lib/os: Conditionally eliminate alloca/VLA usage
MISRA rules (see #9892) forbid alloca() and family, even though those
features can be valuable performance and memory size optimizations
useful to Zephyr.
Introduce a MISRA_SANE kconfig, which when true enables a gcc error
condition whenever a variable length array is used.
When enabled, the mempool code will use a theoretical-maximum array
size on the stack instead of one tailored to the current pool
configuration.
The rbtree code will do similarly, but because the theoretical maximum
is quite a bit larger (236 bytes on 32 bit platforms) the array is
placed into struct rbtree instead so it can live in static data (and
also so I don't have to go and retune all the test stack sizes!).
Current code only uses at most two of these (one in the scheduler when
SCHED_SCALABLE is selected, and one for dynamic kernel objects when
USERSPACE and DYNAMIC_OBJECTS are set).
This tunable is false by default, but is selected in a single test (a
subcase of tests/kernel/common) for coverage. Note that the I2C and
SPI subsystems contain uncorrected VLAs, so a few platforms need to be
blacklisted with a filter.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
diff --git a/Kconfig.zephyr b/Kconfig.zephyr
index 6d5a45d..9cc6be9 100644
--- a/Kconfig.zephyr
+++ b/Kconfig.zephyr
@@ -402,4 +402,13 @@
Enable the sys_reboot() API. Enabling this can drag in other subsystems
needed to perform a "safe" reboot (e.g. SYSTEM_CLOCK_DISABLE, to stop the
system clock before issuing a reset).
+
+config MISRA_SANE
+ bool "MISRA standards compliance features"
+ help
+ Causes the source code to build in "MISRA" mode, which
+ disallows some otherwise-permitted features of the C
+ standard for safety reasons. Specifically variable length
+ arrays are not permitted (and gcc will enforce this).
+
endmenu
