Implement a mutex.

Removes a bunch of static mut stuff. Does require the BIOS to implement compare-and-swap for us, because the CPU might not have it.

Ran out of code space so I had to make the memory allocations larger. I think we now no-longer fit on a Neotron 32.

Author: thejpster

Cargo.lock

@@ -41,7 +41,7 @@ panic = "abort"
 panic = "abort"
 
 [dependencies]
-neotron-common-bios = "0.10"
+neotron-common-bios = { version = "0.11.0-alpha", git = "https://github.com/neotron-compute/neotron-common-bios", branch = "extra-functions" }
 pc-keyboard = "0.7"
 r0 = "1.0"
 heapless = "0.7"

Cargo.toml

@@ -22,7 +22,7 @@
 MEMORY
 {
     /* The first 128 KiB is for the BIOS. We get the rest. */
-    FLASH (rx)  : ORIGIN = 0x00020000, LENGTH = 128K
+    FLASH (rx)  : ORIGIN = 0x00020000, LENGTH = 256K
     /*
      * We get the bottom 4KB of RAM. Anything above that is for applications
      * (up to wherever the BIOS tells us we can use.)

neotron-flash-0002.ld

@@ -22,7 +22,7 @@
 MEMORY
 {
     /* The first 128 KiB is for the BIOS. We get the rest. */
-    FLASH (rx)  : ORIGIN = 0x08020000, LENGTH = 128K
+    FLASH (rx)  : ORIGIN = 0x08020000, LENGTH = 256K
     /*
      * We get the bottom 4KB of RAM. Anything above that is for applications
      * (up to wherever the BIOS tells us we can use.)

neotron-flash-0802.ld

@@ -22,7 +22,7 @@
 MEMORY
 {
     /* The first 128 KiB is for the BIOS. We get the rest. */
-    FLASH (rx)  : ORIGIN = 0x10020000, LENGTH = 128K
+    FLASH (rx)  : ORIGIN = 0x10020000, LENGTH = 256K
 
     /*
      * The RAM reserved for the OS. Above this is the Transient Program Area.

neotron-flash-1002.ld

@@ -15,7 +15,7 @@ pub static KBTEST_ITEM: menu::Item<Ctx> = menu::Item {
 fn kbtest(_menu: &menu::Menu<Ctx>, _item: &menu::Item<Ctx>, _args: &[&str], _ctx: &mut Ctx) {
     osprintln!("Press ESC to quit");
     loop {
-        if let Some(ev) = unsafe { crate::STD_INPUT.get_raw() } {
+        if let Some(ev) = crate::STD_INPUT.lock().get_raw() {
             osprintln!("Event: {ev:?}");
             if ev == pc_keyboard::DecodedKey::RawKey(pc_keyboard::KeyCode::Escape)
                 || ev == pc_keyboard::DecodedKey::Unicode('\u{001b}')

src/commands/input.rs

@@ -42,14 +42,16 @@ pub static MANDEL_ITEM: menu::Item<Ctx> = menu::Item {
 
 /// Called when the "clear" command is executed.
 fn clear(_menu: &menu::Menu<Ctx>, _item: &menu::Item<Ctx>, _args: &[&str], _ctx: &mut Ctx) {
-    if let Some(ref mut console) = unsafe { &mut VGA_CONSOLE } {
-        console.clear();
+    let mut guard = VGA_CONSOLE.try_lock().unwrap();
+    if let Some(vga_console) = guard.as_mut() {
+        vga_console.clear();
     }
 }
 
 /// Called when the "fill" command is executed.
 fn fill(_menu: &menu::Menu<Ctx>, _item: &menu::Item<Ctx>, _args: &[&str], _ctx: &mut Ctx) {
-    if let Some(ref mut console) = unsafe { &mut VGA_CONSOLE } {
+    let mut guard = VGA_CONSOLE.try_lock().unwrap();
+    if let Some(console) = guard.as_mut() {
         console.clear();
         let api = API.get();
         let mode = (api.video_get_mode)();
@@ -91,7 +93,8 @@ fn fill(_menu: &menu::Menu<Ctx>, _item: &menu::Item<Ctx>, _args: &[&str], _ctx:
 /// Called when the "bench" command is executed.
 fn bench(_menu: &menu::Menu<Ctx>, _item: &menu::Item<Ctx>, _args: &[&str], _ctx: &mut Ctx) {
     const NUM_CHARS: u64 = 1_000_000;
-    if let Some(ref mut console) = unsafe { &mut VGA_CONSOLE } {
+    let mut guard = VGA_CONSOLE.try_lock().unwrap();
+    if let Some(console) = guard.as_mut() {
         let api = API.get();
         let start = (api.time_ticks_get)();
         console.clear();

src/commands/screen.rs

@@ -13,15 +13,18 @@
 // ===========================================================================
 
 use core::sync::atomic::{AtomicBool, Ordering};
+
 use neotron_common_bios as bios;
 
 mod commands;
 mod config;
 mod fs;
 mod program;
+mod refcell;
 mod vgaconsole;
 
 pub use config::Config as OsConfig;
+use refcell::CsRefCell;
 
 // ===========================================================================
 // Global Variables
@@ -37,18 +40,18 @@ const SECONDS_BETWEEN_UNIX_AND_NEOTRON_EPOCH: i64 = 946684800;
 static API: Api = Api::new();
 
 /// We store our VGA console here.
-static mut VGA_CONSOLE: Option<vgaconsole::VgaConsole> = None;
+static VGA_CONSOLE: CsRefCell<Option<vgaconsole::VgaConsole>> = CsRefCell::new(None);
 
 /// We store our VGA console here.
-static mut SERIAL_CONSOLE: Option<SerialConsole> = None;
+static SERIAL_CONSOLE: CsRefCell<Option<SerialConsole>> = CsRefCell::new(None);
 
 /// Note if we are panicking right now.
 ///
 /// If so, don't panic if a serial write fails.
 static IS_PANIC: AtomicBool = AtomicBool::new(false);
 
 /// Our keyboard controller
-static mut STD_INPUT: StdInput = StdInput::new();
+static STD_INPUT: CsRefCell<StdInput> = CsRefCell::new(StdInput::new());
 
 struct StdInput {
     keyboard: pc_keyboard::EventDecoder<pc_keyboard::layouts::AnyLayout>,
@@ -170,16 +173,20 @@ impl StdInput {
 #[macro_export]
 macro_rules! osprint {
     ($($arg:tt)*) => {
-        if let Some(ref mut console) = unsafe { &mut $crate::VGA_CONSOLE } {
-            #[allow(unused)]
-            use core::fmt::Write as _;
-            write!(console, $($arg)*).unwrap();
-        }
-        if let Some(ref mut console) = unsafe { &mut $crate::SERIAL_CONSOLE } {
-            #[allow(unused)]
-            use core::fmt::Write as _;
-            write!(console, $($arg)*).unwrap();
-        }
+        crate::VGA_CONSOLE.with(|guard| {
+            if let Some(console) = guard.as_mut() {
+                #[allow(unused)]
+                use core::fmt::Write as _;
+                write!(console, $($arg)*).unwrap();
+            }
+        }).unwrap();
+        crate::SERIAL_CONSOLE.with(|guard| {
+            if let Some(console) = guard.as_mut() {
+                #[allow(unused)]
+                use core::fmt::Write as _;
+                write!(console, $($arg)*).unwrap();
+            }
+        }).unwrap();
     };
 }
 
@@ -366,16 +373,17 @@ pub extern "C" fn os_main(api: &bios::Api) -> ! {
                 height as isize,
             );
             vga.clear();
-            unsafe {
-                VGA_CONSOLE = Some(vga);
-            }
+            let mut guard = VGA_CONSOLE.try_lock().unwrap();
+            *guard = Some(vga);
+            drop(guard);
             osprintln!("\u{001b}[0mConfigured VGA console {}x{}", width, height);
         }
     }
 
     if let Some((idx, serial_config)) = config.get_serial_console() {
         let _ignored = (api.serial_configure)(idx, serial_config);
-        unsafe { SERIAL_CONSOLE = Some(SerialConsole(idx)) };
+        let mut guard = SERIAL_CONSOLE.try_lock().unwrap();
+        *guard = Some(SerialConsole(idx));
         osprintln!("Configured Serial console on Serial {}", idx);
     }
 
@@ -421,7 +429,7 @@ pub extern "C" fn os_main(api: &bios::Api) -> ! {
 
     loop {
         let mut buffer = [0u8; 16];
-        let count = unsafe { STD_INPUT.get_data(&mut buffer) };
+        let count = { STD_INPUT.lock().get_data(&mut buffer) };
         for b in &buffer[0..count] {
             menu.input_byte(*b);
         }

src/lib.rs

@@ -319,10 +319,12 @@ extern "C" fn api_write(
     buffer: neotron_api::FfiByteSlice,
 ) -> neotron_api::Result<()> {
     if fd == neotron_api::file::Handle::new_stdout() {
-        if let Some(ref mut console) = unsafe { &mut crate::VGA_CONSOLE } {
+        let mut guard = crate::VGA_CONSOLE.try_lock().unwrap();
+        if let Some(console) = guard.as_mut() {
             console.write_bstr(buffer.as_slice());
         }
-        if let Some(ref mut console) = unsafe { &mut crate::SERIAL_CONSOLE } {
+        let mut guard = crate::SERIAL_CONSOLE.try_lock().unwrap();
+        if let Some(console) = guard.as_mut() {
             if let Err(_e) = console.write_bstr(buffer.as_slice()) {
                 return neotron_api::Result::Err(neotron_api::Error::DeviceSpecific);
             }
@@ -342,7 +344,7 @@ extern "C" fn api_read(
 ) -> neotron_api::Result<usize> {
     if fd == neotron_api::file::Handle::new_stdin() {
         if let Some(buffer) = buffer.as_mut_slice() {
-            let count = unsafe { crate::STD_INPUT.get_data(buffer) };
+            let count = { crate::STD_INPUT.lock().get_data(buffer) };
             Ok(count).into()
         } else {
             neotron_api::Result::Err(neotron_api::Error::DeviceSpecific)

src/program.rs

@@ -0,0 +1,156 @@
+//! # RefCells for Neotron OS.
+//!
+//! Like the `RefCell` in the standard library, except that it's thread-safe
+//! and uses the BIOS critical section to make it so.
+
+// ===========================================================================
+// Modules and Imports
+// ===========================================================================
+
+use core::{
+    cell::UnsafeCell,
+    ops::{Deref, DerefMut},
+    sync::atomic::{AtomicBool, Ordering},
+};
+
+// ===========================================================================
+// Global Variables
+// ===========================================================================
+
+// None
+
+// ===========================================================================
+// Macros
+// ===========================================================================
+
+// None
+
+// ===========================================================================
+// Public types
+// ===========================================================================
+
+/// Indicates a failure to lock the refcell because it was already locked.
+#[derive(Debug)]
+pub struct LockError;
+
+/// A cell that gives you references, and is thread-safe.
+///
+/// Uses the BIOS to ensure thread-safety whilst checking if the lock is taken
+/// or not.
+pub struct CsRefCell<T> {
+    inner: UnsafeCell<T>,
+    locked: AtomicBool,
+}
+
+impl<T> CsRefCell<T> {
+    /// Create a new cell.
+    pub const fn new(value: T) -> CsRefCell<T> {
+        CsRefCell {
+            inner: UnsafeCell::new(value),
+            locked: AtomicBool::new(false),
+        }
+    }
+
+    /// Try and do something with the lock.
+    pub fn with<F, U>(&self, f: F) -> Result<U, LockError>
+    where
+        F: FnOnce(&mut CsRefCellGuard<T>) -> U,
+    {
+        let mut guard = self.try_lock()?;
+        let result = f(&mut guard);
+        drop(guard);
+        Ok(result)
+    }
+
+    /// Lock the cell.
+    ///
+    /// If you can't lock it (because it is already locked), this function will panic.
+    pub fn lock(&self) -> CsRefCellGuard<T> {
+        self.try_lock().unwrap()
+    }
+
+    /// Try and grab the lock.
+    ///
+    /// It'll fail if it's already been taken.
+    ///
+    /// It'll panic if the global lock is in a bad state, or you try and
+    /// re-enter this function from an interrupt whilst the global lock is held.
+    /// Don't do that.
+    pub fn try_lock(&self) -> Result<CsRefCellGuard<T>, LockError> {
+        let api = crate::API.get();
+
+        if (api.compare_and_swap_bool)(&self.locked, false, true) {
+            // succesfully swapped `false` for `true`
+            core::sync::atomic::fence(Ordering::Acquire);
+            Ok(CsRefCellGuard { parent: self })
+        } else {
+            // cell is already locked
+            Err(LockError)
+        }
+    }
+}
+
+/// Mark our type as thread-safe.
+///
+/// # Safety
+///
+/// We use the BIOS critical sections to control access to the global lock, and
+/// refcell locks are only tested whilst holding the global lock. Thus it is now
+/// thread-safe.
+unsafe impl<T> Sync for CsRefCell<T> {}
+
+/// Represents an active borrow of a [`CsRefCell`].
+pub struct CsRefCellGuard<'a, T> {
+    parent: &'a CsRefCell<T>,
+}
+
+impl<'a, T> Deref for CsRefCellGuard<'a, T> {
+    type Target = T;
+
+    fn deref(&self) -> &Self::Target {
+        let ptr = self.parent.inner.get();
+        unsafe { &*ptr }
+    }
+}
+
+impl<'a, T> DerefMut for CsRefCellGuard<'a, T> {
+    fn deref_mut(&mut self) -> &mut Self::Target {
+        let ptr = self.parent.inner.get();
+        unsafe { &mut *ptr }
+    }
+}
+
+impl<'a, T> Drop for CsRefCellGuard<'a, T> {
+    fn drop(&mut self) {
+        // We hold this refcell guard exclusively, so this can't race
+        self.parent.locked.store(false, Ordering::Release);
+    }
+}
+
+// ===========================================================================
+// Private types
+// ===========================================================================
+
+// None
+
+// ===========================================================================
+// Private functions
+// ===========================================================================
+
+// None
+
+// ===========================================================================
+// Public functions
+// ===========================================================================
+
+// None
+
+// ===========================================================================
+// Tests
+// ===========================================================================
+
+// None
+
+// ===========================================================================
+// End of file
+// ===========================================================================