harden runtime and config

Author: ZeroBitsTech

CHANGELOG.md

@@ -10,6 +10,9 @@
 - Improved `ZeroHttpPump` and `ZeroMqttPump` throughput by allowing bounded intra-tick progress.
 - Added `ZEROKERNEL_PROFILE_LEAN_NET` for tighter network-oriented builds.
 - Reduced network module state again by compacting transport metrics counters.
+- Hardened config validation with compile-time capacity guards and conflicting-flag checks.
+- Copied task names into internal storage to avoid dangling name pointers.
+- Replaced Xtensa platform idle hint from a no-op with a real idle instruction.
 
 ## 1.3.x
 

README.md

@@ -459,6 +459,8 @@ Important lean-build switches:
 
 `ZEROKERNEL_PROFILE_NETWORK_NODE` biases the runtime toward WiFi/BLE/MQTT-style firmware: key-first routing, bounded command/work queues, stronger drain budgets, and leaner metadata by default.
 `ZEROKERNEL_PROFILE_LEAN_NET` pushes harder on that same direction for module-heavy nodes: smaller queue defaults, stripped diagnostics, topic-key routing, and tighter runtime state for optional network helpers.
+- `ZEROKERNEL_PROFILE_TINY` now also defaults to key-first routing and stripped extended task metrics, so the name better matches the footprint target.
+- `ZEROKERNEL_PROFILE_NETWORK_NODE` now keeps capability gating enabled, which aligns the profile with network-aware runtime supervision.
 - `ZEROKERNEL_ENABLE_DEBUG_DUMP`
 
 For small builds, the goal is to preserve the public API while collapsing runtime cost toward key-based routing and stripped diagnostics.

src/ZeroKernel.h

@@ -410,7 +410,7 @@ class Kernel {
 
   struct TaskSlot {
     TaskCallback callback;
-    const char* name;
+    char name[kTaskNameLength];
     TimeMs intervalMs;
     TimeMs maxRuntimeMs;
     TimeMs heartbeatTimeoutMs;

src/ZeroKernelConfig.h

@@ -23,14 +23,14 @@
 #define ZEROKERNEL_DEFAULT_ENABLE_EVENT_COALESCING 1
 #define ZEROKERNEL_DEFAULT_ENABLE_COMMAND_QUEUE 1
 #define ZEROKERNEL_DEFAULT_ENABLE_WORK_QUEUE 1
-#define ZEROKERNEL_DEFAULT_ENABLE_LEGACY_LABEL_API 1
-#define ZEROKERNEL_DEFAULT_ENABLE_TOPIC_KEY_ONLY 0
+#define ZEROKERNEL_DEFAULT_ENABLE_LEGACY_LABEL_API 0
+#define ZEROKERNEL_DEFAULT_ENABLE_TOPIC_KEY_ONLY 1
 #define ZEROKERNEL_DEFAULT_ENABLE_TRACE 1
 #define ZEROKERNEL_DEFAULT_ENABLE_DIAGNOSTICS 0
 #define ZEROKERNEL_DEFAULT_ENABLE_DEBUG_DUMP 1
 #define ZEROKERNEL_DEFAULT_ENABLE_ADAPTIVE_DRAIN 1
 #define ZEROKERNEL_DEFAULT_ENABLE_SIGNAL_HOOK 0
-#define ZEROKERNEL_DEFAULT_ENABLE_EXTENDED_TASK_METRICS 1
+#define ZEROKERNEL_DEFAULT_ENABLE_EXTENDED_TASK_METRICS 0
 #define ZEROKERNEL_DEFAULT_ENABLE_CAPABILITIES 0
 #define ZEROKERNEL_DEFAULT_EVENT_QUEUE_BACKPRESSURE 1
 #define ZEROKERNEL_DEFAULT_COMMAND_QUEUE_BACKPRESSURE 1
@@ -143,7 +143,7 @@
 #define ZEROKERNEL_DEFAULT_ENABLE_ADAPTIVE_DRAIN 1
 #define ZEROKERNEL_DEFAULT_ENABLE_SIGNAL_HOOK 0
 #define ZEROKERNEL_DEFAULT_ENABLE_EXTENDED_TASK_METRICS 0
-#define ZEROKERNEL_DEFAULT_ENABLE_CAPABILITIES 0
+#define ZEROKERNEL_DEFAULT_ENABLE_CAPABILITIES 1
 #define ZEROKERNEL_DEFAULT_EVENT_QUEUE_BACKPRESSURE 1
 #define ZEROKERNEL_DEFAULT_COMMAND_QUEUE_BACKPRESSURE 1
 #define ZEROKERNEL_DEFAULT_WORK_QUEUE_BACKPRESSURE 1
@@ -376,4 +376,22 @@
 #define ZEROKERNEL_WORK_QUEUE_BACKPRESSURE ZEROKERNEL_DEFAULT_WORK_QUEUE_BACKPRESSURE
 #endif
 
+#if ZEROKERNEL_ENABLE_TOPIC_KEY_ONLY && ZEROKERNEL_ENABLE_LEGACY_LABEL_API
+#error "ZEROKERNEL_ENABLE_TOPIC_KEY_ONLY and ZEROKERNEL_ENABLE_LEGACY_LABEL_API cannot both be enabled"
+#endif
+
+#if defined(__cplusplus)
+static_assert(ZEROKERNEL_MAX_TASKS <= 255, "ZEROKERNEL_MAX_TASKS exceeds uint8_t storage");
+static_assert(ZEROKERNEL_MAX_SUBSCRIBERS <= 255, "ZEROKERNEL_MAX_SUBSCRIBERS exceeds uint8_t storage");
+static_assert(ZEROKERNEL_MAX_TYPED_SUBSCRIBERS <= 255,
+              "ZEROKERNEL_MAX_TYPED_SUBSCRIBERS exceeds uint8_t storage");
+static_assert(ZEROKERNEL_MAX_EVENT_QUEUE <= 255, "ZEROKERNEL_MAX_EVENT_QUEUE exceeds uint8_t storage");
+static_assert(ZEROKERNEL_MAX_COMMAND_HANDLERS <= 255,
+              "ZEROKERNEL_MAX_COMMAND_HANDLERS exceeds uint8_t storage");
+static_assert(ZEROKERNEL_MAX_COMMAND_QUEUE <= 255,
+              "ZEROKERNEL_MAX_COMMAND_QUEUE exceeds uint8_t storage");
+static_assert(ZEROKERNEL_MAX_WORK_QUEUE <= 255, "ZEROKERNEL_MAX_WORK_QUEUE exceeds uint8_t storage");
+static_assert(ZEROKERNEL_MAX_TRACE_ENTRIES <= 255, "ZEROKERNEL_MAX_TRACE_ENTRIES exceeds uint8_t storage");
+#endif
+
 #endif

src/core/KernelRuntime.cpp

@@ -88,7 +88,7 @@ void Kernel::begin(ClockSource clockSource) {
   resetCommandQueue_();
   resetWorkQueue_();
   resetTrace_();
-  eventFlags_ = 0;
+  internal::atomicStoreU32(&eventFlags_, 0);
   lastPanic_ = PanicInfo();
   safeMode_ = false;
   safeModePriorityFloor_ = kPriorityHigh;

src/core/Watchdog.cpp

@@ -166,7 +166,7 @@ void Kernel::initializeTaskSlot_(TaskSlot& slot,
   slot = TaskSlot();
   slot.inUse = true;
   slot.startEnabled = config.startEnabled;
-  slot.name = config.name;
+  copyLabel_(slot.name, sizeof(slot.name), config.name);
   slot.callback = config.callback;
   slot.intervalMs = config.intervalMs;
   slot.maxRuntimeMs = config.maxRuntimeMs;
@@ -347,6 +347,7 @@ bool Kernel::isTaskDue_(const TaskSlot& slot, TimeMs nowMs) const {
     return false;
   }
 
+  // Unsigned subtraction keeps due checks stable across millis() wrap-around.
   return (nowMs - slot.lastRunAtMs) >= slot.intervalMs;
 }
 

src/internal/KernelArch.h

@@ -20,6 +20,14 @@ inline uint32_t atomicLoadU32(const volatile uint32_t* target) {
 #endif
 }
 
+inline void atomicStoreU32(volatile uint32_t* target, uint32_t value) {
+#if defined(__GNUC__) || defined(__clang__)
+  __atomic_store_n(target, value, __ATOMIC_RELAXED);
+#else
+  *target = value;
+#endif
+}
+
 inline uint32_t atomicOrU32(volatile uint32_t* target, uint32_t mask) {
 #if defined(__GNUC__) || defined(__clang__)
   return __atomic_fetch_or(target, mask, __ATOMIC_RELAXED);

src/internal/KernelArchAsm.S

@@ -2,7 +2,7 @@
   .text
   .global zk_arch_idle_hint_asm
 zk_arch_idle_hint_asm:
-  nop
+  waiti 0
 #if defined(__XTENSA_WINDOWED_ABI__)
   retw.n
 #else

tests/desktop/KernelTests.cpp

@@ -444,6 +444,22 @@ int testTaskScheduling() {
   return g_failures;
 }
 
+int testTaskNameCopy() {
+  zerokernel::Kernel isolatedKernel;
+  char mutableName[24] = "MutableTask";
+
+  expectTrue(isolatedKernel.addTask(mutableName, periodicTask, 25, 0), "add mutable-name task");
+  mutableName[0] = 'X';
+
+  zerokernel::Kernel::TaskStats stats;
+  expectTrue(isolatedKernel.getTaskStats("MutableTask", stats),
+             "task lookup still works after source buffer changes");
+  expectTrue(stats.name[0] == 'M', "stored task name is copied into kernel storage");
+  expectTrue(!isolatedKernel.getTaskStats("XutableTask", stats),
+             "mutating source buffer does not rename stored task");
+  return g_failures;
+}
+
 int testNextWakeHint() {
   zerokernel::Kernel isolatedKernel;
   expectTrue(isolatedKernel.addTask("Wake", periodicTask, 50, 0), "add wake task");
@@ -1124,6 +1140,7 @@ int main() {
   testEventFlags();
   testHeartbeatTimeout();
   testTaskScheduling();
+  testTaskNameCopy();
   testNextWakeHint();
   testPriorityScheduling();
   testSafeMode();