diff --git a/examples/lockall.rs b/examples/lockall.rs index 5a00ad858f..01f4977a20 100644 --- a/examples/lockall.rs +++ b/examples/lockall.rs @@ -1,13 +1,13 @@ -//! examples/lock.rs +//! examples/lockall.rs -// #![deny(unsafe_code)] -// #![deny(warnings)] +#![deny(unsafe_code)] +#![deny(warnings)] #![no_main] #![no_std] use panic_semihosting as _; -#[rtic::app(device = lm3s6965, dispatchers = [GPIOA])] +#[rtic::app(device = lm3s6965, dispatchers = [GPIOA, GPIOB, GPIOC])] mod app { use cortex_m_semihosting::{debug, hprintln}; @@ -30,44 +30,31 @@ mod app { // when omitted priority is assumed to be `1` #[task(shared = [a, b])] fn foo(mut c: foo::Context) { - static mut X: Option<&'static mut u32> = None; - static mut Y: u32 = 0; - let _ = hprintln!("before lock"); c.shared.lock(|s| { - let _ = hprintln!("in lock"); - let _ = hprintln!("here {}, {}", s.a, s.b); + hprintln!("foo: a = {}, b = {}", s.a, s.b).ok(); *s.a += 1; - - // soundness check - // c.shared.lock(|s| {}); // borrow error - // c.shared.a.lock(|s| {}); // borrow error - - unsafe { - X = Some(&mut Y); - // X = Some(s.a); // lifetime issue - // X = Some(&mut *s.a); // lifetime issue - // X = Some(&'static mut *s.a); // not rust - } - let _ = hprintln!("here {}, {}", s.a, s.b); + bar::spawn().unwrap(); + baz::spawn().unwrap(); + hprintln!("still in foo::lock").ok(); }); - // the lower priority task requires a critical section to access the data - // c.shared.shared.lock(|shared| { - // // data can only be modified within this critical section (closure) - // *shared += 1; - - // // bar will *not* run right now due to the critical section - // bar::spawn().unwrap(); - - // hprintln!("B - shared = {}", *shared).unwrap(); - - // // baz does not contend for `shared` so it's allowed to run now - // baz::spawn().unwrap(); - // }); - - // // critical section is over: bar can now start - - // hprintln!("E").unwrap(); - + hprintln!("still in foo").ok(); debug::exit(debug::EXIT_SUCCESS); // Exit QEMU simulator } + + #[task(priority = 2, shared = [a])] + fn bar(mut c: bar::Context) { + // the higher priority task does still need a critical section + let a = c.shared.lock(|s| { + *s.a += 1; + // *s.b += 1; `b` not accessible + *s.a + }); + + hprintln!("bar: a = {}", a).unwrap(); + } + + #[task(priority = 3)] + fn baz(_: baz::Context) { + hprintln!("baz").unwrap(); + } } diff --git a/examples/lockall_soundness.rs b/examples/lockall_soundness.rs new file mode 100644 index 0000000000..a5537bc1b1 --- /dev/null +++ b/examples/lockall_soundness.rs @@ -0,0 +1,53 @@ +//! examples/lockall_soundness.rs + +// #![deny(unsafe_code)] +#![deny(warnings)] +#![no_main] +#![no_std] + +use panic_semihosting as _; + +#[rtic::app(device = lm3s6965, dispatchers = [GPIOA])] +mod app { + use cortex_m_semihosting::{debug, hprintln}; + + #[shared] + struct Shared { + a: u32, + b: i64, + } + + #[local] + struct Local {} + + #[init] + fn init(_: init::Context) -> (Shared, Local, init::Monotonics) { + foo::spawn().unwrap(); + + (Shared { a: 1, b: 2 }, Local {}, init::Monotonics()) + } + + // when omitted priority is assumed to be `1` + #[task(shared = [a, b])] + fn foo(mut c: foo::Context) { + static mut X: Option<&'static mut u32> = None; + static mut Y: u32 = 0; + c.shared.lock(|s| { + hprintln!("s.a = {}, s.b = {}", s.a, s.b).ok(); + *s.a += 1; + + // soundness check + // c.shared.lock(|s| {}); // borrow error + // c.shared.a.lock(|s| {}); // borrow error + + unsafe { + X = Some(&mut Y); + // X = Some(s.a); // lifetime issue + // X = Some(&mut *s.a); // lifetime issue + // X = Some(&'static mut *s.a); // not rust + } + hprintln!("s.a = {}, s.b = {}", s.a, s.b).ok(); + }); + debug::exit(debug::EXIT_SUCCESS); // Exit QEMU simulator + } +}