zephyr: sys::sync: move semaphores into their own module

In preparation for adding more synchronization primitives, move the
Semaphore implementation into its own module.  There is enough stuff
associated with each primitive that it can be confusing if they are not
in their own modules.

Signed-off-by: David Brown <[email protected]>

Author: d3zd3z

zephyr/src/sys/sync.rs

@@ -30,117 +30,16 @@
 //! Later, there will be a pool mechanism to allow these kernel objects to be allocated and freed
 //! from a pool, although the objects will still be statically allocated.
 
-use core::ffi::c_uint;
-use core::fmt;
-
-use crate::{
-    error::{Result, to_result_void},
-    object::{StaticKernelObject, Wrapped},
-    raw::{
-        k_sem,
-        k_sem_init,
-        k_sem_take,
-        k_sem_give,
-        k_sem_reset,
-        k_sem_count_get,
-    },
-    time::Timeout,
+pub mod mutex;
+pub mod semaphore;
+
+pub use mutex::{
+    Condvar,
+    StaticCondvar,
+    Mutex,
+    StaticMutex,
+};
+pub use semaphore::{
+    Semaphore,
+    StaticSemaphore,
 };
-
-pub use crate::raw::K_SEM_MAX_LIMIT;
-
-/// A zephyr `k_sem` usable from safe Rust code.
-#[derive(Clone)]
-pub struct Semaphore {
-    /// The raw Zephyr `k_sem`.
-    item: *mut k_sem,
-}
-
-/// By nature, Semaphores are both Sync and Send.  Safety is handled by the underlying Zephyr
-/// implementation (which is why Clone is also implemented).
-unsafe impl Sync for Semaphore {}
-unsafe impl Send for Semaphore {}
-
-impl Semaphore {
-    /// Take a semaphore.
-    ///
-    /// Can be called from ISR if called with [`NoWait`].
-    ///
-    /// [`NoWait`]: crate::time::NoWait
-    pub fn take<T>(&self, timeout: T) -> Result<()>
-        where T: Into<Timeout>,
-    {
-        let timeout: Timeout = timeout.into();
-        let ret = unsafe {
-            k_sem_take(self.item, timeout.0)
-        };
-        to_result_void(ret)
-    }
-
-    /// Give a semaphore.
-    ///
-    /// This routine gives to the semaphore, unless the semaphore is already at its maximum
-    /// permitted count.
-    pub fn give(&self) {
-        unsafe {
-            k_sem_give(self.item)
-        }
-    }
-
-    /// Resets a semaphor's count to zero.
-    ///
-    /// This resets the count to zero.  Any outstanding [`take`] calls will be aborted with
-    /// `Error(EAGAIN)`.
-    ///
-    /// [`take`]: Self::take
-    pub fn reset(&mut self) {
-        unsafe {
-            k_sem_reset(self.item)
-        }
-    }
-
-    /// Get a semaphore's count.
-    ///
-    /// Returns the current count.
-    pub fn count_get(&mut self) -> usize {
-        unsafe {
-            k_sem_count_get(self.item) as usize
-        }
-    }
-}
-
-/// A static Zephyr `k_sem`.
-///
-/// This is intended to be used from within the `kobj_define!` macro.  It declares a static ksem
-/// that will be properly registered with the Zephyr kernel object system.  Call [`init_once`] to
-/// get the [`Semaphore`] that is represents.
-///
-/// [`init_once`]: StaticKernelObject::init_once
-pub type StaticSemaphore = StaticKernelObject<k_sem>;
-
-unsafe impl Sync for StaticSemaphore {}
-
-impl Wrapped for StaticKernelObject<k_sem> {
-    type T = Semaphore;
-
-    /// The initializer for Semaphores is the initial count, and the count limit (which can be
-    /// K_SEM_MAX_LIMIT, re-exported here.
-    type I = (c_uint, c_uint);
-
-    // TODO: Thoughts about how to give parameters to the initialzation.
-    fn get_wrapped(&self, arg: Self::I) -> Semaphore {
-        let ptr = self.value.get();
-        unsafe {
-            k_sem_init(ptr, arg.0, arg.1);
-        }
-        Semaphore {
-            item: ptr,
-        }
-    }
-}
-
-impl fmt::Debug for Semaphore {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "sys::Semaphore")
-    }
-}

zephyr/src/sys/sync/mutex.rs

@@ -0,0 +1,185 @@
+// Copyright (c) 2024 Linaro LTD
+// SPDX-License-Identifier: Apache-2.0
+
+//! Zephyr `k_mutex` wrapper.
+//!
+//! This module implements a thing wrapper around the `k_mutex` type in Zephyr.  It works with the
+//! kernel [`object`] system, to allow the mutexes to be defined statically.
+//!
+//! [`object`]: crate::object
+
+use core::fmt;
+use crate::{
+    error::{Result, to_result_void},
+    raw::{
+        k_condvar,
+        k_condvar_init,
+        k_condvar_broadcast,
+        k_condvar_signal,
+        k_condvar_wait,
+        k_mutex,
+        k_mutex_init,
+        k_mutex_lock,
+        k_mutex_unlock,
+    },
+    time::Timeout,
+};
+use crate::object::{
+    StaticKernelObject,
+    Wrapped,
+};
+use crate::sys::K_FOREVER;
+
+/// A Zephyr `k_mutux` usable from safe Rust code.
+///
+/// This merely wraps a pointer to the kernel object.  It implements clone, send and sync as it is
+/// safe to have multiple instances of these, as well as use them across multiple threads.
+///
+/// Note that these are Safe in the sense that memory safety is guaranteed.  Attempts to
+/// recursively lock, or incorrect nesting can easily result in deadlock.
+///
+/// Safety: Typically, the Mutex type in Rust does not implement Clone, and must be shared between
+/// threads using Arc.  However, these sys Mutexes are wrappers around static kernel objects, and
+/// Drop doesn't make sense for them.  In addition, Arc requires alloc, and one possible place to
+/// make use of the sys Mutex is to be able to do so in an environment without alloc.
+///
+/// This mutex type of only of limited use to application programs.  It can be used as a simple
+/// binary semaphore, although it has strict semantics, requiring the release to be called by the
+/// same thread that called lock.  It can be used to protect data that Rust itself is either not
+/// managing, or is managing in an unsafe way.
+///
+/// For a Mutex type that is useful in a Rust type of manner, please see the regular [`sync::Mutex`]
+/// type.
+///
+/// [`sync::Mutex`]: http://example.com/TODO
+#[derive(Clone)]
+pub struct Mutex {
+    /// The raw Zephyr mutex.
+    item: *mut k_mutex,
+}
+
+impl Mutex {
+    /// Lock a Zephyr Mutex.
+    ///
+    /// Will wait for the lock, returning status, with `Ok(())` indicating the lock has been
+    /// acquired, and an error indicating a timeout (Zephyr returns different errors depending on
+    /// the reason).
+    pub fn lock<T>(&self, timeout: T) -> Result<()>
+        where T: Into<Timeout>,
+    {
+        let timeout: Timeout = timeout.into();
+        to_result_void(unsafe { k_mutex_lock(self.item, timeout.0) })
+    }
+
+    /// Unlock a Zephyr Mutex.
+    ///
+    /// The mutex must already be locked by the calling thread.  Mutexes may not be unlocked in
+    /// ISRs.
+    pub unsafe fn unlock(&self) -> Result<()> {
+        to_result_void(unsafe { k_mutex_unlock(self.item) })
+    }
+}
+
+
+/// A static Zephyr `k_mutex`
+///
+/// This is intended to be used from within the `kobj_define!` macro.  It declares a static
+/// `k_mutex` that will be properly registered with the Zephyr object system.  Call [`init_once`] to
+/// get the [`Mutex`] that it represents.
+///
+/// [`init_once`]: StaticMutex::init_once
+pub type StaticMutex = StaticKernelObject<k_mutex>;
+
+// Sync and Send are meaningful, as the underlying Zephyr API can use these values from any thread.
+// Care must be taken to use these in a safe manner.
+unsafe impl Sync for StaticMutex {}
+unsafe impl Send for StaticMutex {}
+
+impl Wrapped for StaticKernelObject<k_mutex> {
+    type T = Mutex;
+
+    /// Mutex initializers take no argument.
+    type I = ();
+
+    fn get_wrapped(&self, _arg: Self::I) -> Mutex {
+        let ptr = self.value.get();
+        unsafe {
+            k_mutex_init(ptr);
+        }
+        Mutex { 
+            item: ptr,
+        }
+    }
+}
+
+impl fmt::Debug for Mutex {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "sys::Mutex {:?}", self.item)
+    }
+}
+
+/// A Condition Variable
+///
+/// Lightweight wrappers for Zephyr's `k_condvar`.
+#[derive(Clone)]
+pub struct Condvar {
+    /// The underlying `k_condvar`.
+    item: *mut k_condvar,
+}
+
+#[doc(hidden)]
+pub type StaticCondvar = StaticKernelObject<k_condvar>;
+
+unsafe impl Sync for StaticKernelObject<k_condvar> { }
+
+unsafe impl Sync for Condvar {}
+unsafe impl Send for Condvar {}
+
+impl Condvar {
+    /// Wait for someone else using this mutex/condvar pair to notify.
+    ///
+    /// Note that this requires the lock to be held by use, but as this is a low-level binding to
+    /// Zephyr's interfaces, this is not enforced.  See [`sync::Condvar`] for a safer and easier to
+    /// use interface.
+    ///
+    /// [`sync::Condvar`]: http://www.example.com/TODO
+    // /// [`sync::Condvar`]: crate::sync::Condvar
+    pub fn wait(&self, lock: &Mutex) {
+        unsafe { k_condvar_wait(self.item, lock.item, K_FOREVER); }
+    }
+
+    // TODO: timeout.
+
+    /// Wake a single thread waiting on this condition variable.
+    pub fn notify_one(&self) {
+        unsafe { k_condvar_signal(self.item); }
+    }
+
+    /// Wake all threads waiting on this condition variable.
+    pub fn notify_all(&self) {
+        unsafe { k_condvar_broadcast(self.item); }
+    }
+}
+
+impl fmt::Debug for Condvar {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "sys::Condvar {:?}", self.item)
+    }
+}
+
+impl Wrapped for StaticCondvar {
+    type T = Condvar;
+
+    /// Condvar initializers take no argument.
+    type I = ();
+
+    fn get_wrapped(&self, _arg: Self::I) -> Condvar {
+        let ptr = self.value.get();
+        unsafe {
+            k_condvar_init(ptr);
+        }
+        Condvar {
+            item: ptr,
+        }
+    }
+}