uVisor: Update to v0.20.0-alpha

This release brings the support of Keil RTX with uVisor on mbed OS, plus
several other improvements.

**New features**

* Integration in Keil RTX in mbed OS.
* Secure dynamic allocation APIs.
* Box initialization routines.
* Register gateway.
* vMPU recovery generalized for both Kinetis and ARMv7-M MPUs.
* APIs for per-box interrupts disablement and re-enablement.

**Work in progress**

* Remote Procedure Call (RPC). New API signatures have been published.
* The alpha-level implementation will follow soon.

**Deprecated features**

* Secure gateway. Cross-box communication will be implemented with RPC
* gateways.

**Bugfixes**

* Several ARMv7-M-specific bug fixes.
* Fixed a bug that sent the device into lock-up after a hard fault.
* Fixed checks on revision numbers for Cortex-M devices.

**Miscellaneous improvements**

* Optimized memory protection for ARMv7-M devices with shared SRAM.
* Build artifacts are grouped into the target/build
* option/configuration-specific folder.
* Documents have been grouped into API vs. core documents.
* Improved style and consistency.

Author: AlessandroA

features/FEATURE_UVISOR/README.md

@@ -2,13 +2,13 @@
 
 This guide will help you get started with uVisor on mbed OS by walking you through creating a sample application for the NXP FRDM-K64F board.
 
-The uVisor provides sandboxed environments and resources protection for applications built for ARM Cortex-M3 and Cortex-M4 devices. Here we will show you how to enable the uVisor and configure a secure box to get hold of some exclusive resources (memory, peripherals, interrupts). For more information on the uVisor design philosophy, please check out our the uVisor [introductory document](../README.md).
+The uVisor provides sandboxed environments and resources protection for applications built for ARM Cortex-M3 and Cortex-M4 devices. Here we will show you how to enable the uVisor and configure a secure box to get hold of some exclusive resources (memory, peripherals, interrupts). For more information on the uVisor design philosophy, please check out our the uVisor [introductory document](../../README.md).
 
 ## Overview
 
 To get a basic `blinky` application running on mbed OS with uVisor enabled, you will need the following:
 
-* A platform and a toolchain supported by uVisor on mbed OS. You can verify this on [the official list](../README.md#supported-platforms). Please note that uVisor might support some platform internally, but not on mbed OS. Generally this means that the porting process has only been partially completed. If you want to port your platform to uVisor and enable it on mbed OS, please follow the [uVisor porting guide](PORTING.md).
+* A platform and a toolchain supported by uVisor on mbed OS. You can verify this on [the official list](../../README.md#supported-platforms). Please note that uVisor might support some platform internally, but not on mbed OS. Generally this means that the porting process has only been partially completed. If you want to port your platform to uVisor and enable it on mbed OS, please follow the [uVisor Porting Guide for mbed OS](../core/PORTING.md).
 * git. It will be used to download the mbed codebase.
 * The mbed command-line tools, mbed-cli. You can run `pip install mbed-cli` to install them.
 
@@ -292,7 +292,7 @@ A few things to note in the code above:
 
 Compile the application again, re-flash the device, and press the reset button. The device LED should be blinking as in the previous case.
 
-If you don't see the LED blinking, it means that the application halted somewhere, probably because uVisor captured a fault. You can setup the uVisor debug messages to see if there is any problem. Follow the [Debugging uVisor](DEBUGGING.md) document for a step-by-step guide.
+If you don't see the LED blinking, it means that the application halted somewhere, probably because uVisor captured a fault. You can setup the uVisor debug messages to see if there is any problem. Follow the [Debugging uVisor on mbed OS](DEBUGGING.md) document for a step-by-step guide.
 
 If the LED is blinking, it means that the app is running fine. If you now press the `SW2` button on the NXP FRDM-K64F board, the `private_timer_button_on_press` function will be executed, printing the values in the timer buffer. You can observe these values by opening a serial port connection to the device, with a baud rate of 9600. When the print is completed, you should see the LED blinking again.
 
@@ -313,8 +313,8 @@ In this guide we showed you how to:
 
 You can now modify the example or create a new one to protect your resources into a secure box. You might find the following resources useful:
 
-* [The uVisor API documentation](API.md)
-* [Debugging uVisor](DEBUGGING.md)
+* [uVisor API documentation](API.md)
+* [Debugging uVisor on mbed OS](DEBUGGING.md)
 
 If you found any bug or inconsistency in this guide, please [raise an issue](https://github.com/ARMmbed/uvisor/issues/new).
 
@@ -354,7 +354,7 @@ NVIC_EnableIRQ(MY_IRQ);
 
 > **Note**: In this model a call to `NVIC_SetVector` must always happen before an IRQ state is changed. In platforms that don't relocate the interrupt vector table such a call might be originally absent and must be added to work with uVisor.
 
-For more information on the uVisor APIs, checkout the [uVisor APIs documentation](API.md).
+For more information on the uVisor APIs, checkout the [uVisor API documentation](API.md) document.
 
 ### The *main box* ACLs
 
@@ -371,13 +371,13 @@ static const UvisorBoxAclItem g_main_box_acls[] = {
 }
 ```
 
-You now need to compile your application using uVisor in debug mode. This operation requires some more advanced steps, which are described in detail in the [Debugging uVisor](DEBUGGING.md) document. The main idea is that you compile the application in debug mode:
+You now need to compile your application using uVisor in debug mode. This operation requires some more advanced steps, which are described in detail in the [Debugging uVisor on mbed OS](DEBUGGING.md) document. The main idea is that you compile the application in debug mode:
 
 ```bash
 $ mbed compile -m K64F_SECURE -t GCC_ARM -o "debug-info"
 ```
 
-and then use a GDB-compatible interface to flash the device, enable semihosting, and access the uVisor debug messages. Please read the [Debugging uVisor](DEBUGGING.md) document for the detailed instructions.
+and then use a GDB-compatible interface to flash the device, enable semihosting, and access the uVisor debug messages. Please read the [Debugging uVisor on mbed OS](DEBUGGING.md) document for the detailed instructions.
 
 Once the uVisor debug messages are enabled, you will see you application fail. The failure is due to the first missing ACL being hit by the main box code. The message will look like:
 

features/FEATURE_UVISOR/includes/uvisor/api/inc/register_gateway.h

@@ -73,7 +73,7 @@
 #define uvisor_read(box_name, shared, addr, op, msk) \
     ({ \
         /* Instanstiate the gateway. This gets resolved at link-time. */ \
-        __attribute__((aligned(4))) static TRegisterGateway const register_gateway = { \
+        UVISOR_ALIGN(4) static TRegisterGateway const register_gateway = { \
             .svc_opcode = UVISOR_SVC_OPCODE(UVISOR_SVC_ID_REGISTER_GATEWAY), \
             .branch     = BRANCH_OPCODE(__UVISOR_OFFSETOF(TRegisterGateway, branch), \
                                         __UVISOR_OFFSETOF(TRegisterGateway, bxlr)), \
@@ -119,7 +119,7 @@
 #define uvisor_write(box_name, shared, addr, val, op, msk) \
     { \
         /* Instanstiate the gateway. This gets resolved at link-time. */ \
-        __attribute__((aligned(4))) static TRegisterGateway const register_gateway = { \
+        UVISOR_ALIGN(4) static TRegisterGateway const register_gateway = { \
             .svc_opcode = UVISOR_SVC_OPCODE(UVISOR_SVC_ID_REGISTER_GATEWAY), \
             .branch     = BRANCH_OPCODE(__UVISOR_OFFSETOF(TRegisterGateway, branch), \
                                         __UVISOR_OFFSETOF(TRegisterGateway, bxlr)), \

features/FEATURE_UVISOR/includes/uvisor/api/inc/register_gateway_exports.h

@@ -47,7 +47,7 @@ typedef struct {
     uint32_t mask;
     uint16_t operation;
     uint16_t bxlr;
-} UVISOR_PACKED __attribute__((aligned(4))) TRegisterGateway;
+} UVISOR_PACKED UVISOR_ALIGN(4) TRegisterGateway;
 
 /** Register gateway operation - Masks
  * @internal

features/FEATURE_UVISOR/includes/uvisor/api/inc/uvisor-lib.h

@@ -32,6 +32,8 @@
 #include "api/inc/error.h"
 #include "api/inc/interrupts.h"
 #include "api/inc/register_gateway.h"
+#include "api/inc/rpc.h"
+#include "api/inc/rpc_gateway.h"
 #include "api/inc/secure_access.h"
 
 #else /* defined(UVISOR_PRESENT) && UVISOR_PRESENT == 1 */
@@ -55,6 +57,7 @@ UVISOR_EXTERN int uvisor_lib_init(void);
 #include "api/inc/export_table_exports.h"
 #include "api/inc/halt_exports.h"
 #include "api/inc/register_gateway_exports.h"
+#include "api/inc/rpc_gateway_exports.h"
 #include "api/inc/svc_exports.h"
 #include "api/inc/priv_sys_irq_hook_exports.h"
 #include "api/inc/unvic_exports.h"

features/FEATURE_UVISOR/includes/uvisor/api/inc/uvisor_exports.h

@@ -29,19 +29,36 @@
 #define UVISOR_EXTERN extern
 #endif/*__CPP__*/
 
+/** Extern C block macros
+ *
+ * Use these macros to disable name mangling in C++. Use these macros instead
+ * of UVISOR_EXTERN when you also need to initialize the object. C++ compilers
+ * warn when initializing an object declared as `extern`. Use of these macros
+ * enables the defining of global non-name-mangled symbols in C++ without
+ * affecting C code (which doesn't ever name mangle).  */
+#ifdef  __cplusplus
+#define UVISOR_EXTERN_C_BEGIN extern "C" {
+#define UVISOR_EXTERN_C_END }
+#else
+#define UVISOR_EXTERN_C_BEGIN
+#define UVISOR_EXTERN_C_END
+#endif
+
 /* asm keyword */
 #ifndef asm
 #define asm __asm__
 #endif
 
 /* Shared compiler attributes */
 #if defined(__ICCARM__)
+#define UVISOR_ALIGN(x)    __align(x)
 #define UVISOR_FORCEINLINE inline
 #define UVISOR_PACKED      __packed
 #define UVISOR_WEAK        __weak
 #define UVISOR_NORETURN    __noreturn
 #define UVISOR_RAMFUNC     __ramfunc
 #else
+#define UVISOR_ALIGN(x)    __attribute__((aligned(x)))
 #define UVISOR_FORCEINLINE inline __attribute__((always_inline))
 #define UVISOR_PACKED      __attribute__((packed))
 #define UVISOR_WEAK        __attribute__((weak))
@@ -52,6 +69,15 @@
 /* array count macro */
 #define UVISOR_ARRAY_COUNT(x) (sizeof(x)/sizeof(x[0]))
 
+/** Static Assertion Macro
+ *
+ * This macro works from both inside and outside function scope.
+ *
+ * FIXME This is currently not implemented. This issue is tracked at
+ * https://github.com/ARMmbed/uvisor/issues/288
+ */
+#define UVISOR_STATIC_ASSERT(cond, msg)
+
 /* convert macro argument to string */
 /* note: this needs one level of indirection, accomplished with the helper macro
  *       __UVISOR_TO_STRING */