Tighten bound on mlist isopen asserts

Unbalanced open/close calls continue to be a pain point for users, it
doesn't help that this sometimes results in hard-to-debug infinite loops
caused by the open-file linked-list (the mlist) getting tangled up in
itself.

Moving the mlist isopen asserts lower into the actual list append/remove
functions will help:

1. Make sure coverage of potential linked-list issues is complete.

2. Also assert against multiple close calls, which isn't an issue for
   the mlist, but can result in double free and memory corruption.

lfs.c

@@ -505,6 +505,7 @@ static bool lfs_mlist_isopen(struct lfs_mlist *head,
 #endif
 
 static void lfs_mlist_remove(lfs_t *lfs, struct lfs_mlist *mlist) {
+    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, mlist));
     for (struct lfs_mlist **p = &lfs->mlist; *p; p = &(*p)->next) {
         if (*p == mlist) {
             *p = (*p)->next;
@@ -514,6 +515,7 @@ static void lfs_mlist_remove(lfs_t *lfs, struct lfs_mlist *mlist) {
 }
 
 static void lfs_mlist_append(lfs_t *lfs, struct lfs_mlist *mlist) {
+    LFS_ASSERT(!lfs_mlist_isopen(lfs->mlist, mlist));
     mlist->next = lfs->mlist;
     lfs->mlist = mlist;
 }
@@ -593,52 +595,45 @@ static int lfs_rawunmount(lfs_t *lfs);
 
 
 /// Block allocator ///
-
-// allocations should call this when all allocated blocks are committed to
-// the filesystem
-//
-// after a checkpoint, the block allocator may realloc any untracked blocks
-static void lfs_alloc_ckpoint(lfs_t *lfs) {
-    lfs->lookahead.ckpoint = lfs->block_count;
-}
-
-// drop the lookahead buffer, this is done during mounting and failed
-// traversals in order to avoid invalid lookahead state
-static void lfs_alloc_drop(lfs_t *lfs) {
-    lfs->lookahead.size = 0;
-    lfs->lookahead.next = 0;
-    lfs_alloc_ckpoint(lfs);
-}
-
 #ifndef LFS_READONLY
 static int lfs_alloc_lookahead(void *p, lfs_block_t block) {
     lfs_t *lfs = (lfs_t*)p;
-    lfs_block_t off = ((block - lfs->lookahead.start)
+    lfs_block_t off = ((block - lfs->free.off)
             + lfs->block_count) % lfs->block_count;
 
-    if (off < lfs->lookahead.size) {
-        lfs->lookahead.buffer[off / 8] |= 1U << (off % 8);
+    if (off < lfs->free.size) {
+        lfs->free.buffer[off / 32] |= 1U << (off % 32);
     }
 
     return 0;
 }
 #endif
 
+// indicate allocated blocks have been committed into the filesystem, this
+// is to prevent blocks from being garbage collected in the middle of a
+// commit operation
+static void lfs_alloc_ack(lfs_t *lfs) {
+    lfs->free.ack = lfs->block_count;
+}
+
+// drop the lookahead buffer, this is done during mounting and failed
+// traversals in order to avoid invalid lookahead state
+static void lfs_alloc_drop(lfs_t *lfs) {
+    lfs->free.size = 0;
+    lfs->free.i = 0;
+    lfs_alloc_ack(lfs);
+}
+
 #ifndef LFS_READONLY
-static int lfs_alloc_scan(lfs_t *lfs) {
-    // move lookahead buffer to the first unused block
-    //
-    // note we limit the lookahead buffer to at most the amount of blocks
-    // checkpointed, this prevents the math in lfs_alloc from underflowing
-    lfs->lookahead.start = (lfs->lookahead.start + lfs->lookahead.next) 
-            % lfs->block_count;
-    lfs->lookahead.next = 0;
-    lfs->lookahead.size = lfs_min(
-            8*lfs->cfg->lookahead_size,
-            lfs->lookahead.ckpoint);
+static int lfs_fs_rawgc(lfs_t *lfs) {
+    // Move free offset at the first unused block (lfs->free.i)
+    // lfs->free.i is equal lfs->free.size when all blocks are used
+    lfs->free.off = (lfs->free.off + lfs->free.i) % lfs->block_count;
+    lfs->free.size = lfs_min(8*lfs->cfg->lookahead_size, lfs->free.ack);
+    lfs->free.i = 0;
 
     // find mask of free blocks from tree
-    memset(lfs->lookahead.buffer, 0, lfs->cfg->lookahead_size);
+    memset(lfs->free.buffer, 0, lfs->cfg->lookahead_size);
     int err = lfs_fs_rawtraverse(lfs, lfs_alloc_lookahead, lfs, true);
     if (err) {
         lfs_alloc_drop(lfs);
@@ -652,49 +647,36 @@ static int lfs_alloc_scan(lfs_t *lfs) {
 #ifndef LFS_READONLY
 static int lfs_alloc(lfs_t *lfs, lfs_block_t *block) {
     while (true) {
-        // scan our lookahead buffer for free blocks
-        while (lfs->lookahead.next < lfs->lookahead.size) {
-            if (!(lfs->lookahead.buffer[lfs->lookahead.next / 8]
-                    & (1U << (lfs->lookahead.next % 8)))) {
+        while (lfs->free.i != lfs->free.size) {
+            lfs_block_t off = lfs->free.i;
+            lfs->free.i += 1;
+            lfs->free.ack -= 1;
+
+            if (!(lfs->free.buffer[off / 32] & (1U << (off % 32)))) {
                 // found a free block
-                *block = (lfs->lookahead.start + lfs->lookahead.next)
-                        % lfs->block_count;
+                *block = (lfs->free.off + off) % lfs->block_count;
 
-                // eagerly find next free block to maximize how many blocks
-                // lfs_alloc_ckpoint makes available for scanning
-                while (true) {
-                    lfs->lookahead.next += 1;
-                    lfs->lookahead.ckpoint -= 1;
-
-                    if (lfs->lookahead.next >= lfs->lookahead.size
-                            || !(lfs->lookahead.buffer[lfs->lookahead.next / 8]
-                                & (1U << (lfs->lookahead.next % 8)))) {
-                        return 0;
-                    }
+                // eagerly find next off so an alloc ack can
+                // discredit old lookahead blocks
+                while (lfs->free.i != lfs->free.size &&
+                        (lfs->free.buffer[lfs->free.i / 32]
+                            & (1U << (lfs->free.i % 32)))) {
+                    lfs->free.i += 1;
+                    lfs->free.ack -= 1;
                 }
-            }
 
-            lfs->lookahead.next += 1;
-            lfs->lookahead.ckpoint -= 1;
+                return 0;
+            }
         }
 
-        // In order to keep our block allocator from spinning forever when our
-        // filesystem is full, we mark points where there are no in-flight
-        // allocations with a checkpoint before starting a set of allocations.
-        //
-        // If we've looked at all blocks since the last checkpoint, we report
-        // the filesystem as out of storage.
-        //
-        if (lfs->lookahead.ckpoint <= 0) {
-            LFS_ERROR("No more free space 0x%"PRIx32,
-                    (lfs->lookahead.start + lfs->lookahead.next)
-                        % lfs->cfg->block_count);
+        // check if we have looked at all blocks since last ack
+        if (lfs->free.ack == 0) {
+            LFS_ERROR("No more free space %"PRIu32,
+                    lfs->free.i + lfs->free.off);
             return LFS_ERR_NOSPC;
         }
 
-        // No blocks in our lookahead buffer, we need to scan the filesystem for
-        // unused blocks in the next lookahead window.
-        int err = lfs_alloc_scan(lfs);
+        int err = lfs_fs_rawgc(lfs);
         if(err) {
             return err;
         }
@@ -2608,7 +2590,7 @@ static int lfs_rawmkdir(lfs_t *lfs, const char *path) {
     }
 
     // build up new directory
-    lfs_alloc_ckpoint(lfs);
+    lfs_alloc_ack(lfs);
     lfs_mdir_t dir;
     err = lfs_dir_alloc(lfs, &dir);
     if (err) {
@@ -3052,8 +3034,7 @@ static int lfs_file_rawopencfg(lfs_t *lfs, lfs_file_t *file,
     // allocate entry for file if it doesn't exist
     lfs_stag_t tag = lfs_dir_find(lfs, &file->m, &path, &file->id);
     if (tag < 0 && !(tag == LFS_ERR_NOENT && file->id != 0x3ff)) {
-        err = tag;
-        goto cleanup;
+        return tag;
     }
 
     // get id, add to list of mdirs to catch update changes
@@ -3294,7 +3275,7 @@ relocate:
 #ifndef LFS_READONLY
 static int lfs_file_outline(lfs_t *lfs, lfs_file_t *file) {
     file->off = file->pos;
-    lfs_alloc_ckpoint(lfs);
+    lfs_alloc_ack(lfs);
     int err = lfs_file_relocate(lfs, file);
     if (err) {
         return err;
@@ -3524,7 +3505,11 @@ static lfs_ssize_t lfs_file_flushedwrite(lfs_t *lfs, lfs_file_t *file,
     lfs_size_t nsize = size;
 
     if ((file->flags & LFS_F_INLINE) &&
-            lfs_max(file->pos+nsize, file->ctz.size) > lfs->inline_max) {
+            lfs_max(file->pos+nsize, file->ctz.size) >
+            lfs_min(0x3fe, lfs_min(
+                lfs->cfg->cache_size,
+                (lfs->cfg->metadata_max ?
+                    lfs->cfg->metadata_max : lfs->cfg->block_size) / 8))) {
         // inline file doesn't fit anymore
         int err = lfs_file_outline(lfs, file);
         if (err) {
@@ -3553,7 +3538,7 @@ static lfs_ssize_t lfs_file_flushedwrite(lfs_t *lfs, lfs_file_t *file,
                 }
 
                 // extend file with new blocks
-                lfs_alloc_ckpoint(lfs);
+                lfs_alloc_ack(lfs);
                 int err = lfs_ctz_extend(lfs, &file->cache, &lfs->rcache,
                         file->block, file->pos,
                         &file->block, &file->off);
@@ -3596,7 +3581,7 @@ relocate:
         data += diff;
         nsize -= diff;
 
-        lfs_alloc_ckpoint(lfs);
+        lfs_alloc_ack(lfs);
     }
 
     return size;
@@ -3721,7 +3706,10 @@ static int lfs_file_rawtruncate(lfs_t *lfs, lfs_file_t *file, lfs_off_t size) {
     lfs_off_t oldsize = lfs_file_rawsize(lfs, file);
     if (size < oldsize) {
         // revert to inline file?
-        if (size <= lfs->inline_max) {
+        if (size <= lfs_min(0x3fe, lfs_min(
+                lfs->cfg->cache_size,
+                (lfs->cfg->metadata_max ?
+                    lfs->cfg->metadata_max : lfs->cfg->block_size) / 8))) {
             // flush+seek to head
             lfs_soff_t res = lfs_file_rawseek(lfs, file, 0, LFS_SEEK_SET);
             if (res < 0) {
@@ -4121,21 +4109,6 @@ static int lfs_rawremoveattr(lfs_t *lfs, const char *path, uint8_t type) {
 
 
 /// Filesystem operations ///
-
-// compile time checks, see lfs.h for why these limits exist
-#if LFS_NAME_MAX > 1022
-#error "Invalid LFS_NAME_MAX, must be <= 1022"
-#endif
-
-#if LFS_FILE_MAX > 2147483647
-#error "Invalid LFS_FILE_MAX, must be <= 2147483647"
-#endif
-
-#if LFS_ATTR_MAX > 1022
-#error "Invalid LFS_ATTR_MAX, must be <= 1022"
-#endif
-
-// common filesystem initialization
 static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) {
     lfs->cfg = cfg;
     lfs->block_count = cfg->block_count;  // May be 0
@@ -4183,14 +4156,6 @@ static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) {
     // wear-leveling.
     LFS_ASSERT(lfs->cfg->block_cycles != 0);
 
-    // check that compact_thresh makes sense
-    //
-    // metadata can't be compacted below block_size/2, and metadata can't
-    // exceed a block_size
-    LFS_ASSERT(lfs->cfg->compact_thresh == 0
-            || lfs->cfg->compact_thresh >= lfs->cfg->block_size/2);
-    LFS_ASSERT(lfs->cfg->compact_thresh == (lfs_size_t)-1
-            || lfs->cfg->compact_thresh <= lfs->cfg->block_size);
 
     // setup read cache
     if (lfs->cfg->read_buffer) {
@@ -4218,14 +4183,15 @@ static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) {
     lfs_cache_zero(lfs, &lfs->rcache);
     lfs_cache_zero(lfs, &lfs->pcache);
 
-    // setup lookahead buffer, note mount finishes initializing this after
-    // we establish a decent pseudo-random seed
+    // setup lookahead, must be multiple of 64-bits, 32-bit aligned
     LFS_ASSERT(lfs->cfg->lookahead_size > 0);
+    LFS_ASSERT(lfs->cfg->lookahead_size % 8 == 0 &&
+            (uintptr_t)lfs->cfg->lookahead_buffer % 4 == 0);
     if (lfs->cfg->lookahead_buffer) {
-        lfs->lookahead.buffer = lfs->cfg->lookahead_buffer;
+        lfs->free.buffer = lfs->cfg->lookahead_buffer;
     } else {
-        lfs->lookahead.buffer = lfs_malloc(lfs->cfg->lookahead_size);
-        if (!lfs->lookahead.buffer) {
+        lfs->free.buffer = lfs_malloc(lfs->cfg->lookahead_size);
+        if (!lfs->free.buffer) {
             err = LFS_ERR_NOMEM;
             goto cleanup;
         }
@@ -4252,27 +4218,6 @@ static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) {
 
     LFS_ASSERT(lfs->cfg->metadata_max <= lfs->cfg->block_size);
 
-    LFS_ASSERT(lfs->cfg->inline_max == (lfs_size_t)-1
-            || lfs->cfg->inline_max <= lfs->cfg->cache_size);
-    LFS_ASSERT(lfs->cfg->inline_max == (lfs_size_t)-1
-            || lfs->cfg->inline_max <= lfs->attr_max);
-    LFS_ASSERT(lfs->cfg->inline_max == (lfs_size_t)-1
-            || lfs->cfg->inline_max <= ((lfs->cfg->metadata_max)
-                ? lfs->cfg->metadata_max
-                : lfs->cfg->block_size)/8);
-    lfs->inline_max = lfs->cfg->inline_max;
-    if (lfs->inline_max == (lfs_size_t)-1) {
-        lfs->inline_max = 0;
-    } else if (lfs->inline_max == 0) {
-        lfs->inline_max = lfs_min(
-                lfs->cfg->cache_size,
-                lfs_min(
-                    lfs->attr_max,
-                    ((lfs->cfg->metadata_max)
-                        ? lfs->cfg->metadata_max
-                        : lfs->cfg->block_size)/8));
-    }
-
     // setup default state
     lfs->root[0] = LFS_BLOCK_NULL;
     lfs->root[1] = LFS_BLOCK_NULL;
@@ -4303,7 +4248,7 @@ static int lfs_deinit(lfs_t *lfs) {
     }
 
     if (!lfs->cfg->lookahead_buffer) {
-        lfs_free(lfs->lookahead.buffer);
+        lfs_free(lfs->free.buffer);
     }
 
     return 0;
@@ -4323,12 +4268,12 @@ static int lfs_rawformat(lfs_t *lfs, const struct lfs_config *cfg) {
         LFS_ASSERT(cfg->block_count != 0);
 
         // create free lookahead
-        memset(lfs->lookahead.buffer, 0, lfs->cfg->lookahead_size);
-        lfs->lookahead.start = 0;
-        lfs->lookahead.size = lfs_min(8*lfs->cfg->lookahead_size,
+        memset(lfs->free.buffer, 0, lfs->cfg->lookahead_size);
+        lfs->free.off = 0;
+        lfs->free.size = lfs_min(8*lfs->cfg->lookahead_size,
                 lfs->block_count);
-        lfs->lookahead.next = 0;
-        lfs_alloc_ckpoint(lfs);
+        lfs->free.i = 0;
+        lfs_alloc_ack(lfs);
 
         // create root dir
         lfs_mdir_t root;
@@ -4496,9 +4441,6 @@ static int lfs_rawmount(lfs_t *lfs, const struct lfs_config *cfg) {
                 }
 
                 lfs->attr_max = superblock.attr_max;
-
-                // we also need to update inline_max in case attr_max changed
-                lfs->inline_max = lfs_min(lfs->inline_max, lfs->attr_max);
             }
 
             // this is where we get the block_count from disk if block_count=0
@@ -4539,7 +4481,7 @@ static int lfs_rawmount(lfs_t *lfs, const struct lfs_config *cfg) {
 
     // setup free lookahead, to distribute allocations uniformly across
     // boots, we start the allocator at a random location
-    lfs->lookahead.start = lfs->seed % lfs->block_count;
+    lfs->free.off = lfs->seed % lfs->block_count;
     lfs_alloc_drop(lfs);
 
     return 0;
@@ -5106,57 +5048,6 @@ static lfs_ssize_t lfs_fs_rawsize(lfs_t *lfs) {
     return size;
 }
 
-// explicit garbage collection
-#ifndef LFS_READONLY
-static int lfs_fs_rawgc(lfs_t *lfs) {
-    // force consistency, even if we're not necessarily going to write,
-    // because this function is supposed to take care of janitorial work
-    // isn't it?
-    int err = lfs_fs_forceconsistency(lfs);
-    if (err) {
-        return err;
-    }
-
-    // try to compact metadata pairs, note we can't really accomplish
-    // anything if compact_thresh doesn't at least leave a prog_size
-    // available
-    if (lfs->cfg->compact_thresh
-            < lfs->cfg->block_size - lfs->cfg->prog_size) {
-        // iterate over all mdirs
-        lfs_mdir_t mdir = {.tail = {0, 1}};
-        while (!lfs_pair_isnull(mdir.tail)) {
-            err = lfs_dir_fetch(lfs, &mdir, mdir.tail);
-            if (err) {
-                return err;
-            }
-
-            // not erased? exceeds our compaction threshold?
-            if (!mdir.erased || ((lfs->cfg->compact_thresh == 0)
-                    ? mdir.off > lfs->cfg->block_size - lfs->cfg->block_size/8
-                    : mdir.off > lfs->cfg->compact_thresh)) {
-                // the easiest way to trigger a compaction is to mark
-                // the mdir as unerased and add an empty commit
-                mdir.erased = false;
-                err = lfs_dir_commit(lfs, &mdir, NULL, 0);
-                if (err) {
-                    return err;
-                }
-            }
-        }
-    }
-
-    // try to populate the lookahead buffer, unless it's already full
-    if (lfs->lookahead.size < 8*lfs->cfg->lookahead_size) {
-        err = lfs_alloc_scan(lfs);
-        if (err) {
-            return err;
-        }
-    }
-
-    return 0;
-}
-#endif
-
 #ifndef LFS_READONLY
 static int lfs_fs_rawgrow(lfs_t *lfs, lfs_size_t block_count) {
     // shrinking is not supported
@@ -5563,10 +5454,10 @@ static int lfs1_mount(lfs_t *lfs, struct lfs1 *lfs1,
         lfs->lfs1->root[1] = LFS_BLOCK_NULL;
 
         // setup free lookahead
-        lfs->lookahead.start = 0;
-        lfs->lookahead.size = 0;
-        lfs->lookahead.next = 0;
-        lfs_alloc_ckpoint(lfs);
+        lfs->free.off = 0;
+        lfs->free.size = 0;
+        lfs->free.i = 0;
+        lfs_alloc_ack(lfs);
 
         // load superblock
         lfs1_dir_t dir;
@@ -6039,7 +5930,6 @@ int lfs_file_open(lfs_t *lfs, lfs_file_t *file, const char *path, int flags) {
     }
     LFS_TRACE("lfs_file_open(%p, %p, \"%s\", %x)",
             (void*)lfs, (void*)file, path, flags);
-    LFS_ASSERT(!lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     err = lfs_file_rawopen(lfs, file, path, flags);
 
@@ -6060,7 +5950,6 @@ int lfs_file_opencfg(lfs_t *lfs, lfs_file_t *file,
                  ".buffer=%p, .attrs=%p, .attr_count=%"PRIu32"})",
             (void*)lfs, (void*)file, path, flags,
             (void*)cfg, cfg->buffer, (void*)cfg->attrs, cfg->attr_count);
-    LFS_ASSERT(!lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     err = lfs_file_rawopencfg(lfs, file, path, flags, cfg);
 
@@ -6075,7 +5964,6 @@ int lfs_file_close(lfs_t *lfs, lfs_file_t *file) {
         return err;
     }
     LFS_TRACE("lfs_file_close(%p, %p)", (void*)lfs, (void*)file);
-    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     err = lfs_file_rawclose(lfs, file);
 
@@ -6091,7 +5979,6 @@ int lfs_file_sync(lfs_t *lfs, lfs_file_t *file) {
         return err;
     }
     LFS_TRACE("lfs_file_sync(%p, %p)", (void*)lfs, (void*)file);
-    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     err = lfs_file_rawsync(lfs, file);
 
@@ -6109,7 +5996,6 @@ lfs_ssize_t lfs_file_read(lfs_t *lfs, lfs_file_t *file,
     }
     LFS_TRACE("lfs_file_read(%p, %p, %p, %"PRIu32")",
             (void*)lfs, (void*)file, buffer, size);
-    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     lfs_ssize_t res = lfs_file_rawread(lfs, file, buffer, size);
 
@@ -6127,7 +6013,6 @@ lfs_ssize_t lfs_file_write(lfs_t *lfs, lfs_file_t *file,
     }
     LFS_TRACE("lfs_file_write(%p, %p, %p, %"PRIu32")",
             (void*)lfs, (void*)file, buffer, size);
-    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     lfs_ssize_t res = lfs_file_rawwrite(lfs, file, buffer, size);
 
@@ -6145,7 +6030,6 @@ lfs_soff_t lfs_file_seek(lfs_t *lfs, lfs_file_t *file,
     }
     LFS_TRACE("lfs_file_seek(%p, %p, %"PRId32", %d)",
             (void*)lfs, (void*)file, off, whence);
-    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     lfs_soff_t res = lfs_file_rawseek(lfs, file, off, whence);
 
@@ -6162,7 +6046,6 @@ int lfs_file_truncate(lfs_t *lfs, lfs_file_t *file, lfs_off_t size) {
     }
     LFS_TRACE("lfs_file_truncate(%p, %p, %"PRIu32")",
             (void*)lfs, (void*)file, size);
-    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     err = lfs_file_rawtruncate(lfs, file, size);
 
@@ -6178,7 +6061,6 @@ lfs_soff_t lfs_file_tell(lfs_t *lfs, lfs_file_t *file) {
         return err;
     }
     LFS_TRACE("lfs_file_tell(%p, %p)", (void*)lfs, (void*)file);
-    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     lfs_soff_t res = lfs_file_rawtell(lfs, file);
 
@@ -6207,7 +6089,6 @@ lfs_soff_t lfs_file_size(lfs_t *lfs, lfs_file_t *file) {
         return err;
     }
     LFS_TRACE("lfs_file_size(%p, %p)", (void*)lfs, (void*)file);
-    LFS_ASSERT(lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)file));
 
     lfs_soff_t res = lfs_file_rawsize(lfs, file);
 
@@ -6238,7 +6119,6 @@ int lfs_dir_open(lfs_t *lfs, lfs_dir_t *dir, const char *path) {
         return err;
     }
     LFS_TRACE("lfs_dir_open(%p, %p, \"%s\")", (void*)lfs, (void*)dir, path);
-    LFS_ASSERT(!lfs_mlist_isopen(lfs->mlist, (struct lfs_mlist*)dir));
 
     err = lfs_dir_rawopen(lfs, dir, path);
 
@@ -6362,22 +6242,6 @@ int lfs_fs_traverse(lfs_t *lfs, int (*cb)(void *, lfs_block_t), void *data) {
     return err;
 }
 
-#ifndef LFS_READONLY
-int lfs_fs_mkconsistent(lfs_t *lfs) {
-    int err = LFS_LOCK(lfs->cfg);
-    if (err) {
-        return err;
-    }
-    LFS_TRACE("lfs_fs_mkconsistent(%p)", (void*)lfs);
-
-    err = lfs_fs_rawmkconsistent(lfs);
-
-    LFS_TRACE("lfs_fs_mkconsistent -> %d", err);
-    LFS_UNLOCK(lfs->cfg);
-    return err;
-}
-#endif
-
 #ifndef LFS_READONLY
 int lfs_fs_gc(lfs_t *lfs) {
     int err = LFS_LOCK(lfs->cfg);
@@ -6394,6 +6258,22 @@ int lfs_fs_gc(lfs_t *lfs) {
 }
 #endif
 
+#ifndef LFS_READONLY
+int lfs_fs_mkconsistent(lfs_t *lfs) {
+    int err = LFS_LOCK(lfs->cfg);
+    if (err) {
+        return err;
+    }
+    LFS_TRACE("lfs_fs_mkconsistent(%p)", (void*)lfs);
+
+    err = lfs_fs_rawmkconsistent(lfs);
+
+    LFS_TRACE("lfs_fs_mkconsistent -> %d", err);
+    LFS_UNLOCK(lfs->cfg);
+    return err;
+}
+#endif
+
 #ifndef LFS_READONLY
 int lfs_fs_grow(lfs_t *lfs, lfs_size_t block_count) {
     int err = LFS_LOCK(lfs->cfg);

lfs.h

@@ -52,8 +52,10 @@ typedef uint32_t lfs_block_t;
 #endif
 
 // Maximum size of a file in bytes, may be redefined to limit to support other
-// drivers. Limited on disk to <= 2147483647. Stored in superblock and must be
-// respected by other littlefs drivers.
+// drivers. Limited on disk to <= 4294967296. However, above 2147483647 the
+// functions lfs_file_seek, lfs_file_size, and lfs_file_tell will return
+// incorrect values due to using signed integers. Stored in superblock and
+// must be respected by other littlefs drivers.
 #ifndef LFS_FILE_MAX
 #define LFS_FILE_MAX 2147483647
 #endif
@@ -224,20 +226,9 @@ struct lfs_config {
     // Size of the lookahead buffer in bytes. A larger lookahead buffer
     // increases the number of blocks found during an allocation pass. The
     // lookahead buffer is stored as a compact bitmap, so each byte of RAM
-    // can track 8 blocks.
+    // can track 8 blocks. Must be a multiple of 8.
     lfs_size_t lookahead_size;
 
-    // Threshold for metadata compaction during lfs_fs_gc in bytes. Metadata
-    // pairs that exceed this threshold will be compacted during lfs_fs_gc.
-    // Defaults to ~88% block_size when zero, though the default may change
-    // in the future.
-    //
-    // Note this only affects lfs_fs_gc. Normal compactions still only occur
-    // when full.
-    //
-    // Set to -1 to disable metadata compaction during lfs_fs_gc.
-    lfs_size_t compact_thresh;
-
     // Optional statically allocated read buffer. Must be cache_size.
     // By default lfs_malloc is used to allocate this buffer.
     void *read_buffer;
@@ -246,8 +237,9 @@ struct lfs_config {
     // By default lfs_malloc is used to allocate this buffer.
     void *prog_buffer;
 
-    // Optional statically allocated lookahead buffer. Must be lookahead_size.
-    // By default lfs_malloc is used to allocate this buffer.
+    // Optional statically allocated lookahead buffer. Must be lookahead_size
+    // and aligned to a 32-bit boundary. By default lfs_malloc is used to
+    // allocate this buffer.
     void *lookahead_buffer;
 
     // Optional upper limit on length of file names in bytes. No downside for
@@ -272,15 +264,6 @@ struct lfs_config {
     // Defaults to block_size when zero.
     lfs_size_t metadata_max;
 
-    // Optional upper limit on inlined files in bytes. Inlined files live in
-    // metadata and decrease storage requirements, but may be limited to
-    // improve metadata-related performance. Must be <= cache_size, <=
-    // attr_max, and <= block_size/8. Defaults to the largest possible
-    // inline_max when zero.
-    //
-    // Set to -1 to disable inlined files.
-    lfs_size_t inline_max;
-
 #ifdef LFS_MULTIVERSION
     // On-disk version to use when writing in the form of 16-bit major version
     // + 16-bit minor version. This limiting metadata to what is supported by
@@ -447,20 +430,19 @@ typedef struct lfs {
     lfs_gstate_t gdisk;
     lfs_gstate_t gdelta;
 
-    struct lfs_lookahead {
-        lfs_block_t start;
+    struct lfs_free {
+        lfs_block_t off;
         lfs_block_t size;
-        lfs_block_t next;
-        lfs_block_t ckpoint;
-        uint8_t *buffer;
-    } lookahead;
+        lfs_block_t i;
+        lfs_block_t ack;
+        uint32_t *buffer;
+    } free;
 
     const struct lfs_config *cfg;
     lfs_size_t block_count;
     lfs_size_t name_max;
     lfs_size_t file_max;
     lfs_size_t attr_max;
-    lfs_size_t inline_max;
 
 #ifdef LFS_MIGRATE
     struct lfs1 *lfs1;
@@ -730,6 +712,18 @@ lfs_ssize_t lfs_fs_size(lfs_t *lfs);
 // Returns a negative error code on failure.
 int lfs_fs_traverse(lfs_t *lfs, int (*cb)(void*, lfs_block_t), void *data);
 
+// Attempt to proactively find free blocks
+//
+// Calling this function is not required, but may allowing the offloading of
+// the expensive block allocation scan to a less time-critical code path.
+//
+// Note: littlefs currently does not persist any found free blocks to disk.
+// This may change in the future.
+//
+// Returns a negative error code on failure. Finding no free blocks is
+// not an error.
+int lfs_fs_gc(lfs_t *lfs);
+
 #ifndef LFS_READONLY
 // Attempt to make the filesystem consistent and ready for writing
 //
@@ -742,24 +736,6 @@ int lfs_fs_traverse(lfs_t *lfs, int (*cb)(void*, lfs_block_t), void *data);
 int lfs_fs_mkconsistent(lfs_t *lfs);
 #endif
 
-#ifndef LFS_READONLY
-// Attempt any janitorial work
-//
-// This currently:
-// 1. Calls mkconsistent if not already consistent
-// 2. Compacts metadata > compact_thresh
-// 3. Populates the block allocator
-//
-// Though additional janitorial work may be added in the future.
-//
-// Calling this function is not required, but may allow the offloading of
-// expensive janitorial work to a less time-critical code path.
-//
-// Returns a negative error code on failure. Accomplishing nothing is not
-// an error.
-int lfs_fs_gc(lfs_t *lfs);
-#endif
-
 #ifndef LFS_READONLY
 // Grows the filesystem to a new size, updating the superblock with the new
 // block count.

lfs_util.c

@@ -11,8 +11,6 @@
 #ifndef LFS_CONFIG
 
 
-// If user provides their own CRC impl we don't need this
-#ifndef LFS_CRC
 // Software CRC implementation with small lookup table
 uint32_t lfs_crc(uint32_t crc, const void *buffer, size_t size) {
     static const uint32_t rtable[16] = {
@@ -31,7 +29,6 @@ uint32_t lfs_crc(uint32_t crc, const void *buffer, size_t size) {
 
     return crc;
 }
-#endif
 
 
 #endif

lfs_util.h

@@ -212,22 +212,12 @@ static inline uint32_t lfs_tobe32(uint32_t a) {
 }
 
 // Calculate CRC-32 with polynomial = 0x04c11db7
-#ifdef LFS_CRC
-uint32_t lfs_crc(uint32_t crc, const void *buffer, size_t size) {
-    return LFS_CRC(crc, buffer, size)
-}
-#else
 uint32_t lfs_crc(uint32_t crc, const void *buffer, size_t size);
-#endif
 
 // Allocate memory, only used if buffers are not provided to littlefs
-//
-// littlefs current has no alignment requirements, as it only allocates
-// byte-level buffers.
+// Note, memory must be 64-bit aligned
 static inline void *lfs_malloc(size_t size) {
-#if defined(LFS_MALLOC)
-    return LFS_MALLOC(size);
-#elif !defined(LFS_NO_MALLOC)
+#ifndef LFS_NO_MALLOC
     return malloc(size);
 #else
     (void)size;
@@ -237,9 +227,7 @@ static inline void *lfs_malloc(size_t size) {
 
 // Deallocate memory, only used if buffers are not provided to littlefs
 static inline void lfs_free(void *p) {
-#if defined(LFS_FREE)
-    LFS_FREE(p);
-#elif !defined(LFS_NO_MALLOC)
+#ifndef LFS_NO_MALLOC
     free(p);
 #else
     (void)p;

runners/bench_runner.c

@@ -1321,8 +1321,6 @@ void perm_run(
         .block_cycles       = BLOCK_CYCLES,
         .cache_size         = CACHE_SIZE,
         .lookahead_size     = LOOKAHEAD_SIZE,
-        .compact_thresh     = COMPACT_THRESH,
-        .inline_max         = INLINE_MAX,
     };
 
     struct lfs_emubd_config bdcfg = {

runners/bench_runner.h

@@ -95,13 +95,11 @@ intmax_t bench_define(size_t define);
 #define BLOCK_COUNT_i        5
 #define CACHE_SIZE_i         6
 #define LOOKAHEAD_SIZE_i     7
-#define COMPACT_THRESH_i     8
-#define INLINE_MAX_i         9
-#define BLOCK_CYCLES_i       10
-#define ERASE_VALUE_i        11
-#define ERASE_CYCLES_i       12
-#define BADBLOCK_BEHAVIOR_i  13
-#define POWERLOSS_BEHAVIOR_i 14
+#define BLOCK_CYCLES_i       8
+#define ERASE_VALUE_i        9
+#define ERASE_CYCLES_i       10
+#define BADBLOCK_BEHAVIOR_i  11
+#define POWERLOSS_BEHAVIOR_i 12
 
 #define READ_SIZE           bench_define(READ_SIZE_i)
 #define PROG_SIZE           bench_define(PROG_SIZE_i)
@@ -111,8 +109,6 @@ intmax_t bench_define(size_t define);
 #define BLOCK_COUNT         bench_define(BLOCK_COUNT_i)
 #define CACHE_SIZE          bench_define(CACHE_SIZE_i)
 #define LOOKAHEAD_SIZE      bench_define(LOOKAHEAD_SIZE_i)
-#define COMPACT_THRESH      bench_define(COMPACT_THRESH_i)
-#define INLINE_MAX          bench_define(INLINE_MAX_i)
 #define BLOCK_CYCLES        bench_define(BLOCK_CYCLES_i)
 #define ERASE_VALUE         bench_define(ERASE_VALUE_i)
 #define ERASE_CYCLES        bench_define(ERASE_CYCLES_i)
@@ -128,8 +124,6 @@ intmax_t bench_define(size_t define);
     BENCH_DEF(BLOCK_COUNT,        ERASE_COUNT/lfs_max(BLOCK_SIZE/ERASE_SIZE,1))\
     BENCH_DEF(CACHE_SIZE,         lfs_max(64,lfs_max(READ_SIZE,PROG_SIZE))) \
     BENCH_DEF(LOOKAHEAD_SIZE,     16) \
-    BENCH_DEF(COMPACT_THRESH,     0) \
-    BENCH_DEF(INLINE_MAX,         0) \
     BENCH_DEF(BLOCK_CYCLES,       -1) \
     BENCH_DEF(ERASE_VALUE,        0xff) \
     BENCH_DEF(ERASE_CYCLES,       0) \
@@ -137,7 +131,7 @@ intmax_t bench_define(size_t define);
     BENCH_DEF(POWERLOSS_BEHAVIOR, LFS_EMUBD_POWERLOSS_NOOP)
 
 #define BENCH_GEOMETRY_DEFINE_COUNT 4
-#define BENCH_IMPLICIT_DEFINE_COUNT 15
+#define BENCH_IMPLICIT_DEFINE_COUNT 13
 
 
 #endif

runners/test_runner.c

@@ -1346,8 +1346,6 @@ static void run_powerloss_none(
         .block_cycles       = BLOCK_CYCLES,
         .cache_size         = CACHE_SIZE,
         .lookahead_size     = LOOKAHEAD_SIZE,
-        .compact_thresh     = COMPACT_THRESH,
-        .inline_max         = INLINE_MAX,
     #ifdef LFS_MULTIVERSION
         .disk_version       = DISK_VERSION,
     #endif
@@ -1424,8 +1422,6 @@ static void run_powerloss_linear(
         .block_cycles       = BLOCK_CYCLES,
         .cache_size         = CACHE_SIZE,
         .lookahead_size     = LOOKAHEAD_SIZE,
-        .compact_thresh     = COMPACT_THRESH,
-        .inline_max         = INLINE_MAX,
     #ifdef LFS_MULTIVERSION
         .disk_version       = DISK_VERSION,
     #endif
@@ -1519,8 +1515,6 @@ static void run_powerloss_log(
         .block_cycles       = BLOCK_CYCLES,
         .cache_size         = CACHE_SIZE,
         .lookahead_size     = LOOKAHEAD_SIZE,
-        .compact_thresh     = COMPACT_THRESH,
-        .inline_max         = INLINE_MAX,
     #ifdef LFS_MULTIVERSION
         .disk_version       = DISK_VERSION,
     #endif
@@ -1612,8 +1606,6 @@ static void run_powerloss_cycles(
         .block_cycles       = BLOCK_CYCLES,
         .cache_size         = CACHE_SIZE,
         .lookahead_size     = LOOKAHEAD_SIZE,
-        .compact_thresh     = COMPACT_THRESH,
-        .inline_max         = INLINE_MAX,
     #ifdef LFS_MULTIVERSION
         .disk_version       = DISK_VERSION,
     #endif
@@ -1803,8 +1795,6 @@ static void run_powerloss_exhaustive(
         .block_cycles       = BLOCK_CYCLES,
         .cache_size         = CACHE_SIZE,
         .lookahead_size     = LOOKAHEAD_SIZE,
-        .compact_thresh     = COMPACT_THRESH,
-        .inline_max         = INLINE_MAX,
     #ifdef LFS_MULTIVERSION
         .disk_version       = DISK_VERSION,
     #endif

runners/test_runner.h

@@ -88,14 +88,12 @@ intmax_t test_define(size_t define);
 #define BLOCK_COUNT_i        5
 #define CACHE_SIZE_i         6
 #define LOOKAHEAD_SIZE_i     7
-#define COMPACT_THRESH_i     8
-#define INLINE_MAX_i         9
-#define BLOCK_CYCLES_i       10
-#define ERASE_VALUE_i        11
-#define ERASE_CYCLES_i       12
-#define BADBLOCK_BEHAVIOR_i  13
-#define POWERLOSS_BEHAVIOR_i 14
-#define DISK_VERSION_i       15
+#define BLOCK_CYCLES_i       8
+#define ERASE_VALUE_i        9
+#define ERASE_CYCLES_i       10
+#define BADBLOCK_BEHAVIOR_i  11
+#define POWERLOSS_BEHAVIOR_i 12
+#define DISK_VERSION_i       13
 
 #define READ_SIZE           TEST_DEFINE(READ_SIZE_i)
 #define PROG_SIZE           TEST_DEFINE(PROG_SIZE_i)
@@ -105,8 +103,6 @@ intmax_t test_define(size_t define);
 #define BLOCK_COUNT         TEST_DEFINE(BLOCK_COUNT_i)
 #define CACHE_SIZE          TEST_DEFINE(CACHE_SIZE_i)
 #define LOOKAHEAD_SIZE      TEST_DEFINE(LOOKAHEAD_SIZE_i)
-#define COMPACT_THRESH      TEST_DEFINE(COMPACT_THRESH_i)
-#define INLINE_MAX          TEST_DEFINE(INLINE_MAX_i)
 #define BLOCK_CYCLES        TEST_DEFINE(BLOCK_CYCLES_i)
 #define ERASE_VALUE         TEST_DEFINE(ERASE_VALUE_i)
 #define ERASE_CYCLES        TEST_DEFINE(ERASE_CYCLES_i)
@@ -123,8 +119,6 @@ intmax_t test_define(size_t define);
     TEST_DEF(BLOCK_COUNT,        ERASE_COUNT/lfs_max(BLOCK_SIZE/ERASE_SIZE,1)) \
     TEST_DEF(CACHE_SIZE,         lfs_max(64,lfs_max(READ_SIZE,PROG_SIZE))) \
     TEST_DEF(LOOKAHEAD_SIZE,     16) \
-    TEST_DEF(COMPACT_THRESH,     0) \
-    TEST_DEF(INLINE_MAX,         0) \
     TEST_DEF(BLOCK_CYCLES,       -1) \
     TEST_DEF(ERASE_VALUE,        0xff) \
     TEST_DEF(ERASE_CYCLES,       0) \
@@ -133,7 +127,7 @@ intmax_t test_define(size_t define);
     TEST_DEF(DISK_VERSION,       0)
 
 #define TEST_GEOMETRY_DEFINE_COUNT 4
-#define TEST_IMPLICIT_DEFINE_COUNT 16
+#define TEST_IMPLICIT_DEFINE_COUNT 14
 
 
 #endif

tests/test_alloc.toml

@@ -7,7 +7,6 @@ if = 'BLOCK_CYCLES == -1'
 defines.FILES = 3
 defines.SIZE = '(((BLOCK_SIZE-8)*(BLOCK_COUNT-6)) / FILES)'
 defines.GC = [false, true]
-defines.COMPACT_THRESH = ['-1', '0', 'BLOCK_SIZE/2']
 code = '''
     const char *names[] = {"bacon", "eggs", "pancakes"};
     lfs_file_t files[FILES];
@@ -61,7 +60,6 @@ code = '''
 defines.FILES = 3
 defines.SIZE = '(((BLOCK_SIZE-8)*(BLOCK_COUNT-6)) / FILES)'
 defines.GC = [false, true]
-defines.COMPACT_THRESH = ['-1', '0', 'BLOCK_SIZE/2']
 code = '''
     const char *names[] = {"bacon", "eggs", "pancakes"};
 

tests/test_files.toml

@@ -1,6 +1,5 @@
 
 [cases.test_files_simple]
-defines.INLINE_MAX = [0, -1, 8]
 code = '''
     lfs_t lfs;
     lfs_format(&lfs, cfg) => 0;
@@ -26,7 +25,6 @@ code = '''
 [cases.test_files_large]
 defines.SIZE = [32, 8192, 262144, 0, 7, 8193]
 defines.CHUNKSIZE = [31, 16, 33, 1, 1023]
-defines.INLINE_MAX = [0, -1, 8]
 code = '''
     lfs_t lfs;
     lfs_format(&lfs, cfg) => 0;
@@ -69,7 +67,6 @@ code = '''
 defines.SIZE1 = [32, 8192, 131072, 0, 7, 8193]
 defines.SIZE2 = [32, 8192, 131072, 0, 7, 8193]
 defines.CHUNKSIZE = [31, 16, 1]
-defines.INLINE_MAX = [0, -1, 8]
 code = '''
     lfs_t lfs;
     lfs_format(&lfs, cfg) => 0;
@@ -155,7 +152,6 @@ code = '''
 defines.SIZE1 = [32, 8192, 131072, 0, 7, 8193]
 defines.SIZE2 = [32, 8192, 131072, 0, 7, 8193]
 defines.CHUNKSIZE = [31, 16, 1]
-defines.INLINE_MAX = [0, -1, 8]
 code = '''
     lfs_t lfs;
     lfs_format(&lfs, cfg) => 0;
@@ -236,7 +232,6 @@ code = '''
 defines.SIZE1 = [32, 8192, 131072, 0, 7, 8193]
 defines.SIZE2 = [32, 8192, 131072, 0, 7, 8193]
 defines.CHUNKSIZE = [31, 16, 1]
-defines.INLINE_MAX = [0, -1, 8]
 code = '''
     lfs_t lfs;
     lfs_format(&lfs, cfg) => 0;
@@ -308,7 +303,6 @@ code = '''
 [cases.test_files_reentrant_write]
 defines.SIZE = [32, 0, 7, 2049]
 defines.CHUNKSIZE = [31, 16, 65]
-defines.INLINE_MAX = [0, -1, 8]
 reentrant = true
 code = '''
     lfs_t lfs;
@@ -360,20 +354,11 @@ code = '''
 [cases.test_files_reentrant_write_sync]
 defines = [
     # append (O(n))
-    {MODE='LFS_O_APPEND',
-        SIZE=[32, 0, 7, 2049],
-        CHUNKSIZE=[31, 16, 65],
-        INLINE_MAX=[0, -1, 8]},
+    {MODE='LFS_O_APPEND',   SIZE=[32, 0, 7, 2049],  CHUNKSIZE=[31, 16, 65]},
     # truncate (O(n^2))
-    {MODE='LFS_O_TRUNC',
-        SIZE=[32, 0, 7, 200],
-        CHUNKSIZE=[31, 16, 65],
-        INLINE_MAX=[0, -1, 8]},
+    {MODE='LFS_O_TRUNC',    SIZE=[32, 0, 7, 200],   CHUNKSIZE=[31, 16, 65]},
     # rewrite (O(n^2))
-    {MODE=0,
-        SIZE=[32, 0, 7, 200],
-        CHUNKSIZE=[31, 16, 65],
-        INLINE_MAX=[0, -1, 8]},
+    {MODE=0,                SIZE=[32, 0, 7, 200],   CHUNKSIZE=[31, 16, 65]},
 ]
 reentrant = true
 code = '''

tests/test_orphans.toml

@@ -98,7 +98,7 @@ code = '''
     lfs_mount(&lfs, cfg) => 0;
     // create an orphan
     lfs_mdir_t orphan;
-    lfs_alloc_ckpoint(&lfs);
+    lfs_alloc_ack(&lfs);
     lfs_dir_alloc(&lfs, &orphan) => 0;
     lfs_dir_commit(&lfs, &orphan, NULL, 0) => 0;
 
@@ -170,7 +170,7 @@ code = '''
     lfs_mount(&lfs, cfg) => 0;
     // create an orphan
     lfs_mdir_t orphan;
-    lfs_alloc_ckpoint(&lfs);
+    lfs_alloc_ack(&lfs);
     lfs_dir_alloc(&lfs, &orphan) => 0;
     lfs_dir_commit(&lfs, &orphan, NULL, 0) => 0;