This catches bugs early on. E.g., when leaving an 'Allocation'
unused, it gets immediately deallocated, which is most probably not
intended. For regular 'Attempt' objects, this change encourages
the proper propagation of errors, or at least the logging of unexpected
conditions.
Fixes#5513
The new types in base/ram.h model different allocation scenarios and
error cases by mere C++ types without using exceptions. They are meant
to replace the former 'Ram_allocator' interface. As of now, the
'Unmapped_allocator' closely captures the former 'Ram_allocator'
semantics. The 'Constrained_allocator' is currently an alias for
'Unmapped_allocator' but is designated for eventually allocating
mapped RAM.
In contrast to the 'Ram_allocator' interface, which talked about
dataspace capabilites but left the lifetime management of the
allocated RAM to the caller, the new API represents an allocation
as a guard type 'Allocation', which deallocates on destruction by
default.
Allocation errors are captured by a 'Result' type that follows
the 'Attempt' pattern.
As a transitionary feature, the patch largely maintains API
compatibility with the original 'Ram_allocator' by providing
the original (exception-based) 'Ram_allocator::alloc' and
'Ram_allocator::free' methods as a wrapper around the new
'Ram::Constrained_allocator'. So components can be gradually
updated to the new 'Ram::' interface.
Issue #5502
The 'Allocation' type represents the result of an allocator, which
guards the lifetime of the allocation. The 'Allocation::Attempt' type is
a suitable result type for allocators that need to reflect either an
successful allocation or an error condition.
Issue #5502
The new variant combines the attempt with unique-pointer semantics
and is thereby usable for returning non-copyable objects such as
RAM 'Allocation'.
Issue #5502
This patch exposes the formatted K/M/G byte output of 'Number_of_bytes'
as a class template function that accepts different basic types. This
enables the easy creation of a formatted output type for a type larger
than size_t.
Introduced in the context of issue #5489
This patch allows for the construction of 'Xml_node' objects from a
'Const_byte_range_ptr' argument as a safer alternative to the pair
of addr, max_len arguments.
Issue #5411
If the memory for the designated object is allocated as char[sizeof(T)],
the size of 'Placeable' is expected to equal the size of T. However, in
principle, the compiler has the freedom to inflate the 'Placeable'
object. The static assertion gives us the assurance that the compiler
does not violate our assumption.
GCC 12 tree-loop-distribute-patterns generates false warnings of
-Warray-bounds, -Wstringop-overflow, or -Wstringop-overread in memcpy()
and memcpy_cpu() in static/inline cases for code that obviously prevents
its execution by invariant checking. On -O3, even more warnings are
produced.
The operators == and != make the 'Rect' consistent with 'Point' and
'Area'. The patch also adds the 'Rect::clamp' method, which is generally
useful for sanitizing input.
Issue #5352
- Move header to base/include to make it applicable for base types
like 'Affinity' down the road.
- Represent 'Rect' as typle of point and area, which is the most
common form of initialization, creates in valid 'Rect' by default.
- Turn Point, Area, and Rect into compound types, making x, y, w, h, at,
area accessible without a method call
- 'Rect::Compound' function for constructing a 'Rect' from two points,
replacing a former constructor
- Use result type 'Rect::Cut_remainder' instead of out parameters.
Fixes#5239
The classes Genode::Mmio, Genode::Register_set, Genode::Attached_mmio, and
Platform::Device::Mmio now receive a template parameter 'size_t SIZE'. In each
type that derives from one of these classes, it is now statically checked that
the range of each Genode::Register::Register- and
Genode::Register_set::Register_array-deriving sub-type is within [0..SIZE).
That said, SIZE is the minimum size of the memory region provided to the above
mentioned Mmio classes in order to avoid page faults or memory corruption when
accessing the registers and register arrays declared inside.
Note, that the range end of a register array is not the end of the last item
but the end of integer access that is used for accessing the last bit in the
last item.
The constructors of Genode::Mmio, Genode::Attached_mmio, and
Platform::Device::Mmio now receive an argument 'Byte_range_ptr range' that is
expected to be the range of the backing memory region. In each type that derives
from on of these classes, it is now dynamically checked that 'range.num_bytes
>= SIZE', thereby implementing the above mention protection against page faults
and memory corruption.
The rest of the commit adapts the code throughout the Genode Labs repositories
regarding the changes. Note that for that code inside Core, the commits mostly
uses a simplified approach by constructing MMIO objects with range
[base..base+SIZE) and not with a mapping- or specification-related range size.
This should be fixed in the future.
Furthermore, there are types that derive from an MMIO class but don't declare
any registers or register arrays (especially with Platform::Device::Mmio). In
this case SIZE is set to 0. This way, the parameters must be actively corrected
by someone who later wants to add registers or register arrays, plus the places
can be easily found by grep'ing for Mmio<0>.
Fix#4081
This patch replaces the original policy-based 'update_from_xml' by a new
method that takes three functors for creating, destroying, and updating
elements as arguments. XML nodes are associated with their corresponding
internal data models by annotating the element type with the
'type_matches' class function and the 'matches' method.
The patch also improves safety by enforcing that list-model elements can
never be copied.
Fixes#4317
The 'Xml_node::differs_from' method takes the constructor arguments
(addr, size) for a byte-wise comparison whereas 'with_raw_node'
restricts the byte range to the actual XML tags. In cases where
the XML start tag is preceeded by whitespace, both ranges can differ.
Since the 'differs_from' method is meant for comparing actual XML
nodes - not any whitespace around them - whitespace should be ignored
on both operands.
Issue #5029
The last character should only be skipped if a `\0` or `\n` is found. If
the string ends without such a character or the maximum line length is
hit, we do not skip the last character.
Fixesgenodelabs/genode#4985
* Replaces bool access types with uint8_t access types
* Ensures, that the framework always uses the smalles possible uint type
for the return value wherever a bitfield is read and returned to the user.
Ref #4924
The new 'Dictionary' provides an easy way to access objects using
strings as key. The 'String' received the 'operator >' to simplify the
organization of strings in an AVL tree.
The patch removes the former definition of the 'operator >' from the
platform driver because it would be ambigious now.
Fixes#4610
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.
genodelabs/genode#4600
Compared to the bytewise memset, a wordwise memset (or even multi-word)
achieves a speedup of ~6.
On Zynq-7000/Cortex-A9:
317 MiB/s -> 2040 MiB/s
On base-linux x86_64:
3580 MiB/s -> 23700 MiB/s
genodelabs/genode#4456
XML allows attribute values like <node attr="\"/>. The XML parser
wrongly reflects this case as 'Invalid_syntax'. This behavior stems from
the implicit use of the 'end_of_quote' function, which considers the
sequence of '\"' as a quoted '"' rather than the end of a quoted string.
The patch solves this problem by making the 'end_of_quote' part of
the tokenizer's scanner policy.
The patch removes the 'end_of_quote' function from 'util/string.h'
because it is not universal, and to avoid the ambiguity with
'SCANNER_POLICY::end_of_quote'.
Fixes#4431
