diff --git a/demos/STM32/RT-STM32G474RE-NUCLEO64-SB_HOST_DYNAMIC/main.c b/demos/STM32/RT-STM32G474RE-NUCLEO64-SB_HOST_DYNAMIC/main.c index 62b5f7ca8..e8d60cb61 100644 --- a/demos/STM32/RT-STM32G474RE-NUCLEO64-SB_HOST_DYNAMIC/main.c +++ b/demos/STM32/RT-STM32G474RE-NUCLEO64-SB_HOST_DYNAMIC/main.c @@ -23,10 +23,10 @@ #include "oslib_test_root.h" /* Static memory areas used by sandboxes.*/ -extern uint32_t __flash1_base__, __flash1_end__, - __flash2_base__, __flash2_end__, - __ram1_base__, __ram1_end__, - __ram2_base__, __ram2_end__; +extern uint8_t __flash1_base__, __flash1_size__, + __flash2_base__, __flash2_size__, + __ram1_base__, __ram1_size__, + __ram2_base__, __ram2_size__; /* Sandbox 1 configuration.*/ static const sb_config_t sb_config1 = { @@ -34,10 +34,10 @@ static const sb_config_t sb_config1 = { .data_region = 1U, .regions = { [0] = { - (uint32_t)&__flash1_base__, (uint32_t)&__flash1_end__, false + {(uint8_t *)&__flash1_base__, (size_t)&__flash1_size__}, false }, [1] = { - (uint32_t)&__ram1_base__, (uint32_t)&__ram1_end__, true + {(uint8_t *)&__ram1_base__, (size_t)&__ram1_size__}, true } }, .mpuregs = { @@ -65,10 +65,10 @@ static const sb_config_t sb_config2 = { .data_region = 1U, .regions = { [0] = { - (uint32_t)&__flash2_base__, (uint32_t)&__flash2_end__, false + {(uint8_t *)&__flash2_base__, (size_t)&__flash2_size__}, false }, [1] = { - (uint32_t)&__ram2_base__, (uint32_t)&__ram2_end__, true + {(uint8_t *)&__ram2_base__, (size_t)&__ram2_size__}, true } }, .mpuregs = { diff --git a/demos/STM32/RT-STM32G474RE-NUCLEO64-SB_HOST_STATIC/main.c b/demos/STM32/RT-STM32G474RE-NUCLEO64-SB_HOST_STATIC/main.c index f5d67fbb1..eb4258cc2 100644 --- a/demos/STM32/RT-STM32G474RE-NUCLEO64-SB_HOST_STATIC/main.c +++ b/demos/STM32/RT-STM32G474RE-NUCLEO64-SB_HOST_STATIC/main.c @@ -23,10 +23,10 @@ #include "oslib_test_root.h" /* Static memory areas used by sandboxes.*/ -extern uint32_t __flash1_base__, __flash1_end__, - __flash2_base__, __flash2_end__, - __ram1_base__, __ram1_end__, - __ram2_base__, __ram2_end__; +extern uint8_t __flash1_base__, __flash1_size__, + __flash2_base__, __flash2_size__, + __ram1_base__, __ram1_size__, + __ram2_base__, __ram2_size__; /* Sandbox 1 configuration.*/ static const sb_config_t sb_config1 = { @@ -34,10 +34,10 @@ static const sb_config_t sb_config1 = { .data_region = 1U, .regions = { [0] = { - (uint32_t)&__flash1_base__, (uint32_t)&__flash1_end__, false + {(uint8_t *)&__flash1_base__, (size_t)&__flash1_size__}, false }, [1] = { - (uint32_t)&__ram1_base__, (uint32_t)&__ram1_end__, true + {(uint8_t *)&__ram1_base__, (size_t)&__ram1_size__}, true } }, .stdin_stream = (SandboxStream *)&LPSD1, @@ -51,10 +51,10 @@ static const sb_config_t sb_config2 = { .data_region = 1U, .regions = { [0] = { - (uint32_t)&__flash2_base__, (uint32_t)&__flash2_end__, false + {(uint8_t *)&__flash2_base__, (size_t)&__flash2_size__}, false }, [1] = { - (uint32_t)&__ram2_base__, (uint32_t)&__ram2_end__, true + {(uint8_t *)&__ram2_base__, (size_t)&__ram2_size__}, true } }, .stdin_stream = (SandboxStream *)&LPSD1, diff --git a/os/sb/host/sb.h b/os/sb/host/sb.h index df8b82c3c..d6d3412c5 100644 --- a/os/sb/host/sb.h +++ b/os/sb/host/sb.h @@ -49,7 +49,7 @@ /** * @brief Safety Extensions version string. */ -#define CH_SB_VERSION "2.0.0" +#define CH_SB_VERSION "2.1.0" /** * @brief Safety Extensions version major number. @@ -59,7 +59,7 @@ /** * @brief Safety Extensions version minor number. */ -#define CH_SB_MINOR 0 +#define CH_SB_MINOR 1 /** * @brief Safety Extensions version patch number. @@ -109,6 +109,10 @@ #error "SandBox requires CH_CFG_INTERVALS_SIZE == 32" #endif +#if CH_CFG_USE_MEMCHECKS == FALSE +#error "SandBox requires CH_CFG_USE_MEMCHECKS == TRUE" +#endif + #if PORT_USE_SYSCALL == FALSE #error "SandBox requires PORT_USE_SYSCALL == TRUE" #endif diff --git a/os/sb/host/sbhost.c b/os/sb/host/sbhost.c index 6bd8d61ea..d861f61a2 100644 --- a/os/sb/host/sbhost.c +++ b/os/sb/host/sbhost.c @@ -61,8 +61,7 @@ bool sb_is_valid_read_range(sb_class_t *sbcp, const void *start, size_t size) { const sb_memory_region_t *rp = &sbcp->config->regions[0]; do { - if (((uint32_t)start >= rp->base) && ((uint32_t)start < rp->end) && - (size <= ((size_t)rp->base - (size_t)start))) { + if (chMemIsAreaContainedX(&rp->area, start, size)) { return true; } rp++; @@ -75,8 +74,7 @@ bool sb_is_valid_write_range(sb_class_t *sbcp, void *start, size_t size) { const sb_memory_region_t *rp = &sbcp->config->regions[0]; do { - if (((uint32_t)start >= rp->base) && ((uint32_t)start < rp->end) && - (size <= ((size_t)rp->base - (size_t)start))) { + if (chMemIsAreaContainedX(&rp->area, start, size)) { return rp->writeable; } rp++; @@ -119,7 +117,7 @@ thread_t *sbStartThread(sb_class_t *sbcp, const sb_config_t *config, const sb_header_t *sbhp; /* Header location.*/ - sbhp = (const sb_header_t *)config->regions[config->code_region].base; + sbhp = (const sb_header_t *)(void *)config->regions[config->code_region].area.base; /* Checking header magic numbers.*/ if ((sbhp->hdr_magic1 != SB_MAGIC1) || (sbhp->hdr_magic2 != SB_MAGIC2)) { @@ -139,9 +137,10 @@ thread_t *sbStartThread(sb_class_t *sbcp, const sb_config_t *config, .wbase = (stkalign_t *)wsp, .wend = (stkalign_t *)wsp + (size / sizeof (stkalign_t)), .prio = prio, - .u_pc = (config->regions[config->code_region].base + - sizeof (sb_header_t)) | 1U, - .u_psp = config->regions[config->data_region].end, + .u_pc = (uint32_t)(config->regions[config->code_region].area.base + + sizeof (sb_header_t)) | 1U, + .u_psp = (uint32_t)(config->regions[config->data_region].area.base + + config->regions[config->data_region].area.size), .arg = (void *)sbcp }; #if PORT_SWITCHED_REGIONS_NUMBER > 0 diff --git a/os/sb/host/sbhost.h b/os/sb/host/sbhost.h index 59fae8109..3e33e3483 100644 --- a/os/sb/host/sbhost.h +++ b/os/sb/host/sbhost.h @@ -72,15 +72,9 @@ typedef struct { */ typedef struct { /** - * @brief Memory range base. - * @note Zero if not used. + * @brief Associated memory area. */ - uint32_t base; - /** - * @brief Memory range end (non inclusive). - * @note Zero if not used. - */ - uint32_t end; + memory_region_t area; /** * @brief Writable memory range. */