In a corner case, the toggling of the popup menu entered a state
where the menu could not be opened anymore by the user. Specifically
the following input sequence triggered this problem.
1. The user opens the menu
2. The user clicks on the menu and holds the button
3. While holding the button, the user moves the pointer to the
outside of the popup (e.g., to the '+' button)
4. The user releases the button.
In this situation, the popup is closed but the hover information for the
popup contains still the original clicked-on item. Hence, all subsequent
clicks on the '+' appear as both a click on the '+' (opening the popup)
and a click on the "hovered" popup entry (closing the popup).
The patch explicitely clears the popup's hover information when closing
the popup.
The pthread API is considered a standard feature of libc so better to
simply merge it with the libc. Pthreads are in fact already a part of
the libc in the form of weak symbols. This merger is also a prerequisite
for better integrating pthreads with the libc I/O task.
Fix#3054
Print a line like "succeeded: 35 failed: 11 skipped: 2" below the list of test
results. Adds further attributes to <previous-results> to communicate also the
previous statistics.
This commit moves the window layouter and window decorator into
dedicated packages that can now be combined with the "wm" server at
runtime and restarted/reconfigured/swapped-out independently.
To use the window manager, one must start the 'wm', 'window_layouter',
and one of the 'motif_decorator' or 'themed_decorator' subsystems.
Fixes#3024
When doing the libc_getenv test on autopilot+foc+x86 and one of the
subsequent tests crashes the system so it gets rebooted by the run
script, the system doesn't come up again. It gets stuck after core
initialization.
Issue #3027
This patch improves the detection of new appearing top-most windows.
Such a window should prompt the decorator to bring the corresponding
nitpicker view(s) to the front of the view stack. The original
implementation relied on hints provided by the layouter (the 'topped'
attribute). With the patch, the decorator tracks the top-most window by
itself, which improves the robustness.
As a second improvement, the patch defers the destruction of windows to
the point when all other window operations are completed. This hides
intermediate states when replacing one window by another in one step,
which is typical for console-like scenarios. Hence, this patch should
eliminate flickering artifacts when switching from one virtual console
to another.
Issue #3031
This commit replaces the former floating_window_layouter with a new
window_layouter component that supports the subdivision of screen space
into columns and rows, the concept of layers, and the principle ability
to store window layout information across reboots. The latter is
accomplished by reflecting the component's internal state as a 'rules'
report to the outside.
Fixes#3031
This component allows access to Terminal sessions via interactive SSH
sessions. Please read _repos/gems/src/server/ssh_terminal/README_ for
more detailed information.
Fixes#3014.
The new 'conditional' method simplifies the typical use case for
'Constructible' objects where the constructed/destructed state depends
on a configuration parameter. The method alleviates the need to
re-implement the logic again and again.
The patch also removes the 'Reconstructible' constructor arguments
because they are unused.
Fixes#3006
On some machines, both the AHCI and NVMe drivers are started within the
[drivers -> dynamic] subsystem. This ultimately exhausted the RAM quota
of this subsystem.
Issue #2987
This patch introduces the distinction of the manually managed
config/deploy from the managed config/managed/deploy. The latter
incorporates interactive changes of the system by the user. There are
two user interactions supported.
First, by clicking on the '+' button at the top-left of the runtime
view, the user can select a component to launch. All launchers at
config/launcher/ are listed in the popup menu. Each launcher can be
lauched only once. While running, is not available in the popup
menu.
Second, when selecting a node that corresponds to a start node in
config/deploy or that was interactively launched, the detailed view
shows a 'remove' button, which can be used to exclude the component
from the deployment.
The result of the interactive manipulation is always available at
config/managed/deploy. Hence, the current situation can be made
persistent by using it as config/deploy.
Fixes#2986
This patch unifies the handling of on-demand resource upgrades among
ram_fs and depot_rom, and applies the new pattern to the runtime view.
This way, runtime view becomes able to accommodate more complex
scenarios.
This patch enables the user to click on a component in the runtime view
to reveal more information such as the used/assigned RAM/caps and
secondary dependencies.
This patch adds a graph of the current runtime state to the
leitzentrale. The topology of the graph depends on the first routing
rule of each component. For this reason, the patch re-orders routing
policies to make the most important route the first in the list.
The user can switch between the runtime view and the inspect window
by clicking on the corresponding menu dialogs. E.g., a click on the
storage dialog reveals the inspect window.
The PS/2 driver retries to get mouse-reset results for 700 ms, sleeping
after each attempt for 10 ms. So, the driver needs a Timer session now.
Fixes#2713
The most important route of each launcher is at the top of routes and
will be used to layout the graph topology of the runtime view.
By caching the state reports generated by the runtime init, the sculpt
manager becomes able to quickly check for the presence of components. So
we can apply routing-dependency checks not only prior starting
components but also while components are running.
Fixes#2938Fixes#2912
This patch addresses two problems: By guarding the buffer allocation in
a nested class, an exception in the body of the 'File_content'
constructor reverts the allocation. Second, if the file has no content
no allocation should be performed. The previous version wrongly passed
a size of zero to the allocator in this case.
The 'Report' route was missing. The commit also removes superfluous
routing rules for IO_PORT, IRQ, and IO_MEM that are captured by the
subsequenting wildcard anyway.
Issue #2909
The COW plugin provided only partial copy-on-write semantics and had
problems detecting recursive requests. Conversely, the import plugin has
much simpler behavior that is easy to test because it mirrors that of
the ram_fs server.
Ref #2745
This new vfs_import plugin allows a VFS instance to be populated during
construction using a sub-VFS configured in an '<import>' configuration
node. This allows the ram_fs File_system server to be replaced by the
VFS server by reimplementing the ram_fs 'content' feature. At the
moment the copying of symlinks is not enabled, and the resources
obtained by the import file-system may not be freed after the import is
finished.
Fix#2906
The ram plugin to the VFS must send notifications to watch handles on
files when they are removed. This brings the VFS server to parity with
the ram_fs server for the sake of notifications.
Move run/fs_report to gems and use the vfs server and the vfs init
plugin in the test.
Ref #2902
This patch removes the detection of statically linked executables from
the base framework. It thereby fixes the corner cases encountered with
Sculpt when obtaining the binaries of the runtime from the depot_rom
service that is hosted within the runtime.
Statically linked binaries and hybrid Linux/Genode (lx_hybrid) binaries
can still be started by relabeling the ROM-session route of "ld.lib.so"
to the binary name, pretending that the binary is the dynamic linker.
This can be achieved via init's label rewriting mechanism:
<route>
<service name="ROM" unscoped_label="ld.lib.so">
<parent label="test-platform"/> </service>
</route>
However, as this is quite cryptic and would need to be applied for all
lx_hybrid components, the patch adds a shortcut to init's configuration.
One can simply add the 'ld="no"' attribute to the <start> node of the
corresponding component:
<start name="test-platform" ld="no"/>
Fixes#2866
This patch adds the /config/usb file to Sculpt, which allows then user
to manually define rules for assigning USB devices to clients. The
content is incorporated by the driver manager into the USB driver
configuration. Note that this mechanism does not work for HID devices
because these devices are claimed by the USB driver's built-in HID
support.
Issue #2890
This patch makes the run script compatible with the disk-image backend
of the run tool. Since this backend attaches the boot image as AHCI
disk 0, we have to supply our custom disk image as AHCI 1.
When first selecting an access point to connect to, and then - while the
passphrase entry field is displayed - switching to wired networking, the
keyboard focus was still referring to the passphrase entry field instead
of yieling the focus to the inspect window. This commit fixes the
problem by adding the wifi NIC target as additional condition.
This commit is a follow-up to "nit_fb: allow screen-relative
initial_width/height". With it, the nit_fb window created via the
launchpad can be interactively resized.
Also remove 'requires_installation_of', while also checking sbin
directories in 'have_installed'. The run scripts have been adjusted
accordingly.
Fixes#2853
The top-level Sculpt configuration is routing ROM requests for chargen
files from the input_filter to the parent, and this prevents new chargen
files to specified, for instance the German or Workman layout. Route ROM
requests with a combination of label_prefix and label_suffix patterns to
the config_fs_rom component, allowing the input_filter to be dynamically
reconfigurable.
Fix#2872
The libc will now use the file given by the 'nameserver_file' attribute
to get the DNS nameserver address instead of reading '/etc/resolv.conf'.
It defaults to '/socket/nameserver' which is the common location when
using the lxip VFS plugin. As a constraint the libc will read the first
line and expects the nameserver address without any keywords in front of
it.
Fixes#2861.
Introduce the uplink tag:
! <config>
! <uplink label="wifi" domain="uplink">
! <uplink label="wired" domain="wired_bridge">
! <uplink domain="wired_bridge">
! <config/>
For each uplink tag, the NIC router requests a NIC session with the
corresponding label or an empty label if there is no label attribute.
These NIC sessions get attached to the domain that is set in their
uplink tag as soon as the domain appears. This means their lifetime is
not bound to the domain. Uplink NIC sessions can be safely moved from
one domain to another without being closed by reconfiguring the
corresponding domain attribute.
Attention: This may render previously valid NIC router configurations
useless. A domain named "uplink" doesn't automatically request a NIC
session anymore. To fix these configurations, just add
! <uplink domain="uplink"/>
or
! <uplink label="[LABEL]" domain="uplink"/>
as direct subtag of the <config> tag.
Issue #2840
With this patch, the sculpt manager takes over the role the window
layouter of the leitzentrale, which eliminates the need to manually
position and size the inspect window.
This patch suppresses the start of components that cannot run because
obvious runtime dependencies (used servers) are missing in the runtime.
In this situation, the sculpt manager gives diagnostic feedback to the
user in the runtime dialog.
Sculpt's discovery of the default storage target can be intercepted by
user input (i.e., pointer movements) at boot time. The patch makes this
intervention mechanism robust for the case where nitpicker's first hover
report arrives after all storage devices were already scanned.
By tracking the states for an interactive selected NIC target (managed)
and a manual-defined NIC target (config/nic_router) separately, the
sculpt manager becames able to present the user with the ability to
interactively disable and re-enable a manually-managed network
configuration.
The sculpt manager wrongly paid for the nitpicker session of the fader
out of its own pocket. This patch reduces the quota transfer to the
amount provided the fader.
When updating the GPT to match the underlying block device, the
protective MBR will normally also be updated. In case a hybrid MBR is
used, as is done if 'image/disk' is specified, setting the
'preserve_hybrid' flag will prevent the component from overriding the
MBR.
This commit updates Early-Adopters (EA) version of Sculpt to the version
for The Curious (TC). Most importantly, it contains the new interactive
sculpt-manager component that automates many system management and
configuration tasks.
This patch enhances the 'Child' interface with the ability to retry the
deployment after an initial attempt failed. This way, packages can be
installed on demand based on the error feedback of deployment attempts.
The state report reflects the progress of downloading, verifying, and
extracting archives. For the download step, it includes the progress
as reported by fetchurl.
This patch changes the button widget to apply the vertical offset to its
child widgets at draw time, not at the layout phase. This way, the
visual feedback on button press/release changes is more direct because
it sidesteps the geometry animation.
Rename LwIP library in preparation for removal of LwIP libc plugin. The
current LwIP library will be replaced with a new version stripped of its
synchronous socket support. The next version will be incompatible with
the current, so removing 'lwip.lib.so' completely for a period makes it
easy to identify legacy users.
Fix#2797
This patch enhances the box layout such that child widgets are
equally stretched to the available size whenever the box layout's
size is larger than its min size. Furthermore, it corrects the
mixed-up use of the terms east and west in the float widget.
This component creates a GPT on a Block device. It supports the common
actions, as in adding, deleting and modifying entries in the GPT, while
considering alignment constraints. If needed it will round the length of
a partition down to meet those constraints. The component will not
perform layout checking, i.e., it does not care about overlapping
partitions. Only when apping a partition it will make sure that the
partition will fit.
Please read _repos/gems/src/app/gpt_write/README_ for more detailed
information on how to use the component and feel free to check out
_repos/gems/run/gpt_write.run_.
Fixes#2814.
The box-layout widget used to trigger the geometry animation of its
children immediately when updating the widget from the XML model (by
calling 'child->Widget::geometry'). This caused layout inconsistencies
in situations where the box layout is defined not by the constraints of
the child widgets but from the outside (the parent calls Widget::size).
Since the final layout is not known before the parent defines the actual
size, this patch moves the trigger point for the geometry animation to
'Widget::size'.
The new 'version' attribute can be used to explicitly distinguish
widgets that have the same name. E.g., if one widget is removed and
another with the same name is created somewhere else at the same time,
the menu view would normally interpret this change as a movement.
By attaching a distinct 'version' the new instance, menu view won't
attempt perform a smooth transition between the old and new widgets.
This patch addresses the corner case where hovering changes while a
button is held, e.g., when accidentially moving the pointer out of a
application window's area during a drag-and-drop operation. The patch
makes the window manager aware of the drag/idle state. Only when idle,
the pointer position is propagated to the decorator now.
This commit changes the 'Input::Event' type to be more safe and to
deliver symbolic character information along with press events.
Issue #2761Fixes#2786
By incorporating the sculpt version into the path where customizations
are stored, we can update and roll back sculpt versions without risking
configuration incompatibilities. By default, the sculpt version
corresponds to <genode-dir>/VERSION.
The condition must first check the io-buffer length and then check the
content. Otherwise, cat'ting a file that is padded with zeros up to
page size (io-buffer size) yields an out-of-range read access.
This patch replaces the terminal's formerly built-in fonts with the new
VFS-based font handling.
To avoid the copying of the terminal's font configuration across run
scripts, this patch adds the new terminal/pkg runtime package, which
includes everything needed for instantiating a terminal: the actual
terminal component, the library dependencies (vfs_ttf, which in turn
depends on the libc), a font (bitstream-vera), and a reasonable default
configuration.
Fixes#2758
VFS plugin to replicate from one file-system to another. Can be used to
seed a mutable file-system with an immutable file-system. The plugin is
configure with two paths, a read-only path, and a read-write path. This
is an initial implementation that copies files on open. It is not
optimized to perform actual copy-on-write, but the result is the same.
<vfs>
<dir name="immutable"> ... </dir>
<dir name="mutable"> ... </dir>
<dir name="cow">
<cow ro="/immutable" rw="/mutable"/>
</dir>
</vfs>
Fix#2745
Reduce the size and forward compatibility of VFS file-system
constructors by passing an object holding accessors for 'Genode::Env',
'Genode::Allocator', response handlers, and the root file-system.
Fix#2742
A ring buffer that uses a single dataspace mapped twice in consecutive
regions. This allows any operation that is less or equal to the size of
the buffer to be read or written in a single pass. The capacity of
Magic_ring_buffer is defined at runtime.
Fix#2725
This commit introduces a VFS plugin that exposes the glyphs and
metadata of a TrueType font as a pseudo file system. The TTF font data
is obtained from the VFS. The resulting pseudo file system is a
directory that contains the files 'glyphs', 'baseline', 'max_width',
and 'max_height'.
The counter part of the plugin is the 'Vfs_font' class that implements
the 'Text_painter::Font' interface by accessing the pseudo file system
as provided by the TTF VFS plugin.
Fixes#2740
This patch enhances the VFS access utilities of gems/vfs.h to be usable
with a prior created root directory. It also adds a
'File_content::bytes' method for operating of the raw content, which is
needed in situations where the data pointer is passed to a third-party
parser.
This patch improves the `Text_painter` utility that is commonly used by
native Genode components to render text:
- Support for subpixel positioning
- Generic interface for accessing font data
- Basic UTF-8 support
Since the change decouples the font format from the 'Text_painter' and
changes the API to use the sub-pixel accurate 'Text_painter::Position'
type, all users of the utility require an adaptation.
Fixes#2716
This patch enables the use of the VFS from VFS plugins by passing a
reference of the root directory to the constructors of file-system
instances. Since it changes the signature of 'Vfs::Dir_file_system',
any code that uses the VFS directly requires an adaptation.
Fixes#2701
The visibility of the client's view is re-evaluated at each animation
step. However, when the client appears long after the initial
fade-in/out animation is completed, the initial visibility state
remaines unchanged. This happens when booting the Sculpt scenario in
Qemu where the the nit_fb instances of the leitzentrale could not be
started in time. This patch fixes the issue by re-evaluating the view
visibility also at the view-creation time.
We need to update the blueprint pkg path as well in case the start node
is changed. Otherwise the query tool will keep using the initially
configured pkg path.
This patch improves the error handling for the case where the depot
lacks the content of the to-be-deployed pkg. Instead of infinitely
reattempting to obtain blueprints for such content, the deploy tool
prints a single message.
This patch adds two key remappings for the magic keys of the sculpt
scenario. KEY_DASHBOARD toggles the leitzentrale. KEY_RESTART resets
the noux-control subsystem of the leitzentrale.
Issue #2676
If only a single AHCI device is present, the block service provided by
the drivers subsystem allows the client to refer to this block device
via the label 'default'.
Issue #2676
This patch changes the 'depot_deploy' tool to spawn any number of
runtimes. In contrast to the original version, which merely consumed a
blueprint generated by a pre-configured 'depot_query' instance, the new
version actively generates queries as needed. So there is a feedback
loop between 'depot_deploy' and 'depot_query'. The instantiation of
subsystems is controlled by the '<start>' nodes of the 'depot_deploy'
configuration. For each start node, the tool tries to determine the
ingredients (provided by the depot) by asking the 'depot_query' tool.
Once the information is complete, a corresponding start node of the
dynamic init instance is generated.
This patch introduces the subnodes <provides>, <requires>, and
<content> to the <runtime> node. All <rom> sessions that are
expected from the depot appear within the <content> node, which
sets them nicely apart from <rom> sessions that may be required
as runtime arguments.
Note that the <requires> and <provides> nodes do not appear in the
patch because the existing depot_deploy tool does not interpret this
information (the pkg/test-fs_report runtime does not provide any
service, and the timer session is provided as a common route).
This patch adds the config attribute 'query'. If set to the value "rom",
the query information is obtained from a ROM session labeled "query".
Otherwise, the query information is expected to be part of the config.
This enables us to use the component in two different scenarios. In
one scenario, 'depot_query' is embedded in a managed dynamic init.
Here, taking the query from the config is easy. In the other scenario,
'depot_query' is running as a daemon with a once-configured VFS but
varying queries. The queries originate from a component that does not
control the 'depot_query' config.
The new 'Terminal_session::size_changed_sigh' RPC function registers a
signal handler that is triggered each time when the terminal size
changes. It enables the client to adjust itself to the new size by
subsequently calling the 'size' RPC function. Of all terminal servers,
only the graphical terminal triggers this signal.
The 'Buffered_xml' utility is used by three components and a fourth is
on the way. To avoid another duplication of the code, this patch makes
it publicly available at 'os/buffered_xml.h'.
By specifying the 'config' of a '<runtime>' as an attribute, we can
distinguish the case where the config is obtained from a ROM session
from the case where the config is specified inline as a '<config>' node.
The '<dependencies>' attribute 'path' refers to a depot archive.
Depending on the attributes 'source="no"' and 'binary="no" (defaults
shown), the depot_query component determines the source/binary
dependencies of the given archive. The result has the form of a report
with a sequence of <missing> and <present> nodes, each equipped with the
'path' of the dependency.
Since the <query> node results in the generation of a "blueprint"
report, it should better be named <blueprint>. This also clears the way
for adding further query types such as <dependencies>, following the
same pattern of generating a report of the corresponding query name.
With this patch, it becomes possible to pass a 'Directory const &' to
the constructor of 'File_content', which is intuitive as the directory
content is not changed by reading a file.
The 'File_content::for_each_line' method did not correctly detect the
end of data for files without a trailing linebreak, thereby cutting the
last character from the last line.
This patch removes the former use of ram_fs, fs_rom, and fs_report from
the subsystem and uses a report_rom instead. The fs-based reporting was
introduced to accommodate automatically instantiated usb_block drivers,
which turned out to be impractical for the sculpt scenario.
This is a follow-up commit to "Increase default warning level", which
overrides Genode's new default warning level for targets contained in
higher-level repositories. By explicitly whitelisting all those targets,
we can selectively adjust them to the new strictness over time - by
looking out for 'CC_CXX_WARN_STRICT' in the target description files.
Issue #465
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:
* A class with virtual functions can no longer publicly inherit base
classed without a vtable. The inherited object may either be moved
to a member variable, or inherited privately. The latter would be
used for classes that inherit 'List::Element' or 'Avl_node'. In order
to enable the 'List' and 'Avl_tree' to access the meta data, the
'List' must become a friend.
* Instead of adding a virtual destructor to abstract base classes,
we inherit the new 'Interface' class, which contains a virtual
destructor. This way, single-line abstract base classes can stay
as compact as they are now. The 'Interface' utility resides in
base/include/util/interface.h.
* With the new warnings enabled, all member variables must be explicitly
initialized. Basic types may be initialized with '='. All other types
are initialized with braces '{ ... }' or as class initializers. If
basic types and non-basic types appear in a row, it is nice to only
use the brace syntax (also for basic types) and align the braces.
* If a class contains pointers as members, it must now also provide a
copy constructor and assignment operator. In the most cases, one
would make them private, effectively disallowing the objects to be
copied. Unfortunately, this warning cannot be fixed be inheriting
our existing 'Noncopyable' class (the compiler fails to detect that
the inheriting class cannot be copied and still gives the error).
For now, we have to manually add declarations for both the copy
constructor and assignment operator as private class members. Those
declarations should be prepended with a comment like this:
/*
* Noncopyable
*/
Thread(Thread const &);
Thread &operator = (Thread const &);
In the future, we should revisit these places and try to replace
the pointers with references. In the presence of at least one
reference member, the compiler would no longer implicitly generate
a copy constructor. So we could remove the manual declaration.
Issue #465
This patch changes the depot layout such that each archive is
represented as a directory that contains the versions of the archive as
subdirectories.
Issue #2610
The missing dissolve of the dummy decorator input component resulted in
problems when using the themed_decorator when repeatedly opening and
closing windows. In contrast to the default decorator, the themed
decorator creates and destroys nitpicker sessions per window.
This is a follup-up commit for "driver_manager: add fb_boot_drv
support". It refines the heuristics for selecting the most suitable
framebuffer driver be prevent boot_fb_drv from being preferred over
the VESA driver when running in Qemu.
This commit replaces the old xray_trigger component by a new component
called global_keys_handler. For details, please refer to the issue text
and the accompanied README file.
Fixes#2554
Without this patch, usb_drv would issue a resource request when
assigning a USB device to a VM in the sculpt scenario.
Furthermore, the patch adjusts the intel_fb quota to enable it on
devices where the driver allocates the framebuffer in many 4K pieces.
This is a drivers subsystem that starts the most fundamental
(framebuffer, input, block) device drivers dynamically, depending on the
runtime-detected devices. The discovered block devices are reported
as a "block_devices" report.
This patch applies the handling of cursor keys, function keys, and page
up/down keys even if no keymap is defined. This is the case when using
the terminal with character events produced by the input filter.
Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.
Fix#2469
When idle, menu_view de-schedules timer events to save processing time.
Once reactivated by a dialog update, it computes the passed time and
applies the result to the animator. However, the animation was most likely
started by the update not during the sleep. So the passed time must not
be applied to the animation in this case. Otherwise, many animation steps
are computed at once within a single visible frame.
Furthermore, the patch adjusts the REDRAW_PERIOD to 2, which is a better
value for geometric movements as opposed to mere color-blending effects
where the frame rate does not matter so much.
It also refines the nitpicker-buffer relocation in a way that extends
the buffer but does not shrink it. This lowers the interaction with
nitpicker in situations where the dialog size changes a lot.
By applying the text output to the alpha buffer in addition to the pixel
buffer, labels can now appear without the need for an underlying frame
or button.
The new widget allows one to align a child widget within a larger parent
widget by specifying the boolean attributes 'north', 'south', 'east',
and 'west'. If none is specified, the child is centered. If opposite
attributes are specified, the child is stretched.
This improves the output quality of antialiased lines onto a transparent
nitpicker buffer. For antialiased graphics operations, the initial color
leaks through. Leaking 50% gray is better than leaking black, in
particular when drawing white lines.
This patch makes the use of 'List' invisible at the 'Animator'
interface. This allows users of the utility to keep 'Animator::Items' in
a custom 'List' with no aliasing problems.
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.
For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.
The most important changes are:
- Directories are created and opened with the 'opendir()' function and the
directory entries are read with the recently introduced 'queue_read()'
and 'complete_read()' functions.
- Symbolic links are created and opened with the 'openlink()' function and
the link target is read with the 'queue_read()' and 'complete_read()'
functions and written with the 'write()' function.
- The 'write()' function does not wait for signals anymore. This can have
the effect that data written by a VFS library user has not been
processed by a file system server yet when the library user asks for the
size of the file or closes it (both done with RPC functions at the file
system server). For this reason, a user of the VFS library should
request synchronization before calling 'stat()' or 'close()'. To make
sure that a file system server has processed all write request packets
which a client submitted before the synchronization request,
synchronization is now requested at the file system server with a
synchronization packet instead of an RPC function. Because of this
change, the synchronization interface of the VFS library is now split
into 'queue_sync()' and 'complete_sync()' functions.
Fixes#2399
The launcher.run scenario was last updated mid-may of the recently
developed cap-quota accounting (before all cap types were covered).
Hence, the quotas used in the scenario are too low. This patch adjusts
the values such that the scenario can be started on NOVA on Qemu. It
also fixes a warning about a deprecated way of configuring the
report_rom component.
Thanks to Jörg-Christian Böhme for reporting!
This patch changes the noux build rules to produce a tar archive in
'bin/', alleviating the need for this step from the run scripts.
This way, the visible result of a built noux package is a single (tar)
file in '<build-dir>bin/', which is suited for the use as a ROM module.
With the capability-quota mechanism, the terminal-session won't always
be constructed completely on the first try (we may run out of caps in
the middle of the construction). Therefore, all members of the object
must be properly destructable. Furthermore, the patch replaces the
sliced heap by a heap to avoid allocating a new dataspace for each line
of the cell array.
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end. Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.
This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.
This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled. Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.
With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.
This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.
Open issues:
* The timeout test fails on Raspberry PI because of precision errors in the
first stage. However, this does not render the framework unusable in general
on the RPI but merely is an issue when speaking of microseconds precision.
* If we run on ARM with another Kernel than HW the timestamp speed may
continuously vary from almost 0 up to CPU speed. The Timer, however,
only uses interpolation if the timestamp speed remained stable (12.5%
tolerance) for at least 3 observation periods. Currently, one period is
100ms, so its 300ms. As long as this is not the case,
Timer_session::elapsed_ms is called instead.
Anyway, it might happen that the CPU load was stable for some time so
interpolation becomes active and now the timestamp speed drops. In the
worst case, we would now have 100ms of slowed down time. The bad thing
about it would be, that this also affects the timeout of the period.
Thus, it might "freeze" the local time for more than 100ms.
On the other hand, if the timestamp speed suddenly raises after some
stable time, interpolated time can get too fast. This would shorten the
period but nonetheless may result in drifting away into the far future.
Now we would have the problem that we can't deliver the real time
anymore until it has caught up because the output of Timer::curr_time
shall be monotone. So, effectively local time might "freeze" again for
more than 100ms.
It would be a solution to not use the Trace::timestamp on ARM w/o HW but
a function whose return value causes the Timer to never use
interpolation because of its stability policy.
Fixes#2400
Removes the following Fiasco.OC specific features:
* GDB extensions for Fiasco.OC
* i.MX53 support for Fiasco.OC
* Kernel debugger terminal driver
* Obsolete interface Native_pd
* Obsolete function of interface Native_cpu
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.
Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.
At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.
If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:
<default-route>
<service name="PD" unscoped_label="timer">
<parent diag="yes"/>
</service>
...
</default-route>
For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.
Fixes#2398
This patch makes use of the new 'Quota_transfer::Account' by the service
types in base/service.h and uses 'Quota_transfer' objects in
base/child.cc and init/server.cc.
Furthermore, it decouples the notion of an 'Async_service' from
'Child_service'. Init's 'Routed_service' is no longer a 'Child_service'
but is based on the new 'Async_service' instead.
With this patch in place, quota transfers do no longer implicitly use
'Ram_session_client' objects. So transfers can in principle originate
from component-local 'Ram_session_component' objects, e.g., as used by
noux. Therefore, this patch removes a strumbling block for turning noux
into a single threaded component in the future.
Issue #2398
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).
Issue #2398
By building the posix library as shared object with an ABI, we
effectively decouple posix-using programs from the library
implementation (which happens to depend on several os-level APIs such as
the VFS).
This patch adjusts the interactive scenarios of the gems repository to
use the depot. This has three immediate benefits. First, once the depot
is populated with binary archives, the start time of the scenarios
becomes very quick because most dependency checks and build steps are
side-stepped. Second, the run scripts become more versatile. In
particular, run scripts that were formerly supported on base-linux only
(nit_fader, decorator, menu_view) have become usable on all base
platforms that have a 'drivers_interactive' package defined. Finally,
the run scripts have become much shorter.
Issue #2339
This patch adjusts the run script in two ways:
It removes the reliance on init's formerly built-in resource-request
handling by increasing the RAM quota for the backdrop instances. Since
commit "init: explicit response to resource requests", init no longer
hands out slack memory automatically.
Second, it makes sure that the backdrop appears under the precise label
"backdrop" at nitpicker by facilitating init's label-rewriting feature.
Without explicitly setting the label to "backdrop", nitpicker observes
the label "backdrop -> backdrop" (the first part comes from init, the
second part comes from the nitpicker-session argument specified by
backdrop itself). However, the client is only considered as default
background if labeled as "backdrop" (see nitpicker's '_create_session')
implementation.
Issue #2352
Ldso now does not automatically execute static constructors of the
binary and shared libraries the binary depends on. If static
construction is required (e.g., if a shared library with constructor is
used or a compilation unit contains global statics) the component needs
to execute the constructors explicitly in Component::construct() via
Genode::Env::exec_static_constructors().
In the case of libc components this is done by the libc startup code
(i.e., the Component::construct() implementation in the libc).
The loading of shared objects at runtime is not affected by this change
and constructors of those objects are executed immediately.
Fixes#2332
This patch adds the handling of 'CHARACTER' events as emitted by the
input-filter's character generator (<chargen>). To avoid interpreting
press/release events twice (at the input filter and by the terminal's
built-in scancode tracker), the terminal's scancode tracker can be
explicitly disabled via <config> <keyboard layout="none"/> </config>.
In the future, the terminal's built-in scancode tracker will be
removed.
The use of the terminal with the input filter is illustrated by the
'terminal_echo.run' script.
Issue #2264
