| Commit message (Collapse) | Author | Files | Lines |
|
Update #3706
|
|
|
|
This makes the @file documentation independent of the actual file name.
Update #3707.
|
|
Allocate the per-CPU data for secondary processors directly from the
heap areas before heap initialization and not via
_Workspace_Allocate_aligned(). This avoids dependency on the workspace
allocator. It fixes also a problem on some platforms (e.g. QorIQ) where
at this early point in the system initialization the top of the RAM is
used by low-level startup code on secondary processors (boot pages).
Update #3507.
|
|
Statically allocate the objects information together with the initial
set of objects either via <rtems/confdefs.h>. Provide default object
informations with zero objects via librtemscpu.a. This greatly
simplifies the workspace size estimate. RTEMS applications which do not
use the unlimited objects option are easier to debug since all objects
reside now in statically allocated objects of the right types.
Close #3621.
|
|
The configured interrupt stack size (CONFIGURE_INTERRUPT_STACK_SIZE) is
checked against the minimum task stack size. The minium tasks task
stack size is also a configuration option
(CONFIGURE_MINIMUM_TASK_STACK_SIZE). So, this check does not really
help in case of configuration errors. In addition, the interrupt stack
is also re-used as the initialization stack in most BSPs. It is
probably better to use a stack checker to detect problems.
Update #3459.
|
|
An invalid heap usage such as a double free is usually a fatal error
since this indicates a use after free. Replace the use of printk() in
free() with a fatal error.
Update #3437.
|
|
A speciality of the RTEMS build system was the make preinstall step. It
copied header files from arbitrary locations into the build tree. The
header files were included via the -Bsome/build/tree/path GCC command
line option.
This has at least seven problems:
* The make preinstall step itself needs time and disk space.
* Errors in header files show up in the build tree copy. This makes it
hard for editors to open the right file to fix the error.
* There is no clear relationship between source and build tree header
files. This makes an audit of the build process difficult.
* The visibility of all header files in the build tree makes it
difficult to enforce API barriers. For example it is discouraged to
use BSP-specifics in the cpukit.
* An introduction of a new build system is difficult.
* Include paths specified by the -B option are system headers. This
may suppress warnings.
* The parallel build had sporadic failures on some hosts.
This patch removes the make preinstall step. All installed header
files are moved to dedicated include directories in the source tree.
Let @RTEMS_CPU@ be the target architecture, e.g. arm, powerpc, sparc,
etc. Let @RTEMS_BSP_FAMILIY@ be a BSP family base directory, e.g.
erc32, imx, qoriq, etc.
The new cpukit include directories are:
* cpukit/include
* cpukit/score/cpu/@RTEMS_CPU@/include
* cpukit/libnetworking
The new BSP include directories are:
* bsps/include
* bsps/@RTEMS_CPU@/include
* bsps/@RTEMS_CPU@/@RTEMS_BSP_FAMILIY@/include
There are build tree include directories for generated files.
The include directory order favours the most general header file, e.g.
it is not possible to override general header files via the include path
order.
The "bootstrap -p" option was removed. The new "bootstrap -H" option
should be used to regenerate the "headers.am" files.
Update #3254.
|
|
|
|
The previous rtems_panic() implementation was quite heavy weight. It
depended on _exit() which calls the global destructors. It used
fprintf(stderr, ...) for output which depends on an initialized console
device and the complex fprintf().
Introduce a new fatal source RTEMS_FATAL_SOURCE_PANIC for rtems_panic()
and output via vprintk().
Update #3244.
|
|
Delete superfluous INTERNAL_ERROR_POSIX_INIT_THREAD_ENTRY_IS_NULL.
Update #3243.
|
|
Add a default implementation of _arc4random_getentropy_fail with an
internal error.
Update #3239.
|
|
Add new fatal error INTERNAL_ERROR_ILLEGAL_USE_OF_FLOATING_POINT_UNIT.
Update #3077.
|
|
Update #2825.
|
|
Update #2825.
|
|
Update #2825.
|
|
Update #2825.
|
|
|
|
Update #2825.
|
|
Update #2825.
|
|
The fatal is internal indicator is redundant since the fatal source and
error code uniquely identify a fatal error. Keep the fatal user
extension is internal parameter for backward compatibility and set it to
false always.
Update #2825.
|
|
Update #2825.
|
|
Update #2825.
|
|
Replace the expected thread dispatch disable level with a thread queue
enqueue callout. This enables the use of _Thread_Dispatch_direct() in
the thread queue enqueue procedure. This avoids impossible exection
paths, e.g. Per_CPU_Control::dispatch_necessary is always true.
|
|
On SMP configurations, it is a fatal error to call blocking operating
system with interrupts disabled, since this prevents delivery of
inter-processor interrupts. This could lead to executing threads which
are not allowed to execute resulting in undefined behaviour.
The ARM Cortex-M port has a similar problem, since the interrupt state
is not a part of the thread context.
Update #2811.
|
|
This function is useful for operations which synchronously block, e.g.
self restart, self deletion, yield, sleep. It helps to detect if these
operations are called in the wrong context. Since the thread dispatch
necessary indicator is not used, this is more robust in some SMP
situations.
Update #2751.
|
|
Update #2556.
|
|
The mutex objects use the owner field of the thread queues for the mutex
owner. Use this and add a deadlock detection to
_Thread_queue_Enqueue_critical() for thread queues with an owner.
Update #2412.
Update #2556.
Close #2765.
|
|
This partially reverts 38ee75853f674977609bd078c69fb53420afdd08. Let
the calling context decide if interrupts must be disabled or not. The
goal is to enable fatal extensions to continue program execution after
some fatal errors.
|
|
Move the safety check performed by
_CORE_mutex_Check_dispatch_for_seize() out of the performance critical
path and generalize it. Blocking on a thread queue with an unexpected
thread dispatch disabled level is illegal in all system states.
Add the expected thread dispatch disable level (which may be 1 or 2
depending on the operation) to Thread_queue_Context and use it in
_Thread_queue_Enqueue_critical().
|
|
This simplifies the global construction.
Update #2514.
|
|
|
|
|
|
|
|
|
|
|
|
Issue a fatal error in case a thread is deleted which still owns
resources (e.g. a binary semaphore with priority inheritance or ceiling
protocol). The resource count must be checked quite late since RTEMS
task variable destructors, POSIX key destructors, POSIX cleanup handler,
the Newlib thread termination extension or other thread termination
extensions may release resources. In this context it would be quite
difficult to return an error status to the caller.
An alternative would be to place threads with a non-zero resource count
not on the zombie chain. Thus we have a resource leak instead of a
fatal error. The terminator thread can see this error if we return an
RTEMS_RESOURCE_IN_USE status for the rtems_task_delete() for example.
|
|
|
|
Rename _Internal_error_Occurred() into _Terminate().
|
|
Use rtems_fatal() instead of _CPU_Fatal_halt() to shutdown processors in
SMP configurations since this allows intervention of BSP or application
specific fatal extensions.
|
|
Merge RTEMS_FATAL_SOURCE_BSP_GENERIC and RTEMS_FATAL_SOURCE_BSP_SPECIFIC
into new fatal source RTEMS_FATAL_SOURCE_BSP. This makes it easier to
figure out the code position given a fatal source and code.
|
|
This error case is no longer required since rtems_shutdown_executive()
can be called anytime, anywhere
|
|
Move _SMP_Request_other_cores_to_shutdown() invocation from
rtems_shutdown_executive() to _Internal_error_Occurred() to allow a
proper shutdown on SMP configurations even in the error case.
|
|
Disable interrupts as the first step in _Internal_error_Occurred() to
get a defined execution context for the fatal extensions.
Make _ISR_Disable_without_giant() available for non-SMP configurations.
|
|
Merge systems states SYSTEM_STATE_SHUTDOWN and SYSTEM_STATE_FAILED into
new system state SYSTEM_STATE_TERMINATED. This reflects that all system
termination paths end up in _Internal_error_Occurred().
|
|
Add bsp_generic_fatal().
|
|
|
|
|
|
|
|
|