When mirror_log_to_vga is enabled, the log messages (usually the Warn log message that the task exited with some value) will overshadow the most recent terminal prompt after a command is run, and the user has to type a character for a new prompt to show up

@snoword there's a potentially major bug in ap_realmode, line 134. The linker throws a warning (it should probably be an error) because you're comparing a byte to the value 600, which is too large to fit in a byte. You should use the proper type, not byte but maybe a word? I dunno how big it is.

There is residue from Kevin's original version like: # "lib" does the same thing I think

Originally reported by: Kevin Boos (Bitbucket: kevinaboos, GitHub: kevinaboos)

https://doc.rust-lang.org/log/log/index.html#use-with-no_std

Rust's log crate supports no_std, we should utilize it and use set_raw_logger() to write to serial port.

• Bitbucket: https://bitbucket.org/kevinaboos/theseus-os/issue/1

the task_handler function could use a rewrite, it's a mess and a bit hard to read.
Some points for improvement:

• way too many nested conditionals.
• current_task_id is dangerous, and unnecessarily slow. Instead of keeping current_task_id as an integer, simply keep a current_task_ref or something, which is of type Option<TaskRef>. That's much cleaner, and cannot fail when getting the current task.
• line spacing is clustered, hard to read. Indentation isn't proper.

Create another heap that will immediately (atomically) allocate and return memory. This is basically similar to the Linux kernel's notion of kmalloc GFP_ATOMIC.

The key type of AtomicMap is fine (but could probably be changed to a reference for get() and get_mut()).

However, the value type of AtomicMap should be required to be marked Sync + Send, because it's not protected by anything. That is, the value should be wrapped in a thread-safe wrapper like Mutex or RwLock or Once, or should be another atomic type itself.

This applies to the TSS, GDT, and LOCAL_APICS lists. Here are the proposed fixes:

• TSS: modified on every context switch, so it should be wrapped in Mutex.

• GDT: created just one time and then never changed, so it should be wrapped in Once.

• LOCAL_APICS: modified sometimes, but read often, so probably should be wrapped in RwLock? Unsure, needs further investigation/consideration.

the page fault occurs in switch_to(). Haven't yet found why it occurs, but it is very consistent. Here is the output:

EXCEPTION: PAGE FAULT while accessing 0x8
error code: CAUSED_BY_WRITE
ExceptionStackFrame {
    instruction_pointer: 0xffffffff80108a01,
    code_segment: 8,
    cpu_flags: 0x2,
    stack_pointer: 0xffffffff80154018,
    stack_segment: 16
}

We should also find out which commit caused this to occur, and then diff it with the next one. Who wants to do some differential debugging?

When typing a command in the terminal, if you make a typo and need to change it, the backspace key works, but using the arrows to move the cursor left and right doesn't work. The cursor will indeed move, and the text on the screen will change, but the recorded command string does not change.

Example sequence to reproduce problem:

1. Type helto (typo)
2. Press the left arrow twice, cursor is now on t
3. Type l to overwrite the t
4. Press enter
5. it tries to run the command helto anyways, and fails.

✔️ The ls app has redundant code that has been copy-pasted for two identical cases: when the path is specified, and when there is no path specified. Condense those into one case.

✔️ All file creation should accept a &DirRef rather than a WeakDirRef. This eliminates the potential error of not being able to upgrade the weak ref to the parent.

✔️ Don't use the return keyword at the end of a function, that violates Rust's style conventions.

✔️ TaskFiles are never actually created. Mmi files are pretty worthless at the moment.

I understand Theseus has a flat modular architecture but that does not mean we should have a flat organization of the code. Can we create a hierarchy to organize the modules?

terminal task ("default_terminal") is adversely affecting the performance on whatever core it spawns on, preventing other tasks from running. possibly from holding irqsafe locks

In the Makefile, if the usb option is a partition and sdc4, the image will be written to it and the booting will fail.
Check if the option is a usb device directory.

DMA address is according to this: http://wiki.osdev.org/Brendan%27s_Memory_Management_Guide

Basically in the AreaFrameAllocator, we need to exclude physical memory areas below 0x1000000 from being given to a frame.

Note: this is likely only necessary for ISA DMA, not the PCI Busmastering DMA that we will use for the ATA IDE disk.

The allocator places fragmented (free) chunks in the back of the FREE_PAGE_LIST. However, it leaves allocated chucks (allocated == true) in the same place where the chunks are found.

This makes memory allocation slow because the allocator needs to skip the allocated chunks to find a free chunk.

Specifically, memory::allocate_pages() is related.

It's been deprecated, see here: Amanieu/hashmap_core#8

ext2 outline in Rust: https://github.com/gz/rust-ext2/blob/master/src/lib.rs

Example here: bitflags/bitflags#180

This can primarily be used for EntryFlags in places where we need a const-defined flag bitfield.

Currently, spawn_userspace does the bulk of the work in creating the address space and loading/mapping the modules/programs into the new space. That means that the kernel thread calling spawn_userspace does a lot of the work and incurs huge delays calling that function; instead, it should be a very quick call. Then, in the userspace_wrapper, most of the work should be done by that actual task, not the task that invoked spawn_userspace.

This needs to be done for spawn_kthread and kthread_wrapper as well, though those are less critical because they don't result in an address table switch.

When building with the mirror_serial feature enabled, the entering a command at the Terminal prompt locks up the entire machine!

To enable this feature for the make run target, add this line to your makefile:

run : export RUST_FEATURES = --manifest-path "captain/Cargo.toml" --features "mirror_serial"

right above the run target:

run: $(iso) 
	@qemu-img resize random_data2.img 100K
	qemu-system-x86_64 $(QEMU_FLAGS)

Then run make clean and make run again.

Previously we have been using rustc --features (RUSTC_FEATURES) from the Makefile to specify which conditional compilation options we want. However, this has the massive downside of only allowing ONE single feature to be used across the entire OS, which is obviously insufficient for any amount of complicated configuration beyond setting one option in one crate.

Instead, we should use custom config tokens, e.g., cargo:rustc-cfg=kevin in the build.rs script. This allows any crate to use any number of config options, and isn't private to one crate. We can have one build.rs script that is used by all crates in the entire workspace.
Then, in the actual rust crate code, we can specify something like:

#[cfg(kevin)]
debug!("'kevin' cfg option enabled");

In this way, the build.rs script basically acts as a configuration choice tool.

As discussed here: #93 (comment)

The unwrap_or(default) and ok_or(default) functions are used ubiquitously, but they eagerly evaluate the default value, even when the actual value is Some or Ok. That's bad, and really wasteful.

Instead, we should convert them to unwrap_or_else(|| closure) and ok_or_else(|| closure), because the closures that provide the default value are not eagerly evaluated; they are only lazily evaluated if the original value was None or Err.

Add deallocation, reallocation in place, etc.

Or, adopt an existing no_std allocator, such as alloc_buddy_simple

Right now, the makefiles that recursively invoke other makefiles nested in subdirectories do so without each subdirectory target being a dependency for the parent target. This causes every makefile to run every time, which is slow when cross-compiling with Xargo, or with the cargo build --release option.

Instead, we should make each subdirectory a dependency of a target, such that if the subdirectory hasn't changed, it won't be rebuilt.

the as_*_mut() functions check for writable flags, so the as_func() function should check that the underlying mapping is executable (on x86, that'd consist of checking that the NO_EXEC flag is not set).

They must be split, because like the kernel_stack_allocator, the kernel_vmas should have a single instance created once and then shared globally via an Arc<Mutex<vmas_list>>. User vmas are separate because they are not shared among all tasks.

Although, considering future usage, to allow multiple "thread" Tasks to share an address space, it might be a good idea to put each Task's MMI's user_stack_allocator and user_vmas in an Option<Arc<Mutex< >>>.

If I set
KERNEL_HEAP_INITIAL_SIZE = KERNEL_HEAP_MAX_SIZE (512 GiB)

on Qemu, I get an error reading "FATAL ERROR: AreaFrameAllocator: out of physical memory!!!", but when I run this on the server a few of the beginning debug messages are printed and then the system restarts. No error message is printed out.

Currently, to find missing symbols, we look for a containing crate name at the beginning of the symbol. This is done in the get_symbol_or_load() function and uses the get_containing_crate_name() function to determine the containing crate.

However, this doesn't always work, especially for generic functions whose specialized implementation will exist in another crate rather than in the crate that provides the generic definition.
For example, when running in debug mode (BUILD_MODE = debug), any application that relies on the getopts crate doesn't work. This is because the symbol "<core::slice::Iter<'a, T> as core::iter::traits::iterator::Iterator>::next::h6515c23f1fa80efe" actually exists in the getopts crate as a monomorphized generic implementation, but our get_containing_crate_name()-based heuristic looks for it in the core crate instead, and thus fails to find it.

We can solve this by using dependency information to narrow the search space of potential crates that may contain the symbol (I think Min Hong's compiler analysis tool already produces similar information). For example, the ls application depends on that above symbol in getopts, so we can pass that dependency info into Theseus at runtime in order to tell the crate manager to load getopts instead of core to fulfill the dependency on that symbol. This dependency info could either be crate-level or it could be symbol-level, in which we generate at build time a map of symbols to containing crate. This could be done for all symbols (which would be a huge huge map) or for only generic symbols, or in general, symbols that do not start with the name of their containing crate.

For example, if there's an error in the captain::init function, then a panic is returned and the idle task is killed, meaning that the shutdown error message will not be shown.

We should avoid killing idle tasks for now. Not sure of a long-term solution.

The log crate is overly simple and has reached its limit within Theseus. We need a more robust logging facility, and I think the slog crate is a better choice.

Though not necessary, it'd be nice to preserve compatibility with the existing log crate, since some crates have an optional feature that can use the log crate to print debugging info (such as smoltcp).

Heap allocations are horribly expensive right now because the Heap acquires an Irq-safe Mutex lock, which disables interrupts for the duration of a heap allocation.

We should switch to a lock-free implementation of the heap, such that interrupts can remain enabled.

Currently if a function accesses data beyond its thread's stack, it will result in a page fault, which is good. However, for less experienced users, these page faults are hard to debug and result in frustration.

Thus, we should keep a list of all kernel stacks allocated so we can know if the failing address access (cr2 value) is just outside of a stack, perhaps by a single page. So if a stack goes from 0xB_0000 to 0xC_0000 and we get a page fault trying to access 0xC0100 or something, we know it's a stack problem and can give a better exception message in the page fault handler.

On Lin's Mac, it failed at the linking stage. See below. Might be quite easy to resolve?

ld -n -T kernel/nano_core/src/boot/arch_x86_64/linker_higher_half.ld -o build/nano_core/nano_core-x86_64.bin build/nano_core/boot/x86_64/ap_boot.o build/nano_core/boot/x86_64/ap_realmode.o build/nano_core/boot/x86_64/boot.o build/nano_core/boot/x86_64/common.o build/nano_core/boot/x86_64/multiboot_header.o target/x86_64-theseus/release/libnano_core.a
ld: unknown option: -n

Relevant transcript of an IRC chat I had with the cargo team:

[13:49:54] Hi all, I know that you can set exact version dependencies with something like spin = "=0.4.5". Is there a way to globally specify that all dependencies should be exact, even if the Cargo.toml file doesn't state that they are?
[13:56:41] kevinaboos: Basically, you want spin = "0.4.5" to resolve to the minimum compatible version instead of the maximum compatible version by default?
[13:57:29] If you have one dependency that requires spin = "0.4.5" and another that requires spin = "0.4.4" do you want it to fail, or choose the minumum version that satisfies both?
[13:58:52] kevinaboos: Anyway, on nightly you can try the experimental cargo -Z minimal-versions update
[13:59:10] kevinaboos: Out of curiousity, what's your use case?
[13:59:39] mbrubeck: thanks, I had previously ran the minimal-versions command, and while that did work, I was wondering if there was a way to specify it as part of the build command.
[13:59:42] <-- pcwalton ([email protected]) has quit (Quit: My MacBook has gone to sleep. ZZZzzz…)
[14:00:49] kevinaboos: cargo -Z minimal-versions build should also work, but note that build will only do version resolution if there isn't already a Cargo.lock
[14:01:08] If I have a dependency of 0.4.4 and 0.4.5, I'd just want both of them to behave as if I specified "=0.4.4" and "=0.4.5"
[14:01:22] kevinaboos: Okay, so then it would fail to build
[14:01:32] There's no built-in way to do that, as far as I know.
[14:01:34] why would that fail to build?
[14:01:57] I'm able to use multiple versions of different dependencies across different crates, so why would that cause a problem?
[14:02:22] You can't link spin 0.4.4 and spin 0.4.5 into the same Cargo project. You can only link multiple versions if they are "incompatible" (i.e. the first non-zero component is unequal)
[14:02:49] Yes, these are in different crates though, sorry if I misspoke there.
[14:03:24] Okay, but if your crate depends on "A" which depends on spin "0.4.4" and also on "B" which depends on spin "0.4.5"
[14:03:35] Cargo has to choose a single version to satisfy both of those dependencies
[14:03:41] I see
[14:04:05] By default it chooses the maximum version that is compatible with both (spin 0.4.9)
[14:04:20] With the minimal-versions option, it should choose the minimum version that is compatible with both (spin 0.4.5)
[14:04:33] Okay thanks very much. It seems like the answer you mentioned above would work, where I add the minimal-versions argument in the build command, but I just have make sure to remove the Cargo.lock files first.
[14:04:52] kevinaboos: What's your use case, by the way?
[14:05:33] It's mostly a personnel issue, where other developers are the project aren't good about using exact dependencies like "=0.4.5"
[14:05:58] Why do you need to use exact dependencies, instead of using Cargo.lock for reproducible builds?
[14:06:41] oh wait
[14:07:28] do you mean that I can provide my Cargo.lock file for everyone else to use, and they'll get the same versions that my system chose to use when I built it?
[14:07:33] Yes
[14:07:46] I thought Cargo.lock files were system-local, and shouldn't be included in a repository
[14:07:55] This is why the default for binary crates is for Cargo.lock to be included in the repository
[14:08:41] (For library crates the default is not to check in Cargo.lock, since ultimately the Cargo.lock for the binary is what will matter for consumers)
[14:08:54] I see, all of my crates are lib, but since I'm generally using virtual workspaces, I have just a few Cargo.lock files. So I think in this case it would be safe to include them.
[14:09:26] Okay, but is it safe to include my Cargo.lock files even in lib crates?
[14:09:34] Yes, it's safe
[14:09:57] oh wow. Okay, I didn't realize they worked in that fashion. That's a game changer for us, thanks!
[14:10:00] And it will mean that people who build your lib directly (not as a dependency) will do it with all the same package versions as you
[14:10:29] Hmm, okay, I think it will still work.
[14:10:31] But note that it has no effect on "downstream" projects that use your lib as a dependency; they will get the versions specified in their own Cargo.lock files
[14:10:53] Right
[14:13:13] mbrubeck: Correct me if I'm wrong, but it sounds like it will work for this specific setup: I have one virtual workspace called "kernel" that consists of about 50 crates, and they all use a single Cargo.lock file. Since I build that "kernel" project once (and then link it myself), there wouldn't be any downstream projects that depend upon it. So, building the library itself is the downstream project, so pushing that kernel/Cargo.lock file should work as you describe?
[14:13:29] Right
[14:13:44] Okay, fantastic! Thank you very much.
[14:14:11] I've spent the last year fighting these version updates (since I'm on a specific version of Rust nightly), so this is big news. :)

Use the FS segment register on x86_64. First start with just storing the current task id there, and then move on towards storing the actual current TaskRef there. This allows us to instantly look up the current task without having to query the TASKLIST, which becomes a bottleneck when there are thousands of Tasks.

Then, after that's working, we can add true support for arbitrary thread-local storage. It could potentially be inside the Task struct, or elsewhere.

Discussion here: https://wiki.osdev.org/Thread_Local_Storage

• Basic FS_BASE or GS_BASE support for custom usage, e.g., TaskLocalData.
• Support for #[thread_local] attribute in statically-linked base kernel image
• Support for #[thread_local] attribute in dynamically-loaded/linked crate object files
• Theseus-specific implementation of thread_local!() macro, à la the Rust std lib

Originally reported by: Kevin Boos (Bitbucket: kevinaboos, GitHub: kevinaboos)

Right now we just stipulate as third-party knowledge that code in an interrupt context should not hold a lock. However, this isn't always possible (e.g., context switching).

Thus, we should use an intelligent lock that disables interrupts while it is held (obviously for very short-lived operations only) such that it can be guaranteed that the lock will be released safely without causing deadlock if another interrupt occurs while it's held.

See: HeldInterrupts in Tifflin OS

• Bitbucket: https://bitbucket.org/kevinaboos/theseus-os/issue/3

Populate the grub.cfg file automatically based on the modules in the grub isofiles directory, which come from the userspace directory right now.

Should also move the grub.cfg out of the arch-specific file.

Right now the design of ApplicationTaskBuilder in the spawn crate requires it to maintain a redundant copy of each of the possible options that are also available in the KernelTaskBuilder. This is a bad design that makes it easy to forget to update the options (member variables) in both Builders, opening us up to application tasks and regular tasks not having the same options when being built.

More common when mirror to log is enabled

This is the smallest piece of code needed to replicate a double fault error. The problem arises when converting timestamp, an i64 variable, to f64. If you set timestamp to be u64 before converting, then the double fault does not appear.

The DF also only arises when you print timestamp to the screen, or if you do operations with it and print those variables, so the problem may be with the println! macro

#![no_std]
#![feature(slice_concat_ext)]

#[macro_use] extern crate terminal_print;
extern crate http_client;

use http_client::{millis_since};


#[no_mangle]
fn main() {

    let startup_time: u64 = 9000000000000; //this can be any u64 value

    let timestamp = match millis_since(startup_time) {
                Ok(time) => time as i64,
                Err(err) => return println!("couldn't get timestamp:{}", err),
            };

    // it's during this conversion of timestamp from i64 to f64 that the double fault occurs
    println!("timestamp:{}", timestamp as f64);
    
}   

“be clean” and “foolproof code” are just good practice that should be applied everywhere.
“Good abstraction” should be made more specific like “Nobody needs to read your code”. It is more than good abstraction.

I suggest we separate general good practice from Theseus-specific principles. I can think of two specific principles: "Handle all Errors" and "Nobody should read your code"

Backspace works, but not delete.

Currently we are using the following type defs in memory/mod.rs:

pub type VirtualAddress = usize;
pub type PhysicalAddress = usize;

These typedefs can lead to type confusion, which won't allow the compiler to check for a VirtualAddress being used where a PhysicalAddress should be used, and vice versa.

Instead, we should use type wrappers (as provided by the x86_64 crate), to strictly enforce when a VirtualAddress or PhysicalAddress is needed. They look like this:

pub struct VirtualAddress(pub usize);
pub struct PhysicalAddress(pub usize);

Originally reported by: Kevin Boos (Bitbucket: kevinaboos, GitHub: kevinaboos)

Instead of locking the vga buffer on the main thread and writing directly into it, we need to use a different thread for the vga buffer with a queue that displays data on the screen. This is basically a console driver... so we could combine it with that.

• Bitbucket: https://bitbucket.org/kevinaboos/theseus-os/issue/5

PageIter should be PageRange, same for frames. It's clearer, and we can use the underlying RangeInclusive type rather than our own custom start/end/contains logic.

They can still implement Iterator though, just like Ranges do.

Right now we send separate TLB shootdown IPIs (actually NMIs) for every individual Page in the entire range of Pages covered by a MappedPages object.

This is extremely slow and stupid; instead, we should batch them together and send a single IPI for a whole range of VirtualAddresses that should be flushed from the TLB.

It should smoothly shut down the OS, not hang in the page fault handler. Probably something to do with the logger cleanup routine (or maybe something in rust_main() finally going out of scope) but who knows for sure.

Expose all static crate variables as sysfs-style entries, to aid in debugging and analysis of program states.
Inspired by Cristiano Giuffrida's PeekFS (which I cannot find any public references to).

We can parse the debug_ sections of each object file and then use the DWARF DIE trees to get the string name of the variable symbol and it's type. And based on the sysfs directory we're in, we'll know which crate to look it.

Speaking of, the sysfs root will have a namespaces directory, which will have all of the CrateNamespaces, and each CrateNamespace has a list of LoadedCrates. In each LoadedCrate, there is a list of LoadedSections, each of which will comprise another directory.

Finally, in each LoadedCrate, there will be a directory for every static variable defined in that crate. Within each variable's directory, there will be a debug__ and display__ file that you can cat to invoke the Display or Debug traits implementations for that variable type.

Stretch goal: show the variable type's struct members as subdirectories in the variable's directory, so we can recurse into each member to further explore the struct. This should be do-able since we'll know what the type of the struct is; though we might not be able to read the struct definition directly (unless it's in the Dwarf debug sections somewhere?).