hardware_timer: fix race condition whem a new timer being added becomes missed thus obviating the need for an IRQ but there is an IRQ already pending for another timer (#243)

This commit is contained in:
Graham Sanderson 2021-03-10 12:04:04 -06:00 committed by GitHub
parent c4e35d914d
commit d36b1ca8ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 49 additions and 10 deletions

View File

@ -166,8 +166,9 @@ bool hardware_alarm_set_target(uint alarm_num, absolute_time_t target) {
// 1) actually set the hardware timer // 1) actually set the hardware timer
spin_lock_t *lock = spin_lock_instance(PICO_SPINLOCK_ID_TIMER); spin_lock_t *lock = spin_lock_instance(PICO_SPINLOCK_ID_TIMER);
uint32_t save = spin_lock_blocking(lock); uint32_t save = spin_lock_blocking(lock);
timer_hw->intr = 1u << alarm_num; uint8_t old_timer_callbacks_pending = timer_callbacks_pending;
timer_callbacks_pending |= (uint8_t)(1u << alarm_num); timer_callbacks_pending |= (uint8_t)(1u << alarm_num);
timer_hw->intr = 1u << alarm_num; // clear any IRQ
timer_hw->alarm[alarm_num] = (uint32_t) t; timer_hw->alarm[alarm_num] = (uint32_t) t;
// Set the alarm. Writing time should arm it // Set the alarm. Writing time should arm it
target_hi[alarm_num] = (uint32_t)(t >> 32u); target_hi[alarm_num] = (uint32_t)(t >> 32u);
@ -178,18 +179,26 @@ bool hardware_alarm_set_target(uint alarm_num, absolute_time_t target) {
assert(timer_hw->ints & 1u << alarm_num); assert(timer_hw->ints & 1u << alarm_num);
} else { } else {
if (time_us_64() >= t) { if (time_us_64() >= t) {
// ok well it is time now; the irq isn't being handled yet because of the spin lock // we are already at or past the right time; there is no point in us racing against the IRQ
// however the other core might be in the IRQ handler itself about to do a callback // we are about to generate. note however that, if there was already a timer pending before,
// we do the firing ourselves (and indicate to the IRQ handler if any that it shouldn't // then we still let the IRQ fire, as whatever it was, is not handled by our setting missed=true here
missed = true; missed = true;
if (timer_callbacks_pending != old_timer_callbacks_pending) {
// disarm the timer // disarm the timer
timer_hw->armed = 1u << alarm_num; timer_hw->armed = 1u << alarm_num;
timer_hw->intr = 1u << alarm_num; // clear the IRQ too // clear the IRQ...
// and set flag in case we're already in the IRQ handler waiting on the spinlock (on the other core) timer_hw->intr = 1u << alarm_num;
timer_callbacks_pending &= (uint8_t)~(1u << alarm_num); // ... including anything pending on the processor - perhaps unnecessary, but
// our timer flag says we aren't expecting anything.
irq_clear(harware_alarm_irq_number(alarm_num));
// and clear our flag so that if the IRQ handler is already active (because it is on
// the other core) it will also skip doing anything
timer_callbacks_pending = old_timer_callbacks_pending;
}
} }
} }
spin_unlock(lock, save); spin_unlock(lock, save);
// note at this point any pending timer IRQ can likely run
} }
return missed; return missed;
} }

View File

@ -64,12 +64,13 @@ static bool repeating_timer_callback(struct repeating_timer *t) {
#define RESOLUTION_ALLOWANCE PICO_HARDWARE_TIMER_RESOLUTION_US #define RESOLUTION_ALLOWANCE PICO_HARDWARE_TIMER_RESOLUTION_US
#endif #endif
int issue_195_test(void);
int main() { int main() {
setup_default_uart(); setup_default_uart();
alarm_pool_init_default(); alarm_pool_init_default();
PICOTEST_START(); PICOTEST_START();
struct alarm_pool *pools[NUM_TIMERS]; struct alarm_pool *pools[NUM_TIMERS];
for(uint i=0; i<NUM_TIMERS; i++) { for(uint i=0; i<NUM_TIMERS; i++) {
if (i == alarm_pool_hardware_alarm_num(alarm_pool_get_default())) { if (i == alarm_pool_hardware_alarm_num(alarm_pool_get_default())) {
@ -215,6 +216,35 @@ int main() {
PICOTEST_CHECK(absolute_time_diff_us(near_the_end_of_time, at_the_end_of_time) > 0, "near the end of time should be before the end of time") PICOTEST_CHECK(absolute_time_diff_us(near_the_end_of_time, at_the_end_of_time) > 0, "near the end of time should be before the end of time")
PICOTEST_END_SECTION(); PICOTEST_END_SECTION();
if (issue_195_test()) {
return -1;
}
PICOTEST_END_TEST(); PICOTEST_END_TEST();
} }
#define ISSUE_195_TIMER_DELAY 50
volatile int issue_195_counter;
int64_t issue_195_callback(alarm_id_t id, void *user_data) {
issue_195_counter++;
return -ISSUE_195_TIMER_DELAY;
}
int issue_195_test(void) {
PICOTEST_START_SECTION("Issue #195 race condition - without fix may hang on gcc 10.2.1 release builds");
absolute_time_t t1 = get_absolute_time();
int id = add_alarm_in_us(ISSUE_195_TIMER_DELAY, issue_195_callback, NULL, true);
for(uint i=0;i<5000;i++) {
sleep_us(100);
sleep_us(100);
uint delay = 9; // 9 seems to be the magic number (at least for reproducing on 10.2.1)
sleep_us(delay);
}
absolute_time_t t2 = get_absolute_time();
cancel_alarm(id);
int expected_count = absolute_time_diff_us(t1, t2) / ISSUE_195_TIMER_DELAY;
printf("Timer fires approx_expected=%d actual=%d\n", expected_count, issue_195_counter);
PICOTEST_END_SECTION();
return 0;
}