- When malloc() is called with a size of 0 we should not set errno
to ENOMEM as there is no actual allocation failure in that case.
This duplicates the realloc() behavior.
- Put unlock_ret assignments on separate lines, otherwise gcc complains
about unused variables when the tests on it are disabled.
- There NULL return added in 952970d6cb are completely pointless.
First, there is no reason for sys_mutex_unlock() to fail, and even
if it did, those returns would be blatent memory leaks. Remove them.
No one should blindly modify code just to make static code
analysers happy.
- Replace all CHECKIF() by explicit assertion statements to uniformize
those checks and drop the NULL returns entirely. We can't return
anything in the free() case, and there are no runtime conditions
for sys_mutex_lock() to sometimes succeed and sometimes fail anyway.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The identifiers used in the declaration and definition of a function
shall be identical [MISRAC2012-RULE_8_3-b]
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fix#32938 [Coverity CID :219508] "Unchecked return value in
lib/libc/minimal/source/stdlib/malloc.c"
The Coverity complains about sys_mutex_lock() which returns 0 if
locked. I added also the same check on returned value for
sys_mutex_unlock() which returns 0 if unlocked.
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Commit 40016a6a92 ("libc/minimal: Use a sys_heap for the malloc
implementation") replaced sys_mem_pool_alloc() with sys_heap_alloc().
The problem is that those aren't equivalent. While the former did
guard against concurrent usage, the later doesn't.
Add the same locking around sys_heap_alloc() that used to be implicit
with sys_mem_pool_alloc().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The definition for realloc() says that it should return a pointer
to the allocated memory which is suitably aligned for any built-in
type.
Turn sys_heap_realloc() into a sys_heap_aligned_realloc() and use it
with __alignof__(z_max_align_t) to implement realloc() with proper
memory alignment for any platform.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The definition for malloc() says that it should return a pointer
to the allocated memory which is suitably aligned for any built-in
type. This requirement was lost in commit 0c15627cc1 ("lib: Remove
sys_mem_pool implementation") where the entire memory pool used to
have an explicit alignment of 16.
Fix this by allocating memory with sys_heap_aligned_alloc() using
__alignof__(z_max_align_t) which will automatically get the needed
alignment on each platform.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
reallocarray() is defined in terms of realloc(). From OpenBSD manual
pages:
"Designed for safe allocation of arrays, the reallocarray()
function is similar to realloc() except it operates on nmemb
members of size size and checks for integer overflow in the
calculation nmemb * size."
The return value of sys_heap_realloc() is not compatible with that
of realloc().
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
Previously, newlib claimed all free physical memory in the
system.
Now, the kernel manages this, allowing for memory to be
used via k_mem_map() calls.
Establish an upper bound to how much newlib will try to
claim on system startup, instead of trying to take all
of it, allowing other parts of the system to also map
anonymous memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now draw heap memory from an anonymous memory mapping
instead of a hard-coded region past the kernel image,
which is no longer mapped by default.
Some readability cleanups were made to a particuarly
horrible set of nested ifdefs. A few types were adjusted.
sbrk()'s count argument is an intptr_t, not an int.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, newlib claimed all free physical memory in the
system.
Now, the kernel manages this, allowing for memory to be
used via k_mem_map() calls.
Establish an upper bound to how much newlib will try to
claim on system startup, instead of trying to take all
of it, allowing other parts of the system to also map
anonymous memory.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We now draw heap memory from an anonymous memory mapping
instead of a hard-coded region past the kernel image,
which is no longer mapped by default.
Some readability cleanups were made to a particuarly
horrible set of nested ifdefs. A few types were adjusted.
sbrk()'s count argument is an intptr_t, not an int.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Macros like INT64_C(x) convert x to a constant integral expression,
i.e. one that can be used in preprocessor code. Implement wrappers
that use the GNUC intrinsics to perform the translation.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Fixes: #28650
Linking with newlib now defines the following linker flags as:
```
${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}c
${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}gcc
c
```
This is needed because when linking with newlib on aarch64, then libgcc
has a link dependency to libc (strchr), but libc also has dependencies
to libgcc.
CMake is capable of handling circular link dependencies for CMake
defined static libraries, which can be further controlled using
`LINK_INTERFACE_MULTIPLICITY`.
However, libc and libgcc are not regular CMake libraries, and is seen as
linker flags by CMake, and thus symbol de-duplications will be
performed.
CMake link options cannot be used, as that will place those libs first
on the linker invocation. -Wl,--start-group is problematic as the
placement of -lc and -lgcc is not guaranteed in case later libraries are
also using -lc / -libbgcc as interface linker flags.
Thus, we resort to use
`${CMAKE_C_LINKER_WRAPPER_FLAG}${CMAKE_LINK_LIBRARY_FLAG}`
as this ensures the uniqueness and thus avoids symbol de-duplication
which means libc will be followed by libgcc, which is finally followed
by libc again.
It would have been possible to use `-lc` directly, but there is a risk
that an externally library is also adding `-lc` and thus de-duplication
and re-arrangement of this flag happens. This risk is in theory also
existing with this fix, but the long nature of this link flag with using
`${CMAKE_C_LINKER_WRAPPER_FLAG}` would likely indicate a similar fix and
thus those libraries will stay in order.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The 'fputs' has flaw in the implementation. It almost always
returns 'EOF' even if completed successfully.
This happens because we compare 'fwrite' return value which is
"number of members successfully written" (which is 1 in current
implementation) to the total string size:
----------------------------->8-----------------------
int fputs(const char *_MLIBC_RESTRICT string,
FILE *_MLIBC_RESTRICT stream)
{
int len = strlen(string);
int ret;
ret = fwrite(string, len, 1, stream);
return len == ret ? 0 : EOF;
}
----------------------------->8-----------------------
In result 'fputs' return 'EOF' in case of string length bigger
than 1.
There are several fixes possible, and one of the fixes is to
swap number of items (1) with size (string length) when we
are calling 'fwrite'. The only difference will be that
'fwrite' will return actual numbers of bytes written which
can be compared with the string length.
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Most of kernel files where declaring os module without providing
log level. Because of that default log level was used instead of
CONFIG_KERNEL_LOG_LEVEL.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Add support for abs with additional integer types.
This is needed to make LLVM quiet and stop warning about abs being used
with int64_t and such.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
So far data that went to stderr was simply dropped in case of minimal
libc. In case of newlib stderr was treated same like stdout
(e.g. fprintf(stderr, ...) was equivalent to fprintf(stdout, ...).
Extend filter on stream pointer to allow both stdout and stderr to pass
data to stdout hook (which is Zephyr console backend in most cases).
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
All in-tree uses have been replaced by cbprintf, and the API was
private so there should be no out-of-tree users.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The minimal libc provided by Zephyr can use the Zephyr system
implementation rather than have its own implementation.
When combined with CBPRINTF_NANO some sprintf tests must be
skipped as they assume a more capable libc. Add an overlay
that supports testing this non-default combination.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This reverts commit e812ee6c21.
This is the initial step towards replacing the core Zephyr formatting
infrastructure with a common functionally-complete solution.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
abort() is an important runtime function, oftentimes used to signal
abnormal execution conditions in generic applications. Worse, they
may be used under such circumstances in e.g. compiler support
libraries, in which case lack of implementation of this function
will lead to link error.
Fixes: #29541
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The z_libc_partition was only enabled when newlib is being used,
and/or stack canaries are needed. This adds a hidden option
where this partition can be enabled if needed, regardless of
whether newlib is used or stack canaries are needed.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Default buffer mode is setup by fopen depending on isatty value.
Expect only 0, 1 & 2 to be tty for CONFIG_POSIX_API cases.
This way regular files are opened in block buffering mode (instead
of line buffering mode) which really speed up fread/fwrite
operations on FS.
Signed-off-by: Arnaud Mouiche <arnaud.mouiche@invoxia.com>
shell_fprintf requires that formatted output be emitted with a
putchar()-like output function. Newlib does not provide such a
capability. Zephyr provides two solutions: z_prf() which is part of
minimal libc and handles floating point formatting, and z_vprintk()
which is core and does not support floating point.
Move z_prf() out of minimal libc into the core lib area, and use it
unconditionally in the shell.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The fs_open flags has been changed to accept open flags, which requires
changes to open(...) to support the new flags.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit changes signature of open function from:
int open(const char *name, int flags)
to
int open(const char *name, int flags, ...)
Currently existing two argument invocations should not require any
rework.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Suppress the coverity warning on using the semaphore as
this semaphore is used and freed only in this function.
Fixes: #18960
Signed-off-by: David Leach <david.leach@nxp.com>
This whole code block is ifdef'ed around
CONFIG_NEWLIB_LIBC_ALIGNED_HEAP_SIZE being NOT defined,
remove as this can never be true.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We've come a long way since this was written to implement
generic ram bounds definitions and MPU capabilities,
use them here.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Previously, if the arena size was zero, malloc would always fail.
However, the log message was only visible if debug messages were
enabled. Logging an error will hopefully make it more obvious that
CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE should be >= if the minimal
libc and malloc are both used.
Fixes#26720
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
The version as shipped in Newlib itself is coded a bit sloppily for an
embedded environment. We thus want to override it (and make it weak, to
allow user apps to override it in turn, if needed). The desired
properties of the implementation are:
1. It should call _write() (Newlib implementation calls write()).
2. It should be minimal (Newlib implementation allocates message
on the stack, i.e. misses "static const").
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Move defines for _RAM_ADDR, _RAM_SIZE, _ROM_ADDR, and _ROM_ADDR into
the linker.ld and thus remove dts_fixup.h. We rework to use
DT_REG_ADDR and DT_REG_SIZE on DT_CHOSEN(zephyr_sram) and
DT_CHOSEN(zephyr_flash).
Also fixup use of _RAM_ADDR/_RAM_SIZE in newlib/libc-hooks.c.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace DT_PHYS_RAM_ADDR and DT_RAM_SIZE with DT_REG_ADDR/DT_REG_SIZE
for the DT_CHOSEN(zephyr_sram) node.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
With the change in SDK 0.11.1 to newlib to remove
-DMISSING_SYSCALL_NAMES we now need to implement a version of
_gettimeofday. Previously with pre SDK 0.11.1 we had a recursive mess
of _gettimeofday_r -> gettimeofday -> _gettimeofday_r. (which are all
implemented in newlib and thus we didn't get a link error).
With SDK 0.11.1 we have: _gettimeofday_r -> _gettimeofday. And we
should provide a version of _gettimeofday.
Fixes#22484
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
On xtensa we always need to implement the reentrant fs syscall
functions. So remove the #ifndef CONFIG_POSIX_API protection around
them and add needed externs.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The xcc specific reentrant syscall implementations are actually useful
for xtensa in general. So move that code from being specific to
intel_s1000 / xcc into generic newlib/libc-hooks.c. This is in prep
for the Zephyr SDK dropping -DMISSING_SYSCALL_NAMES which will make
its version of newlib on xtensa match behavior with xcc.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Introduce HAS_NEWLIB_LIBC_NANO Kconfig option that the toolchain
specific Kconfig (gnuarmemb & zephyr 0.11) can select to convey that the
feature is supported.
This removes the need to if protect the NEWLIB_LIBC_NANO Kconfig with:
if "$(ZEPHYR_TOOLCHAIN_VARIANT)" = "gnuarmemb"
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Severely memory constrained systems with known allocation patterns can
benefit from providing their own implementation of malloc with
specifically tuned bucket sizes. Provide a switch to allow users to
replace the default malloc implementation with their own.
Signed-off-by: Josh Gao <josh@jmgao.dev>
This commit refactors kernel and arch headers to establish a boundary
between private and public interface headers.
The refactoring strategy used in this commit is detailed in the issue
This commit introduces the following major changes:
1. Establish a clear boundary between private and public headers by
removing "kernel/include" and "arch/*/include" from the global
include paths. Ideally, only kernel/ and arch/*/ source files should
reference the headers in these directories. If these headers must be
used by a component, these include paths shall be manually added to
the CMakeLists.txt file of the component. This is intended to
discourage applications from including private kernel and arch
headers either knowingly and unknowingly.
- kernel/include/ (PRIVATE)
This directory contains the private headers that provide private
kernel definitions which should not be visible outside the kernel
and arch source code. All public kernel definitions must be added
to an appropriate header located under include/.
- arch/*/include/ (PRIVATE)
This directory contains the private headers that provide private
architecture-specific definitions which should not be visible
outside the arch and kernel source code. All public architecture-
specific definitions must be added to an appropriate header located
under include/arch/*/.
- include/ AND include/sys/ (PUBLIC)
This directory contains the public headers that provide public
kernel definitions which can be referenced by both kernel and
application code.
- include/arch/*/ (PUBLIC)
This directory contains the public headers that provide public
architecture-specific definitions which can be referenced by both
kernel and application code.
2. Split arch_interface.h into "kernel-to-arch interface" and "public
arch interface" divisions.
- kernel/include/kernel_arch_interface.h
* provides private "kernel-to-arch interface" definition.
* includes arch/*/include/kernel_arch_func.h to ensure that the
interface function implementations are always available.
* includes sys/arch_interface.h so that public arch interface
definitions are automatically included when including this file.
- arch/*/include/kernel_arch_func.h
* provides architecture-specific "kernel-to-arch interface"
implementation.
* only the functions that will be used in kernel and arch source
files are defined here.
- include/sys/arch_interface.h
* provides "public arch interface" definition.
* includes include/arch/arch_inlines.h to ensure that the
architecture-specific public inline interface function
implementations are always available.
- include/arch/arch_inlines.h
* includes architecture-specific arch_inlines.h in
include/arch/*/arch_inline.h.
- include/arch/*/arch_inline.h
* provides architecture-specific "public arch interface" inline
function implementation.
* supersedes include/sys/arch_inline.h.
3. Refactor kernel and the existing architecture implementations.
- Remove circular dependency of kernel and arch headers. The
following general rules should be observed:
* Never include any private headers from public headers
* Never include kernel_internal.h in kernel_arch_data.h
* Always include kernel_arch_data.h from kernel_arch_func.h
* Never include kernel.h from kernel_struct.h either directly or
indirectly. Only add the kernel structures that must be referenced
from public arch headers in this file.
- Relocate syscall_handler.h to include/ so it can be used in the
public code. This is necessary because many user-mode public codes
reference the functions defined in this header.
- Relocate kernel_arch_thread.h to include/arch/*/thread.h. This is
necessary to provide architecture-specific thread definition for
'struct k_thread' in kernel.h.
- Remove any private header dependencies from public headers using
the following methods:
* If dependency is not required, simply omit
* If dependency is required,
- Relocate a portion of the required dependencies from the
private header to an appropriate public header OR
- Relocate the required private header to make it public.
This commit supersedes #20047, addresses #19666, and fixes#3056.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This prevents MINIMAL_LIBC from being selected by the user (in the
menuconfig or in a configuration file) when REQUIRES_FULL_LIBC is y.
'default' on a choice only determines the default selection, not what
symbols can be selected.
It's helpful to think of Kconfig in terms of someone going into the
menuconfig and making changes.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
There are two set of code supporting x86_64: x86_64 using x32 ABI,
and x86 long mode, and this consolidates both into one x86_64
architecture and SoC supporting truly 64-bit mode.
() Removes the x86_64:x32 architecture and SoC, and replaces
them with the existing x86 long mode arch and SoC.
() Replace qemu_x86_64 with qemu_x86_long as qemu_x86_64.
() Updates samples and tests to remove reference to
qemu_x86_long.
() Renames CONFIG_X86_LONGMODE to CONFIG_X86_64.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
The realloc function was a bit too intimate with the mempool accounting.
Abstract that knowledge away and move it where it belongs.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Newlib has it defined in sys/timespec.h, and thus per the established
conventions, everything else relies on it being there. Specifically,
minimal libc acquires sys/timespec.h with a similar definition, and
POSIX headers rely on that header. Still with a workaround for old
Newlib version as used by Xtensa (but all infrastructure for that is
already there; actually, this patch removes duplicate similar-infra,
which apparently didn't work as expected by now, so now we have a
single workaround, not 2 different once).
To emphasize a point, now there 2 headers:
sys/_timespec.h, defining struct timespec, and
sys/timespec.h, defining struct itimerspec
That's how Newlib has it, and what we faithfully embrace and follow,
because otherwise, there will be header conflicts depending on
various libc and POSIX subsys options.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
static_assert was not added to C until C11. Zephyr builds default to
C99. To preserve compatibility with newlib avoid defining the
macro at standard levels where it did not exist.
Relates to #17738 and #11754.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
These calls are buildable on common sanitycheck platforms, but are not
invoked at runtime in any tests accessible to CI. The changes are
mostly mechanical, so the risk is low, but this commit is separated
from the main API change to allow for more careful review.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
The ARM embedded toolchain has 2 newlib based libc build variants, one
that utilizes the "nano" configuration which is more in line with the
Zephyr SDK. Make the "nano" cfg the default if newlib is enabled to
match closer how the Zephyr SDK behaves.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The solution from #14312 of using -isystem to prioritize the position of
the libc directory bypasses the effect of -ffreestanding with respect to
libc symbols expected to be present in a non-hosted environment.
Further, it breaks C++ with the ARM Embedded toolchain as the system
fails to find the right file with #include_next.
Use a more fine-grained solution that explicitly includes the underlying
newlib header required for <inttypes.h> support before moving on to
include the next available one, whether system or non-system.
Closes#17564
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Follow the approach of newlib to use a file sys/_types.h to specify the
underlying type for POSIX/libc types that must be provided in multiple
headers. The identifier for this type is in the reserved namespace.
Use this type rather than a specific standard type in all headers that
need to provide the type under its public name.
Remove the inclusion of <sys/types.h> from headers that should not bring
in all symbols present in that header, replacing it with the standard
boilerplate to expose the specific symbols that are required.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
time_t and suseconds_t are defined in time.h and sys/types.h. Handle
the duplication by adding ifdef protection around them similar to what
is being done for other types.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is consistent with how newlib headers are treated, and will
have effect of ninlibc headers to be further down in the include
order. This is important, because some POSIX subsys headers
override those of libc. Without this change, we can't streamline
POSIX build config using zephyr_interface_library_named() cmake
directive, because includes will be in wrong order.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With the upcoming riscv64 support, it is best to use "riscv" as the
subdirectory name and common symbols as riscv32 and riscv64 support
code is almost identical. Then later decide whether 32-bit or 64-bit
compilation is wanted.
Redirects for the web documentation are also included.
Then zephyrbot complained about this:
"
New files added that are not covered in CODEOWNERS:
dts/riscv/microsemi-miv.dtsi
dts/riscv/riscv32-fe310.dtsi
Please add one or more entries in the CODEOWNERS file to cover
those files
"
So I assigned them to those who created them. Feel free to readjust
as necessary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
These functions are useful for determining prefixes, as with file system
paths. They are required by littlefs.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
struct tm has fields that were not being set by the implementation,
causing the test to fail when the uninitialized values were compared
with a static initialized result. Zero the structure before filling it.
Closes#17794
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
By the latest convention, libc's define struct timespec in
sys/_timespec.h. This is consistent with Newlib and ensures
about errors due to redefinitions.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Per POSIX, open() is defined in <fcntl.h>. fcntl.h in turn comes from
the underlying libc, either newlib, or minimal libc.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
That's the header which is supposed to define them, there was even
FIXME on that in mqueue.h.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
POSIX subsys defines struct timespec in <time.h> (as POSIX public
API requires), but newlib defines in in sys/_timespec.h, which
inevitably leads to inclusion order and redifinition conflicts.
Follow newlib way and define it in single place, sys/_timespec.h,
which belongs to libc namespace. Thus, we move current definition
to minimal libc, and will use either minlibc's or newlib's
definition, instead of trying to redefine it.
This is similar to the introduction of sys/_timeval.h done earlier.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Newlib libc already provides sys/stat.h, so trying to have sys/stat.h
on the level of POSIX subsys inevitable leads to include order and
definition conflicts. Instead (as most of other sys/* includes)
should come from the underlying libc.
While moving, made unrelated change of removing #include <kernel.h>,
to accommodate the change reviewers.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implement the conversion from UNIX time to broken-down civil time per
the gmtime() and gmtime_r() functions.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Provide definitions for a subset of the standard time types that must be
provided by this file, in anticipation of supporting civil time in
Zephyr.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
The mempool allocator implementation recursively breaks a memory block
into 4 sub-blocks until it minimally fits the requested memory size.
The size of each sub-blocks is rounded up to the next word boundary to
preserve word alignment on the returned memory, and this is a problem.
Let's consider max_sz = 2072 and n_max = 1. That's our level 0.
At level 1, we get one level-0 block split in 4 sub-blocks whose size
is WB_UP(2072 / 4) = 520. However 4 * 520 = 2080 so we must discard the
4th sub-block since it doesn't fit inside our 2072-byte parent block.
We're down to 3 * 520 = 1560 bytes of usable memory.
Our memory usage efficiency is now 1560 / 2072 = 75%.
At level 2, we get 3 level-1 blocks, and each of them may be split
in 4 sub-blocks whose size is WB_UP(520 / 4) = 132. But 4 * 132 = 528
so the 4th sub-block has to be discarded again.
We're down to 9 * 132 = 1188 bytes of usable memory.
Our memory usage efficiency is now 1188 / 2072 = 57%.
At level 3, we get 9 level-2 blocks, each split into WB_UP(132 / 4)
= 36 bytes. Again 4 * 36 = 144 so the 4th sub-block is discarded.
We're down to 27 * 36 = 972 bytes of usable memory.
Our memory usage efficiency is now 972 / 2072 = 47%.
What should be done instead, is to round _down_ sub-block sizes
not _up_. This way, sub-blocks still align to word boundaries, and
they always fit within their parent block as the total size may
no longer exceed the initial size.
Using the same max_sz = 2072 would yield a memory usage efficiency of
99% at level 3, so let's demo a worst case 2044 instead.
Level 1: 4 sub-blocks of WB_DN(2044 / 4) = 508 bytes.
We're down to 4 * 508 = 2032 bytes of usable memory.
Our memory usage efficiency is now 2032 / 2044 = 99%.
Level 2: 4 * 4 sub-blocks of WB_DN(508 / 4) = 124 bytes.
We're down to 16 * 124 = 1984 bytes of usable memory.
Our memory usage efficiency is now 1984 / 2044 = 97%.
Level 3: 16 * 4 sub-blocks of WB_DN(124 / 4) = 28 bytes.
We're down to 64 * 28 = 1792 bytes of usable memory.
Our memory usage efficiency is now 1792 / 2044 = 88%.
Conclusion: if max_sz is a power of 2 then we get 100% efficiency at
all levens in both cases. But if not, then the rounding-up method has
a far worse degradation curve than the rounding-down method, wasting
more than 50% of memory in some cases.
So let's round sub-block sizes down rather than up, and remove
block_fits() which purpose was to identify sub-blocks that didn't
fit within their parent block and is now useless.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Since commit 39cd2ebef7 ("malloc: make sure returned memory is
properly aligned") the size of struct sys_mem_pool_block size is
rounded up to the next word boundary.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The space or plus prefix must appear when requested even with INF and
NAN. And no zero-padding in that case.
Also, 0.0 and -0.0 are distinct values. It is necessary to display
the minus sign with a negative zero.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The precision parameter to the %g conversion indicates the maximum
number of significant digits and not the number of digits to appear
after the radix character. Here's a few examples this patch fixes:
expected before
----------------------------------------------------------
printf("%.3g", 150.12) 150 150.12
printf("%.2g", 150.1) 1.5e+02 150.1
printf("%#.3g", 150.) 150. 150.000
printf("%#.2g", 15e-5) 0.00015 0.00
printf("%#.4g", 1505e-7) 0.0001505 0.0002
printf("%#.4g", 1505e-8) 1.505e-05 1.5050e-05
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The code accounts only for 2 exponent digits even though the exponent
may grow up to 308. Before this change, printf("%g", 1e300) would
produce "1e+N0".
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The on-stack work buffer occupies 201 bytes by default. Now that we've
made the code able to cope with virtually unlimited width and precision
values, we can reduce stack usage to its strict minimum i.e. 25 bytes.
This allows for some additional sprintf tests exercizing wide results.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Even if the code used to limit the precision to the on-stack buffer
size, it was still possible to do:
printf("%f", 1.0e300);
which would overflow the stack and crash the program. Let fix this issue
and remove the precision limitation by recording the number of zeroes to
insert while converting the value and generating those zeroes only
when outputting the data.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Zero-padding of integers took place in the on-stack buffer before
justification. Let's perform that padding on the fly while sending
out data instead.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
The z_prf() function currently allocates a 200-byte buffer on the
stack to copy strings into, and then perform left/right alignment
and padding. Not only this is a pretty large chunk of stack usage,
but this imposes limitations on field width and string length. Also
the string is copied not only once but _thrice_ making this code
less than optimal.
Let's rework the code to get rid of both the field width limit and
string length limit, as well as the two extra memory copy instances.
While at it, let's fixes printf("%08s", "abcd") which used to
produce "0000abcd".
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Mimic the glibc behavior when encountering an unknown conversion
specifier rather than silently skipping it.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This makes for nicer code by avoiding repetitions of the same pattern.
Changes to come will make more use of it.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Some cleanups before further changes:
- Remove dead leftover from the "case 's'" code.
- Remove needless parents and casts.
- Remove "register" qualifier as it is ignored. The compiler knows
better these days.
- Adjust tabs assuming standard 8-columns tab spacing.
- Make multi-line comments start with "/*" on a line of its own.
- Make the format string const to match prototypes in other files.
- Declare boolean variable and parameters as bool.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This reverts commit 2a63e342f4.
This needs to be reverted as otherwise the type of ssize_t will be
"unsigned long" which is not correct.
(gdb) ptype ssize_t
type = unsigned long
For example this check would fail in that case
ssize_t foo(void)
{
return -1;
}
...
if (foo() < 0) {
printk("This is never called\n");
}
Fixes#17378
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Compilers (at least gcc and clang) already provide max value definitions
for basic types. It makes sense to rely on them to properly support
both 32-bit and 64-bit builds.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Minimum alignment and rounding must be done on a word boundary. Let's
replace _ALIGN4() with WB_UP() which is equivalent on 32-bit targets,
and 64-bit aware.
Also enforce a minimal alignment on the memory pool. This is making
a difference mostly on64-bit targets where the widely used 4-byte
alignment is not sufficient.
The _ALIGN4() macro has no users left so it is removed.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/mempool.h to sys/mempool.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/math_extras.h to sys/math_extras.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/libc-hooks.h to sys/libc-hooks.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/errno_private.h to sys/errno_private.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This adds the necessary bits to utilize the x86_64 toolchain
built by sdk-ng for x86_64 when toolchain variant is either
zephyr or xtools. This allows decoupling the builds from
the host toolchain.
Newlib is also available with this toolchain so remove
the Kconfig restriction on CONFIG_NEWLIB_LIBC.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
types.h was wrongly defining unsigned as signed and following
undefining it. This definition was not being used anywhere though.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In ARM builds with support for user mode, i.e. with
CONFIG_USERSPACE=y, we need to align the beginning
of the heap space, to respect the ARM MPU region
alignment requirements.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
USED_RAM_END_ADDR is not used when Kconfig option
CONFIG_NEWLIB_LIBC_ALIGNED_HEAP_SIZE is defined,
therefore, we do not need to define the macro in
that specific case.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Compilers (at least gcc and clang) already provide definitions to
create standard types and their range. For example, __INT16_TYPE__ is
normally defined as a short to be used with the int16_t typedef, and
__INT16_MAX__ is defined as 32767. So it makes sense to rely on them
rather than hardcoding our own, especially for the fast types where
the compiler itself knows what basic type is best.
Using compiler provided definitions makes even more sense when dealing
with 64-bit targets where some types such as intptr_t and size_t must
have a different size and range. Those definitions are then adjusted
by the compiler directly.
However there are two cases for which we should override those
definitions:
* The __INT32_TYPE__ definition on 32-bit targets vary between an int
and a long int depending on the architecture and configuration.
Notably, all compilers shipped with the Zephyr SDK, except for the
i586-zephyr-elfiamcu variant, define __INT32_TYPE__ to a long int.
Whereas, all Linux configurations for gcc, both 32-bit and 64-bit,
always define __INT32_TYPE__ as an int. Having variability here is
not welcome as pointers to a long int and to an int are not deemed
compatible by the compiler, and printing an int32_t defined with a
long using %d makes the compiler to complain, even if they're the
same size on 32-bit targets. Given that an int is always 32 bits
on all targets we might care about, and given that Zephyr hardcoded
int32_t to an int before, then we just redefine __INT32_TYPE__ and
derrivatives to an int to keep the peace in the code.
* The confusion also exists with __INTPTR_TYPE__. Looking again at the
Zephyr SDK, it is defined as an int, even even when __INT32_TYPE__ is
initially a long int. One notable exception is i586-zephyr-elf where
__INTPTR_TYPE__ is a long int even when using -m32. On 64-bit targets
this is always a long int. So let's redefine __INTPTR_TYPE__ to always
be a long int on Zephyr which simplifies the code, works for both
32-bit and 64-bit targets, and mimics what the Linux kernel does.
Only a few print format strings needed adjustment.
In those two cases, there is a safeguard to ensure the type we're
enforcing has the right size and fail the build otherwise.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This allows for printing long long values. Because the code size
increase may be significant, this is made optional on 32-bit targets.
On 64-bit targets this doesn't change the code much as longs and
long longs are the same size so it is always enabled in that case.
The test on MAXFLD has to be adjusted accordingly. Yet, its minimum
value wasn't large enough to store a full-scale octal value, so this
is fixed as well.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
On 64-bit systems the most notable difference is due to longs and
pointers being 64-bit wide. Therefore there must be a distinction
between ints and longs.
This patch:
- Make support functions take a long rather than an int as this can
carry both longs and ints just fine.
- Use unsigned values in _to_x() to cover the full unsigned range
and avoid sign-extending big values. Negative values are already
converted to unsigned after printing the minus sign. This also makes
division and modulus operations slightly faster.
- Remove excessive casts around va_arg() and use proper types with it.
- Implement the l and z length modifiers as they're significant on
64-bit targets. While at it, throw in the z modifier as well.
Since they all come down to 32-bit values on 32-bit targets, the
added code should get optimized away as duplicate by the compiler
in that case.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Casting a pointer to an int produces warnings with 64-bit targets.
Furthermore, an int is not always the optimal memory element that
can be copied in that case.
Let's use uintptr_t to cast pointers to integers for alignment
determination purposes, and mem_word_t to denote the optimal memory
"word" that can be copied on the platform.
The mem_word_t definition is equivalent to uintptr_t by default.
However, some 32-bit targets such as ARM platforms with the LDRD/STRD
instructions could benefit from word_t being an uint64_t.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Per guidelines, all statements should have braces around them. We do not
have a CI check for this, so a few went in unnoticed.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add an option for building with newlib-nano library.
The newlib-nano library for ARM embedded processors is a part of the
GNU Tools for ARM Embedded Processors.
Add mem_alloc tests with newlib nano.
Signed-off-by: Benoit Leforestier <benoit.leforestier@gmail.com>
Use the new math_extras functions instead of calling builtins directly.
Change a few local variables to size_t after checking that all uses of
the variable actually expects a size_t.
Signed-off-by: Jakob Olesen <jolesen@fb.com>
This is implementation-level header which defines struct timeval, and
intended to be included by headers which need this structure. This
implementation scheme is compatible with Newlib, and thus provides a
step to use minlibc vs Newlib interchangeably.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Depending on configuration, this value could end up as
a variable and not an array symbol, causing a crash if
newlib decides to call _sbrk on behalf of a user thread,
which needs to perform arithmetic on it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Excerpt from the manual:
If ptr is NULL, then the call is equivalent to malloc(size) [...]
Without this commit, such calls end with a BUS FAULT.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Rename reserved function names in the subsys/ subdirectory except
for static _mod_pub_set and _mod_unbind functions in bluetooth mesh
cfg_srv.c which clash with the similarly named global functions.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Permission management no longer necessary, the former
parameter for the mutex is now simply ignored.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When we build with newlib we don't set -nostdinc. In that case make
sure that we leave it to the toolchain to set the system include paths.
The one exception to leaving to the toolchain to set the system include
paths is the path to the newlib headers. Since we build
with -ffreestanding we need to make sure the newlib header path is the
before the toolchain headers. Otherwise the toolchain's 'freestanding'
headers get picked up and that causes issues (for example getting PRI*64
defined properly from inttypes.h due to __STDC_HOSTED__ being '0').
For newlib we accomplish this by having the only system header specified
by zephyr_system_include_directories() being just the newlib headers.
Note: for minlibc we leave things alone as things just happen to work as
the -I include of the libc headers takes precedence over -isystem so we
get the libc headers over the toolchain ones. For the newlib case it
appears that setting both -I and -isystem for the same dir causes the
-I to be ignored.
Fixes#14310
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For some reason we missed _zephyr_fputc in commit
4344e27c26. Rename _zephyr_fputc to just
zephyr_fputc and fixup associated code to build.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Commit 4344e27c26 changed the reserved
function names, but got the naming wrong for fwrite. Just use the
name zephyr_fwrite everywhere.
Fixes#14275
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
We used to leave byte-long placeholder symbols to ensure
that empty application memory sections did not cause
build errors that were very difficult to understand.
Now we use some relatively portable inline assembly to
generate a symbol, but don't take up any extra space.
The malloc and libc partitions are now only instantiated
if there is some data to put in them.
Fixes: #13923
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
MISRA-C says that char type should not be used in arithmetically as the
data doesn't represent numbers.
MISRA-C rules 10.1 and 10.2
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In case newlib is enabled, but POSIX subsys isn't, there're adhoc
implementations of read() and write() which work only with adhoc
stdin/stdout emulation layer. These are backed by system calls named
like "read" and "write". Rename all these functions and syscalls to
explicitly mention stdin/stdout in the names, to free namespace
for the implementation of generic read/write syscalls which will
integrate with POSIX fdtable.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The intent of this Kconfig is to allow libc stdout
functions like printf() to send their output to the
active console driver instead of discarding it.
This somehow evolved into preferring to use
printf() instead of printk() for all test case output
if enabled. Libc printf() implementation for both
minimal libc and newlib use considerably more stack
space than printk(), with nothing gained by using
them.
Remove all instances where we are conditionally
sending test case output based on this config, enable
it by default, and adjust a few tests that disabled
this because they were blowing stack.
printk() and vprintk() now work as expected for
unit_testing targets, they are just wrappers for
host printf().
Fixes: #13701
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Also, for now x86_64 does not support newlib, so do not enable newlib
for this arch until we have a solution.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
With newer newlib we get a build error with mqueue.h realted to mode_t.
Let's just let newlib define mode_t and have minimal libc also define
it in sys/types.h. So we remove the duplicated definition in
posix/unistd.h.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This is an integral part of userspace and cannot be used
on its own. Fold into the main userspace configuration.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We need a generic name for the partition containing
essential C library globals. We're going to need to
add the stack canary guard to this area so user mode
can read it.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This was never a long-term solution, more of a gross hack
to get test cases working until we could figure out a good
end-to-end solution for memory domains that generated
appropriate linker sections. Now that we have this with
the app shared memory feature, and have converted all tests
to remove it, delete this feature.
To date all userspace APIs have been tagged as 'experimental'
which sidesteps deprecation policies.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* Newlib now defines a special z_newlib_partition containing
all globals relevant to newlib. Most of these are in libc.a
with a heap tracking variable in newlib's hooks.
* Both C libraries now expose a k_mem_partition containing the
bounds of the malloc heap arena. Threads that want to use
libc malloc() will need to add this to their memory domain.
* z_newlib_get_heap_bounds has been removed, in favor of the
memory partition for the heap arena
* ztest now includes the C library partitions in its memory
domain.
* The mem_alloc test now runs in user mode to prove that this
all works for both C libraries.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This patch adds a x86_64 architecture and qemu_x86_64 board to Zephyr.
Only the basic architecture support needed to run 64 bit code is
added; no drivers are added, though a low-level console exists and is
wired to printk().
The support is built on top of a "X86 underkernel" layer, which can be
built in isolation as a unit test on a Linux host.
Limitations:
+ Right now the SDK lacks an x86_64 toolchain. The build will fall
back to a host toolchain if it finds no cross compiler defined,
which is tested to work on gcc 8.2.1 right now.
+ No x87/SSE/AVX usage is allowed. This is a stronger limitation than
other architectures where the instructions work from one thread even
if the context switch code doesn't support it. We are passing
-no-sse to prevent gcc from automatically generating SSE
instructions for non-floating-point purposes, which has the side
effect of changing the ABI. Future work to handle the FPU registers
will need to be combined with an "application" ABI distinct from the
kernel one (or just to require USERSPACE).
+ Paging is enabled (it has to be in long mode), but is a 1:1 mapping
of all memory. No MMU/USERSPACE support yet.
+ We are building with -mno-red-zone for stack size reasons, but this
is a valuable optimization. Enabling it requires automatic stack
switching, which requires a TSS, which means it has to happen after
MMU support.
+ The OS runs in 64 bit mode, but for compatibility reasons is
compiled to the 32 bit "X32" ABI. So while the full 64 bit
registers and instruction set are available, C pointers are 32 bits
long and Zephyr is constrained to run in the bottom 4G of memory.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
Following the standard GCC RISC-V convetion use __riscv for the RISC-V
specific define:
41d6b10e96/gcc/config/riscv/riscv-c.c (L37)
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
ioctl() just dispatches to the corresponding vmethod of an fd.
fcntl() handles fdtable-level operations (so far doesn't handle
actually, returning "not implemented" error), and forwards
fd-specific operations to ioctl vmethod just the same (i.e.
ioctl and fcntl operations share the same namespace, but otherwise
disjoint).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
read/write/etc. are defined in case CONFIG_POSIX_API is defined, and
we shouldn't provide duplicates.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This reverts commit 25fb2302f1.
The bluetooth l2cap code was using these errno values but changed to
using more standard EPERM instead, so lets remove the defines since
nothing uses them.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
write() function is not supposed to change buffer passed to it, so
propagate const pointer param to all write-like functions used/defined
in this file.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Some third-party components include this file without really needing
any symbols from it. Presence of this file allows to build them
against minimal libc, whereas previously they forced Newlib.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Placing it at sys/fcntl.h was due to mimicking internal newlib's
layout, but what we need is this file at the standard location,
for reuse.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Under GNU C, sizeof(void) = 1. This commit merely makes it explicit u8.
Pointer arithmetics over void types is:
* A GNU C extension
* Not supported by Clang
* Illegal across all ISO C standards
See also: https://gcc.gnu.org/onlinedocs/gcc/Pointer-Arith.html
Signed-off-by: Mark Ruvald Pedersen <mped@oticon.com>
Make if statement using pointers explicitly check whether the value is
NULL or not.
The C standard does not say that the null pointer is the same as the
pointer to memory address 0 and because of this is a good practice
always compare with the macro NULL.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Contains defines enough to compile BSD Sockets subsystem. Values are
compatible with Newlib.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Several code guidelines recommend using uppercase L instead of letter
l (ell) because it can easily be confused with the digit 1 (one).
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Consistently use
config FOO
bool/int/hex/string "Prompt text"
instead of
config FOO
bool/int/hex/string
prompt "Prompt text"
(...and a bunch of other variations that e.g. swapped the order of the
type and the 'prompt', or put other properties between them).
The shorthand is fully equivalent to using 'prompt'. It saves lines and
avoids tricking people into thinking there is some semantic difference.
Most of the grunt work was done by a modified version of
https://unix.stackexchange.com/questions/26284/how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some
of the rarer variations had to be converted manually.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The read/write implementations call directly into the console drivers
using the hook mechanism, causing faults if invoked from user mode.
Add system calls for read() and write() such that we do a privilege
elevation first.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The stdout console implementations for minimal libc call directly into
the various console drivers (depending on what specifc hooks are
registered) causing faults when invoked from user mode. This happens,
for example, when using printf() which eventually ends up calling
fputc().
The proper solution is to ensure privileges have been elevated before
the _stdout_hook is called. This was already done for printk().
puts() and fputs() have now been re-defined in terms of the
fputc() and fwrite() functions, which are now system calls.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The errno "variable" is required to be thread-specific.
It gets defined to a macro which dereferences a pointer
returned by a kernel function.
In user mode, we cannot simply read/write the thread struct.
We do not have thread-local storage mechanism, so for now
use the lowest address of the thread stack to store this
value, since this is guaranteed to be read/writable by
a user thread.
The downside of this approach is potential stack corruption
if the stack pointer goes down this far but does not exceed
the location, since a fault won't be generated in this case.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We utilize defines like -ESHUTDOWN in the network stack. To support
this errno value with newlib we need to enable
__LINUX_ERRNO_EXTENSIONS__.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For some reason %F wasn't supported initially. Its simple enough to
handle the case difference in infinity and NaN handling to add support
for %F.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The C standard says that %f should use '[-]inf' or '[-]infinity' (which
style is implementation defined) for infinity handling and '[-]nan' for
NaN.
We where adding a '+' and had the wrong case for 'inf' and 'nan'.
Before -> After
+INF -> inf
-INF -> -inf
NaN -> nan
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
For %{e,E,g,G} conversion specifiers the C standard says the exponent
contains at least two digits, and only as many digits are necessary. So
instead of 1.234000e-001 we should have 1.234000e-01.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Also simplify the default on STDOUT_CONSOLE. Defaults can be arbitrary
expressions, not just fixed values.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The charmap table used by strncasecmp() not only used precious 256
bytes of ROM, it also had wrong mappings outside the ASCII range
(123..218).
Rewrite strncasecmp() to call tolower() instead; might be a tiny wee
little bit slower than the current version, but it's not used in any
performance-sensitive parts of the code to justify the waste.
This reduces the ROM footprint for the ws_echo_server sample by ~224
bytes.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
lib/libc/minimal/source/CMakeLists.txt and
lib/libc/minimal/source/stdout/CMakeLists.txt was introduced in
12f8f7616 but it is not used by the build system. CMakeLists.txt in
the parent dir lib/libc/minimal/CMakeLists.txt adds C files to the
target with the lines like:
${CMAKE_CURRENT_SOURCE_DIR}/source/stdlib/atoi.c
${CMAKE_CURRENT_SOURCE_DIR}/source/stdlib/strtol.c
To make other empty CMakeLists.txt explicit, this commit adds a
comment line to them.
Signed-off-by: Yasushi SHOJI <y-shoji@ispace-inc.com>
The minimal libc source files have been added to 'app'. The Zephyr
build system should not be adding source files to the 'app' library
unless necessary.
This patch creates a new Zephyr CMake Library in lib/libc/minimal and
adds the sources to it.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
When we introduced NEWLIB_LIBC_ALIGNED_HEAP_SIZE in commit
42a2c96422. We accidently had the Kconfig
symbol depend on CONFIG_MPU_REQUIRES_POWER_OF_TWO_ALIGNMENT the leading
'CONFIG_' shouldn't exist.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This constant should be defined in limits.h. Define it in limits.h in
the minimal libc, and use the definition found in newlib's includes.
Values in newlib includes range from 1024 to 4096.
The rationale is that all code should use the same value; having
buffers specified with different sizes will lead to interoperability
and out of bounds array writes.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Add IEEE 1003.1 Posix Style file system API support.
These API's will internally use corresponding Zephyr
File System API's.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
The implementation of fwrite() in the minimal libc does not increment
the source pointer, and thus always print the same character.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
MPU devices that enforce power-of-two alignment now
specify the size of the buffer used for the newlib heap.
This buffer will be properly aligned and a pointer
exposed in a kernel header, such that it can be added
to a user thread's memory domain configuration if
necessary.
MPU devices that don't have these restrictions allocate
the heap as normal.
In all cases, if an MPU/MMU region needs to be programmed,
the z_newlib_get_heap_bounds() API will return the necessary
information.
Given how precious MPU regions are, no automatic programming
of the MPU is done; applications will need to do this as
needed in their memory domain configurations.
On x86, the x86 MMU-specific code has been moved to arch/x86
using the new z_newlib_get_heap_bounds() API.
Fixes: #6814
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Newlib uses any RAM between _end and the bounds of physical
RAM for the _sbrk() heap. Set up a user-writable region
so that this works properly on x86.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Calling POSIX exit() function in Zephyr w/newlib leads to printing
"exit" to stdout followed by infinite loop. That message was
printed without a newline though, leading to confusing artifacts
in the console output.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
