In indent.h 1.49 from 2021-10-25, the enumeration token_type was split
into lexer_symbol and parser_symbol to more clearly express that these
tokens fall into completely different classes of usage patterns.
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/make.html
says that in order to make a makefile POSIX-conforming, its first
non-comment line must be the special dependency line '.POSIX:' without
any source dependencies.
Previously, make switched to POSIX mode even if such a line occurred
anywhere else, which was allowed by POSIX but was deep in the
"unspecified behavior" area. For NetBSD make, there is no big
difference since it doesn't ship any <posix.mk> file, this change mainly
affects the bmake distribution.
Previously, makefiles that contain '.POSIX:' somewhere in the middle
could fail due to <posix.mk> resetting .SUFFIXES, among other things.
Suggested by Simon J. Gerraty, who also reviewed an earlier version of
this change.
The names membar_enter/exit were unclear, and the documentation of
membar_enter has disagreed with the implementations on sparc,
powerpc, and even x86(!) for the entire time it has been in NetBSD.
The terms `acquire' and `release' are ubiquitous in the literature
today, and have been adopted in the C and C++ standards to mean
load-before-load/store and load/store-before-store, respectively,
which are exactly the orderings required by acquiring and releasing a
mutex, as well as other useful applications like decrementing a
reference count and then freeing the underlying object if it went to
zero.
Originally I proposed changing one word in the documentation for
membar_enter to make it load-before-load/store instead of
store-before-load/store, i.e., to make it an acquire barrier. I
proposed this on the grounds that
(a) all implementations guarantee load-before-load/store,
(b) some implementations fail to guarantee store-before-load/store,
and
(c) all uses in-tree assume load-before-load/store.
I verified parts (a) and (b) (except, for (a), powerpc didn't even
guarantee load-before-load/store -- isync isn't necessarily enough;
need lwsync in general -- but it _almost_ did, and it certainly didn't
guarantee store-before-load/store).
Part (c) might not be correct, however: under the mistaken assumption
that atomic-r/m/w then membar-w/rw is equivalent to atomic-r/m/w then
membar-r/rw, I only audited the cases of membar_enter that _aren't_
immediately after an atomic-r/m/w. All of those cases assume
load-before-load/store. But my assumption was wrong -- there are
cases of atomic-r/m/w then membar-w/rw that would be broken by
changing to atomic-r/m/w then membar-r/rw:
https://mail-index.netbsd.org/tech-kern/2022/03/29/msg028044.html
Furthermore, the name membar_enter has been adopted in other places
like OpenBSD where it actually does follow the documentation and
guarantee store-before-load/store, even if that order is not useful.
So the name membar_enter currently lives in a bad place where it
means either of two things -- r/rw or w/rw.
With this change, we deprecate membar_enter/exit, introduce
membar_acquire/release as better names for the useful pair (r/rw and
rw/w), and make sure the implementation of membar_enter guarantees
both what was documented _and_ what was implemented, making it an
alias for membar_sync.
While here, rework all of the membar_* definitions and aliases. The
new logic follows a rule to make it easier to audit:
membar_X is defined as an alias for membar_Y iff membar_X is
guaranteed by membar_Y.
The `no stronger than' relation is (the transitive closure of):
- membar_consumer (r/r) is guaranteed by membar_acquire (r/rw)
- membar_producer (w/w) is guaranteed by membar_release (rw/w)
- membar_acquire (r/rw) is guaranteed by membar_sync (rw/rw)
- membar_release (rw/w) is guaranteed by membar_sync (rw/rw)
And, for the deprecated membars:
- membar_enter (whether r/rw, w/rw, or rw/rw) is guaranteed by
membar_sync (rw/rw)
- membar_exit (rw/w) is guaranteed by membar_release (rw/w)
(membar_exit is identical to membar_release, but the name is
deprecated.)
Finally, while here, annotate some of the instructions with their
semantics. For powerpc, leave an essay with citations on the
unfortunate but -- as far as I can tell -- necessary decision to use
lwsync, not isync, for membar_acquire and membar_consumer.
Also add membar(3) and atomic(3) man page links.
These tests run two threads for five seconds each to try to trigger
races in the event of broken memory barriers. They run only on
machines with at least two CPUs; on uniprocessor systems there's no
point -- the membars can correctly just be (instruction barrier)
no-ops.
Floppy generation was disabled before NetBSD 6.0 release due to size
constraints and unlikely to be restored soon or at all. PR port-sparc/56776.
ok martin.
the iic module. There are valid configurations where i2c_subr code
can be both built-in and part of a loaded module (eg, piixpm is in
the kernel, but the iic module is loaded later). This causes the
in-kernel linker to detect a duplicate symbol.
XShapeQueryExtension.3 and XShapeQueryVersion.3 are not conjoined twins.
While here split XShape.3 links into separate MLINKS += src dst assignments
and sort them.
I'm not documenting this to encourage anyone to use it. I'm only
documenting this to remind myself what the semantics is, because it's
kind of confusing and not at all like mutex(9).
This doesn't mean you should use it! Mostly it's to document the
semantics to help understand existing uses, which should not
proliferate, and audit definitions.
add support for 8-bit and I2C variants of the chip:
- MCP23008 / MCP23S08: 8-bit (I2C / SPI)
- MCP23017 / MCP23S17: 16-bit (I2C / SPI)
- MCP23018 / MCP23S18: 16-bit (I2C / SPI), open-drain outputs
The MCP23x17 and MCP23x18 are essentially identical, software-wise; we
merely report different GPIO pin capabilities (no push-pull output for
MCP23x18). Also, remove the tri-state capability that was previously
advertised by the old version of this driver; these chips have no way
to put the pin into a HI-Z mode.
All 3 I2C versions are supported, but the SPI front-end still only
supports the MCP23S17 for now (SPI autoconfiguration needs an overhaul).
mcp23s17gpio(4) remains present as a link to the new mcpgpio(4) man page.
XXX Still to-do: FDT integration, interrupt suppoort.
a function to be called before the destructor for a batch of one or more
objects is called. This can be used as a synchronization point by
subsystems that rely on the type-stable nature of pool cache objects or
subsystems that use other forms of passive serialization.
Symlinks inferred from linux-firmware/WHENCE and compared to a linux distro's
firmware.
Note: said linux distro appears to have some mistakes compared to the
linux-firmware repo in linking ucode_unload.bin to unload_bl.bin and vice
versa in some places.
I didn't replicate this aspect, and lack the hardware to test it.
I'm not sure why mdoc complains here (not the technical reason, but
the pragmatic purpose). My best guess is that it wants to catch
mistakes like .Fx 1.6.1 (instead of .Nx 1.6.1). I'm not entirely
convinced this doesn't create more problems that it solves.
No objections in the 15 years since this was proposed netbsd-docs.
Driver module as illustrated here:
https://www.sparkfun.com/products/13911
A SCMD module is a ARM SOC simular to a Arduino in front of a motor
driver chip. The single SCMD module can control two motors and up to
16 additional modules can be chained together using an internal I2C
bus. One can interface with the SCMD using tty uart commands, SPI or
I2C. The driver in this commit adds a kernel driver for the I2C and
SPI interfaces. The command line utility provides a set of
convenience commands that support most of the functions of the SCMD
and is able to use the tty uart mode, SPI user land or the included
kernel driver in a uniform manor.
The use of the SCMD module is mostly for small robots and the like,
but it can control anything that is controllable by voltage.
Without memory allocator debugging, the newly added test doesn't show
any obvious failure.
With memory allocator debugging enabled, all make versions since
2016.02.27.16.20.06 crash with a segmentation fault.
There is never whitespace between the 'L' and the string literal or the
character constant. There might be a backslash-newline between them, but
that case was not handled before either.
No functional change.
The constants that were previously defined in indent_codes.h were a wild
mixture of tokens from the lexer and symbols on the parser stack. They
were split into separate types starting at indent.h 1.49 from 2021-10-25
and finishing at 1.73 from 2021-10-31.
To match the tests with the new token names, the old tests need to be
migrated to the newly added tests. This will take some time so first
add the skeletons and migrate them in smaller steps, cleaning them up
and extending them on the way.
Possibly the intent was that the names used here were correct, and
the error is where they're installed - if so, that can be corrected later.
Hopefully this will fix the remaining current build issue.
sensor such as:
https://www.adafruit.com/product/2857
This is a higher priced sensor with a lot of features, including the
ability to do sub-second periodic updates. The driver supports
everything about the sensor except for the alert pin.
Some of these scripts and notes may no longer be relevant, but now
they are at least not relevant while referring to the current X
installation directory
trampoline exclusively, thus relegating "sigcontext"-style handlers (which
have not been documented for many years now) to the dustbin of the compat
library.
This helps to keep the enum definition and the straight-forward
implementation of a to_string or name function in sync.
The test for message 241 had to be adjusted because of exactly this bug.
That test defined a bit mask enum but accessed it like a value enum
type.
"udata" to get clobbered on ONESHOT events, and add a unit test for it.
Reported by martin@ (manifested in his case as a KASSERT() firing when
running unit tests in COMPAT_NETBSD32).
write buffer associated with the file descriptor is empty. This is
currently implemented only for sockets, and is intended primarily to
provide visibility to applications that all previously written data
has been acknowledged by the TCP layer on the receiver. Compatible
with the same filter in FreeBSD.
This reduces the number of files in the test directory. It also allows
the tests to be read from top to bottom, looking at only a single file.
Since t_options.awk complains about files that don't have any test case
at all, add some test for each token kind. Most of the tests had
previously been effectively empty.
Having the test driver in a separate file allows to run it on its own,
as 'awk -f t_options.awk label.c'. When the test driver warns, exit 1;
this is only needed for the standalone version, when run from inside ATF
the warnings on stderr already suffice to make the test fail in the end.
These tests have been the motivation for t_options.sh, which allows to
run indent with various command line options on the same input, without
having to create 3 files per test case.
A test file actually contains several tests, all separated by '#indent'
directives. Isolating each of these tests is simpler than having to pick
up the corresponding sections from 3 separate files. Running indent on
each small test case isolates the test cases from each other, preventing
them to influence later test cases. Exactly this had happened when
support for C99 comments was added in March 2021, which later turned
out to be done wrong.
The previous tests 'binary' and 'float' not only test binary and
floating point numbers, making their names too specific. Move them into
a new test token_ident that covers all "identifier-like" tokens, just as
in the code.
The test cases for the option '-cs' are already covered more
systematically in opt_cs.c, so remove that test.
Previously, each bool option such as '-bacc/-nbacc' had 6 test files:
input, options, output for the positive and negative option. Splitting
this test data into separate files made it harder than necessary to
quickly compare the test output from '-bacc' with that of '-nbacc'.
Have a single test for the positive and negative option, allowing
several tests to run on the same input with different options.
This commit only contains the rather mechanic changes of concatenating
the previous test files and inserting the '#indent' directives, which
are documented in t_options.sh. Removing duplicate input sections, as
well as other cleanups will follow soon.
No functional change.
chip from Adafruit is:
https://www.adafruit.com/product/4829
This is a moderately priced gas sensor that can detect volatile
organic compounds in the air. The driver uses the 3-clause BSD
licensed VOC algorithm provided by Sensirion to turn the raw sensor
metric into a VOC index which can indicate the quality of the air in a
particular indoor environment. All published functions of the chip
are supported and one unpublished feature.
Previously, bool options were allowed to have trailing garbage. For
example, the option '-bacc' could be spelled '-bacchus' as well.
Check that the exact option name is given in the command line, to
prevent typos in the configuration files and to reduce surprises just in
case a future option is a prefix of an existing option, or vice versa.
Add a new test program for error handling. Most of these tests are so
simple that it would be overkill to create 3 files for each test.
Introduce a /dev/efi character device that provides a means for accessing
UEFI RT variable services from userland. Compatible with the FreeBSD ioctl
interface for ease of porting their libefivar and associated tools.
The ioctl interface is defined in sys/efiio.h.
To enable support for this on an arch, the kernel needs `pseudo-device efi`
and the MD EFI implementation needs to register its backend by calling
efi_ops_register(). This commit includes an implementation for Arm.
Several people reported having hardware that struggles booting the mix
EFI+BIOS image, and it's better to offer them a working image.
Keeping the EFI image as having the obvious name, this is going to become
more likely to work by default as newer hardware may not support BIOS boot.
(XXX pullup-9)
sensor. An example of this chip is:
https://www.adafruit.com/product/4885
This is a lower cost chip that provides higher then usual precision
according to the data sheet. This driver supports all of the published
functions that the chip has.
Running lint in usr.bin/make on i386 fails due to this warning:
cond.c(800): warning: argument #3 is converted from 'unsigned char' to
'unsigned int' due to prototype [259]
This warning only occurred on i386 but not on sparc or x86_64. Try to
reproduce the test situation in platform_int.
The platform code in t_integration.sh was not strict enough, it didn't
check for multiple conditions, such as in msg_132_ilp32. That test was
only supposed to run on ILP32 platforms where size_t is unsigned int. It
also ran on sparc, even though size_t is long there.
This set is only installed on amd64,i386,evbarm.
This set is installed on minimal installs and on install media, in
case someone needs it for basic driver functionality.
Comments:
Switched to a single MK tunable for it - that is probably unneeded.
An upcoming DRM update will include even fatter firmware, and we'd
like to minimize the impact of it.
HOST_CPPFLAGS, HOST_CXXFLAGS, but not LIBRARY_PATH because it breaks
the build. These variables are necessary to support building NetBSD
from a GNU Guix or NixOS host, where /usr/include, /lib, and all
but /bin/sh do not exist. In many cases, support for HOST_CPPFLAGS
was incomplete. From Ryan Sundberg
Lint's grammar in this area differs a lot from the grammar in C99. GCC's
parser has a long comment about special cases in this area. It's tricky
to even parse these type names correctly, let alone assign them the
correct types, that's why it needs more tests before trying to refactor
that code.
The purpose of warning 259 is to find function calls that differ in the
ABI. The warning's original purpose was not to warn about lossy
conversions, that's just a side effect.
Warning 259 had been implemented before C99 was published, which is more
than 20 years ago. In the meantime, almost all code has migrated to
using function prototypes. With the default lint flags from NetBSD's
<sys.mk>, it would rather make sense to focus on lossy conversions now.
To prepare for potentially upcoming differences in lint's C90 and C99
modes, clone the test now as far as possible. The test for C90 mode is
smaller than for C99 mode, since 'long long' was not available back
then.
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1
From their notes:
All new functionality should be explained by the updated manpage.
The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.
getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.
memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.
The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.
Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()
parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.
Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.
The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.
setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.
Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()
We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.
Security related:
The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?
We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(c5eae130d6/usr.sbin/inetd/inetd.c (L1049))
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.
Since November 2001, there is a comment above the function 'fold' that
suggests there are a few bugs concerning overflow detection. Add some
first 'proper regression tests' to prove these bugs.
be there (and the latter was removed by accident.)
regen for everyone (also picks up missing tgmath.h for many ports.)
fixes build of pkgsrc/databases/mongodb for me.
Found in findcc.c, there are about 25 other instances of this
incongruency in the whole source tree.
For more examples of functions from the C Standard Library that
implicitly remove the 'const' qualifier from an argument, see the C++
include file 'cstring'.
These errors are really unrealistic. Most parse errors that occur in
statements are already handled elsewhere and continue with the next
semicolon.
The tests had to be split into two separate files because lint assumes
that after the 5th parse error, it does not make sense to continue this
translation unit.
This makes no difference in the randomness of the pool, but it improves
on the estimation (if any) of how many random bits were obtained.
Also make the ftp -q time out a bit longer since I got some time outs.
I found that in the cloud I tried, by the time this script runs, there
is no default route in effect yet. That takes some 5 to 10 seconds
longer. So I added a retry loop, and to make that easier, changed the
order of queries. To make sure it doesn't wait ~forever for a
non-existent service I added the -q 1 option to ftp invocations.
I also added OpenStack-specific metadata which contains a different
random_seed of 512 bytes every time it is requested. See
https://github.com/openstack/nova/blob/master/nova/api/metadata/base.py#L355
It may not be trusted data but only in the strictest sense of the word.
The data can only be observed by people with access to the cloud's
overlay network for the particular VM.
The example code for triggering these grammar rules looks completely
contrived. Even if lint had not implemented these cases, hopefully
nobody would have ever noticed.
Before fixing the wrong handling of __attribute__ that is demonstrated
at the end of gcc_attribute.c, ensure that the attribute handling works
in the most basic cases.
Lint currently accepts __attribute__ in more places than it should.
This leads to some ambiguities in the grammar.
Since err.c 1.12 from 2000-07-06, lint allows to suppress individual
error messages. Suppressed error messages do not increment nerr.
Keeping nerr at 0 had triggered the assertion.
There a 4 regular NetBSD builds where lint is activated. All these
builds run on platforms where char == signed char.
The official test runs from https://releng.netbsd.org/test-results.html
mostly have char == signed char as well.
However, lint behaves differently on platforms with char == unsigned
char. On these platforms, a simple "char ch = '\xff'" leads to the
bogus warning that "conversion of 'int' to 'char' is out of range".
This exists for compatibility with a Linux interface which was apparently
deprecated in Linux 2.6. There are various mailing list threads going
back to 2004 where the usefulness of this driver is discussed, but
the conclusion is that scanner software has all moved to using ugen(4)
instead, and enabling this driver will not help you scan things.
Previously, all tests for lint had to produce the exact same output, no
matter which platform they ran on. This differs from practical needs
since lint is intended to produce different results depending on whether
the platform is ILP32 or LP64.
Examples for these are type conversions and the widths of the integer
types during lexical analysis.
This does not have any effect in practice since the option -g
(originally meant for GCC extensions to the C standards) implicitly
allows all features from C11, since err.c 1.111 from 2021-04-14.
Since the default lint flags for NetBSD builds include the option -g,
this allows all C11 features.
Currently it is not possible to say "allow GNU extensions but not C11".
Previously, selecting the option -Ac11 allowed features from C11 but at
the same time prohibited 'long long', which was added in C99. This was
caused by the option -s, which is interpreted as "allow features from
C90, but no later".
The test for _Generic, which has been added in C11, demonstrates that
the current implementation is broken. Lint currently thinks that the
return type of a _Generic selection is the type of the expression, but
it really is the type of the selected expression. In the current tests,
this is always 'const char *', but C11 does not require that the types
of a generic selection are compatible.
Creating a dummy /tmp/root_writable file and after mountroot and
checking it on the second installation could be problematic if
users retry to installation after reboot without reinstalling miniroot.
Taken from amiga.
sun2 and sun3 don't use MI src/distrib/miniroot/list so this should
have been sync'ed with it.
http://cvsweb.netbsd.org/bsdweb.cgi/src/distrib/miniroot/list#rev1.36
>> Use proper release version strings ("9.1" rather than "91") in banners.
>>
>> Also define and use "MACHINE" variable to describe port names
>> (no uname(1) or sysctl(8) in miniroot binary list by default).
Should be pulled up to netbsd-9.
change makefs flags from:
density=2048
to:
density=3072,bsize=4096,fsize=512,optimization=space
so that everything fits again. add some comment GCC flags
that may help reduce size a little more.
compatibility with the factory firmware. Normally this is frowned upon,
but this is the only easy way to boot NetBSD on this board without
having to crack open the case and/or hook up a serial console.
This enables the use of modules for a significant build performance gain
when building with clang as host compiler or when using HAVE_LLVM=yes.
Switch libc++ to using the copy from the mono-repo.
That test was intended to test the keywords '__extension__' and
'__typeof'. The GCC builtin functions were just a side-effect.
These built-in functions generated error messages on platforms such as
amd64 where sizeof(long double) != sizeof(double), but not on others
such as sparc.
The current infrastructure for the lint tests cannot handle tests with
platform-dependent outcome.
Previously, declaring a bit-field of type plain 'int' resulted in this
warning:
warning: nonportable bit-field type 'int' [34]
This warning was too unspecific to be actionable, and until yesterday it
didn't even include the type. In order to allow this warning to be
understood and properly fixed, describe the actual nonportability more
precisely:
warning: bit-field of type plain 'int' has
implementation-defined signedness [344]
rillig