posix: implement POSIX semaphore interfaces#457
Conversation
Summary of ChangesHello @oI0ck, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces comprehensive support for POSIX standard semaphore interfaces within the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This PR introduces POSIX semaphore implementation. The changes are extensive, adding new headers and implementation files for named and unnamed semaphores. The overall structure is good, but I've found several critical issues in the implementation, including race conditions, incorrect logic leading to deadlocks, and potential memory corruption. There are also some areas where the code can be simplified and made more robust. Please address the critical issues before merging.
| memset(path, 0, sizeof(path)); | ||
| strcpy(path, SEMAPHORE_PATH); | ||
| strcpy(path + strlen(SEMAPHORE_PATH), dent->d_name); |
There was a problem hiding this comment.
hm yeah, why not snprintf?
There was a problem hiding this comment.
I think that it is not worth to have the overhead of parsing the format string when just cating two strings together (ironic to consider this overhead but allocate PATH_MAX on the stack XD).
Though, there is a bug in here because dent->d_name can be PATH_MAX and a path of such length will cause a OOB write here.
I'll change this concatenation to use strlcpy in the next revision.
ba94ea8 to
da0f0fd
Compare
Unit Test Results10 935 tests 10 256 ✅ 55m 50s ⏱️ For more details on these failures, see this check. Results for commit 67a05ba. ♻️ This comment has been updated with latest results. |
da0f0fd to
b6d1928
Compare
b6d1928 to
20f142f
Compare
|
|
||
| #define SEM_FAILED ((sem_t *)0xDAAB0000) | ||
|
|
||
| typedef struct _sem_t { |
There was a problem hiding this comment.
_sem_t identifier is not used anywhere. If it's not required by POSIX - remove it.
| #define SEMAPHORE_PATH ("/dev/posix/sem/") | ||
| #define SEMCTL_PATH ("/dev/posix/semctl") |
There was a problem hiding this comment.
nitpick: we don't seem to use parenthesis to define string in macros as they interfere with string concatenation by the compiler (we couldn't, for example, write code like const char *path = SEMAPHORE_PATH "my_sem" in the client).
cf48092 to
f3710e3
Compare
| #define SEMCTL_PATH ("/dev/posix/semctl") | ||
| #define SEMAPHORE_MAX_COUNT (128) | ||
| #define SEMAPHORE_NAME_MAX (NAME_MAX - sizeof(SEMAPHORE_PATH) - 1) | ||
| #define SEM_VALUE_MAX INT_MAX |
There was a problem hiding this comment.
-
I think this should be defined per-architecture in libphoenix/include/arch/*/limits.h (like
NAME_MAX). It can be just#define SEM_VALUE_MAX INT_MAX, but the important part is that the definition should be available via limits.h. -
Is
SEMAPHORE_MAX_COUNTused anywhere? Is should beSEM_NSEMS_MAXand defined in limits.h like in the point above. Please actually enforce the limit. Note that_POSIX_SEM_NSEMS_MAX == 256which is the minimum value for this limit. -
See
sysconf(). You could implement_SC_SEM_VALUE_MAXand_SC_SEM_NSEMS_MAX. -
Also, this is a good place to static-assert
SEM_VALUE_MAXwith_POSIX_SEM_VALUE_MAXandSEM_NSEMS_MAXwith_POSIX_SEM_NSEMS_MAXin case someone changes limits.h incorrectly. Maybe also check whether the limit does not exceed the semaphore value type size (unsigned int).
| else { | ||
| } | ||
|
|
||
| sem = (sem_t *)malloc(sizeof(*sem)); |
23e321c to
057606b
Compare
JIRA: RTOS-1088
|
CI shows problems with this change, I'm converting it to a draft until I am sure that it is in mergable state. |
0615ab7 to
070fbcb
Compare
JIRA: RTOS-1088
Up until C23, C used _Static_assert for compile time assertions. C23 changed it to static_assert, to match C++ keyword. Since we can include some of our headers in C++ source, this static assertions should be portable between C++ and C source.
Description
This PR introduces implementation of POSIX standard semaphore interfaces.
Types of changes
How Has This Been Tested?
ia32-generic-qemuChecklist:
Special treatment