rtic/macros at 7da84639809bc523e1c4432be94386d66580b1b5 - mirror/rtic

mirror of https://github.com/rtic-rs/rtic.git synced 2025-12-19 22:35:19 +01:00

History

Jorge Aparicio 7da8463980 backport: fix ceiling analysis bug This commit fixes a ceiling bug where the ceiling of a ready queue will be incorrectly computed. The analysis was not including the priority of the system timer interrupt (`SysTick`) in the analysis resulting in a priority ceiling lower than what's required for memory safety which led to data races. The bug can be observed in the following program: ``` rust #[rtfm::app(device = /* .. /)] const APP: () = { #[init] fn init() { // .. } #[task(priority = 2)] fn foo(x: i32) { // .. } #[task(priority = 1, spawn = [foo], schedule = [foo])] fn bar() { // .. } extern "C" { fn EXTI0(); fn EXTI1(); } }; ``` Here the framework chooses a priority of `2` for the `SysTick` interrupt (because it matches the priority of the `schedule`-able task `foo`). Both `SysTick` and `bar::Spawn.foo` need to access the ready queue (which, in this case, stores the messages sent to task `foo`) but the framework doesn't account for the priority of `SysTick` (`2`) and chooses a priority ceiling of `1` for the ready queue (because it matches the priority of task `bar` which can spawn `foo`). The result is that `bar::Spawn.foo` modifies the ready queue without* a critical section (because `bar`'s priority matches the priority ceiling of the ready queue) which is wrong because `SysTick` (priority = `3`) can also modify the ready queue.	2019-05-01 20:19:22 +02:00
..
src	backport: fix ceiling analysis bug	2019-05-01 20:19:22 +02:00
Cargo.toml	v0.4.3	2019-04-21 18:20:57 +02:00

Jorge Aparicio 7da8463980 backport: fix ceiling analysis bug

This commit fixes a ceiling bug where the ceiling of a ready queue will be
incorrectly computed. The analysis was not including the priority of the system
timer interrupt (`SysTick`) in the analysis resulting in a priority ceiling
lower than what's required for memory safety which led to data races.

The bug can be observed in the following program:

``` rust
 #[rtfm::app(device = /* .. */)]
const APP: () = {
    #[init]
    fn init() {
        // ..
    }

    #[task(priority = 2)]
    fn foo(x: i32) {
        // ..
    }

    #[task(priority = 1, spawn = [foo], schedule = [foo])]
    fn bar() {
        // ..
    }

    extern "C" {
        fn EXTI0();
        fn EXTI1();
    }
};
```

Here the framework chooses a priority of `2` for the `SysTick` interrupt
(because it matches the priority of the `schedule`-able task `foo`).

Both `SysTick` and `bar::Spawn.foo` need to access the ready queue (which, in
this case, stores the messages sent to task `foo`) but the framework doesn't
account for the priority of `SysTick` (`2`) and chooses a priority ceiling of
`1` for the ready queue (because it matches the priority of task `bar` which can
spawn `foo`).

The result is that `bar::Spawn.foo` modifies the ready queue *without* a
critical section (because `bar`'s priority matches the priority ceiling of the
ready queue) which is wrong because `SysTick` (priority = `3`) can also modify
the ready queue.

2019-05-01 20:19:22 +02:00

src

backport: fix ceiling analysis bug

2019-05-01 20:19:22 +02:00

Cargo.toml

v0.4.3

2019-04-21 18:20:57 +02:00