452 lines
22 KiB
Plaintext
Raw Normal View History

2024-08-26 14:47:14 +02:00
===============================================
Release notes for the Genode OS Framework 24.08
===============================================
Genode Labs
Genode 24.08 puts emphasis on the tracking of the supported 3rd-party software
and consolidation work. It features the Qt6 application framework in addition
to the time-tested Qt5, consistently updates all Linux-based components and
PC device drivers from Linux version 6.1 to version 6.6.47, and updates Mesa
to version 24.0.8. The consolidation work revisits the framework's base and
GUI interfaces with respect to C++20 style, the move away from exception-based
error handling, and the use of strict types.
Combining Genode's recent advances of
[https://genode.org/documentation/release-notes/24.05#On-target_debugging_using_the_GNU_debugger__GDB_ - on-target debugging]
with the
[https://genode.org/documentation/release-notes/23.08#Goa_tool_gets_usability_improvements_and_depot-index_publishing_support - Goa SDK],
the release introduces remote debugging via Goa (Section [Debugging]). Further
topics of version 24.08 range from enhanced board support for i.MX-based
devices (Section [Improvements for NXP's i.MX family]), over the exploration
of AVX on x86 (Section [NOVA microhypervisor]), to steady improvements of
Genode's custom microkernel (Section [Execution on bare hardware (base-hw)]).
Base framework and OS-level infrastructure
##########################################
Reduced reliance on the C++ exception mechanism
===============================================
In [https://genode.org/documentation/release-notes/21.11#New_pattern_for_C___error_handling - version 21.11],
we introduced the
[https://genode.org/documentation/genode-foundations/24.05/api/Fundamental_types.html#Exception-less_error_handling - Attempt]
utility as an alternative to exception-based error handling. While gradually
applying this pattern, in particular for newly introduced interfaces, we
observed our code becoming more rigid and concrete, leaving no condition
unconsidered. Given this added assurance, we ultimately decided to remove
the reliance on C++ exceptions from the base framework over time. The current
release takes a huge leap in this direction.
:base/id_space.h:
A new 'Id_space::apply' overload takes a second functor 'missing_fn' as
argument, which is called whenever the lookup fails. It thereby allows the
use of the 'Id_space' utility without 'Unknown_id' exceptions.
:util/xml_node.h:
The two 'Xml_node::attribute' accessors have been removed along with the
'Nonexistent_attribute' exception. Attributes are generally accessed via the
'attribute_value' method, which handles the case via a default value.
:Core RPC interfaces:
Exceptions have been entirely removed from the RPC interfaces provided by
the core component, namely 'Trace', 'Pd', 'Cpu', 'Rm', and 'Region_map'.
While touching these interfaces, we took the opportunity for modernization
and consolidation of both the interfaces and their implementations. E.g.,
core's trace service received a welcome facelift, e.g., the former use of
basic types got replaced by dedicated types.
The revised 'Region_map' interface uses an 'Attr' compound struct for
specifying arguments to the 'attach' operation, which makes the intent of
client code more obvious. The operation returns a 'Range' instead of a
'Local_addr' now. The 'Region_map::State' type got renamed to 'Fault'.
:base/child.h:
The 'Child_policy::Nonexistent_id_space' exception has been removed by
making the 'server_id_space' mandatory for each policy. The former
'Child::Process' and 'Child::Process::Loaded_executable' classes got
replaced by class functions that return failure conditions as return
values, eliminating the use of C++ exceptions by the child framework.
The overall ambition of cutting back the use of C++ exceptions is not limited
to the base framework but can be observed for critical components as well.
In particular, the NIC router received a profound rework in this respect.
Cultivation of C++20 programming style
======================================
[https://genode.org/documentation/release-notes/23.05#New_tool_chain_based_on_GCC_12.3__C__20_enabled_by_default - One year ago],
we enabled C++20 as default. With the current release, we took the chance to
update the codebase according to this version of the standard.
:C++20 function template syntax:
The 'auto' keyword can be used in many places where template arguments had
to be declared manually. We updated all sources of the base framework
accordingly.
:Using 'using' instead of 'typedef':
C-style type aliases are no longer used within the framework.
:util/geometry.h:
The header has been moved from the os repository to the base repository.
'Point', 'Area', and 'Rect' have been turned into plain compound types,
making 'x', 'y', 'w', 'h', 'at', and 'area' accessible without a method
call. 'Rect' is now represented as a tuple of 'Point' and 'Area', which is
the most common form of initialization. The companion utilities have been
updated ('constexpr', eliminating out parameters) as well.
:util/color.h:
The 'Color' type has been converted from a class to a POD type by replacing
the constructors by the named create functions 'rgb', 'clamped_rgb', and
'clamped_rgba'. This enables the initialization of color values using the
'{ .r = ... }' syntax and makes the type usable in const expressions. The
change also narrows the type for the color components and alpha values to
'uint8_t'. So possible integer overflows of computed values are detected
by '-Wconversion'.
Tightened GUI-session interface
===============================
On our [https://genode.org/about/road-map - road map], we anticipated
intensive work on user-facing topics, many being related to graphical user
interfaces. While approaching these topics, we sensed that the clean
implementation of our ideas would benefit from a revisit of the framework's
existing GUI infrastructure, in particular the GUI-session interface as
provided by the nitpicker GUI server and the window manager. Note that we
barely touched this corner of the framework in the past ten years since
version
[https://genode.org/documentation/release-notes/14.08#New_GUI_architecture - 14.08].
The changes are as follows.
* The 'Gui::Session::session_control' RPC function got removed because its
functionality has long been superseded by the window manager and layouter.
* The interfaces and components received a thorough coding-style update,
embracing C++20, avoiding plain pointers, using 'Attr' structs for passing
attributes, removing the notion of invalid handles/IDs, replacing basic
types by dedicated types, and removing the use of C++ exceptions.
* The out-of-RAM and out-of-caps conditions are now consistently handled by
the 'Gui::Connection', which does no longer inherit the 'Gui::Session'
interface and can thereby introduce tailored result types.
* The creation of top-level views and child views are now two distinct
operations ('view' and 'child_view').
* The access of the subsumed framebuffer and input interfaces is now
mediated by the plain public members 'Connection::framebuffer' and 'input'.
This simplifies the client-side code. E.g., '_gui.input()->pending()'
becomes '_gui.input.pending()'.
* Corner cases of view-stacking operations are now expressed as dedicated
commands. The new stacking commands are FRONT, BACK, FRONT_OF, and BEHIND_OF.
* View handles are managed as 'Id_space' and hence named view IDs now. The
allocation of view IDs has been moved from the server side to the client,
which gives clients more flexibility and reduces the surface of possible
error conditions between client and server. To ease the client-side ID
management, the 'Gui::Connection' hosts a 'view_ids' ID space for optional
use. E.g., the new 'Top_level_view' class uses this ID space for ID
allocation. This class accommodates the most typical use case of opening a
single window.
* The creation of new views accepts initial view attributes now, which
accommodate typical client use cases with less code.
_As a note of caution, this line of work will continue over the course of the_
_next release cycle. The GUI-related APIs of the framework are expected to_
_undergo further changes during that time._
Fostered consistency of naming
==============================
Within our code base, we are ardent about consistency. However, two relics
from the infancy of the project remained standing out like sore thumbs. First,
the '_drv' suffix of driver executables remained at odds with our established
[https://genode.org/documentation/developer-resources/conventions - style]
of naming things without artificial abbreviations. Second, the plural naming
of the _<repo>/src/drivers/_ directory nagged us by being inconsistent with
the sibling directories _test/_, _app/_, _server/_. The current release
rectifies both inconsistencies. The '_drv' suffix has been dropped and the
directory has been renamed to _driver/_.
Device drivers
##############
Linux device-driver environment (DDE)
=====================================
We last adapted Linux DDE for kernel 6.1 in May/August 2023. According to
our plan of approximately one update per year, it was time to roll up our
sleeves for the adaption to Linux 6.6 LTS and ready our driver base for
future (especially PC) platforms. With this release, we limited our efforts
to the emulation library itself as well as virt_linux and pc_linux driver
ports.
Thus, from now on, PC platforms use Linux driver sources of kernel version
6.6.47 for USB host controllers and devices, Wifi and Ethernet adapters,
Intel display, lxip TCP/IP protocols, and wireguard. Non-x86 platforms were
updated for USB devices and network protocols only, but will be adapted in
future releases step-by-step. All drivers work as drop-in-replacements of
older versions with respect to integration and configuration.
Our Wifi driver port got amended by an online quality update concerning the
currently established connection, which can be enabled by the configuration
attribute 'update_quality_interval'. With this feature, user interfaces are
enabled to reflect connection-quality changes almost instantly. Additionally,
we added support for Intel AX200/9560 wireless adapters and restored support
for Wifi devices found in Thinkpad T430 notebooks.
During this release cycle, we analyzed a noticeable network throughput drop
resp. CPU load increase when using the
[https://github.com/genodelabs/genode/issues/5151 - PC Ethernet driver].
We eventually traced the effect to runtime overhead originating from our DDE
memory allocator. The positive impact of a simple allocation-cache
implementation confirmed our suspicion veritable. Hence, we replaced our
custom allocator by the Linux kernel-internal SLUB allocator that is based
on page/folio allocation. The folio API is well hidden in the kernel
internals, still in flux, and offers only incomplete (resp. outdated)
documentation, which required quite a bit of research efforts reading and
understanding the kernel's implementation.
In the end, we improved our emulation implementation sufficiently and managed
to get the PC NIC driver to work robustly with gigabit performance and with
CPU load reduced by 25-40% on Intel Kaby/Tiger Lake notebooks.
Platform driver
===============
During ACPI suspend, the PCI bridges in the system may forget their PCI
configuration. Hence on resume, this configuration needs to be restored to
render all PCI devices behind the bridge usable again. With this release, we
added support to the pci_decode component to report all relevant information,
which is then picked up by the platform driver after an ACPI resume to
re-configure the used PCI bridges. This change enables the successful
restart of the Wifi driver after resume on many platforms.
Improvements for NXP's i.MX family
==================================
The current release comprises a lot of updates and additional support for the
i.MX family of devices.
First of all, we have updated all existent Linux driver ports to Linux kernel
version 6.1.20. In detail, drivers for the Freescale Ethernet Device (FEC) for
ARMv7 and ARMv8, the display management for the i.MX 8M Quad EVK and the MNT
Reform 2, as well as the SD-card Host Controller for the same two boards got
refreshed.
Alice Domage of Gapfruit AG contributed outstanding work to enable platform
support for the i.MX 8M Plus SoC and Compulab's IOT Gateway, which is based on
it. Besides clock, powering, and reset support by a platform driver specific
to this SoC, support is now available for both Ethernet cards (FEC and ST
Microelectronics' STMMAC), SD-card host controller, I2C, and GPIO.
Genode's custom kernel supports two more boards now, namely the F&S Embedded
armStone Starterkit and MNT Pocket Reform. Both are using the i.MX 8M Plus SoC
mentioned above. The support is currently limited to the very basics, and no
peripherals apart from CPU and timer are integrated yet.
For the fine-grained control of GPIO pins, release
[https://genode.org/documentation/release-notes/21.11#Pin_I_O_session_interfaces - 21.11],
introduced the pin I/O session interfaces, superseding the older 'Gpio'
session interface. So far, however, our driver for the GPIO controller as
present on all i.MX SoC's merely supported the old interface. With this
release, we introduce a pin driver implementing the favored pin I/O session
interface instead. All occurrences in packages and run-scripts under Genode's
umbrella use the new driver now, which can be found under _src/driver/pin/imx_
within the genode-imx repository. The old driver and the 'Gpio' session
interface are still existent. But now, as there is no hard dependency or
necessity for it anymore, we mark the old driver as well as the 'Gpio' session
interface as deprecated.
Finally, we moved all remaining i.MX specific parts out of Genode's main
repository into the [https://github.com/genodelabs/genode-imx - genode-imx]
repository to be consistent with our recent approach of vendor-specific
external repositories.
Libraries and applications
##########################
Qt6 application framework
=========================
With this release, we started updating the Qt application framework from Qt5
to Qt6 by adding an initial port of Qt 6.6.2, covering the _qtbase_,
_qtdeclarative_, _qtshadertools_, and _qtsvg_ modules. We are planning to
support the _qtwebengine_ module as well in the near future, which will remove
the dependency from Python 2 and provide us with a more recent Chromium engine
for the Falkon and Morph web browsers.
We also improved the Qt build process for both Qt6 and Qt5 by making sure that
Qt libraries are only built when needed and stub libraries generated from
symbol files are used otherwise.
The Qt6 port uses updated host tools, which need to be built with the
_tool/tool_chain_qt6_ script. Please note that Qt6 requires CMake version 3.19
or higher to build successfully.
Mesa version 24.0.8
===================
With release
[https://genode.org/documentation/release-notes/24.05#Mesa_updated_to_version_24.0.1 - 24.05],
we updated Mesa to major version 24. During the past few months, we improved
the memory allocation and synchronization for Intel's Iris driver and as a
side effect updated Mesa to version 24.0.8.
Platforms
#########
Execution on bare hardware (base-hw)
====================================
Under the hood of Genode's custom kernel, the way how CPU-local memory is
arranged changed fundamentally. The kernel's virtual memory layout now
comprises a CPU area. Each CPU has its own slot within this area, containing
kernel stack, CPU object data resp. all CPU-local data. This change is
transparent to most Genode developers. It was motivated to ease CPU detection
and bootstrapping at run time, for kernel stack overflow detection, and for
increasing the kernel's flexibility regarding multi-core hardware.
NOVA microhypervisor
====================
The kernel received support to handle the x86 CPU FPU extension
[https://de.wikipedia.org/wiki/Advanced_Vector_Extensions - AVX], which is a
family of SIMD instruction extensions used for optimized implementations of
mathematical algorithms, e.g., it is used in multimedia applications. In
principle, the kernel has to detect the available AVX versions, e.g., AVX,
AVX-2, AVX-512. Depending on the version, it has to save and restore
additional FPU state during thread switching. Besides the general
availability to Genode applications, the Seoul VMM has become the first user
of the feature. The VMM now announces the AVX feature to the guest VMs, so
that the guest kernel can enable it and guest user applications can utilize
it, e.g., for web browser and video encoding/decoding use-cases. The feature
got tested with the Seoul VMM on Intel and AMD systems.
Additionally, we adapted the core component to support Intel SoCs with E-Core
only CPUs, which were formerly named Intel Atom and are nowadays branded as
Intel N-Series CPUs.
Finally, the NOVA kernel now supports the freeing of vCPU related data
structures during VM destruction, got optimized to reduce resource overhead
during cross CPU IPC and improved VM MSR exit handling.
Build system and tools
######################
Improved reproducibility
========================
The demand for reproducible builds has been increasing during the past few
years. The main hindrance that makes builds unreproducible are timestamps. On
Genode, especially components that produce TAR files suffered from this
limitation, since the date of the archived data was set to the time of
archiving. To avoid this issue, we introduced a customizable global TAR_OPT in
Genode's build system that sets the date of the archived files to the date of
the epoch and the user/group to one. As a starting point, we added the TAR_OPT
to the Qt-build process while other targets will incrementally follow.
Additionally, we enabled our Rump-kernel port to be reproducible.
Goa SDK
=======
Debugging
~~~~~~~~~
After the addition of on-target debugging on Sculpt OS in
[https://genode.org/documentation/release-notes/24.05#On-target_debugging_using_the_GNU_debugger__GDB_ - Genode 24.05],
it was about time to equip [https://github.com/genodelabs/goa - Goa] with
debugging support as well. For this purpose, the tool received an optional
'--debug' command-line switch, which instructs Goa to consider
[https://genode.org/documentation/release-notes/23.11#Debug_information_for_depot_binaries - dbg archives]
in its download, export and publish steps.
When provided with this switch on 'goa run', the tool also creates a
_<project-name>.gdb_ file in the project's _var/_ directory. This file contains
initialization commands for the GNU debugger (GDB) and can be passed to GDB
via the '--command' argument.
[image goa_gdb_sculpt]
The _Goa testbed_ package and preset have been updated accordingly to make use
of our debug monitor. The figure illustrates how Goa interoperates with the
Goa testbed. Sculpt's default NIC router configuration now comprises an
additional _gdb_ domain that is intended to accommodate a single client to
which the router forwards port 9999 of the _uplink_ domain. This is intended
for making the testbed's debug monitor available as a remote GDB target. Note
that these changes will become effective with the next Sculpt release in
October. In the meantime, you may cherry-pick the
[https://github.com/genodelabs/genode/commit/aeb42b0983143e6fe0a01f7f5316612709da1a9d - corresponding commit].
Along with debugging support, Goa also received a '--with-backtrace' switch and
a 'backtrace' command. The former instructs the tool to preserve frame-pointer
information by supplying the '-fno-omit-frame-pointer' flag to GCC. The
'goa backtrace' command is a shortcut for 'goa run --debug --with-backtrace'
that additionally passes the log output to our
[https://genode.org/documentation/release-notes/24.02#Convenient_parsing_of_backtraces - backtrace tool].
For detailed instructions, please refer to the corresponding
[https://genodians.org/jschlatow/2024-07-31-goa-gdb - Genodians article].
Meson build system
~~~~~~~~~~~~~~~~~~
Projects like Qemu, glib, and Mesa have switched to the Python-based
[https://mesonbuild.com - Meson] build system. Mesa, for example, produces a
large number of generated C/C++ files using Meson features. In order to ease
future porting effort of Meson-based projects to Genode, we have added basic
support for this build system to Goa.
A Meson project can be built and executed like any other Goa-supported build
system with the addition that there can be a _meson_args_ file (analogously to
_cmake_args_ for CMake) where additional arguments can be passed to the meson
command. Otherwise, Goa will look for a _meson.build_ file in the _src_
directory, which identifies the project's build system as Meson.
As a simple test, you can check out the _hello_meson_ example in the _examples_
directory of Goa.
At the current stage, only binary targets for the x86_64 architecture are
supported by Goa/Meson. Shared libraries and ARM support will be addressed
next.
Rust & Cargo
~~~~~~~~~~~~
From Rust 1.77 onward, the binary distribution of the _std_ library
('x86_64-unknown-freebsd') assumes that the underlying OS kernel supports
thread-local storage via the FS segment register on x86. As Genode does not
provide a TLS area via FS, TLS accesses by the library would end up in invalid
memory, which renders the binary version of the std library unusable on
Genode. In response, we have implemented a custom Genode target profile for
Rust, which allows us to still leverage the FreeBSD port of Rust's standard
library while using the _emulated_ TLS model. In order to compile the parts of
the std library used by an application for the custom profile, we have moved
to using a _nightly_ Rust tool chain. For detailed instructions for setting up
the tool chain, head over to the
[https://genodians.org/atopia/2024-08-27-building-rust-with-a-custom-profile - blog post]
at Genodians.org.