GCC 12 tree-loop-distribute-patterns generates false warnings of
-Warray-bounds, -Wstringop-overflow, or -Wstringop-overread in memcpy()
and memcpy_cpu() in static/inline cases for code that obviously prevents
its execution by invariant checking. On -O3, even more warnings are
produced.
The operators == and != make the 'Rect' consistent with 'Point' and
'Area'. The patch also adds the 'Rect::clamp' method, which is generally
useful for sanitizing input.
Issue #5352
- Move header to base/include to make it applicable for base types
like 'Affinity' down the road.
- Represent 'Rect' as typle of point and area, which is the most
common form of initialization, creates in valid 'Rect' by default.
- Turn Point, Area, and Rect into compound types, making x, y, w, h, at,
area accessible without a method call
- 'Rect::Compound' function for constructing a 'Rect' from two points,
replacing a former constructor
- Use result type 'Rect::Cut_remainder' instead of out parameters.
Fixes#5239
The classes Genode::Mmio, Genode::Register_set, Genode::Attached_mmio, and
Platform::Device::Mmio now receive a template parameter 'size_t SIZE'. In each
type that derives from one of these classes, it is now statically checked that
the range of each Genode::Register::Register- and
Genode::Register_set::Register_array-deriving sub-type is within [0..SIZE).
That said, SIZE is the minimum size of the memory region provided to the above
mentioned Mmio classes in order to avoid page faults or memory corruption when
accessing the registers and register arrays declared inside.
Note, that the range end of a register array is not the end of the last item
but the end of integer access that is used for accessing the last bit in the
last item.
The constructors of Genode::Mmio, Genode::Attached_mmio, and
Platform::Device::Mmio now receive an argument 'Byte_range_ptr range' that is
expected to be the range of the backing memory region. In each type that derives
from on of these classes, it is now dynamically checked that 'range.num_bytes
>= SIZE', thereby implementing the above mention protection against page faults
and memory corruption.
The rest of the commit adapts the code throughout the Genode Labs repositories
regarding the changes. Note that for that code inside Core, the commits mostly
uses a simplified approach by constructing MMIO objects with range
[base..base+SIZE) and not with a mapping- or specification-related range size.
This should be fixed in the future.
Furthermore, there are types that derive from an MMIO class but don't declare
any registers or register arrays (especially with Platform::Device::Mmio). In
this case SIZE is set to 0. This way, the parameters must be actively corrected
by someone who later wants to add registers or register arrays, plus the places
can be easily found by grep'ing for Mmio<0>.
Fix#4081
This patch replaces the original policy-based 'update_from_xml' by a new
method that takes three functors for creating, destroying, and updating
elements as arguments. XML nodes are associated with their corresponding
internal data models by annotating the element type with the
'type_matches' class function and the 'matches' method.
The patch also improves safety by enforcing that list-model elements can
never be copied.
Fixes#4317
The 'Xml_node::differs_from' method takes the constructor arguments
(addr, size) for a byte-wise comparison whereas 'with_raw_node'
restricts the byte range to the actual XML tags. In cases where
the XML start tag is preceeded by whitespace, both ranges can differ.
Since the 'differs_from' method is meant for comparing actual XML
nodes - not any whitespace around them - whitespace should be ignored
on both operands.
Issue #5029
The last character should only be skipped if a `\0` or `\n` is found. If
the string ends without such a character or the maximum line length is
hit, we do not skip the last character.
Fixesgenodelabs/genode#4985
* Replaces bool access types with uint8_t access types
* Ensures, that the framework always uses the smalles possible uint type
for the return value wherever a bitfield is read and returned to the user.
Ref #4924
The new 'Dictionary' provides an easy way to access objects using
strings as key. The 'String' received the 'operator >' to simplify the
organization of strings in an AVL tree.
The patch removes the former definition of the 'operator >' from the
platform driver because it would be ambigious now.
Fixes#4610
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.
genodelabs/genode#4600
Compared to the bytewise memset, a wordwise memset (or even multi-word)
achieves a speedup of ~6.
On Zynq-7000/Cortex-A9:
317 MiB/s -> 2040 MiB/s
On base-linux x86_64:
3580 MiB/s -> 23700 MiB/s
genodelabs/genode#4456
XML allows attribute values like <node attr="\"/>. The XML parser
wrongly reflects this case as 'Invalid_syntax'. This behavior stems from
the implicit use of the 'end_of_quote' function, which considers the
sequence of '\"' as a quoted '"' rather than the end of a quoted string.
The patch solves this problem by making the 'end_of_quote' part of
the tokenizer's scanner policy.
The patch removes the 'end_of_quote' function from 'util/string.h'
because it is not universal, and to avoid the ambiguity with
'SCANNER_POLICY::end_of_quote'.
Fixes#4431
As far as I can tell this is not raised by any released GCC versions.
Clang 13 on the other hand warns about it due to implicit-int-conversion
warning which is automatically enabled together with Wconversion. The
problem is relatively simple, shifting access_t value does not always
produce result which is also of access_t type. For example, if access_t
is uint16_t, shifting it will produce integer result. This can be
observed even with GCC. Building the following C++ example will fail:
#include <type_traits>
#include <stdint.h>
int test() {
uint16_t a = 0xabcd;
static_assert(std::is_same_v<decltype(a<<1), uint16_t>);
return 0;
}
Changing uint16_t in the static_assert to int, will allow the code to
build.
Make such int to access_t implicit conversion explicit to allow the code
to be compiled with both GCC and clang.
Issue #4354
The new 'update_list_model_from_xml' function template simplifies the
use of the list model utility by alleviating the need for implementing a
custom policy class for each model. Instead, the transformation is done
using a few lambda functions given directly as arguments.
Issue #4317
Alignas should be placed before the type. Placing it after it works for
GCC, but fails when building the same codee with clang. The error
message is:
reconstructible.h:48:27: error: 'alignas' attribute cannot be applied to types
char _space[sizeof(MT)] alignas(sizeof(addr_t));
^
Issue #4298
If one has an object X that has a minimum alignment requirement specified
through 'alignas' this requirement is normally inherited by objects that have
object X as member, and by those that have objects as member that have X as
member, and so on... . However, this chain used to get silently interrupted
(dropping the minimum alignment requirement to 8 again) at objects that are
managed with Genode::Reconstructible or Genode::Constructible. In order to fix
this, the commit ensures that Genode::Reconstructible (and therefore also
Genode::Constructible) has at least the minimum alignment requirement (using
'alignas') as the object it manages.
Ref #4217