2013-09-28 20:12:10 +02:00
|
|
|
/*
|
|
|
|
|
* \brief Test for dynamic resource requests
|
|
|
|
|
* \author Norman Feske
|
|
|
|
|
* \date 2013-09-27
|
|
|
|
|
*
|
2017-01-08 02:56:47 +01:00
|
|
|
* This test exercises various situations where a component might need to
|
|
|
|
|
* request additional resources from its parent.
|
2013-09-28 20:12:10 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
2017-02-20 13:23:52 +01:00
|
|
|
* Copyright (C) 2013-2017 Genode Labs GmbH
|
2013-09-28 20:12:10 +02:00
|
|
|
*
|
|
|
|
|
* This file is part of the Genode OS framework, which is distributed
|
2017-02-20 13:23:52 +01:00
|
|
|
* under the terms of the GNU Affero General Public License version 3.
|
2013-09-28 20:12:10 +02:00
|
|
|
*/
|
|
|
|
|
|
2017-01-08 02:56:47 +01:00
|
|
|
#include <base/component.h>
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
#include <base/log.h>
|
2017-03-16 16:12:25 +01:00
|
|
|
#include <base/attached_rom_dataspace.h>
|
2017-05-11 20:03:28 +02:00
|
|
|
#include <pd_session/connection.h>
|
2017-03-16 16:12:25 +01:00
|
|
|
#include <os/reporter.h>
|
|
|
|
|
|
|
|
|
|
namespace Test {
|
|
|
|
|
using namespace Genode;
|
|
|
|
|
struct Monitor;
|
|
|
|
|
}
|
2013-09-28 20:12:10 +02:00
|
|
|
|
|
|
|
|
|
2017-05-11 20:03:28 +02:00
|
|
|
static void print_quota_stats(Genode::Pd_session &pd)
|
2013-09-28 20:12:10 +02:00
|
|
|
{
|
2017-05-11 20:03:28 +02:00
|
|
|
Genode::log("quota: avail=", pd.avail_ram().value, " used=", pd.used_ram().value);
|
2013-09-28 20:12:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#define ASSERT(cond) \
|
|
|
|
|
if (!(cond)) { \
|
2017-01-08 02:56:47 +01:00
|
|
|
error("assertion ", #cond, " failed"); \
|
|
|
|
|
throw Error(); }
|
2013-09-28 20:12:10 +02:00
|
|
|
|
|
|
|
|
|
2017-03-16 16:12:25 +01:00
|
|
|
struct Test::Monitor
|
|
|
|
|
{
|
|
|
|
|
Env &_env;
|
|
|
|
|
|
|
|
|
|
Attached_rom_dataspace _init_state { _env, "state" };
|
|
|
|
|
|
|
|
|
|
Reporter _init_config { _env, "init.config" };
|
|
|
|
|
|
|
|
|
|
size_t _ram_quota = 2*1024*1024;
|
|
|
|
|
|
|
|
|
|
void _gen_service_xml(Xml_generator &xml, char const *name)
|
|
|
|
|
{
|
|
|
|
|
xml.node("service", [&] () { xml.attribute("name", name); });
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
void _generate_init_config()
|
|
|
|
|
{
|
|
|
|
|
Reporter::Xml_generator xml(_init_config, [&] () {
|
|
|
|
|
|
|
|
|
|
xml.node("report", [&] () { xml.attribute("child_ram", true); });
|
|
|
|
|
|
|
|
|
|
xml.node("parent-provides", [&] () {
|
|
|
|
|
_gen_service_xml(xml, "ROM");
|
|
|
|
|
_gen_service_xml(xml, "CPU");
|
|
|
|
|
_gen_service_xml(xml, "PD");
|
|
|
|
|
_gen_service_xml(xml, "LOG");
|
|
|
|
|
_gen_service_xml(xml, "Timer");
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
xml.node("start", [&] () {
|
|
|
|
|
xml.attribute("name", "test-resource_request");
|
Capability quota accounting and trading
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.
Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.
At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.
If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:
<default-route>
<service name="PD" unscoped_label="timer">
<parent diag="yes"/>
</service>
...
</default-route>
For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.
Fixes #2398
2017-05-08 21:35:43 +02:00
|
|
|
xml.attribute("caps", 3000);
|
2017-03-16 16:12:25 +01:00
|
|
|
xml.node("resource", [&] () {
|
|
|
|
|
xml.attribute("name", "RAM");
|
|
|
|
|
xml.attribute("quantum", _ram_quota);
|
|
|
|
|
});
|
|
|
|
|
xml.node("route", [&] () {
|
|
|
|
|
xml.node("any-service", [&] () {
|
|
|
|
|
xml.node("parent", [&] () { }); }); });
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
size_t _resource_request_from_init_state()
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
return _init_state.xml().sub_node("child")
|
|
|
|
|
.sub_node("ram")
|
|
|
|
|
.attribute_value("requested", Number_of_bytes(0));
|
|
|
|
|
}
|
|
|
|
|
catch (...) { return 0; }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Signal_handler<Monitor> _init_state_handler {
|
|
|
|
|
_env.ep(), *this, &Monitor::_handle_init_state };
|
|
|
|
|
|
|
|
|
|
void _handle_init_state()
|
|
|
|
|
{
|
|
|
|
|
_init_state.update();
|
|
|
|
|
|
|
|
|
|
size_t const requested = _resource_request_from_init_state();
|
|
|
|
|
if (requested > 0) {
|
|
|
|
|
log("responding to resource request of ", Number_of_bytes(requested));
|
|
|
|
|
|
|
|
|
|
_ram_quota += requested;
|
|
|
|
|
_generate_init_config();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Monitor(Env &env) : _env(env)
|
|
|
|
|
{
|
|
|
|
|
_init_config.enabled(true);
|
|
|
|
|
_init_state.sigh(_init_state_handler);
|
|
|
|
|
_generate_init_config();
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2017-01-08 02:56:47 +01:00
|
|
|
void Component::construct(Genode::Env &env)
|
2013-09-28 20:12:10 +02:00
|
|
|
{
|
|
|
|
|
using namespace Genode;
|
|
|
|
|
|
2017-03-16 16:12:25 +01:00
|
|
|
/*
|
|
|
|
|
* Distinguish the roles of the program. If configured as playing the
|
|
|
|
|
* monitor role, it manages the configuration of a sub init and monitors
|
|
|
|
|
* the init state for resource requests.
|
|
|
|
|
*/
|
|
|
|
|
Attached_rom_dataspace config { env, "config" };
|
|
|
|
|
if (config.xml().attribute_value("role", String<32>()) == "monitor") {
|
|
|
|
|
static Test::Monitor monitor(env);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-08 02:56:47 +01:00
|
|
|
class Error : Exception { };
|
|
|
|
|
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log("--- test-resource_request started ---");
|
2013-09-28 20:12:10 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Consume initial quota to let the test trigger the corner cases of
|
|
|
|
|
* exceeded quota.
|
|
|
|
|
*/
|
2017-05-08 01:33:40 +02:00
|
|
|
size_t const avail_quota = env.ram().avail_ram().value;
|
2013-09-28 20:12:10 +02:00
|
|
|
enum { KEEP_QUOTA = 64*1024 };
|
|
|
|
|
size_t const wasted_quota = (avail_quota >= KEEP_QUOTA)
|
|
|
|
|
? avail_quota - KEEP_QUOTA : 0;
|
|
|
|
|
if (wasted_quota)
|
2017-01-08 02:56:47 +01:00
|
|
|
env.ram().alloc(wasted_quota);
|
2013-09-28 20:12:10 +02:00
|
|
|
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log("wasted available quota of ", wasted_quota, " bytes");
|
2013-09-28 20:12:10 +02:00
|
|
|
|
2017-01-08 02:56:47 +01:00
|
|
|
print_quota_stats(env.ram());
|
2013-09-28 20:12:10 +02:00
|
|
|
|
|
|
|
|
/*
|
2017-05-11 20:03:28 +02:00
|
|
|
* Drain PD session by allocating a lot of signal-context capabilities.
|
|
|
|
|
* This step will ultimately trigger resource requests to the parent.
|
2013-09-28 20:12:10 +02:00
|
|
|
*/
|
2017-05-11 20:03:28 +02:00
|
|
|
log("\n-- draining PD session --");
|
2013-09-28 20:12:10 +02:00
|
|
|
{
|
2017-01-08 02:56:47 +01:00
|
|
|
struct Dummy_signal_handler : Signal_handler<Dummy_signal_handler>
|
|
|
|
|
{
|
|
|
|
|
Dummy_signal_handler(Entrypoint &ep)
|
|
|
|
|
: Signal_handler<Dummy_signal_handler>(ep, *this, nullptr) { }
|
|
|
|
|
};
|
2017-05-11 20:03:28 +02:00
|
|
|
enum { NUM_SIGH = 1000U };
|
2017-01-08 02:56:47 +01:00
|
|
|
static Constructible<Dummy_signal_handler> dummy_handlers[NUM_SIGH];
|
2013-09-28 20:12:10 +02:00
|
|
|
|
2017-01-08 02:56:47 +01:00
|
|
|
for (unsigned i = 0; i < NUM_SIGH; i++)
|
|
|
|
|
dummy_handlers[i].construct(env.ep());
|
2013-09-28 20:12:10 +02:00
|
|
|
|
2017-01-08 02:56:47 +01:00
|
|
|
print_quota_stats(env.ram());
|
2013-09-28 20:12:10 +02:00
|
|
|
|
2017-01-08 02:56:47 +01:00
|
|
|
for (unsigned i = 0; i < NUM_SIGH; i++)
|
|
|
|
|
dummy_handlers[i].destruct();
|
2013-09-28 20:12:10 +02:00
|
|
|
}
|
2017-01-08 02:56:47 +01:00
|
|
|
print_quota_stats(env.ram());
|
2017-05-08 01:33:40 +02:00
|
|
|
size_t const used_quota_after_draining_session = env.ram().used_ram().value;
|
2013-09-28 20:12:10 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* When creating a new session, we try to donate RAM quota to the server.
|
|
|
|
|
* Because, we don't have any RAM quota left, we need to issue another
|
|
|
|
|
* resource request to the parent.
|
|
|
|
|
*/
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log("\n-- out-of-memory during session request --");
|
2017-05-11 20:03:28 +02:00
|
|
|
static Pd_connection pd(env);
|
|
|
|
|
pd.ref_account(env.pd_session_cap());
|
2017-01-08 02:56:47 +01:00
|
|
|
print_quota_stats(env.ram());
|
2017-05-08 01:33:40 +02:00
|
|
|
size_t const used_quota_after_session_request = env.ram().used_ram().value;
|
2013-09-28 20:12:10 +02:00
|
|
|
|
|
|
|
|
/*
|
2017-01-08 02:56:47 +01:00
|
|
|
* Quota transfers from the component's RAM session may result in resource
|
2013-09-28 20:12:10 +02:00
|
|
|
* requests, too.
|
|
|
|
|
*/
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log("\n-- out-of-memory during transfer-quota --");
|
2017-05-11 20:03:28 +02:00
|
|
|
env.ram().transfer_quota(pd.cap(), Ram_quota{512*1024});
|
2017-01-08 02:56:47 +01:00
|
|
|
print_quota_stats(env.ram());
|
2017-05-08 01:33:40 +02:00
|
|
|
size_t const used_quota_after_transfer = env.ram().used_ram().value;
|
2013-09-28 20:12:10 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Finally, resource requests could be caused by a regular allocation,
|
|
|
|
|
* which is the most likely case in normal scenarios.
|
|
|
|
|
*/
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log("\n-- out-of-memory during RAM allocation --");
|
2017-01-08 02:56:47 +01:00
|
|
|
env.ram().alloc(512*1024);
|
|
|
|
|
print_quota_stats(env.ram());
|
2017-05-08 01:33:40 +02:00
|
|
|
size_t const used_quota_after_alloc = env.ram().used_ram().value;
|
2013-09-28 20:12:10 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Validate asserted effect of the individual steps on the used quota.
|
|
|
|
|
*/
|
|
|
|
|
ASSERT(used_quota_after_session_request == used_quota_after_draining_session);
|
|
|
|
|
ASSERT(used_quota_after_transfer == used_quota_after_session_request);
|
|
|
|
|
ASSERT(used_quota_after_alloc > used_quota_after_transfer);
|
|
|
|
|
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log("--- finished test-resource_request ---");
|
2017-01-08 02:56:47 +01:00
|
|
|
env.parent().exit(0);
|
2013-09-28 20:12:10 +02:00
|
|
|
}
|