diff --git a/components/freertos/include/freertos/FreeRTOS.h b/components/freertos/include/freertos/FreeRTOS.h index 15ecf745e4..99a5939680 100644 --- a/components/freertos/include/freertos/FreeRTOS.h +++ b/components/freertos/include/freertos/FreeRTOS.h @@ -262,11 +262,11 @@ #define configASSERT_DEFINED 1 #endif -/* configPRECONDITION should be resolve to configASSERT. +/* configPRECONDITION should be defined as configASSERT. * The CBMC proofs need a way to track assumptions and assertions. - * A configPRECONDITION statement should express an implicit invariant or assumption made. - * A configASSERT statement should express an invariant that must hold explicit before calling - * the code. */ + * A configPRECONDITION statement should express an implicit invariant or + * assumption made. A configASSERT statement should express an invariant that must + * hold explicit before calling the code. */ #ifndef configPRECONDITION #define configPRECONDITION( X ) configASSERT( X ) #define configPRECONDITION_DEFINED 0 @@ -925,6 +925,11 @@ #define configSUPPORT_DYNAMIC_ALLOCATION 1 #endif +#ifndef configSTACK_ALLOCATION_FROM_SEPARATE_HEAP + /* Defaults to 0 for backward compatibility. */ + #define configSTACK_ALLOCATION_FROM_SEPARATE_HEAP 0 +#endif + #ifndef configSTACK_DEPTH_TYPE /* Defaults to uint16_t for backward compatibility, but can be overridden @@ -1008,7 +1013,7 @@ #ifndef configMIN -/* The application writer has not provided their own MAX macro, so define +/* The application writer has not provided their own MIN macro, so define * the following generic implementation. */ #define configMIN( a, b ) ( ( ( a ) < ( b ) ) ? ( a ) : ( b ) ) #endif @@ -1033,6 +1038,7 @@ #define pcTimerGetTimerName pcTimerGetName #define pcQueueGetQueueName pcQueueGetName #define vTaskGetTaskInfo vTaskGetInfo + #define xTaskGetIdleRunTimeCounter ulTaskGetIdleRunTimeCounter /* Backward compatibility within the scheduler code only - these definitions * are not really required but are included for completeness. */ @@ -1139,7 +1145,7 @@ * data hiding policy, so the real structures used by FreeRTOS to maintain the * state of tasks, queues, semaphores, etc. are not accessible to the application * code. However, if the application writer wants to statically allocate such - * an object then the size of the object needs to be know. Dummy structures + * an object then the size of the object needs to be known. Dummy structures * that are guaranteed to have the same size and alignment requirements of the * real objects are used for this purpose. The dummy list and list item * structures below are used for inclusion in such a dummy structure. @@ -1188,7 +1194,7 @@ typedef struct xSTATIC_LIST * strict data hiding policy. This means the Task structure used internally by * FreeRTOS is not accessible to application code. However, if the application * writer wants to statically allocate the memory required to create a task then - * the size of the task object needs to be know. The StaticTask_t structure + * the size of the task object needs to be known. The StaticTask_t structure * below is provided for this purpose. Its sizes and alignment requirements are * guaranteed to match those of the genuine structure, no matter which * architecture is being used, and no matter how the values in FreeRTOSConfig.h @@ -1255,7 +1261,7 @@ typedef struct xSTATIC_TCB * strict data hiding policy. This means the Queue structure used internally by * FreeRTOS is not accessible to application code. However, if the application * writer wants to statically allocate the memory required to create a queue - * then the size of the queue object needs to be know. The StaticQueue_t + * then the size of the queue object needs to be known. The StaticQueue_t * structure below is provided for this purpose. Its sizes and alignment * requirements are guaranteed to match those of the genuine structure, no * matter which architecture is being used, and no matter how the values in @@ -1328,7 +1334,7 @@ typedef struct xSTATIC_EVENT_GROUP * strict data hiding policy. This means the software timer structure used * internally by FreeRTOS is not accessible to application code. However, if * the application writer wants to statically allocate the memory required to - * create a software timer then the size of the queue object needs to be know. + * create a software timer then the size of the queue object needs to be known. * The StaticTimer_t structure below is provided for this purpose. Its sizes * and alignment requirements are guaranteed to match those of the genuine * structure, no matter which architecture is being used, and no matter how the @@ -1356,12 +1362,12 @@ typedef struct xSTATIC_TIMER * internally by FreeRTOS is not accessible to application code. However, if * the application writer wants to statically allocate the memory required to * create a stream buffer then the size of the stream buffer object needs to be - * know. The StaticStreamBuffer_t structure below is provided for this purpose. - * Its size and alignment requirements are guaranteed to match those of the - * genuine structure, no matter which architecture is being used, and no matter - * how the values in FreeRTOSConfig.h are set. Its contents are somewhat - * obfuscated in the hope users will recognise that it would be unwise to make - * direct use of the structure members. + * known. The StaticStreamBuffer_t structure below is provided for this + * purpose. Its size and alignment requirements are guaranteed to match those + * of the genuine structure, no matter which architecture is being used, and + * no matter how the values in FreeRTOSConfig.h are set. Its contents are + * somewhat obfuscated in the hope users will recognise that it would be unwise + * to make direct use of the structure members. */ typedef struct xSTATIC_STREAM_BUFFER { diff --git a/components/freertos/include/freertos/portable.h b/components/freertos/include/freertos/portable.h index 36f83ff516..acc337cb96 100644 --- a/components/freertos/include/freertos/portable.h +++ b/components/freertos/include/freertos/portable.h @@ -181,6 +181,13 @@ void vPortInitialiseBlocks( void ) PRIVILEGED_FUNCTION; size_t xPortGetFreeHeapSize( void ) PRIVILEGED_FUNCTION; size_t xPortGetMinimumEverFreeHeapSize( void ) PRIVILEGED_FUNCTION; +#if( configSTACK_ALLOCATION_FROM_SEPARATE_HEAP == 1 ) + void *pvPortMallocStack( size_t xSize ) PRIVILEGED_FUNCTION; + void vPortFreeStack( void *pv ) PRIVILEGED_FUNCTION; +#else + #define pvPortMallocStack pvPortMalloc + #define vPortFreeStack vPortFree +#endif #else // configUSE_FREERTOS_PROVIDED_HEAP /* diff --git a/components/freertos/include/freertos/queue.h b/components/freertos/include/freertos/queue.h index d992e26d22..81cccc05df 100644 --- a/components/freertos/include/freertos/queue.h +++ b/components/freertos/include/freertos/queue.h @@ -1189,7 +1189,7 @@ void vQueueDelete( QueueHandle_t xQueue ) PRIVILEGED_FUNCTION; * void vFunction( void *pvParameters ) * { * // Create a queue to hold one uint32_t value. It is strongly - * // recommended \*not\* to use xQueueOverwriteFromISR() on queues that can + * // recommended *not* to use xQueueOverwriteFromISR() on queues that can * // contain more than one value, and doing so will trigger an assertion * // if configASSERT() is defined. * xQueue = xQueueCreate( 1, sizeof( uint32_t ) ); diff --git a/components/freertos/include/freertos/task.h b/components/freertos/include/freertos/task.h index 9ad93ee84c..a2cef32546 100644 --- a/components/freertos/include/freertos/task.h +++ b/components/freertos/include/freertos/task.h @@ -2328,7 +2328,7 @@ uint32_t ulTaskGetIdleRunTimeCounter( void ) PRIVILEGED_FUNCTION; * * eSetBits - * The target notification value is bitwise ORed with ulValue. - * xTaskNofifyIndexed() always returns pdPASS in this case. + * xTaskNotifyIndexed() always returns pdPASS in this case. * * eIncrement - * The target notification value is incremented. ulValue is not used and @@ -2475,7 +2475,7 @@ BaseType_t xTaskGenericNotify( TaskHandle_t xTaskToNotify, * value, if at all. Valid values for eAction are as follows: * * eSetBits - - * The task's notification value is bitwise ORed with ulValue. xTaskNofify() + * The task's notification value is bitwise ORed with ulValue. xTaskNotify() * always returns pdPASS in this case. * * eIncrement - @@ -2647,7 +2647,7 @@ BaseType_t xTaskGenericNotifyFromISR( TaskHandle_t xTaskToNotify, * the Blocked state for a notification to be received, should a notification * not already be pending when xTaskNotifyWait() was called. The task * will not consume any processing time while it is in the Blocked state. This - * is specified in kernel ticks, the macro pdMS_TO_TICSK( value_in_ms ) can be + * is specified in kernel ticks, the macro pdMS_TO_TICKS( value_in_ms ) can be * used to convert a time specified in milliseconds to a time specified in * ticks. * @@ -2921,7 +2921,7 @@ void vTaskGenericNotifyGiveFromISR( TaskHandle_t xTaskToNotify, * should the count not already be greater than zero when * ulTaskNotifyTake() was called. The task will not consume any processing * time while it is in the Blocked state. This is specified in kernel ticks, - * the macro pdMS_TO_TICSK( value_in_ms ) can be used to convert a time + * the macro pdMS_TO_TICKS( value_in_ms ) can be used to convert a time * specified in milliseconds to a time specified in ticks. * * @return The task's notification count before it is either cleared to zero or @@ -3106,7 +3106,7 @@ void vTaskSetTimeOutState( TimeOut_t * const pxTimeOut ) PRIVILEGED_FUNCTION; * @param pxTicksToWait The number of ticks to check for timeout i.e. if * pxTicksToWait ticks have passed since pxTimeOut was last updated (either by * vTaskSetTimeOutState() or xTaskCheckForTimeOut()), the timeout has occurred. - * If the timeout has not occurred, pxTIcksToWait is updated to reflect the + * If the timeout has not occurred, pxTicksToWait is updated to reflect the * number of remaining ticks. * * @return If timeout has occurred, pdTRUE is returned. Otherwise pdFALSE is @@ -3275,7 +3275,7 @@ BaseType_t xTaskIncrementTick( void ) PRIVILEGED_FUNCTION; * xItemValue value, and inserts the list item at the end of the list. * * The 'ordered' version uses the existing event list item value (which is the - * owning tasks priority) to insert the list item into the event list is task + * owning task's priority) to insert the list item into the event list in task * priority order. * * @param pxEventList The list containing tasks that are blocked waiting @@ -3285,7 +3285,7 @@ BaseType_t xTaskIncrementTick( void ) PRIVILEGED_FUNCTION; * event list is not ordered by task priority. * * @param xTicksToWait The maximum amount of time that the task should wait - * for the event to occur. This is specified in kernel ticks,the constant + * for the event to occur. This is specified in kernel ticks, the constant * portTICK_PERIOD_MS can be used to convert kernel ticks into a real time * period. */ diff --git a/components/freertos/list.c b/components/freertos/list.c index 78a45f75a1..5eec523162 100644 --- a/components/freertos/list.c +++ b/components/freertos/list.c @@ -26,9 +26,20 @@ #include + +/* Defining MPU_WRAPPERS_INCLUDED_FROM_API_FILE prevents task.h from redefining + * all the API functions to use the MPU wrappers. That should only be done when + * task.h is included from an application file. */ +#define MPU_WRAPPERS_INCLUDED_FROM_API_FILE + #include "FreeRTOS.h" #include "list.h" +/* Lint e9021, e961 and e750 are suppressed as a MISRA exception justified + * because the MPU ports require MPU_WRAPPERS_INCLUDED_FROM_API_FILE to be + * defined for the header files above, but not in this file, in order to + * generate the correct privileged Vs unprivileged linkage and placement. */ +#undef MPU_WRAPPERS_INCLUDED_FROM_API_FILE /*lint !e961 !e750 !e9021. */ /*----------------------------------------------------------- * PUBLIC LIST API documented in list.h @@ -147,6 +158,9 @@ void vListInsert( List_t * const pxList, * 4) Using a queue or semaphore before it has been initialised or * before the scheduler has been started (are interrupts firing * before vTaskStartScheduler() has been called?). + * 5) If the FreeRTOS port supports interrupt nesting then ensure that + * the priority of the tick interrupt is at or below + * configMAX_SYSCALL_INTERRUPT_PRIORITY. **********************************************************************/ for( pxIterator = ( ListItem_t * ) &( pxList->xListEnd ); pxIterator->pxNext->xItemValue <= xValueOfInsertion; pxIterator = pxIterator->pxNext ) /*lint !e826 !e740 !e9087 The mini list structure is used as the list end to save RAM. This is checked and valid. *//*lint !e440 The iterator moves to a different value, not xValueOfInsertion. */ diff --git a/components/freertos/queue.c b/components/freertos/queue.c index 1e2f795da5..4a6973adf8 100644 --- a/components/freertos/queue.c +++ b/components/freertos/queue.c @@ -62,6 +62,7 @@ /* Constants used with the cRxLock and cTxLock structure members. */ #define queueUNLOCKED ( ( int8_t ) -1 ) #define queueLOCKED_UNMODIFIED ( ( int8_t ) 0 ) +#define queueINT8_MAX ( ( int8_t ) 127 ) /* When the Queue_t structure is used to represent a base queue its pcHead and * pcTail members are used as pointers into the queue storage area. When the @@ -264,7 +265,7 @@ static void prvInitialiseNewQueue( const UBaseType_t uxQueueLength, * accessing the queue event lists. */ #define prvLockQueue( pxQueue ) \ - taskENTER_CRITICAL(); \ + taskENTER_CRITICAL(); \ { \ if( ( pxQueue )->cRxLock == queueUNLOCKED ) \ { \ @@ -366,8 +367,10 @@ BaseType_t xQueueGenericReset( QueueHandle_t xQueue, * variable of type StaticQueue_t or StaticSemaphore_t equals the size of * the real queue and semaphore structures. */ volatile size_t xSize = sizeof( StaticQueue_t ); - configASSERT( xSize == sizeof( Queue_t ) ); - ( void ) xSize; /* Keeps lint quiet when configASSERT() is not defined. */ + + /* This assertion cannot be branch covered in unit tests */ + configASSERT( xSize == sizeof( Queue_t ) ); /* LCOV_EXCL_BR_LINE */ + ( void ) xSize; /* Keeps lint quiet when configASSERT() is not defined. */ } #endif /* configASSERT_DEFINED */ @@ -430,7 +433,7 @@ BaseType_t xQueueGenericReset( QueueHandle_t xQueue, configASSERT( ( uxItemSize == 0 ) || ( uxQueueLength == ( xQueueSizeInBytes / uxItemSize ) ) ); /* Check for addition overflow. */ - configASSERT( ( sizeof( Queue_t ) + xQueueSizeInBytes ) > xQueueSizeInBytes ); + configASSERT( ( sizeof( Queue_t ) + xQueueSizeInBytes ) > xQueueSizeInBytes ); /* Allocate the queue and storage area. Justification for MISRA * deviation as follows: pvPortMalloc() always ensures returned memory @@ -3087,7 +3090,10 @@ BaseType_t xQueueIsQueueFullFromISR( const QueueHandle_t xQueue ) /* This function must be called form a critical section. */ - configASSERT( pxQueueSetContainer ); + /* The following line is not reachable in unit tests because every call + * to prvNotifyQueueSetContainer is preceded by a check that + * pxQueueSetContainer != NULL */ + configASSERT( pxQueueSetContainer ); /* LCOV_EXCL_BR_LINE */ //Acquire the Queue set's spinlock portENTER_CRITICAL(&(pxQueueSetContainer->mux)); diff --git a/components/freertos/stream_buffer.c b/components/freertos/stream_buffer.c index e989643033..bc3991bdca 100644 --- a/components/freertos/stream_buffer.c +++ b/components/freertos/stream_buffer.c @@ -314,7 +314,6 @@ static void prvInitialiseNewStreamBuffer( StreamBuffer_t * const pxStreamBuffer, pucAllocatedMemory = NULL; } - if( pucAllocatedMemory != NULL ) { prvInitialiseNewStreamBuffer( ( StreamBuffer_t * ) pucAllocatedMemory, /* Structure at the start of the allocated memory. */ /*lint !e9087 Safe cast as allocated memory is aligned. */ /*lint !e826 Area is not too small and alignment is guaranteed provided malloc() behaves as expected and returns aligned buffer. */ @@ -571,14 +570,15 @@ size_t xStreamBufferSend( StreamBufferHandle_t xStreamBuffer, size_t xReturn, xSpace = 0; size_t xRequiredSpace = xDataLengthBytes; TimeOut_t xTimeOut; - - /* The maximum amount of space a stream buffer will ever report is its length - * minus 1. */ - const size_t xMaxReportedSpace = pxStreamBuffer->xLength - ( size_t ) 1; + size_t xMaxReportedSpace = 0; configASSERT( pvTxData ); configASSERT( pxStreamBuffer ); + /* The maximum amount of space a stream buffer will ever report is its length + * minus 1. */ + xMaxReportedSpace = pxStreamBuffer->xLength - ( size_t ) 1; + /* This send function is used to write to both message buffers and stream * buffers. If this is a message buffer then the space needed must be * increased by the amount of bytes needed to store the length of the diff --git a/components/freertos/tasks.c b/components/freertos/tasks.c index 3ce9f9d33a..0feff510ae 100644 --- a/components/freertos/tasks.c +++ b/components/freertos/tasks.c @@ -155,9 +155,9 @@ } \ \ /* listGET_OWNER_OF_NEXT_ENTRY indexes through the list, so the tasks of \ - * the same priority get an equal share of the processor time. */ \ + * the same priority get an equal share of the processor time. */ \ listGET_OWNER_OF_NEXT_ENTRY( pxCurrentTCB[xPortGetCoreID()], &( pxReadyTasksLists[ uxTopPriority ] ) ); \ - uxTopReadyPriority = uxTopPriority; \ + uxTopReadyPriority = uxTopPriority; \ } /* taskSELECT_HIGHEST_PRIORITY_TASK */ /*-----------------------------------------------------------*/ @@ -418,8 +418,8 @@ PRIVILEGED_DATA static volatile UBaseType_t uxSchedulerSuspended[portNUM_PROCESS #if ( configGENERATE_RUN_TIME_STATS == 1 ) - /* Do not move these variables to function scope as doing so prevents the - code working with debuggers that need to remove the static qualifier. */ +/* Do not move these variables to function scope as doing so prevents the + * code working with debuggers that need to remove the static qualifier. */ PRIVILEGED_DATA static uint32_t ulTaskSwitchedInTime[portNUM_PROCESSORS] = {0U}; /*< Holds the value of a timer/counter the last time a task was switched in. */ PRIVILEGED_DATA static uint32_t ulTotalRunTime = 0UL; /*< Holds the total amount of execution time as defined by the run time counter clock. */ @@ -483,7 +483,7 @@ static void prvInitialiseTaskLists( void ) PRIVILEGED_FUNCTION; * void prvIdleTask( void *pvParameters ); * */ -static portTASK_FUNCTION_PROTO( prvIdleTask, pvParameters ); +static portTASK_FUNCTION_PROTO( prvIdleTask, pvParameters ) PRIVILEGED_FUNCTION; /* * Utility to free all memory allocated by the scheduler to hold a TCB, @@ -814,12 +814,12 @@ void taskYIELD_OTHER_CORE( BaseType_t xCoreID, UBaseType_t uxPriority ) #if ( configSUPPORT_DYNAMIC_ALLOCATION == 1 ) BaseType_t xTaskCreatePinnedToCore( TaskFunction_t pvTaskCode, - const char * const pcName, - const uint32_t usStackDepth, - void * const pvParameters, - UBaseType_t uxPriority, - TaskHandle_t * const pvCreatedTask, - const BaseType_t xCoreID) + const char * const pcName, /*lint !e971 Unqualified char types are allowed for strings and single characters only. */ + const uint32_t usStackDepth, + void * const pvParameters, + UBaseType_t uxPriority, + TaskHandle_t * const pvCreatedTask, + const BaseType_t xCoreID) { TCB_t * pxNewTCB; BaseType_t xReturn; @@ -1906,7 +1906,7 @@ static void prvAddNewTaskToReadyList( TCB_t * pxNewTCB, if( listIS_CONTAINED_WITHIN( &( pxReadyTasksLists[ uxPriorityUsedOnEntry ] ), &( pxTCB->xStateListItem ) ) != pdFALSE ) { /* The task is currently in its ready list - remove before - * adding it to it's new ready list. As we are in a critical + * adding it to its new ready list. As we are in a critical * section we can do this even if the scheduler is suspended. */ if( uxListRemove( &( pxTCB->xStateListItem ) ) == ( UBaseType_t ) 0 ) {