Presently, RIOT just emits a warning when a stack overflow is
encountered but still resumes execution. In my view, execution should be
aborted as the detection of a stack overflows via the heuristic provided
by the scheduler is an unrecoverable error.
I ran into this while performing automated tests of a RIOT application
where a stack overflow occurred but I only noticed this after inspecting
the application output more closely.
Similar to SSP failures, I added crash_code for stack overflows.
This fixes https://github.com/RIOT-OS/RIOT/issues/18545 as the code
previously relied on `sched_change_priority()` not directly scheduling
a new thread while IRQs are disabled, but rather later when IRQs are
restored. This is true for Cortex-M MCUs (where the PendSV IRQ is used
to trigger the scheduler), but not e.g. for AVR.
An `1 << x` with `x >= 15` is undefined behavior on 8-bit / 16-bit
machines (which typically have `sizeof(int) == 2`).
Using `1UL << x` is safe for `x <= 31`, which is large enough to make
use of the full 32 bits in `runqueue_bitcache`.
In addition, a `static_assert()` is added to enforce that
`SCHED_PRIO_LEVELS` is never set to anything larger than 32.
This is intended for the bootloader module where we don't enter thread
mode, so mutex must never attempt to switch context.
Instead use a simple busy wait that is enough to make the possible mutex
users (e.g. interrupt based SPI) in bootloader mode work.
Use `uintptr_t` for arithmetic rather than `const char *` to fix the
following warning:
> comparePointers: Subtracting pointers that point to different objects
- activate THREAD_CREATE_STACKTEST also if test_utils_print_stack_usage
is used
- make thread_measure_stack_free() available unconditionally
- if DEVELHELP is active, call test_utils_print_stack_usage() on any
thread exit
- if DEVELHELP is active, call test_utils_print_stack_usage() after main
for the idle thread, if that is used
Replace use of C11 atomics with atomic utils. This fixes
> error: address argument to atomic operation must be a pointer to a
> trivially-copyable type ('_Atomic(int) *' invalid)
error when compiling on AVR with LLVM.
This adds a simple macro to check (at C level) whether a given
expression is proven to be compile time constant and suitable for
constant folding. This allows writing code like this:
```C
int gpio_read(gpio_t pin) {
if (IS_CT_CONSTANT(pin)) {
/* this implementation should even be able to use the port and
* pin number as immediate in inline assembly */
}
else {
/* less efficient implementation that cannot use port and pin
* number as immediate in inline assembly */
}
}
```
This provides the same functionality as `static_assert()` provided by
C11 and has no advantages compared to it. Hence, encourage users to use
standard C functionality instead.
For the caller there should be no difference if there is no message
in the queue and if there can't be a message in the queue.
The current API works as one would expect if there is a message queue,
but once called from a thread that does not have a message queue
configured, code that does
while (msg_avail())
will end up in an infinite loop.
Remove this foot-gun from the API by making the return value of
msg_avail() independend of the availability of a message queue.
`WITHOUT_PEDANTIC(expr)` disables `-Wpedantic` for `expr`, but switches
back to the previous diagnostic settings afterwards. This helps defining
macros that are not strictly ISO compliant without having to drop the
`-Wpedantic` flag entirely.
`DECLARE_CONSTANT(identifier, const_expr)` declares an anonymous `enum`
constant named `identifier` and assigns it the value `const_expr`. Here,
`const_expr` has to be a compile time constant, but is not needed to be
an integer constant expression. It basically is a tool to magically
convert a non-integer constant expression into a integer constant
expression.
Calculate the size of the element based on the array given, not based
on the element pointer.
The element might as well be given as a `void *` via a callback.
In that case, if the user forgets to cast the `void *` to the array
element type, the calculation returns false values.
Disarm this foot gun by basing the element size off the given array.
This prevents gcc from figuring out that an XFA that has been
initialized in the same file is technically empty when the compilation
unit is seen by itself. This happened with gcc 10.1.0 on msp430-elf.