SharedPtr::reset did not actually set the stored pointer value.
Correct this, with other minor tidies:
* Ensure counter is set to NULL if pointer is reset to NULL
* Be consistent about not clearing pointers in decrement_counter().
->move() operator was not touching unused data fields, therefore
leaving uninitialised data and failing the comparison.
Fixed by initialising all fields to zero before moving.
mbed_die was calling wait_ms in a critical section - this is deprecated
behaviour, and caused a fatal error in debug builds, potentially leading
to an infinite reboot loop if this was caused due to a reboot limit
halt.
Switch to using wait_us - this is safe in a critical section. This does
trigger a call to mbed_warning, due to the large parameter, but that is
harmless - it doesn't output anything to the console, and won't
overwrite the error context if it already contains something.
The pre-main check of error_reboot_count was applied repeatedly on
every boot, meaning that once the reboot limit was hit, every subsequent
reset would halt before main, until something managed to clear
or corrupt the error context.
Set the is_error_processed flag before halting, so that when an external
agent resets us while we're halted, we do not report the error and halt
again.
A couple of places in mbed_retarget.cpp were testing for either ARMC5 or
ARMC6 in a long-winded fashion. Testing for __ARMCC_VERSION being
defined is sufficient.
Similar to SingletonPtr, use atomic accesses when loading the guard word
outside the lock, and when storing, to ensure no races for threads that
don't take the lock.
Lack of atomics unlikely to be a problem in current builds, but code
could conceivably be subject to reordering if link-time optimisation was
enabled.
SingletonPtr's implementation wasn't totally safe - see "C++ and the
Perils of Double-Checked Locking"by Meyers and Alexandrescu. No problems
observed in practice, but it was potentially susceptible to compiler
optimisation (or maybe even SMP issues).
Now that we have atomic loads and stores, the function can be made safe,
avoiding any potential races for threads that don't take the lock:
ensure that the unlocked load is atomic, and that the pointer store is
atomic.
See https://preshing.com/20130930/double-checked-locking-is-fixed-in-cpp11/
for more discussion.
As barriers were added in #9247, review comments pointed out that atomic
stores needed a second barrier, and they got one. But atomic_flag_clear
was missed.
Add atomic load and store functions, and add barriers to the existing atomic
functions.
File currently has no explicit barriers - we don't support SMP, so don't
need CPU barriers.
But we do need to worry about compiler barriers - particularly if link time
optimisation is activated so that the compiler can see inside these
functions. The assembler or intrinsics that access PRIMASK for
enter/exit critical act as barriers, but LDREX, STREX and simple
volatile pointer loads and stores do not.
Critical section count/state variables are synchronised by IRQ disabling and
critical section calls themselves, so do not need to be volatile.
This eliminates a couple of unnecessary reads of the counter variable.
The DEVICE_FOO macros are always defined (either 0 or 1).
This patch replaces any instances of a define check on a DEVICE_FOO
macro with value test instead.
Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
As part of work to improve the debugging of exceptions, have
Mbed OS make an effort to make exceptions more precise in debug builds
at the cost of performance.
Related pyOCD work:
https://github.com/mbedmicro/pyOCD/pull/430
Make the option positively named, and as it is a platform config
option make sure it only affects platform code.
HAL functions still remain available even if platform is told not
to use them.
MPU lock under- or overflow is not a likely random runtime failure - it
will be a mismatched lock/unlock programming error, so should be
detected during development. Make the checks asserts so they can be
left out from release builds. MBED_ASSERT is also a bit smaller than
MBED_ERROR in develop builds.
Make the following changes:
-Allow a vector specific ARM MPU driver by defining MBED_MPU_CUSTOM
-Allow ROM address to be configured for ARMv7-M devices by
setting the define MBED_MPU_ROM_END
-Add ROM write protection
-Add new functions and lock
-enable at boot
-disable during flash programming
Rename MpuXnLock to ScopedMpuXnLock so it has the same naming
convention as ScopedMutexLock. Also make this class inherit from
NonCopyable to prevent misuse.
Enable the MPU as part of the boot sequence and disable it before
starting a new application. Also add reference counted MPU lock and
unlock functions to allow code to execute from ram when necessary.
Adding new modules inside the namespace could be breaking change for existing code base
hence add `using namespace::class` for classes newly added to mbed namespace to maintian
backwards compatibility.
MBED_NO_GLOBAL_USING_DIRECTIVE is added to remove auto-addition of namespace
Macro guard `MBED_NO_GLOBAL_USING_DIRECTIVE` is added around namespace, to avoid
polluting users namespace.
SocketStats Class is added to collect and provide the statistics information.
In this phase only socket information is collected and max sockets that can
be recorded at any time are configurable through 'MBED_CONF_NSAPI_SOCKET_STATS_MAX_COUNT'
Network statistics can be enabled through a macro MBED_NW_STATS_ENABLED
More information on design is captured in #8743
Implement the following:
KVStore base class
TDBStore class
FileSystemStore class
SecureStore class
Global APIs
Configuration framework
Design documentation
Moved "bootloader_not_supported" check to where it was and handle that exception at only one place.
Removed ram/rom size info for realtek from targets.json. THe info we have is not correct.
was Not handling config exceptions from regions and ram_regions property
adding rom-ram info for REALTEK_RTL8195AM
Modify the implementation of CThunk so it does not execute from ram.
Instead is uses an array of functions in flash which can be allocated
as a thunk. The number of CThunks that can be used by an application
can be configured with MBED_CONF_PLATFORM_CTHUNK_COUNT_MAX.
The issue is that the process_oob check would only return immediately
if no data at all on entry, or when receiving a known OOB. Any other
line noise or unknown OOBs could lead to a timeout delay - read the
noise or unknown OOB then timeout waiting for another line of input.
This revised version modifies the parser to recheck readable after each
line end when only looking for OOBs, so it can immediate exit.
Save some ROM space by putting MBED_NORETURN attributes on error
functions and failed asserts.
mbed_error was documented as returning an error code. It never
actually could return, so documentation updated, but return type
kept.
Various fixes in preparation for making sure error calls do not return.
* Clear out handle_error's use of error_in_progress as a sort of spin
lock; this is most likely to deadlock if ever activated, and conflicts
with error's use of error_in_progress. Use a normal critical section lock.
* Make error use same mbed_halt_system helper as mbed_error.
* Make error's recursion check avoid print and proceed to halt, rather
than returning.
* Make mbed_error use error_in_progress to avoid recursion in same way
as error() does.
* Give mbed_halt_system its own recursion check in case of error in
mbed_die - give it a simple fallback.
* Make the in_progress things properly atomic, just in case.
An atomic flag primitive is sometimes wanted, and it is cumbersome to
create it from the compare-and-swap operation - cumbersome enough that
people often don't bother.
Put in a core_util_atomic_flag that follows the C11/C++11 atomic_flag
API, such that it could be mapped to it with #define later.
API's updated as:
1. wait(float) calls wait_ms for >=0.01s and not in interrupt, else wait_us.
2. wait_ms() is just the thread sleep and doesn't lock hardware sleep.
In order to have backward compatibility, if used in ISR `wait_us` is
called if MBED_TRAP_ERRORS_ENABLED is false
3. wait_us() is a ticker-based wait, always spinning.
Don't extract filename from the stored error - print it directly.
Use "mbed_error_puts" for both error message and filename to avoid
buffer length limits.
Switch to puts also fixes the potential problem of an error message
containing a '%' upsetting the formatter - it should have been
mbed_printf_error("%s", error_msg) in the first place.
vsprintf returns the amount it would have written if the buffer had been
big enough, but we used that value directly when outputting, thus
overrunning memory and dumping stack contents.
Indicate truncation by inserting an ellipsis and newline. Slightly
increase the buffer size, so that we don't slightly decrease the maximum
printable characters because of the ellipsis insertion.
Partially addresses https://github.com/ARMmbed/mbed-os/issues/6850 by
forcing a newline when truncation happens - often truncation will drop a
newline and prevent a flush.
Mbed retarget does an `fflush` on stdout and stderr on exit - this
flushes the C library buffers (if it is buffering), but doesn't
flush any device buffers (eg UARTSerial's TX buffer). Add
sync() calls to the output device to do this.
Use write() on current output device instead - this works on the
assumption that write() is safe to call from critical section.
UARTSerial has previously been upgraded to support this, and this also
improves the behaviour when buffered serial is in use - the current
buffered output will be fully flushed before outputting the error
message.
Be more cautious about alignment - align the data within a SingletonPtr
to 8 bytes rather than 4. This could increase padding overhead by up
to 8 bytes, sadly, but we may need this alignment for correct operation.
Conditional check added for C++11 - if in use we can get correct minimal
alignment by using alignas(T).
Static Thread methods and signal methods have been deprecated. Remove
all references in the main code, and most of the tests. Some tests of
the deprecated APIs themselves remain.
Make get() and operators * and -> of SingletonPtr const - they are
logically const and thread-safe, despite the construction on first call.
This construction is "invisible" to the caller of those methods.
Compilers allocate some section of memory without using wrapper function,
which is later freed when wrappers were initialized. Since the allocated
memory didn;t contain wrapper header the pointer got corrupt when calling to free.
This implementation of signature addition during malloc and signature check during
free helps in freeing the memory allocated by wrapper functions properly and
also the internal memory allocated by compilers (without malloc wrappers).
malloc guarantees aligned memory. If we add an alignment here, we are adding
additonal unused 4 bytes. Each allocator has its own 4/8 byte header
(GGC / ARM have 4 bytes).
So if user request for 8 bytes of memory stats will add 8 + allocator 8.
However if we remove the alignment in stats header, allocator will consider
add 4 bytes to 12 byte request and zero padding.
It will be beneficial to leave the padding to allocator.
You are allowed in POSIX / ANSI C to read and write on the same stream, but you
have to do an fseek in between read and write call (getc->fseek->putc)
Thanks @Alex-EEE for sharing the fix: https://github.com/ARMmbed/mbed-os/pull/7749
Added test case for verification of the behavior
Heap statistics are used for analysing heap stats, but it doesn't tell anything
about real heap usage or malloc overheads. Adding `overhead_size` element
will help users to get the real heap usage.
Low power Timer is used as RTC for platforms that don't have HW RTC capabilities (like NRF52832).
`_rtc_lpticker_read(void)` function currently uses `Timer::read()` function to trace elapsed time.
`Timer::read()` returns seconds represented as `float` value, but this value is calculated from `int` since `Timer::read_us()` returns `int`.
This limits time tracing to ~35 min.
To fix this problem we will use `timer::read_high_resolution_us()` (which returns unsigned 64 bit value) instead of `Timer::read()`.
Add a config option for the following values:
MBED_SYS_STATS_ENABLED
MBED_STACK_STATS_ENABLED
MBED_CPU_STATS_ENABLED
MBED_HEAP_STATS_ENABLED
MBED_THREAD_STATS_ENABLED
MBED_CONF_APP_MAIN_STACK_SIZE
MBED_CONF_APP_TIMER_THREAD_STACK_SIZE
MBED_CONF_APP_IDLE_THREAD_STACK_SIZE
MBED_CONF_APP_THREAD_STACK_SIZE
To maintain backwards compatibility inside the RTOS both
APP and RTOS config values can be used.
Code had mixed up order of 'c' and 'n' arguments to memset().
Fix this.
Spotted-by: kjbracey-arm & a GCC profile without "-fno-builtin"
Related GCC warnings:
---8<---8<----
[Warning] mbed_error.c@123,5: 'memset' used with constant zero length parameter; this could be due to transposed parameters [-Wmemset-transposed-args]
[Warning] mbed_error.c@282,5: 'memset' used with constant zero length parameter; this could be due to transposed parameters [-Wmemset-transposed-args]
Sometimes you want don't want to directly call a method on your
SingletonPtr-wrapped object, but you want to pass it to something
else.
For example
SingletonPtr<PlatformMutex> mutex;
mutex->lock();
is fine, but what about
SingletonPtr<PlatformMutex> mutex;
ScopedLock<PlatformMutex> lock(*mutex.get());
Add an overload for operator* to make this more elegant:
SingletonPtr<PlatformMutex> mutex;
ScopedLock<PlatformMutex> lock(*mutex);
This addition is consistent with standard C++ classes such as
`unique_ptr` and `shared_ptr`, which likewise have
get, operator-> and operator*.
Copy construction between Span of compatible type is allowed to fulfil the use
case Span<T> -> Span<const T>. This is achieved by a templated copy constructor
like constructor.
In p0122, the overload is discarded from the constructor set if the ElementType
of the Span in input is not convertible into the ElementType of the Span being
constructed.
To discard function overload, SFINAE has to be used which polutes the documentation
and make the code harder to read and maintain.
Unlike p0122, our Span class doesn't exposes (yet) functions with default argument
or functions that convert container in input into span the only overload with the
a single parameter that we exposes are:
- template<size_t N> Span(ElementType (&element)[N])
- Span(const Span& other): <- generated by the compiler.
For both of this functions we expect exact match and their resolution should not
interfere with the constructor that converts from another type of Span.
As a result it is possible to rely solely on C++ default resolution rules as we
won't hit cases were constructors convert from another type (std::array, std
container, span) and raise an error with a static assert if the element type
can't be converted.
If another copy - conversion - constructor is added then SFINAE has to be
reintroduced.
This commit aims to make Span implementation more in line with what is present in N4762:
- use appropiate index types where applicable.
- use typedefed type inside the class (index_type, reference, pointer, element_type)
- assertion where applicable
- restrict default construction to Span with extent == 0 or extent == dynamic.
- construct span from a range of pointer
- remove non const overload of the subscript operator
- remove non const overload of the data function
- implement subspan function
- implement missing first and last function of dynamic span
The Span class allows the creation of views over contiguous memory. The view
do not own memory, is typed and has a length. It can be used as a replacement of
the traditional pair of pointer and size in parameters or class fields.
Main operations:
- size(): return the lenght of the memory viewed
- empty(): return if the memory viewed is empty
- [index]: access elements viewed
- data(): return a pointer to the memory viewed.
- first(count): Create a subview from the first count elements.
- last(count): Create a subview from the last count elements.
- == and !=: compare two views or a view to array and return if they are equal or
not.
The Span class came in two flavors:
- Static size: The size is encoded in the Span type and it is as lightweitgh as
a single pointer,
- Dynamic size: The object can store arbitrary views and it costs one pointer
and the size of the view.
When the define LPTICKER_DELAY_TICKS is set deep sleep can be randomly
disallowed when using the low power ticker. This is because a Timer
object, which locks deep sleep, is used to protect from back-to-back
writes to lp tickers which can't support that. This causes tests which
assert that deep sleep is allowed to intermittently fail.
To fix this intermittent failure this patch adds the function
sleep_manager_can_deep_sleep_test_check() which checks if deep sleep
is allowed over a duration. It updates all the tests to use
sleep_manager_can_deep_sleep_test_check() rather
than sleep_manager_can_deep_sleep() so the tests work even if deep
sleep is spuriously blocked.
Volatile specifier in this case it not required as we currently have all accesses
to the buffer protected by critical section. This shall optimize accesses in
some cases to the buffer.
Fixes#7702
`handle_error` calls `MBED_CALLER_ADDR()`, but this is always a location from within platform/mbed_error.c. This is because `handle_error` is declared static. This does not cause the function to be inlined however. Instead, it is called by each function within mbed_error.c. For example, mbed_error yields this code:
```
000625c8 <mbed_error>:
625c8: b510 push {r4, lr}
625ca: 460c mov r4, r1
625cc: 4611 mov r1, r2
625ce: 461a mov r2, r3
625d0: 9b02 ldr r3, [sp, #8]
625d2: f7ff feff bl 623d4 <handle_error>
625d6: b968 cbnz r0, 625f4 <mbed_error+0x2c>
625d8: 4620 mov r0, r4
625da: f7ff ff67 bl 624ac <print_error_report.constprop.0>
625de: f7ff fea8 bl 62332 <core_util_is_isr_active>
625e2: b910 cbnz r0, 625ea <mbed_error+0x22>
625e4: f7ff fe9f bl 62326 <core_util_are_interrupts_enabled>
625e8: b908 cbnz r0, 625ee <mbed_error+0x26>
625ea: bf30 wfi
625ec: e7fd b.n 625ea <mbed_error+0x22>
625ee: 2001 movs r0, #1
625f0: f000 f948 bl 62884 <__wrap_exit>
625f4: 4800 ldr r0, [pc, #0] ; (625f8 <mbed_error+0x30>)
625f6: bd10 pop {r4, pc}
625f8: 80ff010f .word 0x80ff010f
```
Note that at `625d2` there is a bl to handle error. That replaces the LR, which means that ALL calls to mbed_error will report a location of 0x625d6 or 0x625d7 (user vs. supervisor). I do not expect that this was the intention of the code. The simplest fix is to change line 99:
```C
static inline mbed_error_status_t handle_error(mbed_error_status_t error_status, unsigned int error_value, const char *filename, int line_number)
```
Since `handle_error()` will be inlined, the link register will be kept the same, so `MBED_CALLER_ADDR()` will yield the expected result. However, there is no guarantee that the compiler will respect the `inline` keyword in all circumstances.
The result is that each function that wishes to report its caller must extract its caller. This code cannot be centralised.
I have modified `mbed_error.c` to report the caller of each error reporting function, rather than the error reporting function itself.
I added the powerdown func by GIC in mbed_application because Cortex-A9 use GIC instead of NVIC.
This process prevent unexpected interrupt when updating software by using bootloader.
I added the process for Cortex-A in mbed_application.c because this process was for only Cortex-M.
Also I enabled the macro of MBED_APPLICATION_SUPPORT for Cortex-A.
The new configuration make Error history tracking switched off by default and enabled by using the config flag MBED_CONF_PLATFORM_ERROR_HIST_ENABLED.
Config flag MBED_CONF_PLATFORM_ERROR_ALL_THREADS_INFO enables printing info of all threads. This will be turned off by default.
With "mov r2, #0", compile OK with GCC_ARM, but failed with ARMC6.
With "ldr r2, =0", compile OK with ARMC6, but failed with GCC_ARM.
Finally, with "movw r2, #0"/"movt r2, #0", compile OK with both ARMC6 and GCC_ARM.
The errno.h header file defines the type error_t, unfortunately this
is a common type name that may be defined in user code. For at least GCC
we can work around this by telling errno that the error_t is already
defined.
Unfortunately, some toolchains don't define the same errno codes that
are used fairly consistently on Linux based platforms, which means they
also don't match the errno codes used in the retarget layer.
If a user includes errno.h after mbed.h, the errno codes can be
redefined incorrectly.
Adding an include of errno.h in mbed.h forces the order to be fixed.
CPUID base register is available for Cortex-M processors only.
Cortex-A devices have Main ID Register, which can be used in future to
get processor info.
Add the POSIX fcntl call, but only implementing F_SETFL and F_GETFL
for O_NONBLOCK, so users can control the blocking flag of streams
with only the integer file descriptor.
Necessary to portably control the blockingness of the console:
int flags = fcntl(STDOUT_FILENO, F_GETFL);
fcntl(STDOUT_FILENO, F_SETFL, flags | O_NONBLOCK);
There was no way to check current blocking state, so no way to modify
and restore status.
Also have default FileHandle::set_blocking() used by real files return a
correct error code when asked for non-blocking, and success when asked
for blocking.
These were minor omissions that are required to implement POSIX fcntl
properly.
fixup! Add `is_blocking()` method to FileHandle
Some platforms have interface chips with hardware flow control
enabled by default. This commit adds configurable flow control to
STDOUT.
Usage:
* Define pin names STDIO_UART_RTS for Rx-flow-control and
STDIO_UART_CTS for Tx-flow-control.
* Set target.console-uart-flow-control. Valid options are:
null, RTS, CTS, and RTSCTS.
- Move macro definition to mbed_toolchain.h
- Remove double underscores from macro which are reserved.
- Fix macro for IAR until compiler flags to disable path are added again.
Sleep manager tracing strips the path from filenames and uses the result as an
identifier to track drivers that unlock/lock sleep tracing. Replace the function
that strips the path from the string, replace this function with a new macro,
__FILENAME__ which performs the same action in a compiler specific manner.
- GCC_ARM, use __builtin_strrchr which is optimized out at compile time.
- ARM, use __MODULE__ which returns the filename without path.
- IAR, specifiy the --no_path_in_file_macros compiler flag.
The atomic functions preserve volatile semantics - they only perform the
accesses specified. Add the volatile qualifier to the value pointer to
reflect this. This does not change existing caller code - it's
equivalent to adding a const qualifier to indicate we don't write to
a pointer - it means people can pass us qualified pointers without
casts, letting the compile check const- or volatile-correctness.
This is consistent with C11 <stdatomic.h>, which volatile-qualifies its
equivalent functions.
Note that this useage of volatile has nothing to do with the atomicity -
objects accessed via the atomic functions do not need to be volatile.
But it does permit these calls to be used on objects which have been
declared volatile.
The volatile qualifier on the __LDREX/__STREX prototypes only means that
it's safe to use them on volatile objects. Doesn't mean you actually
have to pass them volatile pointers.
Adding the volatile is a bit like doing strlen((const char *) ptr)
because you've got a non-const pointer.
Add tracing output to console to track when drivers lock and unlock deep
sleep. Tracing output is enabled by configuring the
'SLEEP_PROFILING_ENABLED' at compile time.
- Wrapped sleep_manager_lock/sleep_manager_unlock in a macro to
conditionally call tracing functions when 'SLEEP_PROFILING_ENABLED' is
set.
- Define a global structure to track driver names and how many locks
they hold in the sleep manager.
Current behaviour ends up undefined when the constructor leaves early.
Now FilePath just discards leading slashes and otherwise asserts if the
path is bad.
Cortex-M23 doesn't support ARMv8-M Main Extension and so doesn't support:
ldm r0, {r0, r1, r2, pc}
Fix it by going Cortex-M0/M0+ way:
ldm r0, {r0, r1, r2, r3}
bx r3
Rework so that everything is a FileHandle, including
stdin/stdout/stderr.
Provide legacy functionality of calling serial_getc and serial_putc as
an internal "DirectSerial" FileHandle.
Add a JSON option to use UARTSerial instead.
Add hooks for target and application to provide custom FileHandles.
Allow for CRLF conversion to work on any FileHandle that isatty(),
as stdin/stdout or any other FILE. Optimise the conversion so it
doesn't force all write calls to be 1 byte. Limit the conversion
to the stdio layer, so that read() and write() work the same as
the FileHandle methods - this seems less confusing.
Martin Kojtal
Kevin Bracey
Cruz Monrreal
Seppo Takalo
Senthil Ramakrishnan
paul-szczepanek-arm
Deepika
kegilbert
bcostm
Alastair D'Silva
Russ Butler
Filip Jagodzinski
Michal Paszta
Vincent Coubard
Nir Sonnenschein
David Saada
Aashish chaddha
shileiyu
RFulchiero
Amanda Butler
Mel W
Przemyslaw Stekiel
Jaakko Korhonen
Brian Daniels
MateuszMaz
MateuszM
Tero Jääskö
TTornblom
Thomas Kemmer
Oren Cohen
Donatien Garnier
Brendan Moran
ccli8
TomoYamanaka
Bartek Szatkowski
Christopher Haster
James Wang
Marcus Chang
Yossi Levy
amq
Cruz Monrreal
Steven Cartmell
Wolfgang Betz
Anna Bridge
adustm
Brendan McDonnell
Martin Kojtal
Jimmy Brisson