NuttX TODO List (Last updated August 22, 2017)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This file summarizes known NuttX bugs, limitations, inconsistencies with
standards, things that could be improved, and ideas for enhancements.  This
TODO list does not include issues associated with individual boar ports. See
also the individual README.txt files in the configs/ sub-directories for
issues related to each board port.

nuttx/:

 (12)  Task/Scheduler (sched/)
  (1)  SMP
  (1)  Memory Management (mm/)
  (0)  Power Management (drivers/pm)
  (3)  Signals (sched/signal, arch/)
  (4)  pthreads (sched/pthread)
  (0)  Message Queues (sched/mqueue)
  (8)  Kernel/Protected Build
  (3)  C++ Support
  (6)  Binary loaders (binfmt/)
 (16)  Network (net/, drivers/net)
  (4)  USB (drivers/usbdev, drivers/usbhost)
  (0)  Other drivers (drivers/)
 (13)  Libraries (libc/, libm/)
 (10)  File system/Generic drivers (fs/, drivers/)
 (10)  Graphics Subsystem (graphics/)
  (2)  Build system / Toolchains
  (3)  Linux/Cywgin simulation (arch/sim)
  (4)  ARM (arch/arm/)

apps/ and other Add-Ons:

  (2)  Network Utilities (apps/netutils/)
  (1)  NuttShell (NSH) (apps/nshlib)
  (1)  System libraries apps/system (apps/system)
  (1)  Modbus (apps/modbus)
  (1)  Pascal add-on (pcode/)
  (4)  Other Applications & Tests (apps/examples/)

o Task/Scheduler (sched/)
  ^^^^^^^^^^^^^^^^^^^^^^^

  Title:       CHILD PTHREAD TERMINATION
  Description: When a tasks exits, shouldn't all of its child pthreads also be
               terminated?
  Status:      Closed.  No, this behavior will not be implemented.
  Priority:    Medium, required for good emulation of process/pthread model.
               The current behavior allows for the main thread of a task to
               exit() and any child pthreads will perist.  That does raise
               some issues:  The main thread is treated much like just-another-
               pthread but must follow the semantics of a task or a process.
               That results in some inconsistencies (for example, with robust
               mutexes, what should happen if the main thread exits while
               holding a mutex?)

  Title:       pause() NON-COMPLIANCE
  Description: In the POSIX description of this function the pause() function
               must suspend the calling thread until delivery of a signal whose
               action is either to execute a signal-catching function or to
               terminate the process.  The current implementation only waits for
               any non-blocked signal to be received.  It should only wake up if
               the signal is delivered to a handler.
  Status:      Open.
  Priority:    Medium Low.

  Title:       ON-DEMAND PAGING INCOMPLETE
  Description: On-demand paging has recently been incorporated into the RTOS.
               The design of this feature is described here:
               http://www.nuttx.org/NuttXDemandPaging.html.
               As of this writing, the basic feature implementation is
               complete and much of the logic has been verified.  The test
               harness for the feature exists only for the NXP LPC3131 (see
               configs/ea3131/pgnsh and locked directories).  There are
               some limitations of this testing so I still cannot say that
               the feature is fully functional.
  Status:      Open.  This has been put on the shelf for some time.
  Priority:    Medium-Low

  Title:       GET_ENVIRON_PTR()
  Description: get_environ_ptr() (sched/sched_getenvironptr.c) is not implemented.
               The representation of the environment strings selected for
               NuttX is not compatible with the operation.  Some significant
               re-design would be required to implement this function and that
               effort is thought to be not worth the result.
  Status:      Open.  No change is planned.
  Priority:    Low -- There is no plan to implement this.

  Title:       TIMER_GETOVERRUN()
  Description: timer_getoverrun() (sched/timer_getoverrun.c) is not implemented.
  Status:      Open
  Priority:    Low -- There is no plan to implement this.

  Title:       INCOMPATIBILITIES WITH execv() AND execl()
  Description: Simplified 'execl()' and 'execv()' functions are provided by
               NuttX.  NuttX does not support processes and hence the concept
               of overlaying a tasks process image with a new process image
               does not make any sense.  In NuttX, these functions are
               wrapper functions that:

               1. Call the non-standard binfmt function 'exec', and then
               2. exit(0).

               As a result, the current implementations of 'execl()' and
               'execv()' suffer from some incompatibilities, the most
               serious of these is that the exec'ed task will not have
               the same task ID as the vfork'ed function.  So the parent
               function cannot know the ID of the exec'ed task.
  Status:      Open
  Priority:    Medium Low for now

  Title:       ISSUES WITH atexit(), on_exit(), AND pthread_cleanup_pop()
  Description: These functions execute with the following bad properties:

               1. They run with interrupts disabled,
               2. They run in supervisor mode (if applicable), and
               3. They do not obey any setup of PIC or address
                  environments. Do they need to?
               4. In the case of task_delete() and pthread_cancel() without
                  defferred cancellation, these callbacks will run on the
                  thread of execution and address context of the caller of
                  task_delete() or pthread_cancel().  That is very bad!

               The fix for all of these issues it to have the callbacks
               run on the caller's thread as is currently done with
               signal handlers.  Signals are delivered differently in
               PROTECTED and KERNEL modes:  The deliver is involes a
               signal handling trampoline function in the user address
               space and two signal handlers:  One to call the signal
               handler trampoline in user mode (SYS_signal_handler) and
               on in with the signal handler trampoline to return to
               supervisor mode (SYS_signal_handler_return)

               The primary difference is in the location of the signal
               handling trampoline:

               - In PROTECTED mode, there is on a single user space blob
                 with a header at the beginning of the block (at a well-
                 known location.  There is a pointer to the signal handler
                 trampoline function in that header.
               - In the KERNEL mode, a special process signal handler
                 trampoline is used at a well-known location in every
                 process address space (ARCH_DATA_RESERVE->ar_sigtramp).
  Status:      Open
  Priority:    Medium Low.  This is an important change to some less
               important interfaces.  For the average user, these
               functions are just fine the way they are.

  Title:       execv() AND vfork()
  Description: There is a problem when vfork() calls execv() (or execl()) to
               start a new application:  When the parent thread calls vfork()
               it receives and gets the pid of the vforked task, and *not*
               the pid of the desired execv'ed application.

               The same tasking arrangement is used by the standard function
               posix_spawn().  However, posix_spawn uses the non-standard, internal
               NuttX interface task_reparent() to replace the child's parent task
               with the caller of posix_spawn().  That cannot be done with vfork()
               because we don't know what vfork() is going to do.

               Any solution to this is either very difficult or impossible without
               an MMU.
  Status:      Open
  Priority:    Low (it might as well be low since it isn't going to be fixed).

  Title:       errno IS NOT SHARED AMONG THREADS
  Description: In NuttX, the errno value is unique for each thread.  But for
               bug-for-bug compatibility, the same errno should be shared by
               the task and each thread that it creates.  It is *very* easy
               to make this change:  Just move the pterrno field from
               struct tcb_s to struct task_group_s.   However, I am still not
               sure if this should be done or not.
  Status:      Closed.  The existing solution is better (although its
               incompatibilities could show up in porting some code).
  Priority:    Low

  Title:       SCALABILITY
  Description: Task control information is retained in simple lists.  This
               is completely appropriate for small embedded systems where
               the number of tasks, N, is relatively small.  Most list
               operations are O(N).  This could become an issue if N gets
               very large.

               In that case, these simple lists should be replaced with
               something more performant such as a balanced tree in the
               case of ordered lists.  Fortunately, most internal lists are
               hidden behind simple accessor functions and so the internal
               data structures can be changed if need with very little impact.

               Explicitly reference to the list structure are hidden behind
               the macro this_task().

  Status:      Open
  Priority:    Low.  Things are just the way that we want them for the way
               that NuttX is used today.

  Title:       INTERNAL VERSIONS OF USER FUNCTIONS
  Description: The internal NuttX logic uses the same interfaces as does
               the application.  That sometime produces a problem because
               there is "overloaded" functionality in those user interfaces
               that are not desireable.

               For example, having cancellation points hidden inside of the
               OS can cause non-cancellation point interfaces to behave
               strangely.  There was a change recently in pthread_cond_wait()
               and pthread_cond_timedwait() recently to effectively disable
               the cancellation point behavior of sem_wait().  This was
               accomplished with two functions:  pthread_disable_cancel()
               and pthread_enable_cancel()

               Here is another issue:  Internal OS functions should not set
               errno and should never have to look at the errno value to
               determine the cause of the failure.  The errno is provided
               for compatibility with POSIX application interface
               requirements and really doesn't need to be used within the
               OS.

               Both of these could be fixed if there were special internal
               versions these functions.  For example, there could be a an
               nx_sem_wait() that does all of the same things as sem_wait()
               was does not create a cancellation point and does not set
               the errno value on failures.

               Everything inside the OS would use nx_sem_wait().
               Applications would call sem_wait() which would just be a
               wrapper around nx_sem_wait() that adds the cancellation point
               and that sets the errno value on failures.

               Changes like that could clean up some of this internal
               craziness.  The condition variable change described above is
               really a "bandaid" to handle the case that sem_wait() is a
               cancellation point.
  Status:      Open
  Priority:    Low.  Things are working OK the way they are.  But the design
               could be improved and made a little more efficient with this
               change.

  Task:        IDLE THREAD TCB SETUP
  Description: There are issues with setting IDLE thread stacks:

               1. One problem is stack-related data in the IDLE threads TCB.
                  A solution might be to standardize the use of g_idle_topstack.
                  That you could add initialization like this in os_start:

                  @@ -344,6 +347,11 @@ void os_start(void)
                     g_idleargv[1]  = NULL;
                     g_idletcb.argv = g_idleargv;

                  +  /* Set the IDLE task stack size */
                  +
                  +  g_idletcb.cmn.adj_stack_size = CONFIG_IDLETHREAD_STACKSIZE;
                  +  g_idletcb.cmn.stack_alloc_ptr = (void *)(g_idle_topstack - CONFIG_IDLETHREAD_STACKSIZE);
                  +
                     /* Then add the idle task's TCB to the head of the ready to run list */

                     dq_addfirst((FAR dq_entry_t *)&g_idletcb, (FAR dq_queue_t *)&g_readytorun);

                  The g_idle_topstack variable is available for almost all architectures:

                  $ find . -name *.h | xargs grep g_idle_top
                  ./arm/src/common/up_internal.h:EXTERN const uint32_t g_idle_topstack;
                  ./avr/src/avr/avr.h:extern uint16_t g_idle_topstack;
                  ./avr/src/avr32/avr32.h:extern uint32_t g_idle_topstack;
                  ./hc/src/common/up_internal.h:extern uint16_t g_idle_topstack;
                  ./mips/src/common/up_internal.h:extern uint32_t g_idle_topstack;
                  ./misoc/src/lm32/lm32.h:extern uint32_t g_idle_topstack;
                  ./renesas/src/common/up_internal.h:extern uint32_t g_idle_topstack;
                  ./renesas/src/m16c/chip.h:extern uint32_t g_idle_topstack; /* Start of the heap */
                  ./risc-v/src/common/up_internal.h:EXTERN uint32_t g_idle_topstack;
                  ./x86/src/common/up_internal.h:extern uint32_t g_idle_topstack;

                  That omits there architectures: sh1, sim, xtensa, z16, z80,
                  ez80, and z8.  All would have to support this common
                  globlal variable.

                  Also, the stack itself may be 8-, 16-, or 32-bits wide,
                  depending upon the architecture.

               2. Another problem is colorizing that stack to use with
                 stack usage monitoring logic.  There is logic in some
                 start functions to do this in a function called go_os_start.
                 It is available in these architectures:

                 ./arm/src/efm32/efm32_start.c:static void go_os_start(void *pv, unsigned int nbytes)
                 ./arm/src/kinetis/kinetis_start.c:static void go_os_start(void *pv, unsigned int nbytes)
                 ./arm/src/sam34/sam_start.c:static void go_os_start(void *pv, unsigned int nbytes)
                 ./arm/src/samv7/sam_start.c:static void go_os_start(void *pv, unsigned int nbytes)
                 ./arm/src/stm32/stm32_start.c:static void go_os_start(void *pv, unsigned int nbytes)
                 ./arm/src/stm32f7/stm32_start.c:static void go_os_start(void *pv, unsigned int nbytes)
                 ./arm/src/stm32l4/stm32l4_start.c:static void go_os_start(void *pv, unsigned int nbytes)
                 ./arm/src/tms570/tms570_boot.c:static void go_os_start(void *pv, unsigned int nbytes)
                 ./arm/src/xmc4/xmc4_start.c:static void go_os_start(void *pv, unsigned int nbytes)

                 But no others.
  Status:     Open
  Priority:   Low, only needed for more complete debug.

o SMP
  ^^^

  Title:       SMP AND DATA CACHES
  Description: When spinlocks, semaphores, etc. are used in an SMP system with
               a data cache, then there may be problems with cache coherency
               in some CPU architectures:  When one CPU modifies the shared
               object, the changes may not be visible to another CPU if it
               does not share the data cache. That would cause failure in
               the IPC logic.

               Flushing the D-cache on writes and invalidating before a read is
               not really an option.  That would essentially effect every memory
               access and there may be side-effects due to cache line sizes
               and alignment.

               For the same reason a separate, non-cacheable memory region is
               not an option.  Essentially all data would have to go in the
               non-cached region and you would have no benefit from the data
               cache.

               On ARM Cortex-A, each CPU has a separate data cache.  However,
               the MPCore's Snoop Controller Unit supports coherency among
               the different caches.  The SCU is enabled by the SCU control
               register and each CPU participates in the SMP coherency by
               setting the ACTLR_SMP bit in the auxiliary control register
               (ACTLR).

  Status:      Closed
  Priority:    High on platforms that may have the issue.

o Memory Management (mm/)
  ^^^^^^^^^^^^^^^^^^^^^^^

  Title:       FREE MEMORY ON TASK EXIT
  Description: Add an option to free all memory allocated by a task when the
               task exits. This is probably not be worth the overhead for a
               deeply embedded system.

               There would be complexities with this implementation as well
               because often one task allocates memory and then passes the
               memory to another:  The task that "owns" the memory may not
               be the same as the task that allocated the memory.

               Update.  From the NuttX forum:
               ...there is a good reason why task A should never delete task B.
               That is because you will strand memory resources. Another feature
               lacking in most flat address space RTOSs is automatic memory
               clean-up when a task exits.

               That behavior just comes for free in a process-based OS like Linux:
               Each process has its own heap and when you tear down the process
               environment, you naturally destroy the heap too.

               But RTOSs have only a single, shared heap. I have spent some time
               thinking about how you could clean up memory required by a task
               when a task exits. It is not so simple. It is not as simple as
               just keeping memory allocated by a thread in a list then freeing
               the list of allocations when the task exists.

               It is not that simple because you don't know how the memory is
               being used. For example, if task A allocates memory that is used
               by task B, then when task A exits, you would not want to free that
               memory needed by task B. In a process-based system, you would
               have to explicitly map shared memory (with reference counting) in
               order to share memory. So the life of shared memory in that
               environment is easily managed.

               I have thought that the way that this could be solved in NuttX
               would be: (1) add links and reference counts to all memory allocated
               by a thread. This would increase the memory allocation overhead!
               (2) Keep the list head in the TCB, and (3) extend mmap() and munmap()
               to include the shared memory operations (which would only manage
               the reference counting and the life of the allocation).

               Then what about pthreads? Memory should not be freed until the last
               pthread in the group exists. That could be done with an additional
               reference count on the whole allocated memory list (just as streams
               and file descriptors are now shared and persist until the last
               pthread exits).

               I think that would work but to me is very unattractive and
               inconsistent with the NuttX "small footprint" objective. ...

               Other issues:
               - Memory free time would go up because you would have to remove
                 the memory from that list in free().
               - There are special cases inside the RTOS itself.  For example,
                 if task A creates task B, then initial memory allocations for
                 task B are created by task A.  Some special allocators would
                 be required to keep this memory on the correct list (or on
                 no list at all).

               Updated 2016-06-25:
               For processors with an MMU (Memory Management Unit), NuttX can be
               built in a kernel mode.  In that case, each process will have a
               local copy of its heap (filled with sbrk()) and when the process
               exits, its local heap will be destroyed and the underlying page
               memory is recovered.

               So in this case, NuttX work just link Linux or or *nix systems:
               All memory allocated by processes or threads in processes will
               be recovered when the process exits.

               But not for the flat memory build.  In that case, the issues
               above do apply.  There is no safe way to recover the memory in
               that case (and even if there were, the additional overhead would
               not be acceptable on most platforms).

               This does not prohibit anyone from creating a wrapper for malloc()
               and an atexit() callback that frees memory on task exit.  People
               are free and, in fact, encouraged, to do that.  However, since
               it is inherently unsafe, I would never incorporate anything
               like that into NuttX.

  Status:      Open.  No changes are planned.  NOTE: This applies to the FLAT
               and PROTECTED builds only.  There is no such leaking of memory
               in the KERNEL build mode.
  Priority:    Medium/Low, a good feature to prevent memory leaks but would
               have negative impact on memory usage and code size.

o Power Management (drivers/pm)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

o Signals (sched/signal, arch/)
  ^^^^^^^^^^^^^^^^^^^^^^^

  Title:       STANDARD SIGNALS
  Description: 'Standard' signals and signal actions are not supported.
               (e.g., SIGINT, SIGSEGV, etc).  Default is only SIG_IGN.

               Update:  SIGCHLD is supported if so configured.
  Status:      Open.  No further changes are planned.
  Priority:    Low, required by standards but not so critical for an
               embedded system.

  Title:       SIGEV_THREAD
  Description: Implementation of support for support for SIGEV_THREAD is available
               only in the FLAT build mode because it uses the OS work queues to
               perform the callback.  The alternative for the PROTECTED and KERNEL
               builds would be to create pthreads in the user space to perform the
               callbacks.  That is not a very attractive solution due to performance
               issues.  It would also require some additional logic to specify the
               TCB of the parent so that the pthread could be bound to the correct
               group.

               There is also some user-space logic in libc/aio/lio_listio.c.  That
               logic could use the user-space work queue for the callbacks.
  Status:      Low, there are alternative designs.  However, these features
               are required by the POSIX standard.
  Priority:    Low for now

  Title:       SIGNAL NUMBERING
  Description: In signal.h, the range of valid signals is listed as 0-31.  However,
               in many interfaces, 0 is not a valid signal number.  The valid
               signal number should be 1-32.  The signal set operations would need
               to map bits appropriately.
  Status:      Open
  Priority:    Low. Even if there are only 31 usable signals, that is still a lot.

o pthreads (sched/pthreads)
  ^^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       PTHREAD_PRIO_PROTECT
  Description: Extend pthread_mutexattr_setprotocol().  It should support
               PTHREAD_PRIO_PROTECT (and so should its non-standard counterpart
               sem_setproto()).

               "When a thread owns one or more mutexes initialized with the
               PTHREAD_PRIO_PROTECT protocol, it shall execute at the higher of its
               priority  or  the  highest  of the priority ceilings of all the mutexes
               owned by this thread and initialized with this attribute, regardless of
               whether other threads are blocked on any of these mutexes or not.

               "While a thread is holding a mutex which has been initialized with
               the PTHREAD_PRIO_INHERIT or PTHREAD_PRIO_PROTECT protocol attributes,
               it shall not be subject to being moved to the tail of the scheduling queue
               at its priority in the event that its original priority is changed,
               such as by a call to sched_setparam(). Likewise, when a thread unlocks
               a mutex that has been initialized with the PTHREAD_PRIO_INHERIT or
               PTHREAD_PRIO_PROTECT protocol attributes, it shall not be subject to
               being moved to the tail of the scheduling queue at its priority in the
               event that its original priority is changed."

  Status:      Open.  No changes planned.
  Priority:    Low -- about zero, probably not that useful. Priority inheritance is
               already supported and is a much better solution.  And it turns out
               that priority protection is just about as complex as priority inheritance.
               Excerpted from my post in a Linked-In discussion:

               "I started to implement this HLS/"PCP" semaphore in an RTOS that I
                work with (http://www.nuttx.org) and I discovered after doing the
                analysis and basic code framework that a complete solution for the
                case of a counting semaphore is still quite complex -- essentially
                as complex as is priority inheritance.

               "For example, suppose that a thread takes 3 different HLS semaphores
                A, B, and C. Suppose that they are prioritized in that order with
                A the lowest and C the highest. Suppose the thread takes 5 counts
                from A, 3 counts from B, and 2 counts from C. What priority should
                it run at? It would have to run at the priority of the highest
                priority semaphore C. This means that the RTOS must maintain
                internal information of the priority of every semaphore held by
                the thread.

               "Now suppose it releases one count on semaphore B. How does the
                RTOS know that it still holds 2 counts on B? With some complex
                internal data structure. The RTOS would have to maintain internal
                information about how many counts from each semaphore are held
                by each thread.

               "How does the RTOS know that it should not decrement the priority
                from the priority of C? Again, only with internal complexity. It
                would have to know the priority of every semaphore held by
                every thread.

               "Providing the HLS capability on a simple pthread mutex would not
                be such quite such a complex job if you allow only one mutex per
                thread. However, the more general case seems almost as complex
                as priority inheritance. I decided that the implementation does
                not have value to me. I only wanted it for its reduced
                complexity; in all other ways I believe that it is the inferior
                solution. So I discarded a few hours of programming. Not a
                big loss from the experience I gained."

  Title:       ISSUES WITH CANCELLATION POINTS
  Description: According to POIX cancellation points must occur when a thread is executing
               the following functions.  There are some execptions as noted:

                accept()             mq_timedsend()           NA putpmsg()          sigtimedwait()
             04 aio_suspend()     NA msgrcv()                    pwrite()        NA sigwait()
             NA clock_nanosleep() NA msgsnd()                    read()             sigwaitinfo()
                close()           NA msync()                  NA readv()         01 sleep()
                connect()            nanosleep()                 recv()          02 system()
             -- creat()              open()                      recvfrom()      NA tcdrain()
                fcntl()              pause()                  NA recvmsg()       01 usleep()
             NA fdatasync()          poll()                      select()        -- wait()
                fsync()              pread()                     sem_timedwait()    waitid()
             NA getmsg()          NA pselect()                   sem_wait()         waitpid()
             NA getpmsg()            pthread_cond_timedwait()    send()             write()
             NA lockf()              pthread_cond_wait()      NA sendmsg()       NA writev()
                mq_receive()         pthread_join()              sendto()
                mq_send()            pthread_testcancel()     03 sigpause()
                mq_timedreceive() NA putmsg()                    sigsuspend()

                  NA Not supported
                  -- Doesn't need instrumentation.  Handled by lower level calls.
                  nn See note nn

               NOTE 01: sleep() and usleep() are user-space functions in the C library and cannot
               serve as cancellation points.  They are, however, simple wrappers around nanosleep
               which is a true cancellation point.
               NOTE 02: system() is actually implemented in apps/ as part of NSH.  It cannot be
               a cancellation point.
               NOTE 03: sigpause() is a user-space function in the C library and cannot serve as
               cancellation points.  It is, however, a simple wrapper around sigsuspend()
               which is a true cancellation point.
               NOTE 04: aio_suspend() is a user-space function in the C library and cannot serve as
               cancellation points.  It does call around sigtimedwait() which is a true cancellation
               point.
  Status:      Not really open.  This is just the way it is.
  Priority:    Nothing additional is planned.

  Title:       PTHREAD FILES IN WRONG LOCATION
  Description: There are many pthread interface functions in files located in
               sched/pthread.  These should be moved from that location to
               libc/pthread.  In the flat build, this really does not matter,
               but in the protected build that location means that system calls
               are required to access the pthread interface functions.
  Status:      Open
  Priority:    Medium-low. Priority may be higher if system call overheade becomes
               an issue.

  Title:       INAPPROPRIATE USE OF sched_lock() BY pthreads
  Description: In implementation of standard pthread functions, the non-
               standard, NuttX function sched_lock() is used.  This is very
               strong sense it disables pre-emption for all threads in all
               task groups.  I believe it is only really necessary in most
               cases to lock threads in the task group with a new non-
               standard interface, say pthread_lock().

               This is because the OS resources used by a thread such as
               mutexes, condition variable, barriers, etc. are only
               meaningful from within the task group.  So, in order to
               performance exclusive operations on these resources, it is
               only necessary to block other threads executing within the
               task group.

               This is an easy change:  pthread_lock() and pthread_unlock()
               would simply operate on a semaphore retained in the task
               group structure.  I am, however, hesitant to make this change:
               I the flat build model, there is nothing that prevents people
               from accessing the inter-thread controls from threads in
               differnt task groups.  Making this change, while correct,
               might introduce subtle bugs in code by people who are not
               using NuttX correctly.
  Status:      Open
  Priority:    Low.  This change would improve real-time performance of the
               OS but is not otherwise required.

o Message Queues (sched/mqueue)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

o Kernel/Protected Build
  ^^^^^^^^^^^^^^^^^^^^^^

  Title:       NSH PARTITIONING.
  Description: There are issues with several NSH commands in the NuttX kernel
               and protected build modes (where NuttX is built as a monolithic
               kernel and user code must trap into the protected kernel via
               syscalls). The current NSH implementation has several commands
               that call  directly into kernel internal functions for which
               there is no syscall available.  The commands cause link failures
               in the kernel/protected build mode and must currently be disabled.
               Here are known problems that must be fixed:

               COMMAND  KERNEL INTERFACE(s)
               -------- ----------------------------------------------
               mkfatfs  mkfatfs
               mkrd     ramdisk_register()
               ping     icmp_ping()
               mount    foreach_mountpoint()

               The busybox mkfatfs does not involve any OS calls; it does
               its job by simply opening the block driver (using open/xopen)
               and modifying it with write operations. See:

                 http://git.busybox.net/busybox/tree/util-linux/mkfs_vfat.c

  Status:      Open
  Priority:    Medium/High -- the kernel build configuration is not fully fielded
               yet.

  Title:       apps/system PARTITIONING
  Description: Several of the USB device helper applications in apps/system
               violate OS/application partitioning and will fail on a kernel
               or protected build.  Many of these have been fixed by adding
               the BOARDIOC_USBDEV_CONTROL boardctl() command.  But there are
               still issues.

               These functions still call directly into operating system
               functions:

                 - cdcacm_classobject - Called from apps/system/composite.
                 - usbmsc_configure - Called from apps/system/usbmsc and
                   apps/system/composite
                 - usbmsc_bindlun - Called from apps/system/usbmsc and
                   apps/system/composite
                 - usbmsc_exportluns - Called from apps/system/usbmsc.

  Status:      Open
  Priority:    Medium/High -- the kernel build configuration is not fully fielded
               yet.

  Title:       NxTERM PARTITIONING.
  Description: NxTerm is implemented (correctly) as a driver that resides
               in the nuttx/ directory.  However, the user interfaces must be
               moved into a NuttX library or into apps/.  Currently
               applications calls to the NxTerm user interfaces are
               undefined in the Kernel/Protected builds.
  Status:      Open
  Priority:    Medium

  Title:       C++ CONSTRUCTORS HAVE TOO MANY PRIVILEGES (PROTECTED MODE)
  Description: When a C++ ELF module is loaded, its C++ constructors are called
               via sched/task_starthook.c logic.  This logic runs in protected mode.
               The is a security hole because the user code runs with kernel-
               privileges when the constructor executes.

               Destructors likely have the opposite problem.  The probably try to
               execute some kernel logic in user mode?  Obviously this needs to
               be investigated further.
  Status:      Open
  Priority:    Low (unless you need build a secure C++ system).

  Title:       TOO MANY SYSCALLS
  Description: There are a few syscalls that operate very often in user space.
               Since syscalls are (relatively) time consuming this could be
               a performance issue.  Here is some numbers that I collected
               in an application that was doing mostly printf output:

                 sem_post - 18% of syscalls
                 sem_wait - 18% of syscalls
                 getpid   - 59% of syscalls
                 --------------------------
                            95% of syscalls

               Obviously system performance could be improved greatly by simply
               optimizing these functions so that they do not need to system calls
               so frequently.  getpid() is (I believe) part of the re-entrant
               semaphore logic.  Something like TLS might be used to retain the
               thread's ID locally.

               Linux, for example, has functions call up() and down().  up()
               increments the semaphore count but does not call into the kernel
               unless incrementing the count unblocks a task; similarly, down
               decrements the count and does not call into the kernel unless
               the count becomes negative the caller must be blocked.

               Update:
               "I am thinking that there should be a "magic" global, user-accessible
                variable that holds the PID of the currently executing thread;
                basically the PID of the task at the head of the ready-to-run list.
                This variable would have to be reset each time the head of the ready-
                to-run list changes.

               "Then getpid() could be implemented in user space with no system call
                by simply reading this variable.

               "This one would be easy: Just a change to include/nuttx/userspace.h,
                configs/*/kernel/up_userspace.c, libc/, sched/sched_addreadytorun.c, and
                sched/sched_removereadytorun.c. That would eliminate 59% of the syscalls."

               Update:
               This is probably also just a symptom of the OS test that does mostly
               console output.  The requests for the pid() are part of the
               implementation of the I/O's re-entrant semaphore implementation and
               would not be an issue in the more general case.

               Update:
               One solution might be to used CONFIG_TLS, add the PID to struct
               tls_info_s.  Then the PID could be obtained without a system call.
  Status:      Open
  Priority:    Low-Medium.  Right now, I do not know if these syscalls are a
               real performance issue or not.  The above statistics were collected
               from a an atypical application (the OS test), and does an excessive
               amount of console output.  There is probably no issue with more typical
               embedded applications.

  Title:       SECURITY ISSUES
  Description: In the current designed, the kernel code calls into the user-space
               allocators to allocate user-space memory.  It is a security risk to
               call into user-space in kernel-mode because that could be exploited
               to gain control of the system.  That could be fixed by dropping to
               user mode before trapping into the memory allocators; the memory
               allocators would then need to trap in order to return (this is
               already done to return from signal handlers; that logic could be
               renamed more generally and just used for a generic return trap).

               Another place where the system calls into the user code in kernel
               mode is work_usrstart() to start the user work queue.  That is
               another security hole that should be plugged.
  Status:      Open
  Priority:    Low (unless security becomes an issue).

  Title:       MICRO-KERNEL
  Description: The initial kernel build cut many interfaces at a very high level.
               The resulting monolithic kernel is then rather large.  It would
               not be a prohibitively large task to reorganize the interfaces so
               that NuttX is built as a micro-kernel, i.e., with only the core
               OS services within the kernel and with other OS facilities, such
               as the file system, message queues, etc., residing in user-space
               and to interfacing with those core OS facilities through traps.
  Status:      Open
  Priority:    Low.  This is a good idea and certainly an architectural
               improvement.  However, there is no strong motivation now do
               do that partitioning work.

  Title:       USER MODE TASKS CAN MODIFY PRIVILEGED TASKS
  Description: Certain interfaces, such as sched_setparam(),
               sched_setscheduler(), etc. can be used by user mode tasks to
               modify the behavior of priviledged kernel threads.
               task_delete() could even be used to kill a kernel thread.
               For a truly secure system.  Privileges need to be checked in
               every interface that permits one thread to modify the
               properties of another thread.

               NOTE:  It would be a simple matter to simply disable user
               threads from modifying privileged threads.  However, you
               might also want to be able to modify privileged threads from
               user tasks with certain permissions.  Permissions is a much
               more complex issue.
  Status:      Open
  Priority:    Low for most embedded systems but would be a critical need if
               NuttX were used in a secure system.

o C++ Support
  ^^^^^^^^^^^

  Title:       USE OF SIZE_T IN NEW OPERATOR
  Description: The argument of the 'new' operators should take a type of
               size_t (see libxx/libxx_new.cxx and libxx/libxx_newa.cxx).  But
               size_t has an unknown underlying.  In the nuttx sys/types.h
               header file, size_t is typed as uint32_t (which is determined by
               architecture-specific logic).  But the C++ compiler may believe
               that size_t is of a different type resulting in compilation errors
               in the operator.  Using the underlying integer type Instead of
               size_t seems to resolve the compilation issues.
  Status:      Kind of open.  There is a workaround.  Setting CONFIG_CXX_NEWLONG=y
               will define the operators with argument of type unsigned long;
               Setting CONFIG_CXX_NEWLONG=n will define the operators with argument
               of type unsigned int.  But this is pretty ugly!  A better solution
               would be to get a hold of the compilers definition of size_t.
  Priority:    Low.

  Title:       STATIC CONSTRUCTORS AND MULTITASKING
  Description: The logic that calls static constructors operates on the main
               thread of the initial user application task.  Any static
               constructors that cache task/thread specific information such
               as C streams or file descriptors will not work in other tasks.
               See also UCLIBC++ AND STATIC CONSTRUCTORS below.
  Status:      Open
  Priority:    Low and probably will not changed.  In these case, there will
               need to be an application specific solution.

  Title:       UCLIBC++ AND STATIC CONSTRUCTORS
               uClibc++ was designed to work in a Unix environment with
               processes and with separately linked executables. Each process
               has its own, separate uClibc++ state. uClibc++ would be
               instantiated like this in Linux:

               1) When the program is built, a tiny start-up function is
                  included at the beginning of the program. Each program has
                  its own, separate list of C++ constructors.

               2) When the program is loaded into memory, space is set aside
                  for uClibc's static objects and then this special start-up
                  routine is called. It initializes the C library, calls all
                  of the constructors, and calls atexit() so that the destructors
                  will be called when the process exits.

               In this way, you get a per-process uClibc++ state since there
               is per-process storage of uClibc++ global state and per-process
               initialization of uClibc++ state.

               Compare this to how NuttX (and most embedded RTOSs) would work:

               1) The entire FLASH image is built as one big blob. All of the
                  constructors are lumped together and all called together at
                  one time.

                  This, of course, does not have to be so. We could segregate
                  constructors by some criteria and we could use a task start
                  up routine to call constructors separately. We could even
                  use ELF executables that are separately linked and already
                  have their constructors separately called when the ELF
                  executable starts.

                  But this would not do you very much good in the case of
                  uClibc++ because:

               2) NuttX does not support processes, i.e., separate address
                  environments for each task. As a result, the scope of global
                  data is all tasks. Any change to the global state made by
                  one task can effect another task. There can only one
                  uClibc++ state and it will be shared by all tasks. uClibc++
                  apparently relies on global instances (at least for cin and
                  cout) there is no way to to have any unique state for any
                  "task group".

                  [NuttX does not support processes because in order to have
                  true processes, your hardware must support a memory management
                  unit (MMU) and I am not aware of any mainstream MCU that has
                  an MMU (or, at least an MMU that is capable enough to support
                  processes).]

                  NuttX does not have processes, but it does have "task groups".
                  See http://www.nuttx.org/doku.php?id=wiki:nxinternal:tasksnthreads.
                  A task group is the task plus all of the pthreads created by
                  the task via pthread_create().  Resources like FILE streams
                  are shared within a task group. Task groups are like a poor
                  man's process.

                  This means that if the uClibc++ static classes are initialized
                  by one member of a task group, then cin/cout should work
                  correctly with all threads that are members of task group. The
                  destructors would be called when the final member of the task
                  group exists (if registered via atexit()).

                  So if you use only pthreads, uClibc++ should work very much like
                  it does in Linux. If your NuttX usage model is like one process
                  with many threads then you have Linux compatibility.

               If you wanted to have uClibc++ work across task groups, then
               uClibc++ and NuttX would need some extensions. I am thinking
               along the lines of the following:

               1) There is a per-task group storage are within the RTOS (see
                  include/nuttx/sched.h). If we add some new, non-standard APIs
                  then uClibc++ could get access to per-task group storage (in
                  the spirit of pthread_getspecific() which gives you access to
                  per-thread storage).

               2) Then move all of uClibc++'s global state into per-task group
                  storage and add a uClibc++ initialization function that would:
                  a) allocate per-task group storage, b) call all of the static
                  constructors, and c) register with atexit() to perform clean-
                  up when the task group exits.

               That would be a fair amount of effort. I don't really know what
               the scope of such an effort would be. I suspect that it is not
               large but probably complex.

               NOTES:

               1) See STATIC CONSTRUCTORS AND MULTITASKING

               2) To my knowledge, only some uClibc++ ofstream logic is
                  sensitive to this.  All other statically initialized classes
                  seem to work OK across different task groups.
  Status:      Open
  Priority:    Low.  I have no plan to change this logic now unless there is
               some strong demand to do so.

o Binary loaders (binfmt/)
  ^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       NXFLAT TESTS
  Description: Not all of the NXFLAT test under apps/examples/nxflat are working.
               Most simply do not compile yet.  tests/mutex runs okay but
               outputs garbage on completion.

               Update: 13-27-1, tests/mutex crashed with a memory corruption
               problem the last time that I ran it.
  Status:      Open
  Priority:    High

  Title:       ARM UP_GETPICBASE()
  Description: The ARM up_getpicbase() does not seem to work.  This means
               the some features like wdog's might not work in NXFLAT modules.
  Status:      Open
  Priority:    Medium-High

  Title:       NXFLAT READ-ONLY DATA IN RAM
  Description: At present, all .rodata must be put into RAM.  There is a
               tentative design change that might allow .rodata to be placed
               in FLASH (see Documentation/NuttXNxFlat.html).
  Status:      Open
  Priority:    Medium

  Title:       GOT-RELATIVE FUNCTION POINTERS
  Description: If the function pointer to a statically defined function is
               taken, then GCC generates a relocation that cannot be handled
               by NXFLAT.  There is a solution described in Documentation/NuttXNxFlat.html,
               by that would require a compiler change (which we want to avoid).
               The simple workaround is to make such functions global in scope.
  Status:      Open
  Priority:    Low (probably will not fix)

  Title:       USE A HASH INSTEAD OF A STRING IN SYMBOL TABLES
  Description: In the NXFLAT symbol tables... Using a 32-bit hash value instead
               of a string to identify a symbol should result in a smaller footprint.
  Status:      Open
  Priority:    Low

  Title:       WINDOWS-BASED TOOLCHAIN BUILD
  Description: Windows build issue.  Some of the configurations that use NXFLAT have
               the linker script specified like this:

               NXFLATLDFLAGS2 = $(NXFLATLDFLAGS1) -T$(TOPDIR)/binfmt/libnxflat/gnu-nxflat-gotoff.ld -no-check-sections

               That will not work for windows-based tools because they require Windows
               style paths.  The solution is to do something like this:

               if ($(WINTOOL)y)
                 NXFLATLDSCRIPT=${cygpath -w $(TOPDIR)/binfmt/libnxflat/gnu-nxflat-gotoff.ld}
               else
                 NXFLATLDSCRIPT=$(TOPDIR)/binfmt/libnxflat/gnu-nxflat-gotoff.ld
               endif

               Then use

               NXFLATLDFLAGS2 = $(NXFLATLDFLAGS1) -T"$(NXFLATLDSCRIPT)" -no-check-sections

  Status:      Open
  Priority:    There are too many references like the above.  They will have
               to get fixed as needed for Windows native tool builds.

  Title:       TOOLCHAIN COMPATIBILITY PROBLEM
  Description: The older 4.3.3 compiler generates GOTOFF relocations to the constant
               strings, like:

               .L3:
                  .word   .LC0(GOTOFF)
                  .word   .LC1(GOTOFF)
                  .word   .LC2(GOTOFF)
                  .word   .LC3(GOTOFF)
                  .word   .LC4(GOTOFF)

               Where .LC0, LC1, LC2, LC3, and .LC4 are the labels corresponding to strings in
               the .rodata.str1.1 section.  One consequence of this is that .rodata must reside
               in D-Space since it will addressed relative to the GOT (see the section entitled
               "Read-Only Data in RAM" at
               http://nuttx.org/Documentation/NuttXNxFlat.html#limitations).

               The newer 4.6.3 compiler generated PC relative relocations to the strings:

               .L2:
                  .word   .LC0-(.LPIC0+4)
                  .word   .LC1-(.LPIC1+4)
                  .word   .LC2-(.LPIC2+4)
                  .word   .LC3-(.LPIC4+4)
                  .word   .LC4-(.LPIC5+4)

               This is good and bad.  This is good because it means that .rodata.str1.1 can now
               reside in FLASH with .text and can be accessed using PC-relative addressing.
               That can be accomplished by simply moving the .rodata from the .data section to
               the .text section in the linker script.  (The NXFLAT linker script is located at
               nuttx/binfmt/libnxflat/gnu-nxflat.ld).

               This is bad because a lot of stuff may get broken an a lot of test will need to
               be done.  One question that I have is does this apply to all kinds of .rodata?
               Or just to .rodata.str1.1?

  Status:      Open.  Many of the required changes are in place but, unfortunately, not enough
               go be fully functional.  I think all of the I-Space-to-I-Space fixes are in place.
               However, the generated code also includes PC-relative references to .bss which
               just cannot be done.
  Priority:    Medium.  The workaround for now is to use the older, 4.3.3 OABI compiler.

o Network (net/, drivers/net)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       LISTENING FOR UDP BROADCASTS
  Description: Incoming UDP broadcast should only be accepted if listening on
               INADDR_ANY(?)
  Status:      Open
  Priority:    Low

  Title:       CONCURRENT TCP SEND OPERATIONS
  Description: At present, there cannot be two concurrent active TCP send
               operations in progress using the same socket.  This is because
               the uIP ACK logic will support only one transfer at a time.  The
               solution is simple: A mutex will be needed to make sure that each
               send that is started is able to be the exclusive sender until all of
               the data to be sent has been ACKed.
  Status:      Open.  There is some temporary logic to apps/nshlib that does
               this same fix and that temporary logic should be removed when
               send() is fixed.
  Priority:    Medium-Low.  This is an important issue for applications that
               send on the same TCP socket from multiple threads.

  Title:       POLL/SELECT ON TCP/UDP SOCKETS NEEDS READ-AHEAD
  Description: poll()/select() only works for availability of buffered TCP/UDP
               read data (when read-ahead is enabled).  The way writing is
               handled in the network layer, all sockets must wait when send and
               cannot be notified when they can send without waiting.
  Status:      Open, probably will not be fixed.
  Priority:    Medium... this does effect porting of applications that expect
               different behavior from poll()/select()

  Title:       SOCKETS DO NOT ALWAYS SUPPORT O_NONBLOCK
  Description: sockets do not support all modes for O_NONBLOCK. Sockets
               support nonblocking operations only (1) for TCP/IP non-
               blocking read operations when read-ahead buffering is
               enabled, (2) TCP/IP accept() operations when TCP/IP
               connection backlog is enabled, (2) UDP/IP read() operations
               when UDP read-ahead is enabled, and (3) non-blocking
               operations on Unix domain sockets.
  Status:      Open
  Priority:    Low.

  Title:       UNFINISHED CRYSTALLAN CS89X0 DRIVER
  Description: I started coding a CrystalLan CS89x0 driver (drivers/net/cs89x0.c),
               but never finished it.
  Status:      Closed.
  Priority:    Low.  I don't plan to finish the CS89x0 driver.  It is just
               history now.  The unfinished coded is retained in case someone
               needs to resurrect it.

  Title:       INTERFACES TO LEAVE/JOIN IGMP MULTICAST GROUP
  Description: The interfaces used to leave/join IGMP multicast groups is non-standard.
               RFC3678 (IGMPv3) suggests ioctl() commands to do this (SIOCSIPMSFILTER) but
               also status that those APIs are historic.  NuttX implements these ioctl
               commands, but is non-standard because:  (1) It does not support IGMPv3, and
               (2) it looks up drivers by their device name (e.g., "eth0") vs IP address.

               Linux uses setsockopt() to control multicast group membership using the
               IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP options.  It also looks up drivers
               using IP addresses (It would require additional logic in NuttX to look up
               drivers by IP address).  See http://tldp.org/HOWTO/Multicast-HOWTO-6.html
  Status:      Open
  Priority:    Medium.  All standards compatibility is important to NuttX.  However, most
               the mechanism for leaving and joining groups is hidden behind a wrapper
               function so that little of this incompatibilities need be exposed.

  Title:       CLOSED CONNECTIONS IN THE BACKLOG
               If a connection is backlogged but accept() is not called quickly, then
               that connection may time out.  How should this be handled?  Should the
               connection be removed from the backlog if it is times out or is closed?
               Or should it remain in the backlog with a status indication so that accept()
               can fail when it encounters the invalid connection?
  Status:      Open
  Priority:    Medium.  Important on slow applications that will not accept
               connections promptly.

  Title:       IPv6 REQUIRES ADDRESS FILTER SUPPORT
  Description: IPv6 requires that the Ethernet driver support NuttX address
               filter interfaces.  Several Ethernet drivers do support there,
               however.  Others support the address filtering interfaces but
               have never been verifed:

               C5471, LM3S, ez80, DM0x90 NIC, PIC: Do not support address
                 filtering.
               Kinetis, LPC17xx, LPC43xx:  Untested address filter support

  Status:      Open
  Priority:    Pretty high if you want a to use IPv6 on these platforms.

  Title:       UDP MULTICAST RECEPTION
  Description: The logic in udp_input() expects either a single receive socket or
               none at all.  However, multiple sockets should be capable of
               receiving a UDP datagram (multicast reception).  This could be
               handled easily by something like:

                for (conn = NULL; conn = udp_active (pbuf, conn); )

               If the callback logic that receives a packet responds with an
               outgoing packet, then it will over-write the received buffer,
               however.  recvfrom() will not do that, however.  We would have
               to make that the rule: Recipients of a UDP packet must treat
               the packet as read-only.
  Status:      Open
  Priority:    Low, unless your logic depends on that behavior.

  Title:       NETWORK WON'T STAY DOWN
  Description: If you enable the NSH network monitor (CONFIG_NSH_NETINIT_MONITOR)
               then the NSH 'ifdown' command is broken.  Doing 'nsh> ifconfig eth0'
               will, indeed, bring the network down.  However, the network monitor
               notices the change in the link status and will bring the network
               back up.  There needs to be some kind of interlock between
               cmd_ifdown() and the network monitor thread to prevent this.
  Status:      Open
  Priority:    Low, this is just a nuisance in most cases.

  Title:       FIFO CLEAN-UP AFTER CLOSING UNIX DOMAIN DATAGRAM SOCKET
  Description: FIFOs are used as the IPC underlying all local Unix domain
               sockets.  In NuttX, FIFOs are implemented as device drivers
               (not as a special FIFO files).  The FIFO device driver is
               instantiated when the Unix domain socket communications begin
               and will automatically be released when (1) the driver is
               unlinked and (2) all open references to the driver have been
               closed.  But there is no mechanism in place now to unlink the
               FIFO when the Unix domain datagram socket is no longer used.
               The primary issue is timing.. the FIFO should persist until
               it is no longer needed.  Perhaps there should be a delayed
               call to unlink() (using a watchdog or the work queue).  If
               the driver is re-opened, the delayed unlink could be
               canceled?  Needs more thought.
               NOTE: This is not an issue for Unix domain streams sockets:
               The end-of-life of the FIFO is well determined when sockets
               are disconnected and support for that case is fully implemented.
  Status:      Open
  Priority:    Low for now because I don't have a situation where this is a
               problem for me.  If you use the same Unix domain paths, then
               it is not a issue; in fact it is more efficient if the FIFO
               devices persist.  But this would be a serious problem if,
               for example, you create new Unix domain paths dynamically.
               In that case you would effectively have a memory leak and the
               number of FIFO instances grow.

  Title:       TCP IPv4-MAPPED IPv6 ADDRESSES
  Description: The UDP implementation in net/udp contains support for Hybrid
               dual-stack IPv6/IPv4 implementations that utilize a special
               class of addresses, the IPv4-mapped IPv6 addresses.  You can
               see that UDP implementation in:

                 udp_callback.c:
                   ip6_map_ipv4addr(ipv4addr,
                 udp_send.c:
                   ip6_is_ipv4addr((FAR struct in6_addr*)conn->u.ipv6.raddr)))
                   ip6_is_ipv4addr((FAR struct in6_addr*)conn->u.ipv6.raddr))
                   in_addr_t raddr = ip6_get_ipv4addr((FAR struct in6_addr*)conn->u.ipv6.raddr);

               There is no corresponding support for TCP sockets.
  Status:      Open
  Priority:    Low.  I don't know of any issues now, but I am sure that
               someone will encounter this in the future.

  Title:       MISSING netdb INTERFACES
  Description: There is no implementation for many netdb interfaces such as
               getaddrinfo(), freeaddrinfo(), getnameinfo(), etc.
  Status:      Open
  Priority:    Low

  Title:       ETHERNET WITH MULTIPLE LPWORK THREADS
  Description: Recently, Ethernet drivers were modified to support multiple
               work queue structures.  The question was raised: "My only
               reservation would be, how would this interact in the case of
               having CONFIG_STM32_ETHMAC_LPWORK and CONFIG_SCHED_LPNTHREADS
               > 1? Can it be guaranteed that one work item won't be
               interrupted and execution switched to another? I think so but
               am not 100% confident."

               I suspect that you right.  There are probably vulnerabilities
               in the CONFIG_STM32_ETHMAC_LPWORK with CONFIG_SCHED_LPNTHREADS
               > 1 case.  But that really doesn't depend entirely upon the
               change to add more work queue structures.  Certainly with only
               work queue structure you would have concurrent Ethernet
               operations in that multiple LP threads; just because the work
               structure is available, does not mean that there is not dequeued
               work in progress.  The multiple structures probably widens the
               window for that concurrency, but does not create it.

               The current Ethernet designs depend upon a single work queue to
               serialize data.  In the case of muliple LP threads, some
               additional mechanism would have to be added to enforce that
               serialization.

               NOTE:  Most drivers will call net_lock() and net_unlock() around
               the critical portions of the driver work.  In that case, all work
               will be properly serialized.  This issue only applies to drivers
               that may perform operations that require protection outside of
               the net_lock'ed region.  Sometimes, this may require extending
               the netlock() to be beginning of the driver work function.

  Status:      Open
  Priority:    High if you happen to be using Ethernet in this configuration.

  Title:       REPARTITION DRIVER FUNCTIONALITY
  Description: Every network driver performs the first level of packet decoding.
               It examines the packet header and calls ipv4_input(), ipv6_input().
               icmp_input(), etc. as appropriate.  This is a maintenance problem
               because it means that any changes to the network input interfaces
               affects all drivers.

               A better, more maintainable solution would use a single net_input()
               function that would receive all incoming packets.  This function
               would then perform that common packet decoding logic that is
               currently implemented in every network driver.
  Status:      Open
  Priority:    Low.  Really just as aesthetic maintainability issue.

  Title:       BROADCAST WITH MULTIPLE NETWORK INTERFACES
  Description: There is currently no mechanism to send a broadcast packet
               out through several network interfaces.   Currently packets
               can be sent to only one device.  Logic in netdev_findby_ipvXaddr()
               currently just selects the first device in the list of
               devices; only that device will receive broadcast packets.
  Status:      Open
  Priority:    High if you require broadcast on multiple networks.  There is
               no simple solution known at this time, however.  Perhaps
               netdev_findby_ipvXaddr() should return a list of devices rather
               than a single device?  All upstream logic would then have to
               deal with a list of devices.  That would be a huge effect and
               certainly doesn't dount as a "simple solution".

  Title:       ICMPv6 FOR 6LoWPAN
  Description: The current ICMPv6 and neighbor-related logic only works with
               Ethernet MAC.  For 6LoWPAN, a new more conservative IPv6
               neigbor discovery is provided by RFC 6775.  This RFC needs to
               be supported in order to support ping6 on a 6LoWPAN network.
               If RFC 6775 were implemented, then arbitrary IPv6 addresses,
               including addresses from DHCPv6 could be used.

               UPDATE:  With IPv6 neighbor discovery, any IPv6 address may
               be associated with any short or extended address.  In fact,
               that is the whole purpose of the neighbor discover logic:  It
               plays the same role as ARP in IPv4; it ultimately just manages
               a neighbor table that, like the arp table, provides the
               mapping between IP addresses and node addresses.

               The NuttX, Contiki-based 6LoWPAN implementation circumvented
               the need for the neighbor discovery logic by using only MAC-
               based addressing, i.e., the lower two or eight bytes of the
               IP address are the node address.

               Most of the 6LoWPAN compression algorithms exploit this to
               compress the IPv6 address to nothing but a bit indicating
               that the IP address derives from the node address.  So I
               think IPv6 neighbor discover is useless in the current
               implementation.

               If we want to use IPv6 neighbor discovery, we could dispense
               with the all MAC based addressing.  But if we want to retain
               the more compact MAC-based addressing, then we don't need
               IPv6 neighbor discovery.

               So, the full neighbor discovery logic is not currently useful,
               but it would still be nice to have enough in place to support
               ping6.  Full neighbor support would probably be necessary if we
               wanted to route 6LoWPAN frames outside of the WPAN.

  Status:      Open
  Priority:    Low for now.  I don't plan on implementing this.  It would
               only be relevant if we were to decide to abandon the use of
               MAC-based addressing in the 6LoWPAN implementation.

  Title:       ETHERNET LOCAL BROADCAST DOES NOT WORK

  Description: In case of "local broadcast" the system still send ARP
               request to the destination, but it shouldn't, it should
               broadcast.  For Example, the system has network with IP
               10.0.0.88, netmask of 255.255.255.0, it should send
               messages for 10.0.0.255 as broadcast, and not send ARP
               for 10.0.0.255

               For more easier networking, the next line should have give
               me the broadcast address of the network, but it doesn't:

               ioctl(_socket_fd, SIOCGIFBRDADDR, &bc_addr);
  Status:      Open
  Priority:    Medium

o USB (drivers/usbdev, drivers/usbhost)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       USB STORAGE DRIVER DELAYS
  Description: There is a workaround for a bug in drivers/usbdev/usbdev_storage.c.
               that involves delays.  This needs to be redesigned to eliminate these
               delays.  See logic conditioned on CONFIG_USBMSC_RACEWAR.

               If queuing of stall requests is supported by the DCD then this workaround
               is not required.  In this case, (1) the stall is not sent until all
               write requests preceding the stall request are sent, (2) the stall is
               sent, and then after the stall is cleared, (3) all write requests
               queued after the stall are sent.

               See, for example, the queuing of pending stall requests in the SAM3/4
               UDP driver at arch/arm/src/sam34/sam_udp.c.  There the logic is do this
               is implemented with a normal request queue, a pending request queue, a
               stall flag and a stall pending flag:

               1) If the normal request queue is not empty when the STALL request is
                  received, the stall pending flag is set.
               2) If addition write requests are received while the stall pending flag
                  is set (or while waiting for the stall to be sent), those write requests
                  go into the pending queue.
               3) When the normal request queue empties successful and all of the write
                  transfers complete, the STALL is sent.  The stall pending flag is
                  cleared and the stall flag is set.  Now the endpoint is really stalled.
               4) After the STALL is cleared (via the Clear Feature SETUP), the pending
                  request queue is copied to the normal request queue, the stall flag is
                  cleared, and normal write request processing resumes.

  Status:      Open
  Priority:    Medium

  Title:       EP0 OUT CLASS DATA
  Description: There is no mechanism in place to handle EP0 OUT data transfers.
               There are two aspects to this problem, neither are easy to fix
               (only because of the number of drivers that would be impacted):

               1. The class drivers only send EP0 write requests and these are
                  only queued on EP0 IN by this drivers.  There is never a read
                  request queued on EP0 OUT.
               2. But EP0 OUT data could be buffered in a buffer in the driver
                  data structure.  However, there is no method currently
                  defined in the USB device interface to obtain the EP0 data.

               Updates:  (1) The USB device-to-class interface as been extended so
               that EP0 OUT data can accompany the SETUP request sent to the
               class drivers. (2) The logic in the STM32 F4 OTG FS device driver
               has been extended to provide this data.  Updates are still needed
               to other drivers.

               Here is an overview of the required changes:
               New two buffers in driver structure:

               1. The existing EP0 setup request buffer (ctrlreq, 8 bytes)
               2. A new EP0 data buffer to driver state structure (ep0data,
                  max packetsize)

               Add a new state:

               3. Waiting for EP0 setup OUT data (EP0STATE_SETUP_OUT)

               General logic flow:

               1. When an EP0 SETUP packet is received:
                  - Read the request into EP0 setup request buffer (ctrlreq,
                    8 bytes)
                  - If this is an OUT request with data length, set the EP0
                    state to EP0STATE_SETUP_OUT and wait to receive data on
                    EP0.
                  - Otherwise, the SETUP request may be processed now (or,
                    in the case of the F4 driver, at the conclusion of the
                    SETUP phase).
               2. When EP0 the EP0 OUT DATA packet is received:
                  - Verify state is EP0STATE_SETUP_OUT
                  - Read the request into the EP0 data buffer (ep0data, max
                    packet size)
                  - Now process the previously buffered SETUP request along
                    with the OUT data.
               3. When the setup packet is dispatched to the class driver,
                  the OUT data must be passed as the final parameter in the
                  call.

               Update 2013-9-2:  The new USB device-side driver for the SAMA5D3
               correctly supports OUT SETUP data following the same design as
               per above.

               Update 2013-11-7: David Sidrane has fixed with issue with the
               STM32 F1 USB device driver.  Still a few more to go before this
               can be closed out.

  Status:      Open
  Priority:    High for class drivers that need EP0 data.  For example, the
               CDC/ACM serial driver might need the line coding data (that
               data is not used currently, but it might be).

  Title:       IMPROVED USAGE of STM32 USB RESOURCES
  Description: The STM32 platforms use a non-standard, USB host peripheral
               that uses "channels" to implement data transfers the current
               logic associates each channel with an pipe/endpoint (with two
               channels for bi-directional control endpoints).  The OTGFS
               peripheral has 8 channels and the OTGHS peripheral has 12
               channels.

               This works okay until you add a hub and try connect multiple
               devices.  A typical device will require 3-4 pipes and, hence,
               4-5 channels.  This effectively prevents using a hub with the
               STM32 devices.  This also applies to the EFM32 which uses the
               same IP.

               It should  be possible to redesign the STM32 F4 OTGHS/OTGFS and
               EFM32 host driver so that channels are dynamically assigned to
               pipes as needed for individual transfers.  Then you could have
               more "apparent" pipes and make better use of channels.
               Although there are only 8 or 12 channels, transfers are not
               active all of the time on all channels so it ought to be
               possible to have an unlimited number of "pipes" but with no
               more than 8 or 12 active transfers.
  Status:      Open
  Priority:    Medium-Low

  Title:       USB CDC/ACM HOST CLASS DRIVER
  Description: A CDC/ACM host class driver has been added.  This has been
               testing by running the USB CDC/ACM host on an Olimex
               LPC1766STK and using the configs/stm3210e-eval/usbserial
               configuration (using the CDC/ACM device side driver).  There
               are several unresolved issues that prevent the host driver
               from being usable:

              - The driver works fine when configured for reduced or bulk-
                only protocol on the Olimex LPC1766STK.

              - Testing has not been performed with the interrupt IN channel
                enabled (ie., I have not enabled FLOW control nor do I have
                a test case that used the interrupt IN channel).  I can see
                that the polling for interrupt IN data is occurring
                initially.

              - I test for incoming data by doing 'nsh> cat /dev/ttyACM0' on
                the Olimex LPC1766STK host.  The bulk data reception still
                works okay whether or not the interupt IN channel is enabled.
                If the interrupt IN channel is enabled, then polling of that
                channel appears to stop when the bulk in channel becomes
                active.

              - The RX reception logic uses the low priority work queue.
                However, that logic never returns and so blocks other use of
                the work queue thread.  This is probably okay but means that
                the RX reception logic probably should be moved to its own
                dedicated thread.

              - I get crashes when I run with the STM32 OTGHS host driver.
                Apparently the host driver is trashing memory on receipt
                of data.

                UPDATE:  This behavior needs to be retested with:
                  commit ce2845c5c3c257d081f624857949a6afd4a4668a
                  Author: Janne Rosberg <janne.rosberg@offcode.fi>
                  Date:   Tue Mar 7 06:58:32 2017 -0600

                    usbhost_cdcacm: fix tx outbuffer overflow and remove now
                    invalid assert

                  commit 3331e9c49aaaa6dcc3aefa6a9e2c80422ffedcd3
                  Author: Janne Rosberg <janne.rosberg@offcode.fi>
                  Date:   Tue Mar 7 06:57:06 2017 -0600

                    STM32 OTGHS host:  stm32_in_transfer() fails and returns NAK
                    if a short transfer is received.  This causes problems from
                    class drivers like CDC/ACM where short packets are expected.
                    In those protocols, any transfer may be terminated by sending
                    short or NUL packet.

                  commit 0631c1aafa76dbaa41b4c37e18db98be47b60481
                  Author: Gregory Nutt <gnutt@nuttx.org>
                  Date:   Tue Mar 7 07:17:24 2017 -0600

                    STM32 OTGFS, STM32 L4 and F7: Adapt Janne Rosberg's patch to
                    STM32 OTGHS host to OTGFS host, and to similar implements for
                    L4 and F7.

              - The SAMA5D EHCI and the LPC31 EHCI drivers both take semaphores
                in the cancel method.  The current CDC/ACM class driver calls
                the cancel() method from an interrupt handler.  This will
                cause a crash.  Those EHCI drivers should be redesigned to
                permit cancellation from the interrupt level.

               Most of these problems are unique to the Olimex LPC1766STK
               DCD; some are probably design problems in the CDC/ACM host
               driver.  The bottom line is that the host CDC/ACM driver is
               still immature and you could experience issues in some
               configurations if you use it.

               That all being said, I know of know no issues with the current
               CDC/ACM driver on the Olimex LPC1766STK platform if the interrupt
               IN endpoint is not used, i.e., in "reduced" mode.  The only loss
               of functionality is output flow control.

               UPDATE: The CDC/ACM class driver may also now be functional on
               the STM32.  That needs to be verified.

  Status:      Open
  Priority:    Medium-Low unless you really need host CDC/ACM support.

o Libraries (libc/, libm/)
  ^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       SIGNED time_t
  Description: The NuttX time_t is type uint32_t. I think this is consistent
               with all standards and with normal usage of time_t.  However,
               according to Wikipedia, time_t is usually implemented as a
               signed 32-bit value.
  Status:      Open
  Priority:    Very low unless there is some compelling issue that I do not
               know about.

  Title:       ENVIRON
  Description: The definition of environ in stdlib.h is bogus and will not
               work as it should.  This is because the underlying
               representation of the environment is not an array of pointers.
  Status:      Open
  Priority:    Medium

  Title:       TERMIOS
  Description: Need some minimal termios support... at a minimum, enough to
               switch between raw and "normal" modes to support behavior like
               that needed for readline().
               UPDATE:  There is growing functionality in libc/termios/ and in the
               ioctl methods of several MCU serial drivers (stm32, lpc43, lpc17,
               pic32).  However, as phrased, this bug cannot yet be closed since
               this "growing functionality" does not address all termios.h
               functionality and not all serial drivers support termios.
  Status:      Open
  Priority:    Low

  Title:       RESETTING GETOPT()
  Description: There is an issue with the way that getopt() handles errors that
               return '?'.

               1. Does getopt() reset its global variables after returning '?' so
                  that it can be re-used?  That would be required to support where
                  the caller terminates parsing before reaching the last parameter.
               2. Or is the client expected to continue parsing after getopt()
                  returns '?'  and parse until the final parameter?

               The current getopt() implementation only supports #2.
  Status:      Open
  Priority:    Low

  Title:       CONCURRENT STREAM READ/WRITE
  Description: NuttX only supports a single file pointer so reads and writes
               must be from the same position.  This prohibits implementation
               of behavior like that required for fopen() with the "a+" mode.
               According to the fopen man page:

               "a+ Open for reading and appending (writing at end of file).
                The file is created if it does not exist. The initial file
                position for reading is at the beginning of the file, but
                output is always appended to the end of the file."

               At present, the single NuttX file pointer is positioned to the
               end of the file for both reading and writing.
  Status:      Open
  Priority:    Medium.  This kind of operation is probably not very common in
               deeply embedded systems but is required by standards.

  Title:       DIVIDE BY ZERO
  Description: This is bug 3468949 on the SourceForge website (submitted by
               Philipp Klaus Krause):
               "lib_strtod.c does contain divisions by zero in lines 70 and 96.
                AFAIK, unlike for Java, division by zero is not a reliable way to
                get infinity in C. AFAIK compilers are allowed e.g. give a compile-
                time error, and some, such as sdcc, do. AFAIK, C implementations
                are not even required to support infinity. In C99 the macro isinf()
                could replace the first use of division by zero. Unfortunately, the
                macro INFINITY from math.h probably can't replace the second division
                by zero, since it will result in a compile-time diagnostic, if the
                implementation does not support infinity."
  Status:       Open
  Priority:

  Title:       OLD dtoa NEEDS TO BE UPDATED
  Description: This implementation of dtoa in libc/stdio is old and will not
               work with some newer compilers.  See
               http://patrakov.blogspot.com/2009/03/dont-use-old-dtoac.html
  Status:      Open
  Priority:    ??

  Title:       FLOATING POINT FORMATS
  Description: Only the %f floating point format is supported.  Others are
               accepted but treated like %f.
  Status:      Open
  Priority:    Medium (this might important to someone).

  Title:       FLOATING POINT PRECISION
  Description: A fieldwidth and precision is required with the %f format.  If %f
               is used with no format, than floating numbers will be printed with
               a precision of 0 (effectively presented as integers).
  Status:      Open
  Priority:    Medium (this might important to someone).

  Title:       LIBM INACCURACIES
  Description: "..if you are writing something like robot control or
               inertial navigation system for aircraft, I have found
               that using the toolchain libmath is only safe option.
               I ported some code for converting quaternions to Euler
               angles to NuttX for my project and only got it working
               after switching to newlib math library.

               "NuttX does not fully implement IEC 60559 floating point
               from C99 (sections marked [MX] in OpenGroup specs) so if
               your code assumes that some function, say pow(), actually
               behaves right for all the twenty or so odd corner cases
               that the standards committees have recently specified,
               you might get surprises. I'd expect pow(0.0, 1.0) to
               return 0.0 (as zero raised to any positive power is
               well-defined in mathematics) but I get +Inf.

               "NuttX atan2(-0.0, -1.0) returns +M_PI instead of correct
               -M_PI. If we expect [MX] functionality, then atan2(Inf, Inf)
               should return M_PI/4, instead NuttX gives NaN.

               "asin(2.0) does not set domain error or return NaN. In fact
               it does not return at all as the loop in it does not
               converge, hanging your app.

               "There are likely many other issues like these as the Rhombus
               OS code has not been tested or used that much. Sorry for not
               providing patches, but we found it easier just to switch the
               math library."

               Ref: https://groups.yahoo.com/neo/groups/nuttx/conversations/messages/7805

               UPDATE: 2015-09-01: A fix for the noted problems with asin()
               has been applied.
               2016-07-30: Numerous fixes and performance improvements from
               David Alessio.

  Status:      Open
  Priority:    Low for casual users but clearly high if you need care about
               these incorrect corner case behaviors in the math libraries.

  Title:       REPARTITION LIBC FUNCTIONALITY
  Description: There are many things implemented within the kernel (for example
               under sched/pthread) that probably should be migrated in the
               C library where it belongs.

               I would really like to see a little flavor of a micro-kernel
               at the OS interface:  I would like to see more primitive OS
               system calls with more higher level logic in the C library.

               One awkward thing is the incompatibility of KERNEL vs FLAT
               builds:  In the kernel build, it would be nice to move many
               of the thread-specific data items out of the TCB and into
               the process address environment where they belong.  It is
               difficult to make this compatible with the FLAT build,
               however.
  Status:      Open
  Priority:    Low

  Title:       FORMATTING FIXED WIDTH INTEGERS
  Description: Formats like this: lib_vsprintf(_, "%6.6u", 0) do not work.
               There is no support for the precision/width option with
               integer types.  The format is simply is ignored and so can
               even cause crashes.

               For example:

               int hello_main(int argc, char *argv[])
               {
                 printf("Hello, World!!\n");
                 printf("%3.3u %3.3u %3.3u %3.3u %3.3u\n", 9, 99, 999, 9999, 99999);
                 return 0;
               }

               Generates this incorrect output:


               NuttShell (NSH) NuttX-7.20
               nsh> hello
               Hello, World!!
                 9  99 999 9999 99999
               nsh>

               That output, of course, should have been:

                 9  99 999 999 999

               The period and the precision value were being ignored (if
               floating point was disabled).  In that case, parsing of the
               variable arguments could get out of sync.  But a side
               effect of the referenced change is that precision value is
               now always parsed (but still incorrectly ignored for the
               case of integer formats).

               The fix would not be too difficult but would involve change
               several functions.  It would involve clipping the size of the
               number string.  For example:

               /* Get the width of the output */

               uwidth = getusize(FMT_CHAR, flags, n);
               if (trunc > 0 && uwidth > trunc)
                 {
                   uwidth = trunc;
                 }

               Then limiting the length of the output string to uwidth.
               This would probably mean passing an additional parameter to
               the many *toascii() functions like:

               /* Output the number */

               utoascii(obj, FMT_CHAR, flags, (unsigned int)n, uwidth);

  Status:      Open
  Priority:    Low

o File system / Generic drivers (fs/, drivers/)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  NOTE:  The NXFFS file system has its own TODO list at nuttx/fs/nxffs/README.txt

  Title:       MISSING FILE SYSTEM FEATURES
  Description: Implement missing file system features:

               chmod() is probably not relevant since file modes are not
                 currently supported.

                 File privileges would also be good to support.  But this is
                 really a small part of a much larger feature.  NuttX has no
                 user IDs, there are no groups, there are no privileges
                 associated with either.  User's don't need credentials.
                 This is really a system wide issues of which chmod is only
                 a small part.

                 User privileges never seemed important to me since NuttX is
                 intended for deeply embedded environments where there are
                 not multiple users with varying levels of trust.

               truncate - The standard way of setting a fixed file size.
                 Often used with random access, data base files.  There is no
                 simple way of doing that now (other than just writing data
                 to the file).

               link, unlink, softlink, readlink - For symbolic links.  Only
                 the ROMFS file system currently supports hard and soft links,
                 so this is not too important.

               File locking

               Special files - NuttX support special files only in the top-
                 level pseudo file system.  Unix systems support many
                 different special files via mknod().  This would be
                 important only if it is an objective of NuttX to become a
                 true Unix OS.  Again only supported by ROMFS.

               True inodes - Standard Unix inodes.  Currently only supported
                 by ROMFs.

               The primary obstacle to all these is that each would require
               changes to all existing file systems.  That number is pretty
               large.  The number of file system implementations that would
               need to be reviewed and modified  As of this writing this
               would include binfs, fat, hostfs, nfs, nxffs, procfs, romfs,
               tmpfs, unionfs, plus pseduo-file system support.

  Status:      Open
  Priority:    Low

  Title:       ROMFS CHECKSUMS
  Description: The ROMFS file system does not verify checksums on either
               volume header on on the individual files.
  Status:      Open
  Priority:    Low.  I have mixed feelings about if NuttX should pay a
               performance penalty for better data integrity.

  Title:       SPI-BASED SD MULTIPLE BLOCK TRANSFERS
  Description: The simple SPI based MMCS/SD driver in fs/mmcsd does not
               yet handle multiple block transfers.
  Status:      Open
  Priority:    Medium-Low

  Title:       SDIO-BASED SD READ-AHEAD/WRITE BUFFERING INCOMPLETE
  Description: The drivers/mmcsd/mmcsd_sdio.c driver has hooks in place to
               support read-ahead buffering and write buffering, but the logic
               is incomplete and untested.
  Status:      Open
  Priority:    Low

  Title:       POLLHUP SUPPORT
  Description: All drivers that support the poll method should also report
               POLLHUP event when the driver is closed.
  Status:      Open
  Priority:    Medium-Low

  Title:       CONFIG_RAMLOG_CONSOLE DOES NOT WORK
  Description: When I enable CONFIG_RAMLOG_CONSOLE, the system does not come up
               properly (using configuration stm3240g-eval/nsh2).  The problem
               may be an assertion that is occurring before we have a console.
  Status:      Open
  Priority:    Medium

  Title:       UNIFIED DESCRIPTOR REPRESENTATION
  Description: There are two separate ranges of descriptors for file and
               socket descriptors: if a descriptor is in one range then it is
               recognized as a file descriptor; if it is in another range
               then it is recognized as a socket descriptor.  These separate
               descriptor ranges can cause problems, for example, they makes
               dup'ing descriptors with dup2() problematic.  The two groups
               of descriptors are really indices into two separate tables:
               On an array of file structures and the other an array of
               socket structures.  There really should be one array that
               is a union of file and socket descriptors.  Then socket and
               file descriptors could lie in the same range.

               Another example of how the current implementation limits
               functionality:  I recently started to implement of the FILEMAX
               (using pctl() instead sysctl()).  My objective was to be able
               to control the number of available file descriptors on a task-
               by-task basis.  The complexity due to the partitioning of
               desciptor space in a range for file descriptors and a range
               for socket descriptors made this feature nearly impossible to
               implement.
  Status:      Open
  Priority:    Low

  Title:       DUPLICATE FAT FILE NAMES
  Description: "The NSH and POSIX API interpretations about sensitivity or
               insensitivity to upper/lowercase file names seem to be not
               consistent in our usage - which can result in creating two
               directories with the same name..."

               Example using NSH:

                 nsh> echo "Test1" >/tmp/AtEsT.tXt
                 nsh> echo "Test2" >/tmp/aTeSt.TxT
                 nsh> ls /tmp
                 /tmp:
                  AtEsT.tXt
                  aTeSt.TxT
                 nsh> cat /tmp/aTeSt.TxT
                 Test2
                 nsh> cat /tmp/AtEsT.tXt
                 Test1

  Status:      Open
  Priority:    Low

  Title:       MISSING FILES IN NSH 'LS' OF A DIRECTORY
  Description: I have seen cases where (1) long file names are enabled,
               but (2) a short file name is created like:

                 nsh> echo "This is another test" >/mnt/sdcard/another.txt

               But then on subsequent 'ls' operations, the file does not appear:

                 nsh> ls -l /mnt/sdcard

               I have determined that the problem is because, for some as-
               of-yet-unkown reason the short file name is treated as a long
               file name.  The name then fails the long filename checksum
               test and is skipped.

               readdir() (and fat_readdir()) is the logic underlying the
               failure and the problem appears to be something unique to the
               fat_readdir() implementation.  Why?  Because the file is
               visible when you put the SD card on a PC and because this
               works fine:

                 nsh> ls -l /mnt/sdcard/another.txt

               The failure does not happen on all short file names.  I do
               not understand the pattern.  But I have not had the opportunity
               to dig into this deeply.
  Status:      Open
  Priority:    Perhaps not a problem???  I have analyzed this problem and
               I am not sure what to do about it.  I am suspected that a
               fat filesystem was used with a version of NuttX that does
               not support long file name entries.  Here is the failure
               scenario:

               1) A file with a long file name is created under Windows.
               2) Then the file is deleted.  I am not sure if Windows or
                  NuttX deleted the file, but the resulting directory
                  content is not compatible with NuttX with long file
                  name support.

                  The file deletion left the full sequence of long
                  file name entries intact but apparently delete only
                  the following short file name entry.  I am thinking
                  that this might have happened because a version of NuttX
                  with only short file name support was used to delete
                  the file.

               3) When a new file with a short file name was created, it
                  re-used the short file name entry that was previously
                  deleted.  This makes the new short file name entry
                  look like a part of the long file name.

               4) When comparing the checksum in the long file name
                  entry with the checksum of the short file name, the
                  checksum fails and the entire directory sequence is
                  ignored by readder() logic.  This the file does not
                  appear in the 'ls'.

o Graphics Subsystem (graphics/)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  See also the NxWidgets TODO list file for related issues.

  Title:       UNTESTED GRAPHICS APIS
  Description: Testing of all APIs is not complete.  See
               http://nuttx.sourceforge.net/NXGraphicsSubsystem.html#testcoverage
  Status:      Open
  Priority:    Medium

  Title:       ITALIC FONTS / NEGATIVE FONT OFFSETS
  Description: Font metric structure (in include/nuttx/nx/nxfont.h) should allow
               negative X offsets. Negative x-offsets are necessary for certain
               glyphs (and is very common in italic fonts).
               For example Eth, icircumflex, idieresis, and oslash should have
               offset=1 in the 40x49b font (these missing negative offsets are
               NOTE'ed in the font header files).
  Status:      Open.  The problem is that the x-offset is an unsigned bitfield
               in the current structure.
  Priority:    Low.

  Title:       RAW WINDOW AUTORAISE
  Description: Auto-raise only applies to NXTK windows. Shouldn't it also apply
               to raw windows as well?
  Status:      Open
  Priority:    Low

  Title:       AUTO-RAISE DISABLED
  Description: Auto-raise is currently disabled in NX multi-server mode.  The
               reason is complex:
               - Most touchscreen controls send touch data a high rates
               - In multi-server mode, touch events get queued in a message
                  queue.
               - The logic that receives the messages performs the auto-raise.
                 But it can do stupid things after the first auto-raise as
                 it operates on the stale data in the message queue.
               I am thinking that auto-raise ought to be removed from NuttX
               and moved out into a graphics layer (like NxWM) that knows
               more about the appropriate context to do the autoraise.
  Status:      Open
  Priority:    Medium low

  Title:       NxTERM VT100 SUPPORT
  Description: If the NxTerm will be used with the Emacs-like command line
               editor (CLE), then it will need to support VT100 cursor control
               commands.
  Status:      Open
  Priority:    Low, the need has not yet arisen.

  Title:       PER-WINDOW FRAMEBUFFERS
  Description: One of the most awkward things to handle in the NX windowing
               system is the re-draw callback.  This is difficult because it
               requires ad hoc, custom logic to be able to do the redrawing
               in most cases.

               One solution would be to provide a per-window framebuffer.
               All rending would be performed into the per-window framebuffer
               and the rended bits would be copied the LCD or framebuffer
               device memory on demand when the redraw is required.

               This would (a) greatly simplify the graphics interface, (b)
               greatly improve redraw performance, and (c) enable a more
               generic use of the windowing.  The downside would be a large
               usage of memory to hold all of the framebuffers, one for each
               window.
  Status:      Open
  Priority:    Low, of mostly strategic value.

  Title:       VERTICAL ANTI-ALIASING
  Description: Anti-aliasing is implemented along the horizontal raster line
               with fractional pixels at the ends of each line.  There is no
               accounting for fractional pixels in the vertical direction.
               As a result lines closer to vertical receive better anti-
               aliasing than lines closer to horizontal.
  Status:      Open
  Priority:    Low, not a serious issue but worth noting.  There is no plan
               to change this behavior.

  Title:       REMOVE SINGLE USER MODE
  Description: NX graphics supports two modes:  A simple single user mode and
               more complex multi-user mode selected with CONFIG_NX_MULTIUSER=y.
               In this configuration, an application can start the NX server
               with boardctrl(BOARDIOC_NX_START);  After that, all graphic
               interactions are via a thin layer in libnx/.   The OS
               interface is only via messages sent and received using POSIX
               message queues.  So this is good code and respects all of the
               POSIX interfacing rules.  Hence, it works well in all build
               modes (FLAT, PROTECTED, and KERNEL builds).

               But without CONFIG_NX_MULTIUSER, the single user applications
               violate all of the rules and calls internal NX functions
               directly.  This includes all calls to internal OSfunctions
               with names like, nx_open, up_fbinitialize, board_lcd_*, and
               others.  This is a violation of interfacing standard in all
               cases and can only be made to work in the FLAT build mode.

               The single user mode does have some desirable properties:  It
               is lighter weight and so more suitable for very resource limited
               platforms.  But I think that in the long run the only reasonable
               solution is to eliminate the single user mode and provide only
               the multi-user mode with the message queue interface.
  Status:      Open
  Priority:    Low-Medium, not a serious issue but worth noting.  Single user
               mode is a blemish on the OS and not compatible with the RTOS
               roadmap.  But neither is there any critical necessity to
               remove the offending code immediately.  Be aware:  If you use
               the single user mode, it will be yanked out from under your
               feet in the not-so-distant future.

  Title:       WIDE-FOUNT SUPPORT
  Description: Wide fonts are not currently supported by the NuttX graphics sub-
               system.  There is some discussion here:

                 https://groups.yahoo.com/neo/groups/nuttx/conversations/topics/3507
                 http://www.nuttx.org/doku.php?id=wiki:graphics:wide-fonts

  Status:      Open
  Priority:    Low for many, but I imagine higher in countries that use wide fonts

o Build system
  ^^^^^^^^^^^^

  Title:       MAKE EXPORT LIMITATIONS
  Description: The top-level Makefile 'export' target that will bundle up all of the
               NuttX libraries, header files, and the startup object into an export-able
               tarball. This target uses the tools/mkexport.sh script.  Issues:

               1. This script assumes the host archiver ar may not be appropriate for
                  non-GCC toolchains
               2. For the kernel build, the user libraries should be built into some
                  libuser.a.  The list of user libraries would have to accepted with
                  some new argument, perhaps -u.
  Status:      Open
  Priority:    Low.

  Title:       CONTROL-C CAN BREAK DEPENDENCIES
  Description: If you control C out of a make, then there are things that can go
               wrong.  For one, you can break the dependencies in this scenario:

               - The build in a given directory begins with all of the compilations.
                 On terminal, this the long phase with CC: on each line.  As each
                 .o file is created, it is timestamped with the current time.

               - The dependencies on each .o are such that the C file will be re-
                 compile if the .o file is OLDER that the corresponding .a archive
                 file.

               - The compilation phase is followed by a single, relatively short
                 AR: phase that adds each of the file to the .a archive file.  As
                 each file is added to archive, the timestamp of the of archive is
                 updated to the current time.  After the first .o file has been
                 added, then archive file will have a newer timestamp than any of
                 the newly compiled .o file.

               - If the user aborts with control-C during this AR: phase, then we
                 are left with:  (1) not all of the files have bee added to the
                 archive, and (2) the archive file has a newer timestamp than any
                 of the .o file.

               So when the make is restarted after a control, the dependencies will
               see that the .a archive file has the newer time stamp and those .o
               file will never be added to the archive until the directory is cleaned
               or some other dependency changes.

               NOTE: This may not really be an issue because the the timestamp on
               libapps.a is not really used but rather the timestamp on an empty
               file:

               .built: $(OBJS)
                   $(call ARCHIVE, $(BIN), $(OBJS))
                   $(Q) touch $@

               UPDATE: But there is another way that Control-C can break dependencies:
               If you control-c out of the make during the apps/ part of the build,
               the archive at apps/libapps.a is deleted (but all of the .built files
               remain in place).  You can see this in the make outout, for example:

                 CC:  ieee802154_getsaddr.c
                 make[2]: *** [Makefile:104: ieee802154_getsaddr.o] Interrupt
                 make: *** Deleting file '../apps/libapps.a'

               When you rebuild the system, the first file archived will recreate
               libapps.a and set the timestamp to the current time.  Then, none of
               the other object files will be added to the archive because they are
               all older.. or, more correctly, none of the other object files will
               be addred because .built files remained and say that there is no
               need to update the libapps.a file.

               The typical symptom of such an issue is a link time error like:

                 LD: nuttx libsched.a(os_bringup.o): In function `os_bringup':
                 os_bringup.c:(.text+0x34): undefined reference to `nsh_main'

               This is becuase the libapps.a file was deleted and an new empty
               libapps.a file was created (which the object containing nsh_main()).
               The object containing nsh_main() will not be added because the
               .built file exists and says that there is not need to add the
               nsh_main() object to libapps.a.

               The work-around for now is:

                 $ make apps_distclean

               One solution to this might be to making the special target
               .PRECIOUS depend on apps/libapps.a.  Then if make receives a
               signal, it will not delete apps/libapps.a.  This would have to
               be done in all Makefiles.

   Status      Open
   Priority:   Medium-High.  It is a rare event that control-C happens at just the
               point in time.  However, when it does occur the resulting code may
               have binary incompatiblies in the code taken from the out-of-sync
               archives and cost a lot of debug time before you realize the issue.

               The first stated problem is not really an issue:  There is already
               the spurious .built file that should handle the described case:
               If you control-C out of the build then the timestamp on the .built
               file will not be updated and the archiving should be okay on the
               next build.

               A work-around for the second stated problem is to do 'make clean'
               if you ever decide to control-C out of a make and see that the
               libapps.a file was deleted.

               UPDATE:  This is a potential fix for the second problem in place
               in in all Makefiles under apps/.  This fix adds

                 .PRECIOUS: $(BIN)

               to all Makefiles.  It has not yet been confirmed that this fix
               eliminates the dependency issue or not.

o Other drivers (drivers/)
  ^^^^^^^^^^^^^^^^^^^^^^^^

o Linux/Cywgin simulation (arch/sim)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       SIMULATOR HAS NO INTERRUPTS (NON-PREMPTIBLE)
  Description: The current simulator implementation is has no interrupts and, hence,
               is non-preemptible.  Also, without simulated interrupt, there can
               be no high-fidelity simulated device drivers.

               Currently, all timing and serial input is simulated in the IDLE loop:
               When nothing is going on in the simulation, the IDLE loop runs and
               fakes timer and UART events.
  Status:      Open
  Priority:    Low, unless there is a need for developing a higher fidelity simulation
               I have been thinking about how to implement simulated interrupts in
               the simulation.  I think a solution would work like this:
               http://www.nuttx.org/doku.php?id=wiki:nxinternal:simulator

  Title:       ROUND-ROBIN SCHEDULING IN THE SIMULATOR
  Description: Since the simulation is not pre-emptible, you can't use round-robin
               scheduling (no time slicing).  Currently, the timer interrupts are
               "faked" during IDLE loop processing and, as a result, there is no
               task pre-emption because there are no asynchronous events.  This could
               probably be fixed if the "timer interrupt" were driver by Linux
               signals. NOTE:  You would also have to implement up_irq_save() and
               up_irq_restore() to block and (conditionally) unblock the signal.
  Status:      Open
  Priority:    Low

  Title:       SMP SIMULATION ISSUES
  Description: The configuration has basic support SMP testing.  The simulation
               supports the emulation of multiple CPUs by creating multiple
               pthreads, each run a copy of the simulation in the same process
               address space.

               At present, the SMP simulation is not fully functional:  It does
               operate on the simulated CPU threads for a few context switches
               then fails during a setjmp() operation.  I suspect that this is
               not an issue with the NuttX SMP logic but more likely some chaos
               in the pthread controls. I have seen similar such strange behavior
               other times that I have tried to use setjmp/longmp from a signal
               handler! Like when I tried to implement simulated interrupts
               using signals.

               Apparently, if longjmp is invoked from the context of a signal
               handler, the result is undefined:
               http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1318.htm

               You can enable SMP for ostest configuration by enabling:

                 -# CONFIG_EXPERIMENTAL is not set
                 +CONFIG_EXPERIMENTAL=y

                 +CONFIG_SPINLOCK=y
                 +CONFIG_SMP=y
                 +CONFIG_SMP_NCPUS=2
                 +CONFIG_SMP_IDLETHREAD_STACKSIZE=2048

               You also must enable near-realtime-performance otherwise even long
               timeouts will expire before a CPU thread even has a chance to
               execute.

                 -# CONFIG_SIM_WALLTIME is not set
                 +CONFIG_SIM_WALLTIME=y

               And you can enable some additional debug output with:

                 -# CONFIG_DEBUG_SCHED is not set
                 +CONFIG_DEBUG_SCHED=y

                 -# CONFIG_SCHED_INSTRUMENTATION is not set
                 +CONFIG_SCHED_INSTRUMENTATION=y

               The NSH configuration can also be forced to run SMP, but
               suffers from the same quirky behavior.  I can be made
               reliable if you modify arch/sim/src/up_idle.c so that
               the IDLE loop only runs for CPU0.  Otherwise, often
               simuart_post() will be called from CPU1 and it will try
               to restart NSH on CPU0 and, again, the same quirkiness
               occurs.

               But for example, this command:

                 nsh> sleep 1 &

               will execute the sleep command on CPU1 which has worked
               every time that I have tried it (which is not too many
               times).

  Status:      Open
  Priority:    Low, SMP is important, but SMP on the simulator is not

o ARM (arch/arm/)
  ^^^^^^^^^^^^^^^

  Title:       IMPROVED ARM INTERRUPT HANDLING
  Description: ARM interrupt handling performance could be improved in some
               ways. One easy way is to use a pointer to the context save
               area in g_current_regs instead of using up_copystate so much.

               This approach is already implemented for the ARM Cortex-M0,
               Cortex-M3, Cortex-M4, and Cortex-A5 families.  But still needs
               to be back-ported to the ARM7 and ARM9 (which are nearly
               identical to the Cortex-A5 in this regard).  The change is
               *very* simple for this architecture, but not implemented.
  Status:      Open.  But complete on all ARM platforms except ARM7 and ARM9.
  Priority:    Low.

  Title:       IMPROVED ARM INTERRUPT HANDLING
  Description: The ARM and Cortex-M3 interrupt handlers restores all registers
               upon return. This could be improved as well:  If there is no
               context switch, then the static registers need not be restored
               because they will not be modified by the called C code.
               (see arch/renesas/src/sh1/sh1_vector.S for example)
  Status:      Open
  Priority:    Low

  Title:       CORTEX-M3 STACK OVERFLOW
  Description: There is bit bit logic in up_fullcontextrestore() that executes on
               return from interrupts (and other context switches) that looks like:

                 ldr r1, [r0, #(4*REG_CPSR)] /* Fetch the stored CPSR value */
                 msr cpsr, r1 /* Set the CPSR */

                 /* Now recover r0 and r1 */

                 ldr r0, [sp]
                 ldr r1, [sp, #4]
                 add sp, sp, #(2*4)

                 /* Then return to the address at the stop of the stack,
                  * destroying the stack frame
                  */

                 ldr pc, [sp], #4

               Under conditions of excessively high interrupt conditions, many
               nested interrupts can occur just after the 'msr cpsr' instruction.
               At that time, there are 4 bytes on the stack and, with each
               interrupt, the stack pointer may increment and possibly overflow.

               This can happen only under conditions of continuous interrupts.
               See this email thread: https://groups.yahoo.com/neo/groups/nuttx/conversations/messages/1261
               On suggested change is:

                 ldr  r1, [r0, #(4*REG_CPSR)] /* Fetch the stored CPSR value */
                 msr spsr_cxsf, r1 /* Set the CPSR */
                 ldmia     r0, {r0-r15}^

               But this has not been proven to be a solution.

               UPDATE:  Other ARM architectures have a similar issue.

  Status:      Open
  Priority:    Low.  The conditions of continuous interrupts is really the problem.
               If your design needs continuous interrupts like this, please try
               the above change and, please, submit a patch with the working fix.

  Title:       IMPROVED TASK START-UP AND SYSCALL RETURN
  Description: Couldn't up_start_task and up_start_pthread syscalls be
               eliminated.  Wouldn't this work to get us from kernel-
               to user-mode with a system trap:

                 lda r13, #address
                 str rn, [r13]
                 msr spsr_SVC, rm
                 ld r13,{r15}^

               Would also need to set r13_USER and r14_USER. For new
               SYS_context_switch... couldn't we do he same thing?

               Also... System calls use traps to get from user- to kernel-
               mode to perform OS services.  That is necessary to get from
               user- to kernel-mode.  But then another trap is used to get
               from kernel- back to user-mode.  It seems like this second
               trap should be unnecessary.  We should be able to do the
               same kind of logic to do this.
  Status:      Open
  Priority:    Low-ish, but a good opportunity for performance improvement.

o Network Utilities (apps/netutils/)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       UNVERIFIED THTTPD FEATURES
  Description: Not all THTTPD features/options have been verified.  In
               particular, there is no test case of a CGI program receiving
               POST input.  Only the configuration of apps/examples/thttpd
               has been tested.
  Status:      Open
  Priority:    Medium

  Title:       NETWORK MONITOR NOT GENERALLY AVAILABLE
  Description: The NSH network management logic has general applicability
               but is currently useful only because it is embedded in the NSH
               module.  It should be moved to apps/system or, better,
               apps/netutils.
  Status:      Open
  Priority:    Low

o NuttShell (NSH) (apps/nshlib)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       IFCONFIG AND MULTIPLE NETWORK INTERFACES
  Description: The ifconfig command will not behave correctly if an interface
               is provided and there are multiple interfaces.  It should only
               show status for the single interface on the command line; it will
               still show status for all interfaces.
  Status:      Open
  Priority:    Low

o System libraries apps/system (apps/system)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       READLINE IMPLEMENTATION
  Description: readline implementation does not use C-buffered I/O, but rather
               talks to serial driver directly via read().  It includes VT-100
               specific editing commands.  A more generic readline() should be
               implemented using termios' tcsetattr() to put the serial driver
               into a "raw" mode.
  Status:      Open
  Priority:    Low (unless you are using mixed C-buffered I/O with readline and
               fgetc, for example).

o Modbus (apps/modbus)
  ^^^^^^^^^^^^^^^^^^^^

  Title:       MODBUS NOT USABLE WITH USB SERIAL
  Description: Modbus can be used with USB serial, however, if the USB
               serial connectiont is lost, Modbus will hang in an infinite
               loop.

               This is a problem in the handling of select() and read()
               and could probabaly resolved by studying the Modbus error
               handling.

               A more USB-friendly solution would be to: (1) Re-connect and
               (2) re-open the serial drviers.  That is what is done is NSH.
               When the serial USB device is removed, this terminates the
               session and NSH will then try to re-open the USB device.  See
               the function nsh_waitusbready() in the file
               apps/nshlib/nsh_usbconsole.c. When the USB serial is
               reconnected the open() in the function will succeed and a new
               session will be started.
  Status:      Open
  Priority:    Low.  This is really an enhancement request:  Modbus was never
               designed to work with removable serial devices.

o Pascal Add-On (pcode/)
  ^^^^^^^^^^^^^^^^^^^^^^

  Title:       P-CODES IN MEMORY UNTESTED
  Description: Need APIs to verify execution of P-Code from memory buffer.
  Status:      Open
  Priority:    Low

  Title:       SMALLER LOADER AND OBJECT FORMAT
  Description: Loader and object format may be too large for some small
               memory systems.  Consider ways to reduce memory footprint.
  Status:      Open
  Priority:    Medium

  Title:       PDBG
  Description: Move the pascal p-code debugger into the NuttX apps/ tree
               where it can be used from the NSH command line.
  Status:      Open
  Priority:    Low

o Other Applications & Tests (apps/examples/)
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  Title:       EXAMPLES/PIPE ON CYGWIN
  Description: The redirection test (part of examples/pipe) terminates
               incorrectly on the Cywgin-based simulation platform (but works
               fine on the Linux-based simulation platform).
  Status:      Open
  Priority:    Low

  Title:       EXAMPLES/SENDMAIL UNTESTED
  Description: examples/sendmail is untested on the target (it has been tested
               on the host, but not on the target).
  Status:      Open
  Priority:    Med

  Title:       EXAMPLES/NX FONT CACHING
  Description: The font caching logic in examples/nx is incomplete.  Fonts are
               added to the cache, but never removed.  When the cache is full
               it stops rendering.  This is not a problem for the examples/nx
               code because it uses so few fonts, but if the logic were
               leveraged for more general purposes, it would be a problem.

               Update: see examples/nxtext for some improved font cache handling.
               Update: The NXTERM font cache has been generalized and is now
               offered as the standard, common font cache for all applications.
               both the nx and nxtext examples should be modified to use this
               common font cache.  See interfaces defined in nxfonts.h.
  Status:      Open
  Priority:    Low.  This is not really a problem because examples/nx works
               fine with its bogus font caching.

  Title:       EXAMPLES/NXTEXT ARTIFACTS
  Description: examples/nxtext.  Artifacts when the pop-up window is opened.
               There are some artifacts that appear in the upper left hand
               corner.  These seems to be related to window creation.  At
               tiny artifact would not be surprising (the initial window
               should like at (0,0) and be of size (1,1)), but sometimes
               the artifact is larger.
  Status:      Open
  Priority:    Medium.