uVisor: Standardize available legacy heap and stack

[Patater]

With the RTOS, the STACK_SIZE specified here is unrelated to the stack
size available for the main thread (that runs pre_main). Save memory by
reducing the stack size to a more reasonable amount.

On uVisor, HEAP_SIZE is both a minimum available and maximum available
heap size. The heap can't grow beyond the end of the heap into the
neighboring stack. On all uVisor-supported platforms, guarantee at least
0x6000 bytes of heap space. This increases the portability of uVisor
applications as the memory available for legacy heap allocations is
guaranteed. This helps to avoid out of memory errors on platforms that
were previously guaranteeing less memory.

Status

READY

@0xc0170 @AlessandroA

[AlessandroA]

@Patater In both 3 files, it's probably a good idea to add a short comment stating that:

• These values do not affect the actually available heap for an app (they only guarantee a min).
• They do not affect the main stack size.
• They are set that way because of uVisor.

[AlessandroA]

(or the changes might be lost in future updates).

[AlessandroA]

👍 LGTM

[0xc0170]

/morph test

[0xc0170]

I had to restart jenkins CI, as it was green but not reported here.

[0xc0170]

Looks fine for mbed 5. However, in case RTOS is not used (mbed 2), this radically decreasing stack size for MCU like k64f.

[Patater]

I agree, without RTOS, the stack for the main function is reduced a lot. With RTOS, having this be large is a waste of memory, as the user application can never use this RAM (the RTOS uses it for its stack).

It's almost like we need two different linker scripts, one for with RTOS and one for without, unless we can come up with a good balanced number that isn't too bad of a choice for either platform. Any suggestions?

[AlessandroA]

The linker scripts already contain a conditional assignment like the following:

HEAP_SIZE  = DEFINED(__heap_size__)  ? __heap_size__  : 0x0400;
STACK_SIZE = DEFINED(__stack_size__) ? __stack_size__ : 0x0400;

so we could define those symbols somewhere else. In that way we can also define them depending on RTOS being used or not. @0xc0170 do you agree? What's the best place to place those definitions?

[Patater]

Actually, doesn't the stack just start at the top of SRAM and grow down until it hits the heap? So, this would be a minimum stack size with mbed 2.

[AlessandroA]

True. So this should not be an issue @0xc0170

[0xc0170]

Yes, I believe so.

LGTM

[mbed-bot]

Result: FAILURE

Your command has finished executing! Here's what you wrote!

/morph test

Output

mbed Build Number: 1507

Test failed!

[bridadan]

The failure was caused by Windows 10 installing an update in the middle of a test. Even though I disabled it Microsoft still pushes them through sometimes it looks like 🙄

/morph test

[mbed-bot]

Result: SUCCESS

Your command has finished executing! Here's what you wrote!

/morph test

Output

mbed Build Number: 1509

All builds and test passed!

[sg-]

@Patater Can you resolve the conflict?

[Patater]

Rebased

[bridadan]

Looks like the native equeue test failed in Travis?

5.81s$ make -C events/equeue test clean
make: Entering directory `/home/travis/build/ARMmbed/mbed-os/events/equeue'
gcc -c -MMD -O2 -I. -I.. -std=c99 -Wall -D_XOPEN_SOURCE=600 tests/tests.c -o tests/tests.o
gcc -c -MMD -O2 -I. -I.. -std=c99 -Wall -D_XOPEN_SOURCE=600 equeue.c -o equeue.o
gcc -c -MMD -O2 -I. -I.. -std=c99 -Wall -D_XOPEN_SOURCE=600 equeue_posix.c -o equeue_posix.o
gcc -O2 -I. -I.. -std=c99 -Wall -D_XOPEN_SOURCE=600 tests/tests.o equeue.o equeue_posix.o -pthread -o tests/tests
tests/tests
beginning tests...
simple_call_test: ...simple_call_test: passed
simple_call_in_test: ...simple_call_in_test: passed
simple_call_every_test: ...simple_call_every_test: passed
simple_post_test: ...simple_post_test: passed
destructor_test: ...destructor_test: passed
allocation_failure_test: ...allocation_failure_test: passed
cancel_test: ...cancel_test: passed
cancel_inflight_test: ...cancel_inflight_test: passed
cancel_unnecessarily_test: ...cancel_unnecessarily_test: passed
loop_protect_test: ...loop_protect_test: passed
break_test: ...break_test: passed
period_test: ...period_test: passed
nested_test: ...nested_test: passed
sloth_test: ...sloth_test: passed
background_test: ...background_test: passed
chain_test: ...chain_test: passed
unchain_test: ...unchain_test: passed
multithread_test: ...multithread_test: passed
simple_barrage_test: passed
fragmenting_barrage_test: failed at line 87
multithreaded_barrage_test: passed
done!
make: *** [test] Error 1
make: Leaving directory `/home/travis/build/ARMmbed/mbed-os/events/equeue'

The test of concern being fragmenting_barrage_test: failed at line 87.

Any thoughts @geky @Patater ?

[geky]

Huh, never seen that before. The timing of the test uses a delta of 10 milliseconds, so it's possible it may fail if the server is under significant load.

Nothing in this pr is related to those tests at all. Restarted, considering the number of times those tests have been ran, I doubt it will be reproducible.

[bridadan]

Test seems to be ok now 👍

[mazimkhan]

@bridadan @sg- can this be merged now? It is required for enabling EFM32GG platform for uvisor testing.

[sg-]

/morph test-nightly

[mbed-bot]

Result: SUCCESS

Your command has finished executing! Here's what you wrote!

/morph test-nightly

Output

mbed Build Number: 1529

All builds and test passed!

[mazimkhan]

Ready for merge?

[sg-]

We've intentionally moved away from hardcoded heap sizes rather giving the heap remaining RAM. If uVisor enforces this should we use uVisor specific symbols?

[0xc0170]

We've intentionally moved away from hardcoded heap sizes rather giving the heap remaining RAM. If uVisor enforces this should we use uVisor specific symbols?

@Patater @AlessandroA what do you think?

[Patater]

@sg-

Yes, HEAP_SIZE is no longer used to hardcode the heap size. However, HEAP_SIZE is currently still used to hardcode a minimum heap size. I don't think it quite makes sense to rename HEAP_SIZE into a uVisor specific symbol, as it is still meaningful without uVisor.

uVisor can't protect a fine-grained, dynamically-sized heap. Additionally, applications are expected to use the uVisor-provided page heap. For these two reasons, the "legacy" heap is capped at the minimum heap size specified by HEAP_SIZE in the linker scripts. This allows the proper protection of the heap by uVisor, as well as frees up space for the uVisor-provided page heap.

Note that when FEATURE_UVISOR is not used, even after this PR is merged, HEAP_SIZE is still just a minimum and the heap is given the remaining RAM.