Commit Graph

166 Commits

Author SHA1 Message Date
Christian Helmuth
1d73cf2003 Prevent false warnings in memcpy (GCC 12)
GCC 12 tree-loop-distribute-patterns generates false warnings of
-Warray-bounds, -Wstringop-overflow, or -Wstringop-overread in memcpy()
and memcpy_cpu() in static/inline cases for code that obviously prevents
its execution by invariant checking. On -O3, even more warnings are
produced.
2024-12-10 14:12:24 +01:00
Norman Feske
88dc4c878f util/geometry.h: test (in)equality of rectangles
The operators == and != make the 'Rect' consistent with 'Point' and
'Area'. The patch also adds the 'Rect::clamp' method, which is generally
useful for sanitizing input.

Issue #5352
2024-10-08 09:09:24 +02:00
Norman Feske
bf064874db util/string.h: Byte_range_ptr::with_skipped_bytes
The new method provides a safe way to narrow the byte range to a
given offset.

Issue #5351
2024-10-08 09:09:23 +02:00
Norman Feske
19c13877ca Replace use of 'typedef' by 'using'
Issue #5227
2024-07-02 12:00:11 +02:00
Norman Feske
361557e1f0 base-*: omit () for lambas w/o argument
Issue #5227
2024-07-02 12:00:11 +02:00
Norman Feske
7de2f57ef2 Remove Xml_node::attribute accessors
This patch removes the two 'Xml_node::attribute' accessors along with
the 'Nonexistent_attribute' exception.

Issue #5245
Fixes #5246
2024-06-20 12:56:19 +02:00
Norman Feske
c629c54153 Make util/geometry.h C++20 friendly
- Move header to base/include to make it applicable for base types
  like 'Affinity' down the road.
- Represent 'Rect' as typle of point and area, which is the most
  common form of initialization, creates in valid 'Rect' by default.
- Turn Point, Area, and Rect into compound types, making x, y, w, h, at,
  area accessible without a method call
- 'Rect::Compound' function for constructing a 'Rect' from two points,
  replacing a former constructor
- Use result type 'Rect::Cut_remainder' instead of out parameters.

Fixes #5239
2024-06-20 12:54:30 +02:00
Norman Feske
5e862b2cd3 base/include: use C++20 function template syntax
Issue #5227
2024-05-29 09:18:12 +02:00
Alexander Boettcher
34674ac49f register_set: avoid conversion warnings
for Bitset_2 and Bitset_3 as used by ahci driver

Issue #5134
2024-04-12 12:55:39 +02:00
Martin Stein
1336b0a751 mmio: upper-bounds checks
The classes Genode::Mmio, Genode::Register_set, Genode::Attached_mmio, and
Platform::Device::Mmio now receive a template parameter 'size_t SIZE'. In each
type that derives from one of these classes, it is now statically checked that
the range of each Genode::Register::Register- and
Genode::Register_set::Register_array-deriving sub-type is within [0..SIZE).

That said, SIZE is the minimum size of the memory region provided to the above
mentioned Mmio classes in order to avoid page faults or memory corruption when
accessing the registers and register arrays declared inside.

Note, that the range end of a register array is not the end of the last item
but the end of integer access that is used for accessing the last bit in the
last item.

The constructors of Genode::Mmio, Genode::Attached_mmio, and
Platform::Device::Mmio now receive an argument 'Byte_range_ptr range' that is
expected to be the range of the backing memory region. In each type that derives
from on of these classes, it is now dynamically checked that 'range.num_bytes
>= SIZE', thereby implementing the above mention protection against page faults
and memory corruption.

The rest of the commit adapts the code throughout the Genode Labs repositories
regarding the changes. Note that for that code inside Core, the commits mostly
uses a simplified approach by constructing MMIO objects with range
[base..base+SIZE) and not with a mapping- or specification-related range size.
This should be fixed in the future.

Furthermore, there are types that derive from an MMIO class but don't declare
any registers or register arrays (especially with Platform::Device::Mmio). In
this case SIZE is set to 0. This way, the parameters must be actively corrected
by someone who later wants to add registers or register arrays, plus the places
can be easily found by grep'ing for Mmio<0>.

Fix #4081
2024-02-26 08:59:07 +01:00
Christian Helmuth
d5188161f5 util/string.h: add Const_byte_range_ptr::contains()
Issue #5078
2023-12-15 14:11:56 +01:00
Norman Feske
d7ee460704 list_model.h: rename 'apply_first' to 'with_first'
Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
0f686a774d list_model.h: retire 'update_list_model_from_xml'
This transition vehicle to the modern interface has now been replaced by
the new 'List_model::update_from_xml' method.

Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
b9b2a7de34 Simplify 'List_model'
This patch replaces the original policy-based 'update_from_xml' by a new
method that takes three functors for creating, destroying, and updating
elements as arguments. XML nodes are associated with their corresponding
internal data models by annotating the element type with the
'type_matches' class function and the 'matches' method.

The patch also improves safety by enforcing that list-model elements can
never be copied.

Fixes #4317
2023-11-28 14:24:24 +01:00
Roman Iten
0d344de496 base: extend constness of Genode::Token
Fixes #5039
2023-11-28 14:24:24 +01:00
Norman Feske
87b7dfed5d xml_node: skip whitespace in differs_from
The 'Xml_node::differs_from' method takes the constructor arguments
(addr, size) for a byte-wise comparison whereas 'with_raw_node'
restricts the byte range to the actual XML tags. In cases where
the XML start tag is preceeded by whitespace, both ranges can differ.

Since the 'differs_from' method is meant for comparing actual XML
nodes - not any whitespace around them - whitespace should be ignored
on both operands.

Issue #5029
2023-10-25 08:58:53 +02:00
Johannes Schlatow
0622446f09 base: print last character of unterminated strings
The last character should only be skipped if a `\0` or `\n` is found. If
the string ends without such a character or the maximum line length is
hit, we do not skip the last character.

Fixes genodelabs/genode#4985
2023-08-24 14:12:21 +02:00
Martin Stein
c05a0eca86 xml_unquoted: fix bug with string of length 0
Ref #4922
2023-07-14 12:06:32 +02:00
Christian Helmuth
7563cf5c55 Remove blank lines between template<> and struct
The blank line disconnects the struct from its template definition,
which makes the whole definition harder to comprehend.
2023-07-14 12:06:31 +02:00
Martin Stein
c907e44a02 register framework: read bitfields to fitting uint
* Replaces bool access types with uint8_t access types
* Ensures, that the framework always uses the smalles possible uint type
  for the return value wherever a bitfield is read and returned to the user.

Ref #4924
2023-07-14 12:01:18 +02:00
Christian Prochaska
da6b384e3a test-mmio: fix build error with -std=gnu++20
Fixes #4890
2023-05-30 12:03:30 +02:00
Christian Prochaska
b696439a67 intel_gpu_drv: fix build errors with -std=gnu++20
Fixes #4883
2023-05-30 12:03:30 +02:00
Christian Helmuth
d35e6f1aa2 Remove extra ‘;’ 2023-05-30 12:03:28 +02:00
Christian Prochaska
eab8db228b base: fix build errors with gcc 12
Fixes #4829
2023-05-08 15:55:35 +02:00
Timo Nicolai
83f78e7fe6 base: add Xml_node::for_each_attribute
Adds a function that allows iterating over an XML node's attributes
without relying on `Xml_node::Nonexistent_attribute`.

Issue #4817
2023-04-26 11:58:15 +02:00
Norman Feske
2c32e9ee18 base: remove util/avl_string.h
The use case is covered by util/dictionary.h now.

Fixes #4780
2023-03-13 14:32:53 +01:00
Norman Feske
915adcd0dd base: remove internal use of format strings
Issue #2064
2023-03-13 14:32:38 +01:00
Norman Feske
b044520344 Add missing includes of base/exception.h
This header used to be included implicitly by base/blocking.h, which
does no longer exist.

Issue #4768
2023-02-27 08:22:49 +01:00
Norman Feske
b0e52ba7d4 util/misc_math.h: remove abs function
Fixes #4766
2023-02-27 08:22:49 +01:00
Norman Feske
07e3e09652 util/string.h: add 'Const_byte_range_ptr'
The new 'Const_byte_range_ptr' type is suitable as argument type that
refers to a read-only byte buffer, e.g., the source buffer of a write
operation.
2023-02-27 08:22:48 +01:00
Stefan Kalkowski
da0dbd901c base: fix conversion error in Bitset_2::get()
Ref genodelabs/genode#4753
2023-02-27 08:22:48 +01:00
Norman Feske
be7022dadc util/dictionary.h: alphabetically sorted for_each
This patch reverses the AVL-tree criterion to let 'for_each' traverse
the elements in alphabetical sorting order.

Issue #4610
2023-01-24 12:07:31 +01:00
Norman Feske
da150dbb1c Xml_node: allow whitespace around '=' characters
Fixes #4167
2022-10-12 11:59:08 +02:00
Norman Feske
3be0136901 base: add util/dictionary.h utility
The new 'Dictionary' provides an easy way to access objects using
strings as key. The 'String' received the 'operator >' to simplify the
organization of strings in an AVL tree.

The patch removes the former definition of the 'operator >' from the
platform driver because it would be ambigious now.

Fixes #4610
2022-09-19 14:00:35 +02:00
Johannes Schlatow
7d143087c9 xml_node: change with_sub_node signature
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.

genodelabs/genode#4600
2022-09-19 14:00:33 +02:00
Norman Feske
5319f36788 util/string.h: support 'int' for 'ascii_to'
This patch complements the 'long' version of the 'ascii_to' conversion
function by an 'int' version.

Fixes #4583
2022-08-17 14:28:12 +02:00
Johannes Schlatow
410099df70 base/memset: speedup implementation
Compared to the bytewise memset, a wordwise memset (or even multi-word)
achieves a speedup of ~6.

On Zynq-7000/Cortex-A9:
317 MiB/s -> 2040 MiB/s

On base-linux x86_64:
3580 MiB/s -> 23700 MiB/s

genodelabs/genode#4456
2022-04-13 09:29:03 +02:00
Norman Feske
c2efa5406e xml_node: support backslash as attribute value
XML allows attribute values like <node attr="\"/>. The XML parser
wrongly reflects this case as 'Invalid_syntax'. This behavior stems from
the implicit use of the 'end_of_quote' function, which considers the
sequence of '\"' as a quoted '"' rather than the end of a quoted string.

The patch solves this problem by making the 'end_of_quote' part of
the tokenizer's scanner policy.

The patch removes the 'end_of_quote' function from 'util/string.h'
because it is not universal, and to avoid the ambiguity with
'SCANNER_POLICY::end_of_quote'.

Fixes #4431
2022-02-21 15:44:22 +01:00
Johannes Schlatow
5aa0fea29b base: pass lambdas by reference in util/attempt.h
genodelabs/genode#4393
2022-02-15 10:16:51 +01:00
Johannes Schlatow
b821776b0d base: add == operator to util/attempt.h
This simplifies testing for early return conditions for which the use of
lambdas would be quite noisy.

genodelabs/genode#4393
2022-02-15 10:16:51 +01:00
Johannes Schlatow
0bb2e61e9e Allow derived classes of Genode::Array
genodelabs/genode#4382
2022-02-15 10:10:01 +01:00
Christian Prochaska
8ced0f184e vfs: add 'with_xml_file_content()' and 'with_raw_file_content()'
Fixes #4372
2022-01-19 12:38:13 +01:00
Piotr Tworek
27b798fa4f base: Make int to access_t conversion explicit.
As far as I can tell this is not raised by any released GCC versions.
Clang 13 on the other hand warns about it due to implicit-int-conversion
warning which is automatically enabled together with Wconversion. The
problem is relatively simple, shifting access_t value does not always
produce result which is also of access_t type. For example, if access_t
is uint16_t, shifting it will produce integer result. This can be
observed even with GCC. Building the following C++ example will fail:

  #include <type_traits>
  #include <stdint.h>

  int test() {
      uint16_t a = 0xabcd;
      static_assert(std::is_same_v<decltype(a<<1), uint16_t>);
      return 0;
  }

Changing uint16_t in the static_assert to int, will allow the code to
build.

Make such int to access_t implicit conversion explicit to allow the code
to be compiled with both GCC and clang.

Issue #4354
2022-01-19 12:35:48 +01:00
Norman Feske
03047009b1 base: avoid implicit conversions
This patch is a prerequisite for compiling the code with
the warnings -Wconversion enabled.

Issue #23
2021-12-17 15:04:44 +01:00
Norman Feske
a0a1f6455a base/string.h: avoid fallthrough cases 2021-12-02 10:02:48 +01:00
Norman Feske
959bcae557 base: add util/attempt.h utility
Fixes #4322
2021-11-29 15:10:52 +01:00
Norman Feske
4df7e6adde util/list_model.h: Add update_list_model_from_xml
The new 'update_list_model_from_xml' function template simplifies the
use of the list model utility by alleviating the need for implementing a
custom policy class for each model. Instead, the transformation is done
using a few lambda functions given directly as arguments.

Issue #4317
2021-11-29 15:10:52 +01:00
Piotr Tworek
e748efacd8 reconstructible: Fix alignas specifier placement.
Alignas should be placed before the type. Placing it after it works for
GCC, but fails when building the same codee with clang. The error
message is:

reconstructible.h:48:27: error: 'alignas' attribute cannot be applied to types
    char _space[sizeof(MT)] alignas(sizeof(addr_t));
                            ^
Issue #4298
2021-10-15 15:45:52 +02:00
Martin Stein
ebd140cacb reconstructible: respect alignment of payload
If one has an object X that has a minimum alignment requirement specified
through 'alignas' this requirement is normally inherited by objects that have
object X as member, and by those that have objects as member that have X as
member, and so on... . However, this chain used to get silently interrupted
(dropping the minimum alignment requirement to 8 again) at objects that are
managed with Genode::Reconstructible or Genode::Constructible. In order to fix
this, the commit ensures that Genode::Reconstructible (and therefore also
Genode::Constructible) has at least the minimum alignment requirement (using
'alignas') as the object it manages.

Ref #4217
2021-10-13 13:59:57 +02:00
Johannes Schlatow
88b3880c77 base: fix shift overflow error in Bitfield::mask()
Fixes genodelabs/genode#4249
2021-08-30 15:00:35 +02:00