143 Commits

Author SHA1 Message Date
Norman Feske
9cba459958 base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.

In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping

Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.

For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-28 12:59:23 +01:00
Norman Feske
b1a9addeb6 os/child_policy_dynamic_rom.h: API transition
Issue 
2017-02-28 12:59:19 +01:00
Norman Feske
19868de69a launcher: API transition (deprecated warnings)
Issue 
2017-02-27 15:37:49 +01:00
Norman Feske
f8349b5bc7 os/slave.h: Remove use of global allocator
This patch eliminates the need for a global allocator by passing the
parent-service registry as argument to the 'Slave::Policy' constructor.

Fixes 
2017-02-07 11:12:28 +01:00
Christian Helmuth
531e35ec42 Define Microseconds max value in timeout framework 2017-01-31 14:58:37 +01:00
Norman Feske
9fffb004b2 os/timer.h: disambiguate Timer::curr_time 2017-01-31 14:58:36 +01:00
Norman Feske
9adc6f1228 os: compile-time-defined parent-service registry
The new utility at 'os/static_parent_services.h' allows the creation of
a registry of parent services at compile time and thereby eliminates the need
for dynamic memory allocations whenever the set of services is known at
compile time as is the case for most uses of 'Slave::Policy'. The commit
showcases the utility in the bomb test.
2017-01-31 12:01:19 +01:00
Norman Feske
cd3a5852d6 Warn about the use of deprecated headers
This commit enables compile-time warnings displayed whenever a deprecated
API header is included, and adjusts the existing #include directives
accordingly.

Issue 
2017-01-31 12:01:18 +01:00
Norman Feske
c1e399025e os: let empty label prefix/suffix match
This patch changes the 'Xml_node_label_score' to regard an empty
label_prefix or label_suffix as a match instead of a conflict. Until
now, there was no use case for an empty label_prefix. But with init's
new ability to route environment sessions, an empty prefix denotes any
child-initiated session (as oposed to an parent-initiated environment
session).

Issue 
Issue 
2017-01-23 16:46:05 +01:00
Norman Feske
a7f40b24ca Warn about the use of deprecated env() function
This patch enables warnings if one of the deprecate functions that rely
in the implicit use of the global Genode::env() accessor are called.

For the time being, some places within the base framework continue
to rely on the global function while omitting the warning by calling
'env_deprecated' instead of 'env'.

Issue 
2017-01-13 13:07:13 +01:00
Norman Feske
5e75ac4f87 timeout: change timer resolution from 100 to 5 ms
Issue 
2017-01-13 13:07:12 +01:00
Emery Hemingway
9bae4823a0 os/packet_stream: avoid global env
Pass an explicit Region_map reference to stream constructors.

Issue 
Issue 
2017-01-13 13:07:02 +01:00
Josef Söntgen
d10a69c7bc os: pass Env on in Attached_mmio constructor
Issue .
2017-01-13 13:06:55 +01:00
Christian Helmuth
f2568856dd Hide implementation details in timeout framework
Fixes 
2017-01-13 13:05:45 +01:00
Norman Feske
25a7ea3d40 base: rename 'Volatile_object' to 'Reconstructible'
Fixes 
2016-12-01 17:46:50 +01:00
Martin Stein
791138ee63 os: introduce and test timeout framework
Ref 
2016-11-30 13:38:04 +01:00
Norman Feske
5a1cef6381 Make label prefixing more strict
This patch unconditionally applies the labeling of sessions and thereby
removes the most common use case of 'Child_policy::filter_session_args'.
Furthermore, the patch removes an ambiguity of the session labels of
sessions created by the parent of behalf of its child, e.g., the PD
session created as part of 'Child' now has the label "<child-name>"
whereas an unlabeled PD-session request originating from the child
has the label "<child-name> -> ". This way, the routing-policy of
'Child_policy::resolve_session_request' can differentiate both cases.

As a consequence, the stricter labeling must now be considered wherever
a precise label was specified as a key for a session route or a server-
side policy selection. The simplest way to adapt those cases is to use a
'label_prefix' instead of the 'label' attribute. Alternatively, the
'label' attribute may used by appending " -> " (note the whitespace).

Fixes 
2016-11-30 13:37:07 +01:00
Alexander Boettcher
e32b78d95d os: extend ram_session_guard for platform_driver
Issue 
2016-11-30 13:37:06 +01:00
Alexander Boettcher
dffc1b0497 os: move ram_session_guard from nic_bridge to os
Issue 
2016-11-30 13:37:06 +01:00
Norman Feske
b44f0554bd Adapt high-level components to new parent API
This patch adjusts the various users of the 'Child' API to the changes
on the account of the new non-blocking parent interface. It also removes
the use of the no-longer-available 'Connection::KEEP_OPEN' feature.

With the adjustment, we took the opportunity to redesign several
components to fit the non-blocking execution model much better, in
particular the demo applications.

Issue 
2016-11-30 13:37:03 +01:00
Norman Feske
cfdbccc5c2 Remove blocking calls from root and parent RPCs
This is a redesign of the root and parent interfaces to eliminate
blocking RPC calls.

- New session representation at the parent (base/session_state.h)
- base-internal root proxy mechanism as migration path
- Redesign of base/service.h
- Removes ancient 'Connection::KEEP_OPEN' feature
- Interface change of 'Child', 'Child_policy', 'Slave', 'Slave_policy'
- New 'Slave::Connection'
- Changed child-construction procedure to be compatible with the
  non-blocking parent interface and to be easier to use
- The child's initial LOG session, its binary ROM session, and the
  linker ROM session have become part of the child's envirenment.
- Session upgrading must now be performed via 'env.upgrade' instead
  of performing a sole RPC call the parent. To make RAM upgrades
  easier, the 'Connection' provides a new 'upgrade_ram' method.

Issue 
2016-11-25 16:06:42 +01:00
Norman Feske
e370e08e01 Define Genode::size_t as unsigned long
Fixes 
2016-10-21 12:39:29 +02:00
Stefan Kalkowski
dea4123053 os: remove Irq_activation and Irq_handler
Fix 
2016-08-29 17:29:36 +02:00
Emery Hemingway
482576fabb server/fs_log: improve client isolation
Use a seperate handle at each session.
Use SEEK_TAIL to append messages to files.
Increase packet buffer.
Refactor to component framework.

Fixes 
Issue 
2016-08-29 17:29:34 +02:00
Emery Hemingway
6018f594cf include/os/path.h: new path_from_label utility
Converts a session label hierarchy to a path hierarchy.

Issue 
Issue 
2016-08-29 17:29:33 +02:00
Alexander Boettcher
32bb0e131c gems: extend dither_painter to be used with vbox5
Issue 
2016-08-29 17:29:32 +02:00
Norman Feske
17c79a9e23 base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.

While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).

To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.

Issue 
2016-08-29 17:27:10 +02:00
Christian Helmuth
747137c201 Increase stack size of alarm schedulers 2016-08-10 11:07:47 +02:00
Emery Hemingway
e410be69a7 server/fs_rom: adjust to component API
- Use component API.
- Use signal handlers.
- Log ROM file path at error.
- Add Output printing support to os/path.h utility.

Fixes 
2016-08-10 11:07:47 +02:00
Emery Hemingway
2b8c1af9e0 remove 'filename' from ROM sesion args
Conveying the ROM filename as the final label element simplifies
routing policy and session construction.

Annotations by nfeske:

This commit also changes the ROM session to use base/log.h instead of
base/printf.h, which produced build error of VirtualBox because the
vbox headers have a '#define Log', which collides with the content of
base/log.h. Hence, this commit has to take precautions to resolve this
conflict.

The commit alse refines the previous session-label change by adding a
new 'Session_label::prefix' method and removing the use of 'char const *'
from this part of the API.

Fixes 
2016-07-11 13:24:36 +02:00
Emery Hemingway
f8337b511b Move Session_label from os to base
Session_label constructor now takes a bare string rather than a
serialized argument buffer.
Replace all instances of previous constructor with 'label_from_args'
function.

Issue 
2016-07-11 13:09:24 +02:00
Emery Hemingway
0a01edded2 Path::strip_last_element removes path delimiter
Remove the trailing slash of a path where the path is not "/".
New Path::append_element convenience function.

Fixes 
2016-06-28 11:09:27 +02:00
Emery Hemingway
877676c29f Make label-based policy selection more strict
A configuration policy must match against a policy node label,
label_prefix, or label_suffix atttribute. A fallback to
<default-policy/> is provided as a label wildcard.

Fixes 
2016-06-22 12:21:41 +02:00
Emery Hemingway
930e2638b2 lib/libc: remove internal use of getcwd at fstatat
The implementation and behaviour of 'getcwd' is externally defined.

Add move operators to Genode::Path.

Issue: 
2016-06-07 08:06:35 +02:00
Sebastian Sumpf
4994616346 os: packets without playload in packet stream
issue 
2016-06-04 13:45:26 +02:00
Norman Feske
807be83b1b Remove inconsistent use of 'is_' prefix
Fixes 
2016-05-23 15:52:39 +02:00
Norman Feske
a99989af40 Separation of thread operations from CPU session
This patch moves the thread operations from the 'Cpu_session'
to the 'Cpu_thread' interface.

A noteworthy semantic change is the meaning of the former
'exception_handler' function, which used to define both, the default
exception handler or a thread-specific signal handler. Now, the
'Cpu_session::exception_sigh' function defines the CPU-session-wide
default handler whereas the 'Cpu_thread::exception_sigh' function
defines the thread-specific one.

To retain the ability to create 'Child' objects without invoking a
capability, the child's initial thread must be created outside the
'Child::Process'. It is now represented by the 'Child::Initial_thread',
which is passed as argument to the 'Child' constructor.

Fixes 
2016-05-23 15:52:39 +02:00
Norman Feske
8d797105b3 Move Attach_*dataspace utils from os to base
Fixes 
2016-05-23 15:52:36 +02:00
Norman Feske
fd401bdf53 Thread API cleanup
This patch cleans up the thread API and comes with the following
noteworthy changes:

- Introduced Cpu_session::Weight type that replaces a formerly used
  plain integer value to prevent the accidental mix-up of
  arguments.
- The enum definition of Cpu_session::DEFAULT_WEIGHT moved to
  Cpu_session::Weight::DEFAULT_WEIGHT
- New Thread constructor that takes a 'Env &' as first argument.
  The original constructors are now marked as deprecated. For the
  common use case where the default 'Weight' and 'Affinity' are
  used, a shortcut is provided. In the long term, those two
  constructors should be the only ones to remain.
- The former 'Thread<>' class template has been renamed to
  'Thread_deprecated'.
- The former 'Thread_base' class is now called 'Thread'.
- The new 'name()' accessor returns the thread's name as 'Name'
  object as centrally defined via 'Cpu_session::Name'. It is meant to
  replace the old-fashioned 'name' method that takes a buffer and size
  as arguments.
- Adaptation of the thread test to the new API

Issue 
2016-05-23 15:49:55 +02:00
Norman Feske
7274ca997d Remove Genode::Process from API
This patch makes the former 'Process' class private to the 'Child'
class and changes the constructor of the 'Child' in a way that
principally enables the implementation of single-threaded runtime
environments that virtualize the CPU, PD, and RAM services. The
new interfaces has become free from side effects. I.e., instead
of implicitly using Genode::env()->rm_session(), it takes the reference
to the local region map as argument. Also, the handling of the dynamic
linker via global variables is gone. Now, the linker binary must be
provided as constructor argument.

Fixes 
2016-05-09 13:10:52 +02:00
Norman Feske
b49e588c1c Assign threads to PD at its creation time
This patch replaces the former 'Pd_session::bind_thread' function by a
PD-capability argument of the 'Cpu_session::create_thread' function, and
removes the ancient thread-start protocol via 'Rm_session::add_client' and
'Cpu_session::set_pager'. Threads are now bound to PDs at their creation
time and implicitly paged according to the address space of the PD.

Note the API change:

This patch changes the signature of the 'Child' and 'Process' constructors.
There is a new 'address_space' argument, which represents the region map
representing the child's address space. It is supplied separately to the
PD session capability (which principally can be invoked to obtain the
PD's address space) to allow the population of the address space
without relying on an 'Pd_session::address_space' RPC call.
Furthermore, a new (optional) env_pd argument allows the explicit
overriding of the PD capability handed out to the child as part of its
environment. It can be used to intercept the interaction of the child
with its PD session at core. This is used by Noux.

Issue 
2016-05-09 13:10:52 +02:00
Norman Feske
73b463cdbb Signal_handler: remove num argument from handler
We will eventually remove the delivery of the number of occurred signals
to the recipient. There haven't been any convincing use cases for this
feature. In the contrary, it actually led to wrong design choices in the
past where the rate of signals carried information (such as the progress
of time) that should better be obtained via an explicit RPC call.

The old 'Signal_rpc_member' template retains the old interface for now.
But the new 'Signal_handler' omits the 'unsigned' argument from the
handler function.
2016-05-09 13:10:52 +02:00
Norman Feske
511acad507 Consolidate RM service into PD session
This patch integrates three region maps into each PD session to
reduce the session overhead and to simplify the PD creation procedure.
Please refer to the issue cited below for an elaborative discussion.

Note the API change:

With this patch, the semantics of core's RM service have changed. Now,
the service is merely a tool for creating and destroying managed
dataspaces, which are rarely needed. Regular components no longer need a
RM session. For this reason, the corresponding argument for the
'Process' and 'Child' constructors has been removed.

The former interface of the 'Rm_session' is not named 'Region_map'. As a
minor refinement, the 'Fault_type' enum values are now part of the
'Region_map::State' struct.

Issue 
2016-05-09 13:10:51 +02:00
Alexander Boettcher
463b39fc73 xml reporter: support different start node name
Currently the report name is used implicitly as first xml node name for the
report.  This is inconvenient if one component wants to generate various xml
reports under various names (e.g. to steer consumers/clients slightly
differently) but with the same xml node tree structure.

Fixes 
2016-05-09 13:09:54 +02:00
Norman Feske
051e84c4b4 Move server API concept to base framework
This commit introduces the new `Component` interface in the form of the
headers base/component.h and base/entrypoint.h. The os/server.h API
has become merely a compatibilty wrapper and will eventually be removed.
The same holds true for os/signal_rpc_dispatcher.h. The mechanism has
moved to base/signal.h and is now called 'Signal_handler'.

Since the patch shuffles headers around, please do a 'make clean' in the
build directory.

Issue 
2016-04-11 11:51:46 +02:00
Christian Helmuth
20c9b02326 Mark Server::Entrypoint noncopyable 2016-02-05 10:47:45 +01:00
Norman Feske
900c795df2 os: add Attached_rom_dataspace::cap accessor
The accessor works analogously to the Attached_dataspace.
2016-01-26 16:20:37 +01:00
Alexander Boettcher
82e35326b7 os: support different binary name for slaves
Issue 
2016-01-13 14:59:04 +01:00
Emery Hemingway
3087b72438 os/path.h: new convenience functions
Infix operators == and !=.
Capacity accessor.

Issue 
2016-01-13 14:49:11 +01:00
Christian Helmuth
c43bd472ac packet_stream: peek_packet() should be const
This also fixes the wrong return type.

Fixes 
2015-12-17 11:12:53 +01:00