According to MISRA C-2004 Rule 14.7, Every function must have exactly one entry point and one exit point.
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
According to MISRA C-2012 Rule 11.6, a cast shall not be performed between pointer to void and an arithmetic type
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
Release g_irqchainlock before calling irq_detach to avoid holding two locks
simultaneously, which can cause thread deadlock.
The irqchain_detach function was calling irq_detach while holding g_irqchainlock,
and irq_detach attempts to acquire g_irqlock. This lock ordering violation could
lead to deadlock in multithreaded scenarios.
Fix:
- Move spin_unlock_irqrestore(&g_irqchainlock, flags) before irq_detach call
- Ensure locks are released in proper order to prevent circular wait
This is part of the irq_chain_lock feature for safer IRQ chain handling.
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
The identifier regs has been used to represent a type, and cannot be used in here. So change the "regs" to "context"
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
This patch fixes a Coverity issue where static objects that are only referenced
within a single function should be declared in block scope rather than file scope.
This improves code encapsulation and reduces global namespace pollution.
Changes:
- Moved 'g_irqchainpool[]' from file-level static variable to function-level
static variable within irqchain_initialize()
This ensures compliance with MISRA C-2012 Rule 8.9 which states: 'An object
should be declared in block scope if its identifier is only referenced within
one function.' The change improves code clarity, maintainability, and follows
best practices for variable scoping.
Benefits:
- Reduces file-level namespace pollution
- Improves code encapsulation
- Makes the scope of the variable immediately obvious
- Maintains static storage duration for the array
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
This patch fixes a Coverity issue where implicit casting from signed int to
unsigned int could lead to unexpected behavior. The fix replaces the implicit
cast with an explicit unsigned literal suffix to ensure type safety.
Changes:
- In irqchain_attach(): Changed comparison 'sq_count(&g_irqchainfreelist) < 2'
to 'sq_count(&g_irqchainfreelist) < 2u' to use explicit unsigned literal
This ensures compliance with MISRA C-2012 Rule 10.4 which prohibits implicit
conversions between signed and unsigned types. This change prevents potential
integer conversion issues and improves code correctness.
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
An object should be declared in block scope if its identifier is only referenced within one function(MISRA C-2012 Rule 8.9)
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
In irq_attach_thread.c and irq_attach_wqueue.c, there are static functions named irq_default_handler with the same name, which can be easily misunderstood. Therefore, they have been renamed to different functions.
Signed-off-by: pangzhen1 <pangzhen1@xiaomi.com>
The SRN number in TriCore far exceeds the PN number.
Using IRQ as the PN number would result in an overflow.
Therefore, MINIMAL_VECTORTABLE is used to ensure that
the PN number does not overflow.
Signed-off-by: zhangyuan29 <zhangyuan29@xiaomi.com>
Add aligned_data(STACK_ALIGNMENT) attribute to g_irq_work_stack buffer declaration
in irq_attach_wqueue.c. Ensures stack memory is properly aligned to architecture
requirements, preventing unaligned stack addresses that could cause data access
faults or performance degradation on strict alignment architectures.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
Add null-check for ISR handler before invoking in irq_default_handler.
Fix comment documentation and initialize return value to IRQ_WAKE_THREAD.
Ensures safe handler invocation when isr parameter is NULL in threaded IRQ mode.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
`up_check_intstack` exists only when CONFIG_ARCH_INTERRUPTSTACK
is greater than 0, so the irq should first determine whether
CONFIG_ARCH_INTERRUPTSTACK is greater than 0 to determine
whether up_check_intstack can be called.
Signed-off-by: guoshengyuan1 <guoshengyuan1@xiaomi.com>
1. Remove STACKCHECK_SOFTWARE config,
2. Do sp value checking when STACKCHECK_MARGIN == 0,
3. Do margin-based stack check when STACKCHECK_MARGIN > 0,
4. Disable stack check when STACKCHECK_MARGIN == -1
Signed-off-by: Chengdong Wang <wangchengdong@lixiang.com>
After irq_dispatch finished, the interrupt stack will be checked to
determine whether overflow occurs.
The relevant configuration reuses the configuration of stack overflow
detection during context switching.
Signed-off-by: guoshengyuan1 <guoshengyuan1@xiaomi.com>
reason:
1 There is a similar PR, https://github.com/apache/nuttx/pull/14079,
2 Currently, no one is using recursive locks with write_lock_irqsave/read_lock_irqsave.
3 Nested spinlock is harmful, prone to abuse and leading to a decline in code quality and performance
4 Nested spinlock is also not available in Linux.
5 In our future plans, nested usage of enter_critical_section and spin_lock_irqsave will also be removed.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
developers must be careful to hold spinlocks and ensure all
of protected code is under control, so remove support for nested
spinlocks to improve performance.
Signed-off-by: chao an <anchao@lixiang.com>
Some app with same code runs on different cores in AMP mode,
need the physical core on which the function is called.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
Signed-off-by: fangxinyong <fangxinyong@xiaomi.com>
reason:
To remove the "sync pause" and decouple the critical section from the dependency on enabling interrupts,
after that we need to further implement "schedlock + spinlock".
changelist
1 Modify the implementation of critical sections to no longer involve enabling interrupts or handling synchronous pause events.
2 GIC_SMP_CPUCALL attach to pause handler to remove arch interface up_cpu_paused_restore up_cpu_paused_save
3 Completely remove up_cpu_pause, up_cpu_resume, up_cpu_paused, and up_cpu_pausereq
4 change up_cpu_pause_async to up_send_cpu_sgi
Signed-off-by: hujun5 <hujun5@xiaomi.com>
There will be a large performance loss after SCHED_CRITMONITOR is enabled.
By isolating thread running time-related functions, CPU load can be run with less overhead.
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
Signed-off-by: buxiasen <buxiasen@xiaomi.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
reason:
In the SMP, when a context switch occurs, restore_critical_section is executed.
In order to reduce the time taken for context switching,
we inline the restore_critical_section function.
Given that restore_critical_section is small in size
and is called from only one location, inlining it does not increase the size of the image.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
reason:
1 We place interrupt handling functions of the same priority into the work queue corresponding
to that priority, allowing high-priority interrupts to preempt low-priority ones,
thus ensuring the real-time performance of high-priority interrupts.
2 The sole purpose of the interrupt handler is to wake
up the work queue of the corresponding priority and execute the interrupt handling function.
3 Compared to the functionality of isr threads, this
approach saves more memory, particularly when the number of interrupts is large.
Signed-off-by: hujun5 <hujun5@xiaomi.com>
reason:
dynaminc create g_irqmap to reduce the use of data segments
CONFIG_ARCH_NUSER_INTERRUPTS should be one more than the number of IRQs actually used
Signed-off-by: hujun5 <hujun5@xiaomi.com>
purpose:
To improve the real-time performance of the system, we prefer to perform
as few operations as possible within the interrupt function.
We have designed an interrupt thread for each interrupt,
where all the operations that are not necessary to be handled
in the interrupt function are delegated to be processed by the interrupt thread.
Up_enable_irq will be invoked after isrthread started.
Configuring NuttX and compile:
$ ./tools/configure.sh -l qemu-armv8a:nsh_smp
$ make
Running with qemu
$ qemu-system-aarch64 -cpu cortex-a53 -smp 4 -nographic \
-machine virt,virtualization=on,gic-version=3 \
-net none -chardev stdio,id=con,mux=on -serial chardev:con \
-mon chardev=con,mode=readline -kernel ./nuttx
Signed-off-by: hujun5 <hujun5@xiaomi.com>
Regression by:
| commit 2ee8aa6f2b
| Author: hujun5 <hujun5@xiaomi.com>
| Date: Thu Jan 11 11:27:31 2024 +0800
|
| sched: we use spin_lock_irqsave replace enter_critical_section to protect g_irqvector
|
| enter_critical_section may be called before os initialized
|
| Signed-off-by: hujun5 <hujun5@xiaomi.com>
Signed-off-by: chao an <anchao@lixiang.com>
because 'g_cpu_nestcount[me] > 0' will never happen, in this place
test:
We can use qemu for testing.
compiling
make distclean -j20; ./tools/configure.sh -l qemu-armv8a:nsh_smp ;make -j20
running
qemu-system-aarch64 -cpu cortex-a53 -smp 4 -nographic -machine virt,virtualization=on,gic-version=3 -net none -chardev stdio,id=con,mux=on -serial chardev:con -mon chardev=con,mode=readline -kernel ./nuttx
Signed-off-by: hujun5 <hujun5@xiaomi.com>
this_task() is a function call that involves disabling interrupts and this_cpu().
Since restore_critical_section is always called in an interrupt-disabled context,
there's no need to disable interrupts again. Therefore, to save time and achieve
the same effect, I directly call tcb = current_task(me) instead of tcb = this_task().
Signed-off-by: hujun5 <hujun5@xiaomi.com>
liwenxiang1
wangzhi16
pangzhen1
zhangyuan29
hujun5
guoshengyuan1
wangchengdong
wangmingrong1
Lars Kruse
Ville Juven
chao an
chenrun1
ligd
yinshengkai
Alin Jerpelea