Put MCS-only invocations into their own groups and files. This solves
the problem that doxygen gets confused by duplicate function names with
the same parameters.
MCS/non-MCS is distinguished by evaluating the <condition> field in the
API XML definition. If the condition evaluates to true when
CONFIG_KERNEL_MCS is set, it is an MCS-only method, otherwise it is
assumed to be non-MCS or present in both configs.
Fixes#558
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
HTML_TIMESTAMP and LATEX_TIMESTAMP have been removed in more recent
doxygen versions. Since we are using the defaults, they are safe to
remove in our config file.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Different API groups may contain the same function name, for instance
IRQ_Control GetTrigger for RISC-V vs the same for ARM. Duplicate
function names with identical parameter lists confuse doxygen, leading
it to generate a single merged xml entry for both, which means one of
the entires will be missing and the other will be potentially wrong.
When the functions are placed in different files and different groups
at the same time, doxygen no longer is confused in all cases.
Therefore:
- generate a separate file for each API group
- generate a separate file group_defs.h that contains group definitions
and declares group nesting
Unfortunately, this does not seem to always work (e.g. the toplevel
MCS/non-MCS syscalls), so manual inspection is still necessary when
adding new calls and separate doxygen runs for duplicate function names
may be necessary. Generating separate files as above enables this
option, should it become necessary in the future.
Fixes#530
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Explicitly select xml parser (instead of html) via "lxml-xml" in
BeatifulSoup to avoid warning.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Provide seL4_BootInfoFrameSize (and seL4_BootInfoFrameBits) for
userland, to there is no longer a need to hard-code the 4 KiByte
assumption.
Signed-off-by: Axel Heider <axelheider@gmx.de>
Guard the new implementation of 64-bit x86 guests behind a config
option. This is done so that existing projects that use x86_64 hosts
with ia32-bit guests can continue to be supported until either the old
feature is preferred to be deprecated, or support can be added to
support both simmultaneously.
Signed-off-by: Kent McLeod <kent@kry10.com>
Using the same cap twice on the same slot is possible for remapping,
but using the same cap twice in different tables or VSpaces will result
in an error.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Describe the difference in 3 and 4 level configs for AArch64 and point
to the libsel4 macros that abstract from the distinction.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Remove previous mix of \texttt and \obj, use \obj consistently when
referring to kernel objects.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- clarify terminology (cap vs object) in ASID Control and ASID pool
- same for page sharing
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Adjusting for VSpace object clarification and making sure terminology
is used consistently.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Rework the intro to the VSpace section for slightly improved clarity
and a more explicit definition of the distinctions between VSpace and
VSpace object, and between frame object and page capability.
Addresses #564
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- use a marker file to get a time stamp for when doxygen output was
last generated. Use that as a file target instead of a phony target
to avoid rebuilds when there is nothing to do.
- use static pattern rules so that `make` creates files instead of
giving up when the prerequisite of a pattern rule does not exist yet.
- remove file list duplication (needed because the static pattern
rules also need to mention these files)
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Remove options that are obsolete in doxygen >= 1.9. We only use default
values here, so everything should keep working as before in doxygen 1.8.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
- fix broken links in the document
- small tweaks to make latex complain less:
- increase headheight by 2pt
- give small possible stretch value to parskip for filling pages
- use \sloppy for TOC to avoid unnecessary overfull hboxes
- make table placement more explicit (it currently doesn't fit
where [h] wants to place it, so allow it to go to the top of
the next page)
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Mutate cannot be used to badge endpoints (many years ago, before the
first public release, this was possible, but was removed).
Also explain why Mutate is not always replaceable with Mint+Delete.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The concept of untyped object was confusing the description here, esp
when it comes to the CDT and what is derived from what. Also explain
when memory is actually zeroed, because that is important for where you
want to make sure that no confidential data remains in memory, for
instance.
This commit only affects the retype/revoke explanation and does not
attempt to clear up the concept of untyped object more generally.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
Extra spaces are inserted after texttt tags when generating doxygen
comments in order to ensure that xmlonly tags are readable by doxygen.
The extra spaces cause a description like this:
```
Testing <texttt text="1"/>, 2, 3
```
To be rendered like this:
```
Testing 1 , 2, 3
```
This change identifies text runs that start with extra spaces and either
a period or a comma and removes the extra spaces, allowing at least
common punctuation to be rendered correctly.
Signed-off-by: Jimmy Brush <code@jimmah.com>
- resolve mix of service mechanism, abstraction
- update verification explanation + references
- remove reference to ARM11 which is slated to be discontinued
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
The old draftcopy package doesn't seem to work on newer texlive
installations. We also don't want to pass `draft` to the `report`
style, because that will switch off images.
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This adds a flags parameter to SchedControl_Configure to enable
configuration of a sporadic SC.
This also allows flags to be added in the future as needed without
breaking the API.
This allows the user to configure an SC either to be constrained as a
sporadic task where accumulated time is only delayed to when a task has
become runnable (implementing the sporadic server algorithm) or
whenever the task becomes the current executing task (implementing the
sliding-window constraint as in constant-bandwidth servers).
This can be used to prevent non-realtime tasks from exceeding bandwidth
under any circumstances, even in an over-committed configuration, whilst
also allowing work-conserving tasks to be configured in the same system.
To implement sporadic servers, we need to ensure that the suspension of
a task cannot be used as a mechanism to amplify budget of a task by
granting that task access to effectively multiple periods worth of
replenishments within a single period.
To align the implementation of SCs with the model of sporadic servers we
must delay available time until the release of a task. Within seL4, a
release would be any time where an SC changes from not being associated
with a Running, RunningVM, or Restart thread to one that is.
This can occur when an SC is bound to a new thread in such a state or
when a thread changes to such a state from any non-running states.
Critically, replenishments should not be delayed at the point when an SC
becomes the current SC (as was the case prior to this commit). This has
the effect of enforcing a continuous, constant bandwidth which is a
restriction that is incompatible with standard scheduling logic.
Accounting for this requires inserting a new refill_unblock_check
call whenever a sporadic SC is unblocked and removing the
refill_unblock_check call from when said SC is scheduled.
Signed-off-by: Curtis Millar <curtis.millar@data61.csiro.au>
