Skip to content

posix: implement POSIX semaphore interfaces#457

Draft
oI0ck wants to merge 4 commits into
masterfrom
michal.lach/sem
Draft

posix: implement POSIX semaphore interfaces#457
oI0ck wants to merge 4 commits into
masterfrom
michal.lach/sem

Conversation

@oI0ck

@oI0ck oI0ck commented Jan 29, 2026

Copy link
Copy Markdown
Member

Description

This PR introduces implementation of POSIX standard semaphore interfaces.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (refactoring, style fixes, git/CI config, submodule management, no code logic changes)

How Has This Been Tested?

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing linter checks and tests passed.
  • My changes generate no new compilation warnings for any of the targets.

Special treatment

  • This PR needs additional PRs to work (list the PRs, preferably in merge-order).
  • I will merge this PR by myself when appropriate.

@oI0ck oI0ck requested a review from Darchiv January 29, 2026 18:07
@gemini-code-assist

Copy link
Copy Markdown

Summary of Changes

Hello @oI0ck, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces comprehensive support for POSIX standard semaphore interfaces within the libphoenix library. It enables developers to use both named and unnamed semaphores for synchronization, integrating with the posixsrv for named semaphore management and extending the core sys/threads functionality for unnamed semaphores. This significantly enhances the concurrency primitives available in the Phoenix-RTOS environment.

Highlights

  • POSIX Semaphore API: Implemented the full suite of POSIX semaphore functions, including sem_open, sem_close, sem_unlink, sem_init, sem_destroy, sem_wait, sem_trywait, sem_timedwait, sem_post, and sem_getvalue.
  • Named and Unnamed Semaphores: The implementation distinguishes between named semaphores (managed via inter-process communication with posixsrv) and unnamed semaphores (managed internally).
  • Core Semaphore Operations: Introduced semaphoreTryDown and semaphoreCount functions in the underlying sys/threads.h and sys/semaphore.c to support the POSIX API.
  • Messaging Integration: Named semaphores utilize msgSend and ioctl calls to communicate with a posixsrv for their operations, defining specific IOCTL commands (SEM_UP, SEM_DOWN, SEM_DOWN_TRY, SEM_DOWN_TIMEOUT).
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

Comment thread include/semaphore.h

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This PR introduces POSIX semaphore implementation. The changes are extensive, adding new headers and implementation files for named and unnamed semaphores. The overall structure is good, but I've found several critical issues in the implementation, including race conditions, incorrect logic leading to deadlocks, and potential memory corruption. There are also some areas where the code can be simplified and made more robust. Please address the critical issues before merging.

Comment thread posix/sem.c Outdated
Comment thread posix/sem.c Outdated
Comment thread sys/semaphore.c
Comment thread posix/sem.c
Comment thread posix/sem.c Outdated
Comment thread posix/sem.c Outdated
Comment on lines +125 to +127
memset(path, 0, sizeof(path));
strcpy(path, SEMAPHORE_PATH);
strcpy(path + strlen(SEMAPHORE_PATH), dent->d_name);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using multiple strcpy calls to build a path can be fragile and inefficient. Using snprintf is a safer and more readable way to construct file paths, as it protects against buffer overflows.

snprintf(path, sizeof(path), "%s%s", SEMAPHORE_PATH, dent->d_name);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hm yeah, why not snprintf?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it is not worth to have the overhead of parsing the format string when just cating two strings together (ironic to consider this overhead but allocate PATH_MAX on the stack XD).

Though, there is a bug in here because dent->d_name can be PATH_MAX and a path of such length will cause a OOB write here.

I'll change this concatenation to use strlcpy in the next revision.

Comment thread sys/semaphore.c
@github-actions

github-actions Bot commented Jan 29, 2026

Copy link
Copy Markdown

Unit Test Results

10 935 tests   10 256 ✅  55m 50s ⏱️
   690 suites     670 💤
     1 files         9 ❌

For more details on these failures, see this check.

Results for commit 67a05ba.

♻️ This comment has been updated with latest results.

@oI0ck oI0ck marked this pull request as draft January 29, 2026 18:37
Comment thread include/semaphore.h Outdated
@oI0ck oI0ck marked this pull request as ready for review February 2, 2026 16:06
Comment thread sys/semaphore.c
Comment thread sys/semaphore.c Outdated
Comment thread sys/semaphore.c
Comment thread posix/sem.c Outdated
Comment thread posix/sem.c Outdated
Comment thread posix/sem.c Outdated
Comment thread posix/sem.c Outdated
Comment thread posix/sem.c Outdated
Comment thread include/semaphore.h

#define SEM_FAILED ((sem_t *)0xDAAB0000)

typedef struct _sem_t {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_sem_t identifier is not used anywhere. If it's not required by POSIX - remove it.

Comment thread include/sys/semaphore.h Outdated
Comment on lines +19 to +20
#define SEMAPHORE_PATH ("/dev/posix/sem/")
#define SEMCTL_PATH ("/dev/posix/semctl")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: we don't seem to use parenthesis to define string in macros as they interfere with string concatenation by the compiler (we couldn't, for example, write code like const char *path = SEMAPHORE_PATH "my_sem" in the client).

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applied

@oI0ck oI0ck force-pushed the michal.lach/sem branch 2 times, most recently from cf48092 to f3710e3 Compare February 10, 2026 13:19
@oI0ck oI0ck force-pushed the michal.lach/sem branch from 239fd04 to 706ff80 Compare May 29, 2026 15:51
Comment thread include/sys/semaphore.h Outdated
#define SEMCTL_PATH ("/dev/posix/semctl")
#define SEMAPHORE_MAX_COUNT (128)
#define SEMAPHORE_NAME_MAX (NAME_MAX - sizeof(SEMAPHORE_PATH) - 1)
#define SEM_VALUE_MAX INT_MAX

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. I think this should be defined per-architecture in libphoenix/include/arch/*/limits.h (like NAME_MAX). It can be just #define SEM_VALUE_MAX INT_MAX, but the important part is that the definition should be available via limits.h.

  2. Is SEMAPHORE_MAX_COUNT used anywhere? Is should be SEM_NSEMS_MAX and defined in limits.h like in the point above. Please actually enforce the limit. Note that _POSIX_SEM_NSEMS_MAX == 256 which is the minimum value for this limit.

  3. See sysconf(). You could implement _SC_SEM_VALUE_MAX and _SC_SEM_NSEMS_MAX.

  4. Also, this is a good place to static-assert SEM_VALUE_MAX with _POSIX_SEM_VALUE_MAX and SEM_NSEMS_MAX with _POSIX_SEM_NSEMS_MAX in case someone changes limits.h incorrectly. Maybe also check whether the limit does not exceed the semaphore value type size (unsigned int).

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applied

Comment thread posix/sem.c Outdated
else {
}

sem = (sem_t *)malloc(sizeof(*sem));

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Type cast redundant

@oI0ck oI0ck force-pushed the michal.lach/sem branch from 706ff80 to c6a2d17 Compare June 22, 2026 09:18
Comment thread include/sys/semaphore.h Outdated
@datadog-phoenix-rtos

datadog-phoenix-rtos Bot commented Jun 22, 2026

Copy link
Copy Markdown

Pipelines

⚠️ Warnings

🚦 3 Pipeline jobs failed

ci | call-ci / build (armv7a9-zynq7000-zedboard)   View in Datadog   GitHub Actions

ci | call-ci / build (armv7m7-imxrt106x-evk)   View in Datadog   GitHub Actions

ci | call-ci / tests-summary   View in Datadog   GitHub Actions

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 057606b | Docs | Give us feedback!

@oI0ck oI0ck force-pushed the michal.lach/sem branch 2 times, most recently from 23e321c to 057606b Compare June 22, 2026 09:24
@oI0ck

oI0ck commented Jun 22, 2026

Copy link
Copy Markdown
Member Author

@oI0ck oI0ck force-pushed the michal.lach/sem branch from 057606b to 8b13146 Compare June 30, 2026 12:19
@oI0ck

oI0ck commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

CI shows problems with this change, I'm converting it to a draft until I am sure that it is in mergable state.

@oI0ck oI0ck marked this pull request as draft June 30, 2026 12:35
@oI0ck oI0ck force-pushed the michal.lach/sem branch 2 times, most recently from 0615ab7 to 070fbcb Compare June 30, 2026 17:30
oI0ck added 2 commits June 30, 2026 19:31
Up until C23, C used _Static_assert for compile time assertions.
C23 changed it to static_assert, to match C++ keyword.

Since we can include some of our headers in C++ source, this static
assertions should be portable between C++ and C source.
@oI0ck oI0ck force-pushed the michal.lach/sem branch from 070fbcb to 67a05ba Compare June 30, 2026 17:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants