Compilers predefine system-specific macros which carry information about
compiler, target architecture and operating system. It provides basic
compiler-dependent information like size of types, their maximal and
minimal values, etc. It allows to write common libc headers for multiple
architectures and operating systems.
These macros allow code to always determine what is the target operating
system. This is a problem when compiling code of modules that supports
multiple operating systems (e.g. cryptography libraries).
To avoid confusion we shouldn't leak host operating system macros (e.g.
__linux__, __linux, linux, etc.) when compiling for native_sim board.
Unfortunately, there is no single universal switch that disables all
operating system macros:
- '-undef' removes also architecture-related macros
- '--target' is only available for Clang compiler
This patch uses '-include' option to include file that undefines all
well-known operating system macros.
Run 'gcc -dM -E - < /dev/null | sort' to get full list of predefined
macros.
Signed-off-by: Patryk Duda <patrykd@google.com>
Replace the global CSTD property with the CSTD kconfig option to select
at least C11 standard.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Only request the linker to link ASAN in the final stage, not
during the partial linking stage.
This fixes a link issue when building with llvm.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
If the CONFIG_ASAN_RECOVER option is set, also pass
-fsanitize-recover=all to the build of the native simulator
built files.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Some old references to native_posix are better
refering to the native targets in general,
or being clarified as only applying to the old
native_posix like targets.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
POSIX has a custom implementation for thread abort
(z_impl_k_thread_abort) which lacks the tracing function
calls as in the generic version. So add them.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Let's fix the error messages:
* native_posix is in general replaced with native_sim
* let's use hwmv2 names
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Replace uses of native_[posix,sim]_64 in the documentation
and kconfig help messages with native_[posix,sim]/native/64
to match the hwmv2 naming.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
When COMPILER_WARNINGS_AS_ERRORS is set, let's also have the
native simulator runner (and anything Zephyr requests built with it)
be built with the same option to treat warnings as errors.
Otherwise we will miss those by default in CI.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Do not define these macros globally, but instead
define them only for this library and when needed.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This constant is supposed to be defined as a long instead of an int,
presumably to support systems where int isn't large enough.
Signed-off-by: Keith Packard <keithp@keithp.com>
Initial implementation of `sched_getparam()` and `sched_getscheduler()`
POSIX APIs as a part of PSE53 `_POSIX_PRIORITY_SCHEDULING` option group.
Both functions are actually placeholders and just return `ENOSYS`
since Zephyr does not yet support processes or process scheduling.
Signed-off-by: Dmitrii Golovanov <dmitrii.golovanov@intel.com>
Some libraries (like Openthread's spinel code) define their
API as externally linkable. This will make those symbols
remain as externally linkable by default after the
Zephyr build has produced the native simulator library
(MCU code).
When building an AMP native_simulator executable with
several MCUs each including these, the linker will see
those symbols as still linkable and duplicated, and
throw an error.
So let's give the option for users/developers of those
libraries to define extra symbols they want
to localize before assembling the final executable.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Annotate posix_exit() and nsi_exit() as noreturn
mainly to ease the life of static analysis tools.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Add a property to the native_simulator target, to collect
the libraries we want to link with the runner, instead of
abusing the link options to pass them.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
To allow reusing the path between boards,
instead of defining it in the board, let's define it in
the arch cmake file.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
When building the 32bit native board targets variants
for x86(-64) hosts, gcc will promote float literals to double
(See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92875 )
This can result in unexpected comparison differences.
This is due to the compiler using the 8087 float mode by
default.
Instead let's tell the compiler to use the SSE float path,
which is the default for 64 bit x86-64 builds.
The assumption that any x86 host used for development
will have SSE support should be safe enough.
For more background see
https://github.com/zephyrproject-rtos/zephyr/issues/61345
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
In some very rare cases (< 1/1000 runs), in very loaded machines,
a race in the glibc pthread_cancel() seems to be triggered.
In this the cancelled thread cleanup overtakes the pthread_cancel()
code, and frees the pthread structure before pthread_cancel()
has finished, resulting in a dereference into already
free'd memory, and therefore a segfault.
Calling pthread_cancel() during cleanup is not required beyond
preventing a valgrind memory leak report (all threads will be
stopped immediately on exit).
Therefore we stop doing this, to avoid this very rare crashes.
This issue was reproduced in Ubuntu 22.04, with its default
gcc 11.3.0 and glibc 2.35.
The issue may also have been seen very rarely in Zephyr's CI.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Clarify why we use target_link_options() instead of
target_link_libraries()
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
To ease writing common drivers, let's make the host trampolines
from the native simulator avaliable to all posix based boards.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Instead of keeping a replica of the nce code,
now that the native_simulator is in tree, let's use
it directly.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Instead of failing badly later, let's give a clear error
message if the user tries to build in an unsupported platform.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This allows building with embedded libCs in the Zephyr side,
as the POSIX arch bottom is not anymore built in Zephyr context.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Where the bottom is the only one which interacts with
the host operating system.
And the top the only one that interacts or is aware
of the hosted operating system (Zephyr).
The bottom uses the native simulator CPU
start/stop emulation.
By now we replicate its code as a provisional measure,
until the native simulator becomes standard.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Where the bottom is the only one which interacts with
the host operating system, and does not necessarily
need to know about the Zephyr OS.
This is in preparation for the native simulator,
which which the bottom is also fully Zephy agnostic.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
The issue due to which we set the default compiler C std version
to C11 is not specific to any particular POSIX arch board,
but to all. Instead of setting this property for each board,
let's set it at the architecture level.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
With Zephyr now always using `int main(void)`, there's no longer any need
for this definition. The last remaining use which gated the declaration of
_posix_zephyr_main isn't necessary as adding that declaration
unconditionally is harmless.
Signed-off-by: Keith Packard <keithp@keithp.com>
Align the comment with the new int main(void) convention
used in Zephyr.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This commit updates the `_posix_zephyr_main` declaration to use the
return type of `int` instead of `void` when `CONFIG_CPP_MAIN=y` (i.e.
C++-compliant main() support is enabled) so that Zephyr applications
defining their main() in a C++ source file can make use of the proper
main() definition of `int main(void)` as required by the C++ standard.
Note that the forward declaration of `_posix_zephyr_main` is required
if and only if the main() is defined in a C++ source file (i.e. when
`CONFIG_CPP_MAIN=y`).
Signed-off-by: Stephanos Ioannidis <stephanos.ioannidis@nordicsemi.no>
The CONFIG_STACK_SENTINEL adds 4 bytes to the stack. Take these
into account for CONFIG_ARCH_POSIX_RECOMMENDED_STACK_SIZE.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
It turns out that SOF is already using a symbol named
"zephyr_app_main()", so this produces a collision. Pick something
that looks more relevant to "posix", and put an underscore on it (it's
a "system" symbol, after all).
Signed-off-by: Andy Ross <andyross@google.com>
It seems like libfuzzer wants to relocate 32 bit instrumented code
sections at runtime at addresses different than the ones in the ELF
file. This is problematic, because Zephyr files are compiled
statically and so will crash the first time they try to jump to an
absolute .text address (basically at the first function call after a
fuzzer entry point).
It seems that building with -fPIC is enough to defeat this (we use the
host linker script, which will manage the GOT/PLT entries for us),
which will work as long as the fuzzer isn't playing games with data
other than text. None of this seems to be documented, so... I guess
it's as good as we can get. It works, at least.
(x86_64 binaries don't show the same behavior, they run where they
were linked)
Signed-off-by: Andy Ross <andyross@google.com>
Add support for LLVM's libfuzzer utility. This works by building an
executable with a "LLVMFuzzerTestOneInput()" entry point (which is
external to Zephyr, running in the host process environment!), which
it drives out of its own main() routine. The toolchain API is exposed
as just another sanitizer variant, which is clean.
Signed-off-by: Andy Ross <andyross@google.com>
Wire this up the same way ASAN works. Right now it's support only by
recent clang versions (not gcc), and only in 64 bit mode. But it's
capable of detecting uninitialized data reads, which ASAN is not.
This support is wired into the sys_heap (and thus k_heap/k_malloc)
layers, allowing detection of heap misuse like use-after-free. Note
that there is one false negative lurking: due to complexity, in the
case where a sys_heap_realloc() call is able to shrink memory in
place, the now-unused suffix is not marked uninitialized immediately,
making it impossible to detect use-after-free of those particular
bytes. But the system will recover cleanly the next time the memory
gets allocated.
Also no attempt was made to integrate this handling into the newlib or
picolibc allocators, though that should hopefully be possible via
similar means.
Signed-off-by: Andy Ross <andyross@google.com>
This had bitrotten a bit, and didn't build as shipped. Current
libasan implementations want -fsanitize=address passed as a linker
argument too. We have grown a "lld" linker variant that needs the
same cmake treatment as the "ld" binutils one, but never got it. But
the various flags had been cut/pasted around to different places, with
slightly different forms. That's really sort of a mess, as sanitizer
support was only ever support with host toolchains for native_posix
(and AFAICT no one anywhere has made this work on cross compilers in
an embedded environment). And the separate "gcc" vs. "llvm" layers
were silly, as there has only ever been one API for this feature (from
LLVM, then picked up compatibly by gcc).
Pull this stuff out and just do it in one place in the posix arch for
simplicity.
Also recent sanitizers are trying to add instrumentation padding
around data that we use linker trickery to pack tightly
(c.f. SYS_INIT, STRUCT_SECTION_ITERABLE) and we need a way
("__noasan") to turn that off. Actually for gcc, it was enough to
just make the records const (already true for most of them, except a
native_posix init struct), but clang apparently isn't smart enough.
Finally, add an ASAN_RECOVER kconfig that enables the use of
"halt_on_error=0" in $ASAN_OPTIONS, which continues execution past the
first error.
Signed-off-by: Andy Ross <andyross@google.com>