add explicit boolean type to 'if' statement controlling expression, thus
improving code readability and maintainability, complying with required
[misra-c2012-14.4] rule which states; The controlling expression of an
if statement and the controlling expression of an iteration-statement
shall have essentially boolean type.
Found as a coding guideline violation (Rule 14.4) by static code
scanning tool.
Note: Tested on STM32L5 Nucleo-144 board (stm32l552xx).
Signed-off-by: ferar alashkar <ferar.alashkar@gmail.com>
* `struct sigevent` is not type-defined
* `union sigval` is not type-defined
* `struct sigevent` must include `sigev_notify_attributes`
For more information, see https://bit.ly/3YfnELI
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
This enables -Wshadow to warn about shadow variables on
in tree code under arch/, boards/, drivers/, kernel/,
lib/, soc/, and subsys/.
Note that this does not enable it globally because
out-of-tree modules will probably take some time to fix
(or not at all depending on the project), and it would be
great to avoid introduction of any new shadow variables
in the meantime.
Also note that this tries to be done in a minimally
invasive way so it is easy to revert when we enable
-Wshadow globally. Source files under modules/, samples/
and tests/ are currently excluded because there does not
seem to be a trivial way to add -Wshadow there without
going through all CMakeLists.txt to add the option
(as there are 1000+ files to change).
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Memalign is another name for the posix aligned_alloc function, although it
has weaker restrictions on the relationship between the alignment and size.
memalign() is used internally by the libstdc++ when built for 'newlib'
targets (which includes picolibc) instead of aligned_alloc() due to a bug
in gcc, so we need to provide an implementation of this when using that
library, even though it's not part of the Zephyr C library API.
When a fix for the libstdc++ is merged upstream and can be consider a
reasonable dependency for Zephyr, this work-around can be removed.
Closes: #57899
Signed-off-by: Keith Packard <keithp@keithp.com>
Add new option to use thread local storage for stack
canaries. This makes harder to find the canaries location
and value. This is made optional because there is
a performance and size penalty when using it.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When aiming for the smallest build result, it is desirable to
use CONFIG_CBPRINTF_NANO together with CONFIG_MINIMAL_LIBC. However
that doesn't mean we need all the functions enabled by having
CONFIG_CBPRINTF_LIBC_SUBSTS=y which increases the binary size even if
those functions are not used and not linked in.
When CONFIG_CBPRINTF_LIBC_SUBSTS=n such functions are not defined
anyway so z_cbvprintf_impl() won't be invoked with missing
functionalities.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
extends the char buffer in the strsignal function to cover the
entire range of `int`
Had to use `-INT_MAX` as the compiler resolves
```
STRINGIFY(INT_MIN)
```
to:
```
(-2147483647 - 1)
```
instead of:
```
-2147483648
```
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Add a new API to perform an immediate system power off:
`sys_poweroff()`.
Until now, this functionality has been implemented via the system power
management module, but in a clunky fashion. The way system PM works is
by defining some idle states in devicetree, that, given some properties
(e.g. minimal residency, exit latency, etc.) are automatically selected
when system goes to idle based on the expected next wake-up. However,
system off is a power state that one typically wants to control manually
from the application because it implies state loss, and in most cases,
configuring some sort of wake-up source. So in general, it is not
desired to let the system enter this state automatically. This led to
the following stuff in-tree:
from `boards/arm/mimxrt595_evk/mimxrt595_evk_cm33.dts`:
```c
/*
* Deep power-down mode is supported in this SoC through
* 'PM_STATE_SOFT_OFF' state. There is no entry for this in device tree,
* user can call pm_state_force to enter this state.
*/
```
That is, state not being defined in devicetree so that PM subsystem
doesn't pick it automatically, but still implemented in in the PM hooks:
from `soc/arm/nxp_imx/rt5xx/power.c`, `pm_state_set()`:
```c
case PM_STATE_SOFT_OFF:
set_deepsleep_pin_config();
POWER_EnterDeepPowerDown(EXCLUDE_FROM_DEEP_POWERDOWN);
break;
```
And to actually make use of this state, users had to do this kind of
abominations:
```c
pm_state_force(0u, &(struct pm_state_info){ PM_STATE_SOFT_OFF, 0, 0 });
/* Now we need to go sleep. This will let the idle thread runs and
* the pm subsystem will use the forced state. To confirm that the
* forced state is used, lets set the same timeout used previously.
*/
k_sleep(K_SECONDS(SLEEP_S));
printk("ERROR: System off failed\n");
while (true) {
/* spin to avoid fall-off behavior */
}
```
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
This patch adds Kconfig options to select either GNU libgcc or LLVM
compiler-rt. The 'rtlib' flag is provided in a config file, so this
patch introduces 'clang_libgcc.cfg' and 'clang_compiler_rt.cfg' which
enable appropriate library. The file is selected by concatenating
the 'clang_' prefix with library name.
Signed-off-by: Patryk Duda <pdk@semihalf.com>
The normative spec for `pthread_mutex_timedlock()` says that
it should return `ETIMEDOUT` when a timeout occurs. However,
currently it returns `EAGAIN`, which reflects what is returned
by `k_mutex_lock()`.
Inspect and update the return value to account for this slight
difference.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
Picolibc doesn't need these two syscall implementations as it uses
zephyr_fputc instead. Make sure that zephyr_putc is declared correctly.
Signed-off-by: Keith Packard <keithp@keithp.com>
Ensure that the thread return value is set by `pthread_join()`
when `status` is non-NULL.
Additionally, we have an opportunity to synchronously clean
up thread stacks in `pthread_join()`, which is preferable.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
Discovered this while implementing c11 threads, but there
was a regression recently that made it so that `pthread_join()`
would report success when attempting to join a thread that had
been detached with `pthread_detach()`.
Technically now that is undefined behaviour, but historically,
we have reported `EINVAL`, which was the older specified
return value.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
1. change explicit type cast of essential character type, complying with
required [misra-c2012-10.2] rule which states; Expressions of
essentially character type shall not be used inappropriately in addition
and subtraction operations, and
2. add explicit boolean type to 'if' statement controlling expression,
consolidating it with 'buflen' type, thus improving code readability and
maintainability , complying with required [misra-c2012-14.4] rule which
states; ; The controlling expression of an if statement and the
controlling expression of an iteration-statement shall have essentially
boolean type, and
3. add enclosing parentheses enforcing and clarifying precedence of
operators, improving code readability and maintainability, complying
with *advisory* [misra-c2012-12.1] rule which states; The precedence of
operators within expressions should be made explicit.
Found as a coding guideline violation (Rules 10.2, 14.4), and coding
guideline recommendation (Rule 12.1) by static code scanning tool.
Note: Tested on STM32L5 Nucleo-144 board (stm32l552xx).
Signed-off-by: ferar alashkar <ferar.alashkar@gmail.com>
change explicit type cast of essential character type, complying with
required [misra-c2012-10.2] rule which states; Expressions of
essentially character type shall not be used inappropriately in addition
and subtraction operations.
Found as a coding guideline violation (Rule 10.2) by static code
scanning tool.
Note: Tested on STM32L5 Nucleo-144 board (stm32l552xx).
Signed-off-by: ferar alashkar <ferar.alashkar@gmail.com>
add explicit unsigned suffices to various immediate numbers, matching
them to size_t, complying with required [misra-c2012-10.4] rule which
states; Both operands of an operator in which the usual arithmetic
conversions are performed shall have the same essential type category.
Found as a coding guideline violation (Rule 10.4) by static code
scanning tool.
Note: Tested on STM32L5 Nucleo-144 board (stm32l552xx).
Signed-off-by: ferar alashkar <ferar.alashkar@gmail.com>
Add a name to the choice group for selecting the C++
standard to be able to override the default standard in
Kconfig.* files.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
This change allows users to call pthread_create() with
the pthread_attr_t argument equal to NULL.
If Zephyr is configured with `CONFIG_DYNAMIC_THREAD`, then a
suitable thread stack will be allocated via
k_thread_stack_alloc(). The allocated thread stack is
automatically freed via k_thread_stack_free().
This makes the Zephyr implementation of pthread_create()
compliant with the normative spec.
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
Since the argument is a 32-bit unsigned int, all possible
values satisfy the condition that intval < UINT64_MAX - 1.
Remove the redundant conditional.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
After commit 9a0aebc5fd,
the exclusion of qemu_x86_tiny is no longer and the "depends on"
option was removed. However, the comment about that remained.
Remove the comment as it is no longer valid.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Skip child objects and arrays that are not specified in the given object
descriptor when parsing a JSON input string.
This patch adds support for extra child arrays which previously were not
supported by the parser as opposed to additional child objects.
Fixes#47988
Signed-off-by: Markus Fuchs <markus.fuchs@ch.sauter-bc.com>
Changed initial guess from a simple x/3 to dividing the exponent by 2.
This makes large or small numbers like 10e10 and 01e-10 converge in a few
loops.
Added a loop counter to ensure that the algorithm breaks out of the loop in
the case that the algorithm doesn't converge (toggling between two
numbers).
Added test cases for sqrt and sqrtf in libc. Tested with a range of numbers
between 10e10 and 10e-10. Verify good accuracy in test case.
Closes: #55962
Signed-off-by: Lawrence King <lawrencek52@gmail.com>
Multiple reader threads unlocking the read lock simultaneously might
cause the program hang because it's possible that no thread is
identified as the last one to active the writer thread.
To fix the issue, swap the k_sem_give sequence.
Signed-off-by: Jaxson Han <jaxson.han@arm.com>
Picolibc has both recursive and non-recursive mutex uses. The bulk of the
library locking uses the global libc lock, which is a recursive mutex as
that greatly simplifies the implementation.
The only use of non-recursive mutexes is in the stdio code when dealing
with file system I/O via fopen.
Using mutexes for both APIs is valid; the assumption picolibc makes is that
the non-recursive mutexes are somehow cheaper or faster and should be
preferred. However, in Zephyr, recursive mutexes are the default and the
non-recursive locks for picolibc were implemented using semaphores.
Switch the non-recursive picolibc locks to just invoking the existing
recursive functions using mutexes. This avoids pulling in another lock
implementation, saving a bit of space.
This also lets the kernel.memory_protection.mem_map test work on
qemu_x86_tiny where the amount of memory available is 320kB and that is
nearly filled by this test case, leaving too little space for allocating
pages in the k_mem_map_unmap test.
Signed-off-by: Keith Packard <keithp@keithp.com>
The `pthread_once_lock` `k_mutex` is statically initialized and
only visible within file scope. Coverity identified it as unsafe
because the return values of `pthread_mutex_lock()` and
`pthread_mutex_unlock()` were unchecked. However, if those
functions were to fail here, it would be indicative that
something far worse has happened.
In any case, we add assertions that these functions
succeed rather than silently ignoring with `(void)`, which
ensures that we have coverage when assertions are enabled,
in test, while removing unneeded code with assertions disable,
in production.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
The `struct k_spinlock` size is zero bytes under certain
circumstances. This is a bit of a problem, because it breaks a
number of assumptions about things in C.
That should be fixed when #59922 is addressed.
This change is just a hotfix to correct the specific condition
where we will need workarounds in other source files.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
This change is setting up for switching over to proper POSIX
option requirements, feature test macros, and a dependency
structure that is reflective of the standard.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
Most of the posix source files can be easily identified by a
short name. I.e. most of the `pthread_` prefixed files do not
need the `pthread_` prefix.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
A significant enough portion of these files has been
changed to justify adding Meta copyright as well as
that of the original author.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
Now that the gcc compiler driver uses the -T flag instead of -Wl,-T, we can
remove the hack here that kept the picolibc specs file from inserting the
picolibc linker script.
Signed-off-by: Keith Packard <keithp@keithp.com>