This commit extends the heap test set by adding a test to check corruption
detection in free memory block.
For each byte of the free block memory, the test changes the value of the byte,
call multi_heap_check(), make sure that the function returns 'corruption detected'
only when comprehensive poisoning is set, restore the good value of the byte, calls
multi_heap_check() again and make sure that it returns 'OK'.
The tlsf implementation in the ROM does not provide a mechanism
to register a callback to be called in by tlsf_check().
This commit is creating a patch of the tlsf implementation to provide
a definition of the function allowing to register the callback called
in tlsf_check() and add the call of this callback in tlsf_check().
This patch is only compiled for target(s) with ESP_ROM_HAS_HEAP_TLSF
set and ESP_ROM_TLSF_CHECK_PATCH set. For all the other configurations
the environment remains unchanged by those modifications.
Add the definition of tlsf_check_hook() in multi_heap if MULTI_HEAP_POISONING
is set. This definition calls the multi_heap_internal_check_block_poisoning()
to check the memory of a free block for corruption. If the light poisoinng is
set this function returns true. If the comprehensive poisoning is set, this
function will check that all byte of memory in the memory chunk passed as parameter
are set to the right FILL pattern.
Don't call heap_caps_alloc_failed() for malloc(0) and calloc(0), because it is not an error.
Improve handling of malloc(0) and calloc(0).
Merges https://github.com/espressif/esp-idf/pull/9517
bugfix: esp32s3 DCache data memory is retention dma inaccessible
Closes IDFCI-1409, IDFCI-1410, IDFCI-1411, IDFCI-1412, and IDFCI-1413
See merge request espressif/esp-idf!19365
- The declaration is moved to esp_rom/include/esp32c2/rom/tlsf.h.
- multi_heap_poisoning.h now includes rom/tlsf.h instead of declaring
tlsf_poison_fill_pfunc_set().
Note: If more targets will support an implementation of the TLSF in ROM,
esp_rom will be extended with new headers in the respective target directories
but multi_heap_poisoning.h will remain unchanged.
When CONFIG_SPIRAM is set, the TLSF_MAX_POOL_SIZE is set to SOC_EXTRAM_DATA_SIZE
which caused the TLSF_MAX_POOL_SIZE to be bigger than 16MB.
This commit fixes the issue by adding an extra else if case to cover this configuration.
- include headers from the tlsf submodule only when CONFIG_HEAP_TLSF_USE_ROM_IMPL is not set
- remove usage of the tlsf_t type in the multi_heap.c
- add missing declaration of tlsf_poison_fill_pfunc_set() in multi_heap_poisoning.c
- define headers from tlsf submodule as private
- update the linker file in the heap component to the new naming of the tlsf file
- update the copyright docuementation to reference the submodule in github (https://github.com/espressif/tlsf)
- remove deleted files from the check_copyright_ignore.txt
As the tlsf implementation is a fork from https://github.com/mattconte/tlsf,
the sources are moved to a separate repository and used as a submodule in the esp-idf instead.
In this commit:
- Removing TLSF related files and using tlsf submodule instead.
- Adding components/heap/tlsf_platform.h header gathering all IDF specifics.
- The multi_heap_poisoning.c provides the declaration of the
function block_absorb_post_hook() definied weak in the TLSF repository.
- The tlsf_platform.h includes the tlsf_common.h file after the definition
of FL_INDEX_MAX_PLATFORM macro to make sure that this macro will be available
in tlsf_common.h without having to include tlaf_platform.h from IDF in the
tlsf_common.h header from the TLSF repository.
- Add missing include from tlsf_block_functions.h in the multi_heap.c file.
Change related to the changes made in TLSF repository (tlsf_block_functions.h
no longer included in tlsf.h)
This commit marks all functions in interrupt_controller_hal.h, cpu_ll.h and cpu_hal.h as deprecated.
Users should use functions from esp_cpu.h instead.
heap_caps_*_prefer functions will now only call heaps_caps_alloc_failed
callback if all attempts to allocation memory fail (and not after each attempt
anymore).
* Closes https://github.com/espressif/esp-idf/issues/9086
Regression was introduced in 32408b718f, which disallowed
addition of heap region with following condition:
`new_start < start && new_end == start`
This caused issues in Bluetooth APIs `esp_bt_mem_release` or `esp_bt_controller_mem_release`.
This commit fixes the problem and also adds API documentation for supported memory address
ranges in heap add region APIs.
A memory region starts from REGION_START and ends at
(REGION_START+SIZE-1).
Prior to this change, the check assumes a to-be-added region starting from REGION_START is invalid. Let's take an easy example:
A memory region: 0x1000~0x10ff
new added region: 0x1000~0x1020
This will be valid.
Valid conditions and invalid conditions are illustrated in the code comment
Fix a bug that could return a chunk of memory smaller than requested,
easily leading to a memory corruption, when the required memory alignment
passed to the allocator is 4.
This commit updates the chip independent system chapters of the
programming guide for esp32s3.
Signed-off-by: Sudeep Mohanty <sudeep.mohanty@espressif.com>
Add TRY_ENTRY_CRITICAL() API to all for timeouts when entering critical sections.
The following port API were added:
- portTRY_ENTER_CRITICAL()
- portTRY_ENTER_CRITICAL_ISR()
- portTRY_ENTER_CRITICAL_SAFE()
Deprecated legacy spinlock API in favor of spinlock.h. The following API were deprecated:
- vPortCPUInitializeMutex()
- vPortCPUAcquireMutex()
- vPortCPUAcquireMutexTimeout()
- vPortCPUReleaseMutex()
Other Changes:
- Added portMUX_INITIALIZE() to replace vPortCPUInitializeMutex()
- The assembly of the critical section functions ends up being about 50 instructions longer,
thus the spinlock test pass threshold had to be increased to account for the extra runtime.
Closes https://github.com/espressif/esp-idf/issues/5301
Software support for PMS module.
Allows controlled memory access to IRAM (R/W/X) and DRAM0 (R/W)
On/locked by default, configurable in Kconfig (esp_system)
Closes https://jira.espressif.com:8443/browse/IDF-2092
* Target components pull in xtensa component directly
* Use CPU HAL where applicable
* Remove unnecessary xtensa headers
* Compilation changes necessary to support non-xtensa gcc types (ie int32_t/uint32_t is no
longer signed/unsigned int).
Changes come from internal branch commit a6723fc
heap: ported tlsf allocator into multi heap
heap_host_tests: added tlsf allocator into host test
heap_host_test: update freebytes after using free
heap_tests: tlsf now passing on host tests without poisoning
multi_heap: added support for memalign using tlsf implementation
heap_caps: removed heap_caps_aligned_free
heap/test: fixed broken aligned alloc test build
heap: added poisoning pattern when blocks are being merged
heap/tests: added timing tests for memory allocation
heap: reduced tlsf structure overhead
heap/tlsf: made all short functions inside of tlsf module as inline to improve timings
heap: moved tlsf heap routines outside of flash memory
newlib: linked multiheap memalign with newlib memalign function
heap: moved block member functions to a separate file so multi_heap can use the functions
heap/test: improved the tlsf timing test
heap/test: added memalign on aligned alloc tests
heap: moved tlsf configuration constants to a separated file
heap: added random allocations test with timings
heap: modified the calculation of heap free bytes
heap: make aligned free true deprecated functions and update their documentation
heap: add extra assert after successive mallocs on small allocation host test
heap: remove legacy aligned alloc implementation.
performance: added malloc and free time performance default values
* changing dependencies from unity->cmock
* added component.mk and Makefile.projbuild
* ignore test dir in gen_esp_err_to_name.py
* added some brief introduction of CMock in IDF
Goal is that multiple faults would be required to bypass a boot-time signature check.
- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32
Add some additional checks for invalid sections:
- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
Configurable option to use IRAM as byte accessible memory (in single core mode) using
load-store (non-word aligned and non-word size IRAM access specific) exception handlers.
This allows to use IRAM for use-cases where certain performance penalty
(upto 170 cpu cycles per load or store operation) is acceptable. Additional configuration
option has been provided to redirect mbedTLS specific in-out content length buffers to
IRAM (in single core mode), allows to save 20KB per TLS connection.
DISABLED_FOR_TARGETS macros are used
Partly revert "ci: disable unavailable tests for esp32s2beta"
This partly reverts commit 76a3a5fb48.
Partly revert "ci: disable UTs for esp32s2beta without runners"
This partly reverts commit eb158e9a22.
Partly revert "fix unit test and examples for s2beta"
This partly reverts commit 9baa7826be.
Partly revert "efuse: Add support for esp32s2beta"
This partly reverts commit db84ba868c.
On Xtensa, backtrace can not recover the two most significant bits of
the address, as the window call size is encoded in these bits.
Because of this, __builtin_return_address modifies these MSBs to
match those of the callee, "fixing" the address. An unfortunate side
effect is that the zero return address, which usually terminates the
backtrace, gets converted to 0x40000000. While there is a valid
instruction at this address, its occurrence in the backtrace is
highly unlikely: this is the first instruction of WindowOverflow4
vector, and IDF apps switch VECBASE to an IRAM location very early at
startup.
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
This commit refactors backtracing within the panic handler so that a common
function esp_backtrace_get_next_frame() is used iteratively to traverse a
callstack.
A esp_backtrace_print() function has also be added that allows the printing
of a backtrace at runtime. The esp_backtrace_print() function allows unity to
print the backtrace of failed test cases and jump back to the main test menu
without the need reset the chip. esp_backtrace_print() can also be used as a
debugging function by users.
- esp_stack_ptr_is_sane() moved to soc_memory_layout.h
- removed uncessary includes of "esp_debug_helpers.h"
!4452 used setting LINK_LIBRARIES and INTERFACE_LINK_LIBRARIES to link
components built under ESP-IDF build system. However, LINK_LIBRARIES does
not produce behavior same as linking PRIVATE. This MR uses the new
signature for target_link_libraries directly instead. This also moves
setting dependencies during component registration rather than after all
components have been processed.
The consequence is that internally, components have to use the new
signature form as well. This does not affect linking the components to
external targets, such as with idf_as_lib example. This only affects
linking additional libraries to ESP-IDF libraries outside component processing (after
idf_build_process), which is not even possible for CMake<v3.13 as
target_link_libraries is not valid for targets not created in current
directory. See https://cmake.org/cmake/help/v3.13/policy/CMP0079.html#policy:CMP0079
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .
Cleaned up header files from unnecessary headers (releated to soc/... headers).
This MR removes the common dependency from every IDF components to the SOC component.
Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.
In CMAKE, we have two kinds of header visibilities (set by include path visibility):
(Assume component A --(depends on)--> B, B is the current component)
1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)
and we have two kinds of depending ways:
(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)
1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)
1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)
This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:
- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h
The major broken include chain includes:
1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h
some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h
BREAKING CHANGE
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
This commit removes trailing semicolons following a while(0) from
function-like macros in IDF. This will force those macros to be called
with a semicolon when called.
* Prevents section type conflict errors if (say) const & non-const data
is put into the same section (ie with DRAM_ATTR)
* Allows linker --gc-sections to remove unused custom sections
New unity component can be used for testing other applications.
Upstream version of Unity is included as a submodule.
Utilities specific to ESP-IDF unit tests (partitions, leak checking
setup/teardown functions, etc) are kept only in unit-test-app.
Kconfig options are added to allow disabling certain Unity features.
Problem:
The new API esp_bt_mem_release() that was added freed BTDM data to heap from esp_bt_controller_mem_release().
Now with the BT memory optimization commit ee787085f9,
the BTDM data is optimized and reduced to only 32 bytes which is not sufficient amount to be added to heap.
So, using the API leads to assert saying that the region is too small.
Solution:
Modify heap_caps_add_region_with_caps to return ESP_ERR_INVALID_SIZE in case the range is too small to create a new heap.
Do not assert if return value is ESP_ERR_INVALID_SIZE
This also fixes using API esp_bt_controller_mem_release() with ESP_BT_MODE_BTDM
Signed-off-by: Hrishikesh Dhayagude <hrishi@espressif.com>
No longer necessary to keep all reserved addresses in 'soc'.
Means 'soc' does not need to know about 'bt', for example.
Also means that Bluetooth can be enabled in config without any memory being reserved for BT
controller. Only if code calling the BT controller is linked in, will this memory be reserved...
heap_caps_malloc will fail to poison a block in IRAM with size not
divisible by 4. The proper fix will be to make poisoning code
smarter, or to disallow allocations from IRAM with size not aligned
by 4.