicitly add posix include path to each and every application using
POSIX subsys.
Fixes: #15627
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is consistent with how newlib headers are treated, and will
have effect of ninlibc headers to be further down in the include
order. This is important, because some POSIX subsys headers
override those of libc. Without this change, we can't streamline
POSIX build config using zephyr_interface_library_named() cmake
directive, because includes will be in wrong order.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Historically, it used to be "PTHREAD", which is no longer true, as
POSIX subsys offers much more functionality than just Pthreads. Use
detailed name, like "posix_subsys", to avoid possible confusion with
ARCH_POSIX-related matters.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
These functions are useful for determining prefixes, as with file system
paths. They are required by littlefs.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
struct tm has fields that were not being set by the implementation,
causing the test to fail when the uninitialized values were compared
with a static initialized result. Zero the structure before filling it.
Closes#17794
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
By the latest convention, libc's define struct timespec in
sys/_timespec.h. This is consistent with Newlib and ensures
about errors due to redefinitions.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Per POSIX, open() is defined in <fcntl.h>. fcntl.h in turn comes from
the underlying libc, either newlib, or minimal libc.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
That's the header which is supposed to define them, there was even
FIXME on that in mqueue.h.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
POSIX subsys defines struct timespec in <time.h> (as POSIX public
API requires), but newlib defines in in sys/_timespec.h, which
inevitably leads to inclusion order and redifinition conflicts.
Follow newlib way and define it in single place, sys/_timespec.h,
which belongs to libc namespace. Thus, we move current definition
to minimal libc, and will use either minlibc's or newlib's
definition, instead of trying to redefine it.
This is similar to the introduction of sys/_timeval.h done earlier.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Newlib libc already provides sys/stat.h, so trying to have sys/stat.h
on the level of POSIX subsys inevitable leads to include order and
definition conflicts. Instead (as most of other sys/* includes)
should come from the underlying libc.
While moving, made unrelated change of removing #include <kernel.h>,
to accommodate the change reviewers.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
For systems with userspace, the sys_sem exist in user memory working
as counter semaphore for user mode thread. The implemention of sys_sem
is based on k_futex. And the majority of the synchronization operations
are performed in user mode to reduce the calling of system call.
And for systems without userspace enabled, sys_sem behaves like k_sem.
Fixes: #15139.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
User mode isn't allowed to generate a panic and this would
lead to a confusing privilege violation exception.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add a generic API to provide the inverse operation for gmtime and as a
home for future generic time-related functions that are not in POSIX.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Implement the conversion from UNIX time to broken-down civil time per
the gmtime() and gmtime_r() functions.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Provide definitions for a subset of the standard time types that must be
provided by this file, in anticipation of supporting civil time in
Zephyr.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
The mempool allocator implementation recursively breaks a memory block
into 4 sub-blocks until it minimally fits the requested memory size.
The size of each sub-blocks is rounded up to the next word boundary to
preserve word alignment on the returned memory, and this is a problem.
Let's consider max_sz = 2072 and n_max = 1. That's our level 0.
At level 1, we get one level-0 block split in 4 sub-blocks whose size
is WB_UP(2072 / 4) = 520. However 4 * 520 = 2080 so we must discard the
4th sub-block since it doesn't fit inside our 2072-byte parent block.
We're down to 3 * 520 = 1560 bytes of usable memory.
Our memory usage efficiency is now 1560 / 2072 = 75%.
At level 2, we get 3 level-1 blocks, and each of them may be split
in 4 sub-blocks whose size is WB_UP(520 / 4) = 132. But 4 * 132 = 528
so the 4th sub-block has to be discarded again.
We're down to 9 * 132 = 1188 bytes of usable memory.
Our memory usage efficiency is now 1188 / 2072 = 57%.
At level 3, we get 9 level-2 blocks, each split into WB_UP(132 / 4)
= 36 bytes. Again 4 * 36 = 144 so the 4th sub-block is discarded.
We're down to 27 * 36 = 972 bytes of usable memory.
Our memory usage efficiency is now 972 / 2072 = 47%.
What should be done instead, is to round _down_ sub-block sizes
not _up_. This way, sub-blocks still align to word boundaries, and
they always fit within their parent block as the total size may
no longer exceed the initial size.
Using the same max_sz = 2072 would yield a memory usage efficiency of
99% at level 3, so let's demo a worst case 2044 instead.
Level 1: 4 sub-blocks of WB_DN(2044 / 4) = 508 bytes.
We're down to 4 * 508 = 2032 bytes of usable memory.
Our memory usage efficiency is now 2032 / 2044 = 99%.
Level 2: 4 * 4 sub-blocks of WB_DN(508 / 4) = 124 bytes.
We're down to 16 * 124 = 1984 bytes of usable memory.
Our memory usage efficiency is now 1984 / 2044 = 97%.
Level 3: 16 * 4 sub-blocks of WB_DN(124 / 4) = 28 bytes.
We're down to 64 * 28 = 1792 bytes of usable memory.
Our memory usage efficiency is now 1792 / 2044 = 88%.
Conclusion: if max_sz is a power of 2 then we get 100% efficiency at
all levens in both cases. But if not, then the rounding-up method has
a far worse degradation curve than the rounding-down method, wasting
more than 50% of memory in some cases.
So let's round sub-block sizes down rather than up, and remove
block_fits() which purpose was to identify sub-blocks that didn't
fit within their parent block and is now useless.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Since commit 39cd2ebef7 ("malloc: make sure returned memory is
properly aligned") the size of struct sys_mem_pool_block size is
rounded up to the next word boundary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Move duplicate hex2bin and add bin2hex function so that application can
use the functions and avoid code duplication.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The space or plus prefix must appear when requested even with INF and
NAN. And no zero-padding in that case.
Also, 0.0 and -0.0 are distinct values. It is necessary to display
the minus sign with a negative zero.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The precision parameter to the %g conversion indicates the maximum
number of significant digits and not the number of digits to appear
after the radix character. Here's a few examples this patch fixes:
expected before
----------------------------------------------------------
printf("%.3g", 150.12) 150 150.12
printf("%.2g", 150.1) 1.5e+02 150.1
printf("%#.3g", 150.) 150. 150.000
printf("%#.2g", 15e-5) 0.00015 0.00
printf("%#.4g", 1505e-7) 0.0001505 0.0002
printf("%#.4g", 1505e-8) 1.505e-05 1.5050e-05
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The code accounts only for 2 exponent digits even though the exponent
may grow up to 308. Before this change, printf("%g", 1e300) would
produce "1e+N0".
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The on-stack work buffer occupies 201 bytes by default. Now that we've
made the code able to cope with virtually unlimited width and precision
values, we can reduce stack usage to its strict minimum i.e. 25 bytes.
This allows for some additional sprintf tests exercizing wide results.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Even if the code used to limit the precision to the on-stack buffer
size, it was still possible to do:
printf("%f", 1.0e300);
which would overflow the stack and crash the program. Let fix this issue
and remove the precision limitation by recording the number of zeroes to
insert while converting the value and generating those zeroes only
when outputting the data.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Zero-padding of integers took place in the on-stack buffer before
justification. Let's perform that padding on the fly while sending
out data instead.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The z_prf() function currently allocates a 200-byte buffer on the
stack to copy strings into, and then perform left/right alignment
and padding. Not only this is a pretty large chunk of stack usage,
but this imposes limitations on field width and string length. Also
the string is copied not only once but _thrice_ making this code
less than optimal.
Let's rework the code to get rid of both the field width limit and
string length limit, as well as the two extra memory copy instances.
While at it, let's fixes printf("%08s", "abcd") which used to
produce "0000abcd".
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Mimic the glibc behavior when encountering an unknown conversion
specifier rather than silently skipping it.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This makes for nicer code by avoiding repetitions of the same pattern.
Changes to come will make more use of it.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Some cleanups before further changes:
- Remove dead leftover from the "case 's'" code.
- Remove needless parents and casts.
- Remove "register" qualifier as it is ignored. The compiler knows
better these days.
- Adjust tabs assuming standard 8-columns tab spacing.
- Make multi-line comments start with "/*" on a line of its own.
- Make the format string const to match prototypes in other files.
- Declare boolean variable and parameters as bool.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This reverts commit 2a63e342f4.
This needs to be reverted as otherwise the type of ssize_t will be
"unsigned long" which is not correct.
(gdb) ptype ssize_t
type = unsigned long
For example this check would fail in that case
ssize_t foo(void)
{
return -1;
}
...
if (foo() < 0) {
printk("This is never called\n");
}
Fixes#17378
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Removed lvgl sources from CMakefile.txt and only keep zephyr glue
logic.
Further added lvgl module to west.yml.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
Compilers (at least gcc and clang) already provide max value definitions
for basic types. It makes sense to rely on them to properly support
both 32-bit and 64-bit builds.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The accounting data stored at the beginning of a memory block used by
malloc must push the returned memory address to a word boundary. This
is already the case on 32-bit systems, but not on 64-bit systems where
e.g. struct k_mem_block_id still has a size of 4.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The current CMSIS v2 implementation is clearly assuming that timeout
arguments being passed to e.g. osDelay() are in units of Zephyr ticks,
not milliseconds as specified by ARM or (inconsistently) assumed by
our test code.
Most tests work with the ~100 Hz default tick rate, but they tend to
fail on precision issues at higher tick rates. Force the CMSIS v2
applications to be 1000 Hz for now as a workaround, and detect the
mismatch as a build failure.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The "bits" field in struct sys_mem_pool_lvl is unioned with a pointer.
That leaves more space for inline free bits on 64-bit targets.
Let's declare it as an array and adjust its size based on the pointer
size. On 32-bit targets the generated code remains identical.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Minimum alignment and rounding must be done on a word boundary. Let's
replace _ALIGN4() with WB_UP() which is equivalent on 32-bit targets,
and 64-bit aware.
Also enforce a minimal alignment on the memory pool. This is making
a difference mostly on64-bit targets where the widely used 4-byte
alignment is not sufficient.
The _ALIGN4() macro has no users left so it is removed.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This function doesn't do anything, and only exists so that
it can be overridden later, exclude from coverage reports.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
move misc/reboot.h to power/reboot.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/stack.h to debug/stack.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/speculation.h to sys/speculation.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/slist.h to sys/slist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/rb.h to sys/rb.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/printk.h to sys/printk.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mutex.h to sys/mutex.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mempool.h to sys/mempool.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mempool_base.h to sys/mempool_base.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/math_extras.h to sys/math_extras.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/libc-hooks.h to sys/libc-hooks.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/fdtable.h to sys/fdtable.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/errno_private.h to sys/errno_private.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move ring_buffer.h to sys/ring_buffer.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move display.h to drivers/display.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move hwinfo.h to drivers/hwinfo.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move flash.h to drivers/flash.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move json.h to data/json.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move crc.h to sys/crc.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move base64.h to sys/base64.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move fs.h to fs/fs.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This adds the necessary bits to utilize the x86_64 toolchain
built by sdk-ng for x86_64 when toolchain variant is either
zephyr or xtools. This allows decoupling the builds from
the host toolchain.
Newlib is also available with this toolchain so remove
the Kconfig restriction on CONFIG_NEWLIB_LIBC.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
types.h was wrongly defining unsigned as signed and following
undefining it. This definition was not being used anywhere though.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In ARM builds with support for user mode, i.e. with
CONFIG_USERSPACE=y, we need to align the beginning
of the heap space, to respect the ARM MPU region
alignment requirements.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
USED_RAM_END_ADDR is not used when Kconfig option
CONFIG_NEWLIB_LIBC_ALIGNED_HEAP_SIZE is defined,
therefore, we do not need to define the macro in
that specific case.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Compilers (at least gcc and clang) already provide definitions to
create standard types and their range. For example, __INT16_TYPE__ is
normally defined as a short to be used with the int16_t typedef, and
__INT16_MAX__ is defined as 32767. So it makes sense to rely on them
rather than hardcoding our own, especially for the fast types where
the compiler itself knows what basic type is best.
Using compiler provided definitions makes even more sense when dealing
with 64-bit targets where some types such as intptr_t and size_t must
have a different size and range. Those definitions are then adjusted
by the compiler directly.
However there are two cases for which we should override those
definitions:
* The __INT32_TYPE__ definition on 32-bit targets vary between an int
and a long int depending on the architecture and configuration.
Notably, all compilers shipped with the Zephyr SDK, except for the
i586-zephyr-elfiamcu variant, define __INT32_TYPE__ to a long int.
Whereas, all Linux configurations for gcc, both 32-bit and 64-bit,
always define __INT32_TYPE__ as an int. Having variability here is
not welcome as pointers to a long int and to an int are not deemed
compatible by the compiler, and printing an int32_t defined with a
long using %d makes the compiler to complain, even if they're the
same size on 32-bit targets. Given that an int is always 32 bits
on all targets we might care about, and given that Zephyr hardcoded
int32_t to an int before, then we just redefine __INT32_TYPE__ and
derrivatives to an int to keep the peace in the code.
* The confusion also exists with __INTPTR_TYPE__. Looking again at the
Zephyr SDK, it is defined as an int, even even when __INT32_TYPE__ is
initially a long int. One notable exception is i586-zephyr-elf where
__INTPTR_TYPE__ is a long int even when using -m32. On 64-bit targets
this is always a long int. So let's redefine __INTPTR_TYPE__ to always
be a long int on Zephyr which simplifies the code, works for both
32-bit and 64-bit targets, and mimics what the Linux kernel does.
Only a few print format strings needed adjustment.
In those two cases, there is a safeguard to ensure the type we're
enforcing has the right size and fail the build otherwise.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The free block bitmap uses either extra memory specified by a pointer
in struct sys_mem_pool_lvl or the space occupied by that pointer
directly if the bitmap length is small enough to fit it.
But the test is wrong. the inline bitmap should be used if the number
of required bits is smaller or _equal_ to the pointer size. Not doing so
would wrongly bounce the free block bitmap to extra memory when the
number of blocks is exactly 32, which is in disagreement with
Z_MPOOL_LBIT_WORDS() that correctly returns 0 in that case.
In theory that mean that this bug would causes an overflow of the free
block bitmap whenever one level has exactly 32 blocks. But right now
there is a separate bug fixed separately that over-sizes the extra block
bitmap mitigating this bug.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The block_fits() predicate was borked. It would check that a block
fits within the bounds of the whole heap. But that's not enough:
because of alignment changes between levels the sub-blocks may be
adjusted forward. It needs to fit inside the PARENT block that it was
split from.
What could happen at runtime is that the last subblocks of a
misaligned parent block would overlap memory from subsequent blocks,
or even run off the end of the heap. That's bad.
Change the API of block_fits() a little so it can extract the parent
region and do this properly.
Fixes#15279. Passes test introduced in #16728 to demonstrate what
seems like the same issue.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
In z_sys_mem_pool_block_alloc() the size of the first level block
allocation is rounded up to the next 4-bite boundary. This means one
or more of the trailing blocks could overlap the free block bitmap.
Let's consider this code from kernel.h:
#define K_MEM_POOL_DEFINE(name, minsz, maxsz, nmax, align) \
char __aligned(align) _mpool_buf_##name[_ALIGN4(maxsz * nmax) \
+ _MPOOL_BITS_SIZE(maxsz, minsz, nmax)]; \
The static pool allocation rounds up the product of maxsz and nmax not
size of individual blocks. If we have, say maxsz = 10 and nmax = 20,
the result of _ALIGN4(10 * 20) is 200. That's the offset at which the
free block bitmap will be located.
However, because z_sys_mem_pool_block_alloc() does this:
lsizes[0] = _ALIGN4(p->max_sz);
Individual level 0 blocks will have a size of 12 not 10. That means
the 17th block will extend up to offset 204, 18th block up to 216, 19th
block to 228, and 20th block to 240. So 4 out of the 20 blocks are
overflowing the static pool area and 3 of them are even located
completely outside of it.
In this example, we have only 20 blocks that can't be split so there is
no extra free block bitmap allocation beyond the bitmap embedded in the
sys_mem_pool_lvl structure. This means that memory corruption will
happen in whatever data is located alongside the _mpool_buf_##name
array. But even with, say, 40 blocks, or larger blocks, the extra bitmap
size would be small compared to the extent of the overflow, and it would
get corrupted too of course.
And the data corruption will happen even without allocating any memory
since z_sys_mem_pool_base_init() stores free_list pointer nodes into
those blocks, which in turn may get corrupted if that other data is
later modified instead.
Fixing this issue is simple: rounding on the static pool allocation is
"misparenthesized". Let's turn
_ALIGN4(maxsz * nmax)
into
_ALIGN4(maxsz) * nmax
But that's not sufficient.
In z_sys_mem_pool_base_init() we have:
size_t buflen = p->n_max * p->max_sz, sz = p->max_sz;
u32_t *bits = (u32_t *)((u8_t *)p->buf + buflen);
Considering the same parameters as above, here we're locating the extra
free block bitmap at offset `buflen` which is 20 * 10 = 200, again below
the reach of the last 4 memory blocks. If the number of blocks gets past
the size of the embedded bitmap, it will overlap memory blocks.
Also, the block_ptr() call used here to initialize the free block linked
list uses unrounded p->max_sz, meaning that it is initially not locating
dlist nodes within the same block boundaries as what is expected from
z_sys_mem_pool_block_alloc(). This opens the possibility for allocated
adjacent blocks to overwrite dlist nodes, leading to random crashes in
the future.
So a complete fix must round up p->max_sz here too.
Given that runtime usage of max_sz should always be rounded up, it is
then preferable to round it up once at compile time instead and avoid
further mistakes of that sort. The existing _ALIGN4() usage on p->max_sz
at run time are then redundant.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
If multithreading is disabled, thread_entry() never runs
since we cannot create threads; the non-multithreading case
was simply dead code.
Indicate to code coverage that CODE_UNREACHABLE should be
skipped.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This allows for printing long long values. Because the code size
increase may be significant, this is made optional on 32-bit targets.
On 64-bit targets this doesn't change the code much as longs and
long longs are the same size so it is always enabled in that case.
The test on MAXFLD has to be adjusted accordingly. Yet, its minimum
value wasn't large enough to store a full-scale octal value, so this
is fixed as well.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
On 64-bit systems the most notable difference is due to longs and
pointers being 64-bit wide. Therefore there must be a distinction
between ints and longs. Similar to the prf.c case, this patch properly
implements the h, hh, l, ll and z length modifiers as well as some small
cleanups.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
On 64-bit systems the most notable difference is due to longs and
pointers being 64-bit wide. Therefore there must be a distinction
between ints and longs.
This patch:
- Make support functions take a long rather than an int as this can
carry both longs and ints just fine.
- Use unsigned values in _to_x() to cover the full unsigned range
and avoid sign-extending big values. Negative values are already
converted to unsigned after printing the minus sign. This also makes
division and modulus operations slightly faster.
- Remove excessive casts around va_arg() and use proper types with it.
- Implement the l and z length modifiers as they're significant on
64-bit targets. While at it, throw in the z modifier as well.
Since they all come down to 32-bit values on 32-bit targets, the
added code should get optimized away as duplicate by the compiler
in that case.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Casting a pointer to an int produces warnings with 64-bit targets.
Furthermore, an int is not always the optimal memory element that
can be copied in that case.
Let's use uintptr_t to cast pointers to integers for alignment
determination purposes, and mem_word_t to denote the optimal memory
"word" that can be copied on the platform.
The mem_word_t definition is equivalent to uintptr_t by default.
However, some 32-bit targets such as ARM platforms with the LDRD/STRD
instructions could benefit from word_t being an uint64_t.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Per guidelines, all statements should have braces around them. We do not
have a CI check for this, so a few went in unnoticed.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The struct json_obj_descr definition allocates only 2 bits for type
alignment. Instead of using them literally minus 1 to encode 1, 2, or 4,
let's store the alignment's shift value instead so that 1, 2, 4 or 8 can
be encoded with the same 2 bits to accommodate 64-bit builds.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This extends the UpdateHub library code to allow the
use of IPV6 for communication.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
This extends the UpdateHub library code to allow the
use of CoAPS/DTLS for communication.
Refs: #13039.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
UpdateHub is an enterprise-grade solution which makes simple to
remotely update all your embedded devices in the field. It
handles all aspects related to sending Firmware Over-the-Air(FOTA)
updates with maximum security and efficiency, while you focus in
adding value to your product.
Signed-off-by: Christian Tavares <christian.tavares@ossystems.com.br>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Corrected buffer pointer in LVGL zephyr_vdb_write function for
converting RGBA8888 to RGB888 pixel format.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
The 'Graphical user interface' menu currently contains just the
'LittlevGL Support' symbol and its indented children.
To remove one menu level, remove the 'Graphical user interface' menu,
rename the symbol to 'LittlevGL GUI library' (consistent with e.g.
'Logging' and 'Bluetooth'), and turn it into a 'menuconfig' symbol.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Previous version calculated rt_clock_base incorrectly by subtracting
clock_gettime from the specified time. Effectively the following
formula was used.
rt_clock_base := new_time - clock_gettime()
This is clearly incorrect when we consider what should happen if we
call clock_settime with the result of clock_gettime. It ought to be
approximately a no-op, but instead we end up zeroing the clock.
rt_clock_base := clock_gettime() - clock_gettime() = 0
This patch fixes clock_settime by instead using k_uptime_get to
calculate rt_clock_base, like so:
rt_clock_base := new_time - k_uptime_get()
Trying the earlier thought experiment we get:
rt_clock_base := clock_gettime() - k_uptime_get()
Using the definition of clock_gettime this expands to:
rt_clock_base := (rt_clock_base + k_uptime_get()) - k_uptime_get()
The two k_uptime_get() terms cancel out, leaving:
rt_clock_base := rt_clock_base
I.e. the no-op that we expect when calling clock_settime with
the result of clock_gettime.
Note: The bug is only observable when rt_clock_base is non-zero.
So when clock_settime is called for the first time, it will appear
to work correctly since rt_clock_base is initialized to 0.
Signed-off-by: Alexander Mihajlovic <alexander.mihajlovic@endian.se>
Add an option for building with newlib-nano library.
The newlib-nano library for ARM embedded processors is a part of the
GNU Tools for ARM Embedded Processors.
Add mem_alloc tests with newlib nano.
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
Use the new math_extras functions instead of calling builtins directly.
Change a few local variables to size_t after checking that all uses of
the variable actually expects a size_t.
Signed-off-by: Jakob Olesen <jolesen@fb.com>
Current code implement CONFIG_MAX_PTHREAD_COUNT as the maximum number
of POSIX threads that can ever be created, rather than the maximum
number of active POSIX threads. Use pthread_state of struct posix_thread
to track the state of posix thread in posix_thread_pool so that we can
reuse the unused posix thread.
Fixes#15516.
Signed-off-by: Wentong Wu <wentong.wu@intel.com>
According to POSIX, that's the header which defines this function.
Similarly, nothing in POSIX indicates that <time.h> should have
access to struct timeval, so it's removed (it's made accessible
to <sys/time.h> via <sys/_timeval.h> introduced earlier).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is implementation-level header which defines struct timeval, and
intended to be included by headers which need this structure. This
implementation scheme is compatible with Newlib, and thus provides a
step to use minlibc vs Newlib interchangeably.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Set to same default as regular stacks. This doesn't use
any extra memory until CMSIS_V2_THREAD_DYNAMIC_MAX_COUNT
is set. 0 is not a valid default if that is set.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Depending on configuration, this value could end up as
a variable and not an array symbol, causing a crash if
newlib decides to call _sbrk on behalf of a user thread,
which needs to perform arithmetic on it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Excerpt from the manual:
If ptr is NULL, then the call is equivalent to malloc(size) [...]
Without this commit, such calls end with a BUS FAULT.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Rename reserved function names in the subsys/ subdirectory except
for static _mod_pub_set and _mod_unbind functions in bluetooth mesh
cfg_srv.c which clash with the similarly named global functions.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Permission management no longer necessary, the former
parameter for the mutex is now simply ignored.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For systems without userspace enabled, these work the same
as a k_mutex.
For systems with userspace, the sys_mutex may exist in user
memory. It is still tracked as a kernel object, but has an
underlying k_mutex that is looked up in the kernel object
table.
Future enhancements will optimize sys_mutex to not require
syscalls for uncontended sys_mutexes, using atomic ops
instead.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
MISRA-C 8.10.2 defines essential operand types and how to handle them
through rules 10.1 .. 10.5. This commit adds an U to unsigned constants
to avoid implicit casts and make if/while statements evaluate a boolean
to avoid other types being casted to boolean.
MISRA-C rules 10.1, 10.2 and 10.3
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
