![]() This commit fixes a ceiling bug where the ceiling of a ready queue will be incorrectly computed. The analysis was not including the priority of the system timer interrupt (`SysTick`) in the analysis resulting in a priority ceiling lower than what's required for memory safety which led to data races. The bug can be observed in the following program: ``` rust #[rtfm::app(device = /* .. */)] const APP: () = { #[init] fn init() { // .. } #[task(priority = 2)] fn foo(x: i32) { // .. } #[task(priority = 1, spawn = [foo], schedule = [foo])] fn bar() { // .. } extern "C" { fn EXTI0(); fn EXTI1(); } }; ``` Here the framework chooses a priority of `2` for the `SysTick` interrupt (because it matches the priority of the `schedule`-able task `foo`). Both `SysTick` and `bar::Spawn.foo` need to access the ready queue (which, in this case, stores the messages sent to task `foo`) but the framework doesn't account for the priority of `SysTick` (`2`) and chooses a priority ceiling of `1` for the ready queue (because it matches the priority of task `bar` which can spawn `foo`). The result is that `bar::Spawn.foo` modifies the ready queue *without* a critical section (because `bar`'s priority matches the priority ceiling of the ready queue) which is wrong because `SysTick` (priority = `3`) can also modify the ready queue. |
.cargo | ||
.github | ||
book | ||
ci | ||
examples | ||
macros | ||
src | ||
tests | ||
.gitignore | ||
.travis.yml | ||
build.rs | ||
Cargo.toml | ||
README.md | ||
redirect.html |
Real Time For the Masses
A concurrency framework for building real time systems.
Tasks as the unit of concurrency 1. Tasks can be event triggered (fired in response to asynchronous stimuli) or spawned by the application on demand.
Message passing between tasks. Specifically, messages can be passed to software tasks at spawn time.
A timer queue 2. Software tasks can be scheduled to run at some time in the future. This feature can be used to implement periodic tasks.
Support for prioritization of tasks and, thus, preemptive multitasking.
Efficient and data race free memory sharing through fine grained priority based critical sections 1.
Deadlock free execution guaranteed at compile time. This is an stronger guarantee than what's provided by the standard
Minimal scheduling overhead. The task scheduler has minimal software footprint; the hardware does the bulk of the scheduling.
Highly efficient memory usage: All the tasks share a single call stack and there's no hard dependency on a dynamic memory allocator.
All Cortex-M devices are supported. The core features of RTFM are supported on all Cortex-M devices. The timer queue is currently only supported on ARMv7-M devices.
This task model is amenable to known WCET (Worst Case Execution Time) analysis and scheduling analysis techniques. (Though we haven't yet developed Rust friendly tooling for that.)
Rust 1.31.0+
Applications must be written using the 2018 edition.
User documentation
API reference
This crate is based on the RTFM language created by the Embedded Systems group at Luleå University of Technology, led by Prof. Per Lindgren.
All source code (including code snippets) is licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
The written prose contained within the book is licensed under the terms of the Creative Commons CC-BY-SA v4.0 license (LICENSE-CC-BY-SA or https://creativecommons.org/licenses/by-sa/4.0/legalcode).
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be licensed as above, without any additional terms or conditions.
Eriksson, J., Häggström, F., Aittamaa, S., Kruglyak, A., & Lindgren, P. (2013, June). Real-time for the masses, step 1: Programming API and static priority SRP kernel primitives. In Industrial Embedded Systems (SIES), 2013 8th IEEE International Symposium on (pp. 110-113). IEEE. ↩︎
Lindgren, P., Fresk, E., Lindner, M., Lindner, A., Pereira, D., & Pinho, L. M. (2016). Abstract timers and their implementation onto the arm cortex-m family of mcus. ACM SIGBED Review, 13(1), 48-53. ↩︎