=============================================== Release notes for the Genode OS Framework 24.08 =============================================== Genode Labs Genode 24.08 puts emphasis on the tracking of the supported 3rd-party software and consolidation work. It features the Qt6 application framework in addition to the time-tested Qt5, consistently updates all Linux-based components and PC device drivers from Linux version 6.1 to version 6.6.47, and updates Mesa to version 24.0.8. The consolidation work revisits the framework's base and GUI interfaces with respect to C++20 style, the move away from exception-based error handling, and the use of strict types. Combining Genode's recent advances of [https://genode.org/documentation/release-notes/24.05#On-target_debugging_using_the_GNU_debugger__GDB_ - on-target debugging] with the [https://genode.org/documentation/release-notes/23.08#Goa_tool_gets_usability_improvements_and_depot-index_publishing_support - Goa SDK], the release introduces remote debugging via Goa (Section [Debugging]). Further topics of version 24.08 range from enhanced board support for i.MX-based devices (Section [Improvements for NXP's i.MX family]), over the exploration of AVX on x86 (Section [NOVA microhypervisor]), to steady improvements of Genode's custom microkernel (Section [Execution on bare hardware (base-hw)]). Base framework and OS-level infrastructure ########################################## Reduced reliance on the C++ exception mechanism =============================================== In [https://genode.org/documentation/release-notes/21.11#New_pattern_for_C___error_handling - version 21.11], we introduced the [https://genode.org/documentation/genode-foundations/24.05/api/Fundamental_types.html#Exception-less_error_handling - Attempt] utility as an alternative to exception-based error handling. While gradually applying this pattern, in particular for newly introduced interfaces, we observed our code becoming more rigid and concrete, leaving no condition unconsidered. Given this added assurance, we ultimately decided to remove the reliance on C++ exceptions from the base framework over time. The current release takes a huge leap in this direction. :base/id_space.h: A new 'Id_space::apply' overload takes a second functor 'missing_fn' as argument, which is called whenever the lookup fails. It thereby allows the use of the 'Id_space' utility without 'Unknown_id' exceptions. :util/xml_node.h: The two 'Xml_node::attribute' accessors have been removed along with the 'Nonexistent_attribute' exception. Attributes are generally accessed via the 'attribute_value' method, which handles the case via a default value. :Core RPC interfaces: Exceptions have been entirely removed from the RPC interfaces provided by the core component, namely 'Trace', 'Pd', 'Cpu', 'Rm', and 'Region_map'. While touching these interfaces, we took the opportunity for modernization and consolidation of both the interfaces and their implementations. E.g., core's trace service received a welcome facelift, e.g., the former use of basic types got replaced by dedicated types. The revised 'Region_map' interface uses an 'Attr' compound struct for specifying arguments to the 'attach' operation, which makes the intent of client code more obvious. The operation returns a 'Range' instead of a 'Local_addr' now. The 'Region_map::State' type got renamed to 'Fault'. :base/child.h: The 'Child_policy::Nonexistent_id_space' exception has been removed by making the 'server_id_space' mandatory for each policy. The former 'Child::Process' and 'Child::Process::Loaded_executable' classes got replaced by class functions that return failure conditions as return values, eliminating the use of C++ exceptions by the child framework. The overall ambition of cutting back the use of C++ exceptions is not limited to the base framework but can be observed for critical components as well. In particular, the NIC router received a profound rework in this respect. Cultivation of C++20 programming style ====================================== [https://genode.org/documentation/release-notes/23.05#New_tool_chain_based_on_GCC_12.3__C__20_enabled_by_default - One year ago], we enabled C++20 as default. With the current release, we took the chance to update the codebase according to this version of the standard. :C++20 function template syntax: The 'auto' keyword can be used in many places where template arguments had to be declared manually. We updated all sources of the base framework accordingly. :Using 'using' instead of 'typedef': C-style type aliases are no longer used within the framework. :util/geometry.h: The header has been moved from the os repository to the base repository. 'Point', 'Area', and 'Rect' have been turned into plain compound types, making 'x', 'y', 'w', 'h', 'at', and 'area' accessible without a method call. 'Rect' is now represented as a tuple of 'Point' and 'Area', which is the most common form of initialization. The companion utilities have been updated ('constexpr', eliminating out parameters) as well. :util/color.h: The 'Color' type has been converted from a class to a POD type by replacing the constructors by the named create functions 'rgb', 'clamped_rgb', and 'clamped_rgba'. This enables the initialization of color values using the '{ .r = ... }' syntax and makes the type usable in const expressions. The change also narrows the type for the color components and alpha values to 'uint8_t'. So possible integer overflows of computed values are detected by '-Wconversion'. Tightened GUI-session interface =============================== On our [https://genode.org/about/road-map - road map], we anticipated intensive work on user-facing topics, many being related to graphical user interfaces. While approaching these topics, we sensed that the clean implementation of our ideas would benefit from a revisit of the framework's existing GUI infrastructure, in particular the GUI-session interface as provided by the nitpicker GUI server and the window manager. Note that we barely touched this corner of the framework in the past ten years since version [https://genode.org/documentation/release-notes/14.08#New_GUI_architecture - 14.08]. The changes are as follows. * The 'Gui::Session::session_control' RPC function got removed because its functionality has long been superseded by the window manager and layouter. * The interfaces and components received a thorough coding-style update, embracing C++20, avoiding plain pointers, using 'Attr' structs for passing attributes, removing the notion of invalid handles/IDs, replacing basic types by dedicated types, and removing the use of C++ exceptions. * The out-of-RAM and out-of-caps conditions are now consistently handled by the 'Gui::Connection', which does no longer inherit the 'Gui::Session' interface and can thereby introduce tailored result types. * The creation of top-level views and child views are now two distinct operations ('view' and 'child_view'). * The access of the subsumed framebuffer and input interfaces is now mediated by the plain public members 'Connection::framebuffer' and 'input'. This simplifies the client-side code. E.g., '_gui.input()->pending()' becomes '_gui.input.pending()'. * Corner cases of view-stacking operations are now expressed as dedicated commands. The new stacking commands are FRONT, BACK, FRONT_OF, and BEHIND_OF. * View handles are managed as 'Id_space' and hence named view IDs now. The allocation of view IDs has been moved from the server side to the client, which gives clients more flexibility and reduces the surface of possible error conditions between client and server. To ease the client-side ID management, the 'Gui::Connection' hosts a 'view_ids' ID space for optional use. E.g., the new 'Top_level_view' class uses this ID space for ID allocation. This class accommodates the most typical use case of opening a single window. * The creation of new views accepts initial view attributes now, which accommodate typical client use cases with less code. _As a note of caution, this line of work will continue over the course of the_ _next release cycle. The GUI-related APIs of the framework are expected to_ _undergo further changes during that time._ Fostered consistency of naming ============================== Within our code base, we are ardent about consistency. However, two relics from the infancy of the project remained standing out like sore thumbs. First, the '_drv' suffix of driver executables remained at odds with our established [https://genode.org/documentation/developer-resources/conventions - style] of naming things without artificial abbreviations. Second, the plural naming of the _/src/drivers/_ directory nagged us by being inconsistent with the sibling directories _test/_, _app/_, _server/_. The current release rectifies both inconsistencies. The '_drv' suffix has been dropped and the directory has been renamed to _driver/_. Device drivers ############## Linux device-driver environment (DDE) ===================================== We last adapted Linux DDE for kernel 6.1 in May/August 2023. According to our plan of approximately one update per year, it was time to roll up our sleeves for the adaption to Linux 6.6 LTS and ready our driver base for future (especially PC) platforms. With this release, we limited our efforts to the emulation library itself as well as virt_linux and pc_linux driver ports. Thus, from now on, PC platforms use Linux driver sources of kernel version 6.6.47 for USB host controllers and devices, Wifi and Ethernet adapters, Intel display, lxip TCP/IP protocols, and wireguard. Non-x86 platforms were updated for USB devices and network protocols only, but will be adapted in future releases step-by-step. All drivers work as drop-in-replacements of older versions with respect to integration and configuration. Our Wifi driver port got amended by an online quality update concerning the currently established connection, which can be enabled by the configuration attribute 'update_quality_interval'. With this feature, user interfaces are enabled to reflect connection-quality changes almost instantly. Additionally, we added support for Intel AX200/9560 wireless adapters and restored support for Wifi devices found in Thinkpad T430 notebooks. During this release cycle, we analyzed a noticeable network throughput drop resp. CPU load increase when using the [https://github.com/genodelabs/genode/issues/5151 - PC Ethernet driver]. We eventually traced the effect to runtime overhead originating from our DDE memory allocator. The positive impact of a simple allocation-cache implementation confirmed our suspicion veritable. Hence, we replaced our custom allocator by the Linux kernel-internal SLUB allocator that is based on page/folio allocation. The folio API is well hidden in the kernel internals, still in flux, and offers only incomplete (resp. outdated) documentation, which required quite a bit of research efforts reading and understanding the kernel's implementation. In the end, we improved our emulation implementation sufficiently and managed to get the PC NIC driver to work robustly with gigabit performance and with CPU load reduced by 25-40% on Intel Kaby/Tiger Lake notebooks. Platform driver =============== During ACPI suspend, the PCI bridges in the system may forget their PCI configuration. Hence on resume, this configuration needs to be restored to render all PCI devices behind the bridge usable again. With this release, we added support to the pci_decode component to report all relevant information, which is then picked up by the platform driver after an ACPI resume to re-configure the used PCI bridges. This change enables the successful restart of the Wifi driver after resume on many platforms. Improvements for NXP's i.MX family ================================== The current release comprises a lot of updates and additional support for the i.MX family of devices. First of all, we have updated all existent Linux driver ports to Linux kernel version 6.1.20. In detail, drivers for the Freescale Ethernet Device (FEC) for ARMv7 and ARMv8, the display management for the i.MX 8M Quad EVK and the MNT Reform 2, as well as the SD-card Host Controller for the same two boards got refreshed. Alice Domage of Gapfruit AG contributed outstanding work to enable platform support for the i.MX 8M Plus SoC and Compulab's IOT Gateway, which is based on it. Besides clock, powering, and reset support by a platform driver specific to this SoC, support is now available for both Ethernet cards (FEC and ST Microelectronics' STMMAC), SD-card host controller, I2C, and GPIO. Genode's custom kernel supports two more boards now, namely the F&S Embedded armStone Starterkit and MNT Pocket Reform. Both are using the i.MX 8M Plus SoC mentioned above. The support is currently limited to the very basics, and no peripherals apart from CPU and timer are integrated yet. For the fine-grained control of GPIO pins, release [https://genode.org/documentation/release-notes/21.11#Pin_I_O_session_interfaces - 21.11], introduced the pin I/O session interfaces, superseding the older 'Gpio' session interface. So far, however, our driver for the GPIO controller as present on all i.MX SoC's merely supported the old interface. With this release, we introduce a pin driver implementing the favored pin I/O session interface instead. All occurrences in packages and run-scripts under Genode's umbrella use the new driver now, which can be found under _src/driver/pin/imx_ within the genode-imx repository. The old driver and the 'Gpio' session interface are still existent. But now, as there is no hard dependency or necessity for it anymore, we mark the old driver as well as the 'Gpio' session interface as deprecated. Finally, we moved all remaining i.MX specific parts out of Genode's main repository into the [https://github.com/genodelabs/genode-imx - genode-imx] repository to be consistent with our recent approach of vendor-specific external repositories. Libraries and applications ########################## Qt6 application framework ========================= With this release, we started updating the Qt application framework from Qt5 to Qt6 by adding an initial port of Qt 6.6.2, covering the _qtbase_, _qtdeclarative_, _qtshadertools_, and _qtsvg_ modules. We are planning to support the _qtwebengine_ module as well in the near future, which will remove the dependency from Python 2 and provide us with a more recent Chromium engine for the Falkon and Morph web browsers. We also improved the Qt build process for both Qt6 and Qt5 by making sure that Qt libraries are only built when needed and stub libraries generated from symbol files are used otherwise. The Qt6 port uses updated host tools, which need to be built with the _tool/tool_chain_qt6_ script. Please note that Qt6 requires CMake version 3.19 or higher to build successfully. Mesa version 24.0.8 =================== With release [https://genode.org/documentation/release-notes/24.05#Mesa_updated_to_version_24.0.1 - 24.05], we updated Mesa to major version 24. During the past few months, we improved the memory allocation and synchronization for Intel's Iris driver and as a side effect updated Mesa to version 24.0.8. Platforms ######### Execution on bare hardware (base-hw) ==================================== Under the hood of Genode's custom kernel, the way how CPU-local memory is arranged changed fundamentally. The kernel's virtual memory layout now comprises a CPU area. Each CPU has its own slot within this area, containing kernel stack, CPU object data resp. all CPU-local data. This change is transparent to most Genode developers. It was motivated to ease CPU detection and bootstrapping at run time, for kernel stack overflow detection, and for increasing the kernel's flexibility regarding multi-core hardware. NOVA microhypervisor ==================== The kernel received support to handle the x86 CPU FPU extension [https://de.wikipedia.org/wiki/Advanced_Vector_Extensions - AVX], which is a family of SIMD instruction extensions used for optimized implementations of mathematical algorithms, e.g., it is used in multimedia applications. In principle, the kernel has to detect the available AVX versions, e.g., AVX, AVX-2, AVX-512. Depending on the version, it has to save and restore additional FPU state during thread switching. Besides the general availability to Genode applications, the Seoul VMM has become the first user of the feature. The VMM now announces the AVX feature to the guest VMs, so that the guest kernel can enable it and guest user applications can utilize it, e.g., for web browser and video encoding/decoding use-cases. The feature got tested with the Seoul VMM on Intel and AMD systems. Additionally, we adapted the core component to support Intel SoCs with E-Core only CPUs, which were formerly named Intel Atom and are nowadays branded as Intel N-Series CPUs. Finally, the NOVA kernel now supports the freeing of vCPU related data structures during VM destruction, got optimized to reduce resource overhead during cross CPU IPC and improved VM MSR exit handling. Build system and tools ###################### Improved reproducibility ======================== The demand for reproducible builds has been increasing during the past few years. The main hindrance that makes builds unreproducible are timestamps. On Genode, especially components that produce TAR files suffered from this limitation, since the date of the archived data was set to the time of archiving. To avoid this issue, we introduced a customizable global TAR_OPT in Genode's build system that sets the date of the archived files to the date of the epoch and the user/group to one. As a starting point, we added the TAR_OPT to the Qt-build process while other targets will incrementally follow. Additionally, we enabled our Rump-kernel port to be reproducible. Goa SDK ======= Debugging ~~~~~~~~~ After the addition of on-target debugging on Sculpt OS in [https://genode.org/documentation/release-notes/24.05#On-target_debugging_using_the_GNU_debugger__GDB_ - Genode 24.05], it was about time to equip [https://github.com/genodelabs/goa - Goa] with debugging support as well. For this purpose, the tool received an optional '--debug' command-line switch, which instructs Goa to consider [https://genode.org/documentation/release-notes/23.11#Debug_information_for_depot_binaries - dbg archives] in its download, export and publish steps. When provided with this switch on 'goa run', the tool also creates a _.gdb_ file in the project's _var/_ directory. This file contains initialization commands for the GNU debugger (GDB) and can be passed to GDB via the '--command' argument. [image goa_gdb_sculpt] The _Goa testbed_ package and preset have been updated accordingly to make use of our debug monitor. The figure illustrates how Goa interoperates with the Goa testbed. Sculpt's default NIC router configuration now comprises an additional _gdb_ domain that is intended to accommodate a single client to which the router forwards port 9999 of the _uplink_ domain. This is intended for making the testbed's debug monitor available as a remote GDB target. Note that these changes will become effective with the next Sculpt release in October. In the meantime, you may cherry-pick the [https://github.com/genodelabs/genode/commit/aeb42b0983143e6fe0a01f7f5316612709da1a9d - corresponding commit]. Along with debugging support, Goa also received a '--with-backtrace' switch and a 'backtrace' command. The former instructs the tool to preserve frame-pointer information by supplying the '-fno-omit-frame-pointer' flag to GCC. The 'goa backtrace' command is a shortcut for 'goa run --debug --with-backtrace' that additionally passes the log output to our [https://genode.org/documentation/release-notes/24.02#Convenient_parsing_of_backtraces - backtrace tool]. For detailed instructions, please refer to the corresponding [https://genodians.org/jschlatow/2024-07-31-goa-gdb - Genodians article]. Meson build system ~~~~~~~~~~~~~~~~~~ Projects like Qemu, glib, and Mesa have switched to the Python-based [https://mesonbuild.com - Meson] build system. Mesa, for example, produces a large number of generated C/C++ files using Meson features. In order to ease future porting effort of Meson-based projects to Genode, we have added basic support for this build system to Goa. A Meson project can be built and executed like any other Goa-supported build system with the addition that there can be a _meson_args_ file (analogously to _cmake_args_ for CMake) where additional arguments can be passed to the meson command. Otherwise, Goa will look for a _meson.build_ file in the _src_ directory, which identifies the project's build system as Meson. As a simple test, you can check out the _hello_meson_ example in the _examples_ directory of Goa. At the current stage, only binary targets for the x86_64 architecture are supported by Goa/Meson. Shared libraries and ARM support will be addressed next. Rust & Cargo ~~~~~~~~~~~~ From Rust 1.77 onward, the binary distribution of the _std_ library ('x86_64-unknown-freebsd') assumes that the underlying OS kernel supports thread-local storage via the FS segment register on x86. As Genode does not provide a TLS area via FS, TLS accesses by the library would end up in invalid memory, which renders the binary version of the std library unusable on Genode. In response, we have implemented a custom Genode target profile for Rust, which allows us to still leverage the FreeBSD port of Rust's standard library while using the _emulated_ TLS model. In order to compile the parts of the std library used by an application for the custom profile, we have moved to using a _nightly_ Rust tool chain. For detailed instructions for setting up the tool chain, head over to the [https://genodians.org/atopia/2024-08-27-building-rust-with-a-custom-profile - blog post] at Genodians.org.