Comtrol eCos User Manual

Kernel Overview

2. Because the final application will not suffer any overheads, it is reasonable for the system to do more work

during the development process. In particular the various assertions can test for more error conditions and
more complicated errors. When an error is detected it is possible to give a text message describing the error
rather than just return an error code.

3. There is no need for application programmers to handle error codes returned by various kernel function calls.

This simplifies the application code.

4. If an error is detected then an assertion failure will be reported immediately and the application will be halted.

There is no possibility of an error condition being ignored because application code did not check for an error
code.

Although none of the kernel functions return an error code, many of them do return a status condition. For example
the function

cyg_semaphore_timed_wait

waits until either an event has been posted to a semaphore, or until a

certain number of clock ticks have occurred. Usually the calling code will need to know whether the wait operation
succeeded or whether a timeout occurred.

cyg_semaphore_timed_wait

returns a boolean: a return value of zero

or false indicates a timeout, a non-zero return value indicates that the wait succeeded.

In conventional APIs one common error conditions is lack of memory. For example the POSIX function

pthread_create

usually has to allocate some memory dynamically for the thread stack and other per-thread

data. If the target hardware does not have enough memory to meet all demands, or more commonly if the
application contains a memory leak, then there may not be enough memory available and the function call would
fail. The eCos kernel avoids such problems by never performing any dynamic memory allocation. Instead it is the
responsibility of the application code to provide all the memory required for kernel data structures and other
needs. In the case of

cyg_thread_create

this means a cyg_thread data structure to hold the thread details, and a

char array for the thread stack.

In many applications this approach results in all data structures being allocated statically rather than dynamically.
This has several advantages. If the application is in fact too large for the target hardware’s memory then there will
be an error at link-time rather than at run-time, making the problem much easier to diagnose. Static allocation
does not involve any of the usual overheads associated with dynamic allocation, for example there is no need to
keep track of the various free blocks in the system, and it may be possible to eliminate

malloc

from the system

completely. Problems such as fragmentation and memory leaks cannot occur if all data is allocated statically.
However, some applications are sufficiently complicated that dynamic memory allocation is required, and the
various kernel functions do not distinguish between statically and dynamically allocated memory. It still remains
the responsibility of the calling code to ensure that sufficient memory is available, and passing null pointers to the
kernel will result in assertions or system failure.

34