Rename sched and alloc compartments to scheduler and allocator. (#403)
This is to comply with the coding guidelines (no abbreviations).
David says that the rego policies for cheriot-audit should already be
compatible with this change in a backwards compatible way.
diff --git a/docs/Allocator.md b/docs/Allocator.md
index 96f3c5f..fe8a0b2 100644
--- a/docs/Allocator.md
+++ b/docs/Allocator.md
@@ -29,10 +29,10 @@
"contents": "00001000 00000000 00000000 00000000 00000000 00000000",
"kind": "SealedObject",
"sealing_type": {
- "compartment": "alloc",
+ "compartment": "allocator",
"key": "MallocKey",
"provided_by": "build/cheriot/cheriot/release/cherimcu.allocator.compartment",
- "symbol": "__export.sealing_type.alloc.MallocKey"
+ "symbol": "__export.sealing_type.allocator.MallocKey"
}
},
```
diff --git a/docs/WritingADeviceDriver.md b/docs/WritingADeviceDriver.md
index e24ce92..f8ffeb7 100644
--- a/docs/WritingADeviceDriver.md
+++ b/docs/WritingADeviceDriver.md
@@ -118,10 +118,10 @@
"contents": "10000101",
"kind": "SealedObject",
"sealing_type": {
- "compartment": "sched",
+ "compartment": "scheduler",
"key": "InterruptKey",
"provided_by": "build/cheriot/cheriot/release/example-firmware.scheduler.compartment",
- "symbol": "__export.sealing_type.sched.InterruptKey"
+ "symbol": "__export.sealing_type.scheduler.InterruptKey"
}
```
diff --git a/sdk/core/loader/boot.cc b/sdk/core/loader/boot.cc
index f0c99b8..bef5a7a 100644
--- a/sdk/core/loader/boot.cc
+++ b/sdk/core/loader/boot.cc
@@ -1364,7 +1364,7 @@
build<ExportEntry>(
imgHdr.scheduler().exportTable,
LA_ABS(
- __export_sched__ZN5sched15exception_entryEP19TrustedStackGenericILj0EEjjj))
+ __export_scheduler__ZN5sched15exception_entryEP19TrustedStackGenericILj0EEjjj))
->functionStart;
auto schedExceptionEntry = build_pcc(imgHdr.scheduler());
schedExceptionEntry.address() += exceptionEntryOffset;
@@ -1460,7 +1460,8 @@
// invoke the exception entry point.
auto exportEntry = build<ExportEntry>(
imgHdr.scheduler().exportTable,
- LA_ABS(__export_sched__ZN5sched15scheduler_entryEPK16ThreadLoaderInfo));
+ LA_ABS(
+ __export_scheduler__ZN5sched15scheduler_entryEPK16ThreadLoaderInfo));
schedPCC.address() += exportEntry->functionStart;
Debug::log("Will return to scheduler entry point: {}", schedPCC);
diff --git a/sdk/core/scheduler/main.cc b/sdk/core/scheduler/main.cc
index ae09922..0aef309 100644
--- a/sdk/core/scheduler/main.cc
+++ b/sdk/core/scheduler/main.cc
@@ -193,7 +193,7 @@
return &(reinterpret_cast<Thread *>(threadSpaces))[threadId - 1];
}
- [[cheri::interrupt_state(disabled)]] int __cheri_compartment("sched")
+ [[cheri::interrupt_state(disabled)]] int __cheri_compartment("scheduler")
scheduler_entry(const ThreadLoaderInfo *info)
{
Debug::Invariant(Capability{info}.length() ==
@@ -243,10 +243,11 @@
}
[[cheri::interrupt_state(disabled)]] TrustedStack *
- __cheri_compartment("sched") exception_entry(TrustedStack *sealedTStack,
- size_t mcause,
- size_t mepc,
- size_t mtval)
+ __cheri_compartment("scheduler")
+ exception_entry(TrustedStack *sealedTStack,
+ size_t mcause,
+ size_t mepc,
+ size_t mtval)
{
if constexpr (DebugScheduler)
{
@@ -408,7 +409,7 @@
using namespace sched;
// thread APIs
-SystickReturn __cheri_compartment("sched") thread_systemtick_get()
+SystickReturn __cheri_compartment("scheduler") thread_systemtick_get()
{
uint64_t ticks = Thread::ticksSinceBoot;
uint32_t hi = ticks >> 32;
@@ -418,7 +419,7 @@
return ret;
}
-__cheriot_minimum_stack(0x90) int __cheri_compartment("sched")
+__cheriot_minimum_stack(0x90) int __cheri_compartment("scheduler")
thread_sleep(Timeout *timeout, uint32_t flags)
{
STACK_CHECK(0x90);
diff --git a/sdk/include/futex.h b/sdk/include/futex.h
index ef1e7ed..42a9676 100644
--- a/sdk/include/futex.h
+++ b/sdk/include/futex.h
@@ -38,7 +38,7 @@
* - `-EINVAL` if the arguments are invalid.
* - `-ETIMEOUT` if the timeout expires.
*/
-[[cheri::interrupt_state(disabled)]] int __cheri_compartment("sched")
+[[cheri::interrupt_state(disabled)]] int __cheri_compartment("scheduler")
futex_timed_wait(Timeout *ticks,
const uint32_t *address,
uint32_t expected,
@@ -72,5 +72,5 @@
* The return value for a successful call is the number of threads that were
* woken. `-EINVAL` is returned for invalid arguments.
*/
-[[cheri::interrupt_state(disabled)]] int __cheri_compartment("sched")
+[[cheri::interrupt_state(disabled)]] int __cheri_compartment("scheduler")
futex_wake(uint32_t *address, uint32_t count);
diff --git a/sdk/include/interrupt.h b/sdk/include/interrupt.h
index 7419c60..b72af41 100644
--- a/sdk/include/interrupt.h
+++ b/sdk/include/interrupt.h
@@ -82,7 +82,7 @@
*/
#define DEFINE_INTERRUPT_CAPABILITY(name, number, mayWait, mayComplete) \
DEFINE_STATIC_SEALED_VALUE(struct InterruptCapabilityState, \
- sched, \
+ scheduler, \
InterruptKey, \
name, \
number, \
@@ -108,7 +108,7 @@
*
* Returns `nullptr` on failure.
*/
-__cheri_compartment("sched") const uint32_t *interrupt_futex_get(
+__cheri_compartment("scheduler") const uint32_t *interrupt_futex_get(
struct SObjStruct *);
/**
@@ -120,4 +120,4 @@
* Returns 0 on success or `-EPERM` if the argument does not authorise this
* operation.
*/
-__cheri_compartment("sched") int interrupt_complete(struct SObjStruct *);
+__cheri_compartment("scheduler") int interrupt_complete(struct SObjStruct *);
diff --git a/sdk/include/multiwaiter.h b/sdk/include/multiwaiter.h
index acbb3eb..9032a72 100644
--- a/sdk/include/multiwaiter.h
+++ b/sdk/include/multiwaiter.h
@@ -96,7 +96,7 @@
* Create a multiwaiter object. This is a stateful object that can wait on at
* most `maxItems` event sources.
*/
-[[cheri::interrupt_state(disabled)]] int __cheri_compartment("sched")
+[[cheri::interrupt_state(disabled)]] int __cheri_compartment("scheduler")
multiwaiter_create(Timeout *timeout,
struct SObjStruct *heapCapability,
struct MultiWaiter **ret,
@@ -105,7 +105,7 @@
/**
* Destroy a multiwaiter object.
*/
-[[cheri::interrupt_state(disabled)]] int __cheri_compartment("sched")
+[[cheri::interrupt_state(disabled)]] int __cheri_compartment("scheduler")
multiwaiter_delete(struct SObjStruct *heapCapability, struct MultiWaiter *mw);
/**
@@ -120,7 +120,7 @@
* - If the timeout is reached without any events being triggered then this
* returns -ETIMEOUT.
*/
-[[cheri::interrupt_state(disabled)]] int __cheri_compartment("sched")
+[[cheri::interrupt_state(disabled)]] int __cheri_compartment("scheduler")
multiwaiter_wait(Timeout *timeout,
struct MultiWaiter *waiter,
struct EventWaiterSource *events,
diff --git a/sdk/include/simulator.h b/sdk/include/simulator.h
index 2d4733b..823faf2 100644
--- a/sdk/include/simulator.h
+++ b/sdk/include/simulator.h
@@ -10,7 +10,7 @@
/**
* Exit simulation, reporting the error code given as the argument.
*/
-[[cheri::interrupt_state(disabled)]] int __cheri_compartment("sched")
+[[cheri::interrupt_state(disabled)]] int __cheri_compartment("scheduler")
scheduler_simulation_exit(uint32_t code __if_cxx(= 0));
#endif
diff --git a/sdk/include/stdlib.h b/sdk/include/stdlib.h
index 26e5180..183b0a3 100644
--- a/sdk/include/stdlib.h
+++ b/sdk/include/stdlib.h
@@ -55,7 +55,7 @@
*/
#define DEFINE_ALLOCATOR_CAPABILITY(name, quota) \
DEFINE_STATIC_SEALED_VALUE(struct AllocatorCapabilityState, \
- alloc, \
+ allocator, \
MallocKey, \
name, \
(quota), \
@@ -175,7 +175,7 @@
*
* Memory returned from this interface is guaranteed to be zeroed.
*/
-void *__cheri_compartment("alloc")
+void *__cheri_compartment("allocator")
heap_allocate(Timeout *timeout,
struct SObjStruct *heapCapability,
size_t size,
@@ -197,7 +197,7 @@
*
* Memory returned from this interface is guaranteed to be zeroed.
*/
-void *__cheri_compartment("alloc")
+void *__cheri_compartment("allocator")
heap_allocate_array(Timeout *timeout,
struct SObjStruct *heapCapability,
size_t nmemb,
@@ -215,7 +215,7 @@
* `pointer` is not valid, etc.), or `-ENOTENOUGHSTACK` if the stack is
* insufficiently large to run the function.
*/
-ssize_t __cheri_compartment("alloc")
+ssize_t __cheri_compartment("allocator")
heap_claim(struct SObjStruct *heapCapability, void *pointer);
/**
@@ -247,7 +247,7 @@
* of a live heap allocation, or `-ENOTENOUGHSTACK` if the stack size is
* insufficiently large to safely run the function.
*/
-int __cheri_compartment("alloc")
+int __cheri_compartment("allocator")
heap_free(struct SObjStruct *heapCapability, void *ptr);
/**
@@ -257,14 +257,14 @@
* capability, or `-ENOTENOUGHSTACK` if the stack size is insufficiently large
* to safely run the function.
*/
-ssize_t __cheri_compartment("alloc")
+ssize_t __cheri_compartment("allocator")
heap_free_all(struct SObjStruct *heapCapability);
/**
* Returns 0 if the allocation can be freed with the given capability, a
* negated errno value otherwise.
*/
-int __cheri_compartment("alloc")
+int __cheri_compartment("allocator")
heap_can_free(struct SObjStruct *heapCapability, void *ptr);
/**
@@ -272,7 +272,7 @@
* `heapCapability` is not valid or if the stack is insufficient to run the
* function.
*/
-ssize_t __cheri_compartment("alloc")
+ssize_t __cheri_compartment("allocator")
heap_quota_remaining(struct SObjStruct *heapCapability);
/**
@@ -286,7 +286,7 @@
* (-ENOTENOUGHSTACK, -ENOTENOUGHTRUSTEDSTACK) if it cannot be invoked, or
* possibly -ECOMPARTMENTFAIL if the allocator compartment is damaged.
*/
-int __cheri_compartment("alloc") heap_quarantine_empty(void);
+int __cheri_compartment("allocator") heap_quarantine_empty(void);
/**
* Returns true if `object` points to a valid heap address, false otherwise.
@@ -318,7 +318,7 @@
*
* Returns zero on success, non-zero on error (e.g. compartment call failure).
*/
-int __cheri_compartment("alloc") heap_render();
+int __cheri_compartment("allocator") heap_render();
static inline void __dead2 abort()
{
@@ -354,7 +354,7 @@
}
#endif
-size_t __cheri_compartment("alloc") heap_available(void);
+size_t __cheri_compartment("allocator") heap_available(void);
static inline void yield(void)
{
diff --git a/sdk/include/thread.h b/sdk/include/thread.h
index 1a33e45..dbc10f2 100644
--- a/sdk/include/thread.h
+++ b/sdk/include/thread.h
@@ -20,8 +20,8 @@
/// hi 32 bits
uint32_t hi;
} SystickReturn;
-[[cheri::interrupt_state(disabled)]] SystickReturn __cheri_compartment("sched")
- thread_systemtick_get(void);
+[[cheri::interrupt_state(disabled)]] SystickReturn
+ __cheri_compartment("scheduler") thread_systemtick_get(void);
enum ThreadSleepFlags : uint32_t
{
@@ -60,7 +60,7 @@
* If you are using `thread_sleep` to elapse real time, pass
* `ThreadSleepNoEarlyWake` as the flags argument to prevent early wakeups.
*/
-[[cheri::interrupt_state(disabled)]] int __cheri_compartment("sched")
+[[cheri::interrupt_state(disabled)]] int __cheri_compartment("scheduler")
thread_sleep(struct Timeout *timeout, uint32_t flags __if_cxx(= 0));
/**
@@ -78,7 +78,7 @@
* This API is available only if the scheduler is built with accounting support
* enabled.
*/
-__cheri_compartment("sched") uint64_t thread_elapsed_cycles_idle(void);
+__cheri_compartment("scheduler") uint64_t thread_elapsed_cycles_idle(void);
/**
* Returns the number of cycles accounted to the current thread.
@@ -86,7 +86,7 @@
* This API is available only if the scheduler is built with accounting
* support enabled.
*/
-__cheri_compartment("sched") uint64_t thread_elapsed_cycles_current(void);
+__cheri_compartment("scheduler") uint64_t thread_elapsed_cycles_current(void);
/**
* Returns the number of threads, including threads that have exited.
@@ -97,7 +97,7 @@
*
* The result of this is safe to cache: it will never change over time.
*/
-__cheri_compartment("sched") uint16_t thread_count();
+__cheri_compartment("scheduler") uint16_t thread_count();
/**
* Wait for the specified number of microseconds. This is a busy-wait loop,
diff --git a/sdk/include/token.h b/sdk/include/token.h
index b8247a0..1bb7ec6 100644
--- a/sdk/include/token.h
+++ b/sdk/include/token.h
@@ -36,7 +36,7 @@
* If the sealing keys have been exhausted then this will return
* `INVALID_SKEY`. This API is guaranteed never to block.
*/
-SKey __cheri_compartment("alloc") token_key_new(void);
+SKey __cheri_compartment("allocator") token_key_new(void);
/**
* Allocate a new object with size `sz`.
@@ -52,7 +52,7 @@
*
* On error, this returns `INVALID_SOBJ`.
*/
-SObj __cheri_compartment("alloc")
+SObj __cheri_compartment("allocator")
token_sealed_unsealed_alloc(Timeout *timeout,
struct SObjStruct *heapCapability,
SKey key,
@@ -65,7 +65,7 @@
*
* The key must have the permit-seal permission.
*/
-SObj __cheri_compartment("alloc")
+SObj __cheri_compartment("allocator")
token_sealed_alloc(Timeout *timeout,
struct SObjStruct *heapCapability,
SKey,
@@ -124,7 +124,7 @@
* @return 0 if no errors. -EINVAL if key or obj not valid, or they don't
* match, or double destroy.
*/
-int __cheri_compartment("alloc")
+int __cheri_compartment("allocator")
token_obj_destroy(struct SObjStruct *heapCapability, SKey, SObj);
/**
@@ -134,7 +134,7 @@
* Returns 0 on success, `-EINVAL` if the key or object is not valid, or one of
* the errors from `heap_can_free` if the free would fail for other reasons.
*/
-int __cheri_compartment("alloc")
+int __cheri_compartment("allocator")
token_obj_can_destroy(SObj heapCapability, SKey key, SObj object);
__END_DECLS
diff --git a/sdk/xmake.lua b/sdk/xmake.lua
index 78ded87..0d02151 100644
--- a/sdk/xmake.lua
+++ b/sdk/xmake.lua
@@ -232,7 +232,7 @@
add_deps("locks")
add_deps("compartment_helpers")
on_load(function (target)
- target:set("cheriot.compartment", "alloc")
+ target:set("cheriot.compartment", "allocator")
target:set('cheriot.debug-name', "allocator")
target:add('defines', "HEAP_RENDER=" .. tostring(get_config("allocator-rendering")))
end)
@@ -841,7 +841,7 @@
add_deps("locks", "crt", "atomic1")
add_deps("compartment_helpers")
on_load(function (target)
- target:set("cheriot.compartment", "sched")
+ target:set("cheriot.compartment", "scheduler")
target:set('cheriot.debug-name', "scheduler")
target:add('defines', "SCHEDULER_ACCOUNTING=" .. tostring(get_config("scheduler-accounting")))
end)
