target: fix destabilising target-spec-json by davidtwco · Pull Request #151534 · rust-lang/rust
* Add SDK platform abstractions: sync, cache, DMA, VFPU math, audio mixer, framebuffer, memory Push reusable platform infrastructure into the SDK so every project benefits: - psp::sync — Extract SpinMutex from debug.rs, add SpinRwLock, SPSC ring buffer, UncachedBox<T> - psp::cache — Type-safe CachedPtr/UncachedPtr with flush/invalidate conversions - psp::me::MeExecutor — High-level ME task submission with poll/wait and shared uncached state - psp::dma — DmaTransfer handle with memcpy_dma/vram_blit_dma and sceDmac syscall bindings - psp::simd — VFPU-accelerated Vec4/Mat4 math, color ops, easing functions - psp::audio_mixer — Multi-channel PCM mixer with volume/panning/fade - psp::framebuffer — DoubleBuffer, DirtyRect tracking, LayerCompositor - psp::mem — Typed partition allocators (Partition2Alloc/Partition3Alloc) preventing ME pointer misuse Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add Phase 2 SDK abstractions: io, thread, input, time + Phase 1 bugfixes Bugfixes: - Fix MeExecutor::submit() race condition by storing real_task/real_arg in dedicated MeSharedState fields instead of double-writing boot_params - Fix audio_mixer volume mixing i32 overflow by using i64 intermediates - Document sceDmacMemcpy synchronous behavior in dma.rs - Remove unnecessary blanket #![allow(unsafe_op_in_unsafe_fn)] from simd.rs New modules: - psp::io - File (RAII), ReadDir iterator, read_to_vec, write_bytes, stat, create_dir, remove_file, remove_dir, rename - psp::thread - ThreadBuilder, JoinHandle, spawn() with closure trampoline, sleep_ms, current_thread_id - psp::input - Controller with press/release detection, analog deadzone - psp::time - Instant, Duration, DateTime, FrameTimer Enhanced modules: - psp::sync - Add Semaphore and EventFlag kernel primitive wrappers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add Phase 3 SDK abstractions: display, power, audio, dialog, net, wlan, callback + bugfixes Code review fixes: - Wrap thread trampoline in catch_unwind for panic safety - Simplify DmaTransfer to DmaResult (remove fake async API) - Add #[repr(C, align(64))] to MeSharedState for cache coherency - Document DoubleBuffer::new() init requirement - Add vec4_length and vec4_distance to VFPU simd module New SDK modules: - psp::display - vblank sync, framebuffer get/set - psp::power - clock control, battery info, AC detection - psp::audio - AudioChannel with RAII reserve/release - psp::callback - one-call exit callback setup - psp::dialog - blocking message/confirm/error dialogs - psp::wlan - WiFi hardware status - psp::net - init/term, AP connect, TcpStream, UdpSocket, DNS resolve Update examples to use new SDK modules: - clock-speed, file-io, time, wlan, audio-tone, msg-dialog Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add Phase 4 SDK abstractions: gu_ext, timer, usb, config, image, font + power extensions New modules: - psp::gu_ext — GU state snapshot/restore, 2D setup, SpriteVertex, SpriteBatch - psp::timer — Alarm (one-shot closure trampoline) and VTimer (RAII wrapper) - psp::usb — USB bus control and UsbStorageMode (RAII mass storage) - psp::config — Binary key-value config persistence (RCFG format) - psp::image — Hardware JPEG decode (sceJpeg*) and software BMP 24/32-bit decode - psp::font — FontLib, Font, FontRenderer with VRAM glyph atlas (PsmT8 + CLUT) Extended: - psp::power — on_power_event (RAII callback), prevent_sleep, prevent_display_off Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add 6 SDK showcase examples and expand README Platform SDK docs New examples demonstrating Phase 1-4 SDK modules: thread-sync (SpinMutex + spawn), input-analog (Controller deadzone), config-save (RCFG format), timer-alarm (Alarm + VTimer), net-http (WiFi + TcpStream), system-font (FontLib + FontRenderer + GU). README revised: "High-Level Utilities" replaced with comprehensive "Platform SDK" section (30+ modules in 9 domain categories), examples table updated with 6 new entries, structure description updated. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add Phase 5 SDK hardening: soundness fixes, correctness improvements, 6 new modules Critical soundness fixes: UncachedBox Drop now calls drop_in_place, SpscQueue Drop drains remaining items, PartitionAlloc tracks initialization state to prevent UB on uninit Drop, Alarm restructured with AtomicU8 state machine to eliminate interrupt-context allocation and TOCTOU race between Drop and trampoline. Medium correctness fixes: JoinHandle::join returns thread exit status, dialog/connect_ap polling timeouts, config serialize overflow checks, power callback cleanup on failure, callback registration error check, audio mixer volume saturation, glyph atlas eviction bounds, SpriteBatch dcache flush, sleep_ms overflow protection, removed dead mixer code. Low-priority improvements: cached tick resolution const, deprecated enable_home_button, Default impls, null-termination asserts, doc fixes, remapf division-by-zero guard. New modules: psp::http (RAII HTTP client), psp::mp3 (hardware MP3 decoder), psp::osk (on-screen keyboard), psp::rtc (extended RTC operations), psp::savedata (system save/load dialog), psp::system_param (system settings). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Replace deprecated enable_home_button() with setup_exit_callback() across all examples, add 4 new SDK examples Migrate all 26 existing examples from the deprecated psp::enable_home_button() to psp::callback::setup_exit_callback().unwrap(). Add 4 new examples showcasing Phase 5 SDK modules: http-client (psp::http), savedata (psp::savedata), osk-input (psp::osk), and rtc-sysinfo (psp::rtc + psp::system_param). Update README code snippets and examples table accordingly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix CI: add -Zjson-target-spec for newer nightly toolchains Post-January 2026 nightly builds destabilized custom JSON target specs (rust-lang/rust#151534), requiring an explicit -Zjson-target-spec flag when passing a .json path to cargo --target. Without this, cargo-psp fails with "`.json` target specs require -Zjson-target-spec" in CI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix soundness and correctness issues from AI code review - audio.rs: Validate buffer length in safe output_blocking/output_blocking_panning functions to prevent out-of-bounds reads by the PSP audio hardware. Store AudioFormat on AudioChannel to compute required buffer size. - audio_mixer.rs: Fix fade_out/fade_in duration capping at 256 frames by switching fade_level/fade_step to 16.16 fixed-point arithmetic, allowing accurate fades of any duration. - power.rs: Delete callback UID via sceKernelDeleteCallback on drop to prevent kernel resource leaks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix CI: add pre-checkout cleanup to all workflow jobs The gemini-review, codex-review, agent-review-response, agent-failure-handler (pr-validation.yml) and create-release (main-ci.yml) jobs were missing pre-checkout cleanup. When the ci job runs Docker containers that create root-owned files in outputs/, subsequent jobs fail with EACCES when actions/checkout tries to clean the workspace. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: address AI review feedback (iteration 2) Automated fix by Claude in response to Gemini/Codex review. Iteration: 2/5 Co-Authored-By: AI Review Agent <noreply@anthropic.com> * fix: address AI review feedback (iteration 3) - Fix JoinHandle::drop double-free: check thread completion via sceKernelWaitThreadEnd before deciding whether to free the closure. Previously, dropping an unjoined handle for a thread that already finished would double-free the closure (trampoline freed it, then drop freed it again). - Fix audio mixer 1-sample silence gap on loop: remove `continue` after resetting position to 0, so the current output frame reads from position 0 instead of being skipped. - Replace unsafe transmute with TryFromPrimitive in system_param: language(), date_format(), and time_format() now use safe try_from() conversion instead of transmute, preventing UB if firmware returns an unexpected enum value. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: eliminate JoinHandle double-free race via shared ThreadPayload Replace the raw closure pointer with a ThreadPayload struct containing the closure and an AtomicBool flag. The trampoline sets the flag after consuming the closure, and Drop checks it after terminating the thread. This eliminates the race where a thread finishes between the zero-timeout wait check and sceKernelTerminateDeleteThread, which previously caused a double-free. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: validate thread name null termination in spawn_inner Both Gemini and Codex flagged that safe code could pass a non-null-terminated byte slice to sceKernelCreateThread, causing the kernel to read past the buffer. Add validation that name ends with \0 before proceeding. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: validate stereo buffer length parity in submit_samples Reject odd-length buffers in submit_samples to prevent an out-of-bounds panic when the mixing loop reads stereo pairs (L,R) from a looping channel that wraps around on a buffer with non-even length. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: AI Agent Bot <ai-agent@localhost> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: AI Review Agent <ai-review-agent@localhost>