Skip to content

Fix ISR-safe critical sections and document APIs #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jserv wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix ISR-safe critical sections and document APIs #72

jserv wants to merge 1 commit into from

Conversation

@jserv
Copy link
Contributor

@jserv jserv commented Jan 28, 2026
edited by cubic-dev-ai bot
Loading

The CRITICAL_ENTER/LEAVE macros unconditionally enabled interrupts on leave, which corrupts interrupt state when called from ISR context (where MIE is already 0). Replace with nesting-aware save/restore: CRITICAL_ENTER saves MIE on first entry, CRITICAL_LEAVE restores it on last exit. Add underflow guard to CRITICAL_LEAVE.

This fixes mo_logger_enqueue() to use CRITICAL_ENTER instead of mo_mutex_lock so the [ISR-SAFE] contract is actually honored -- mutex blocks, which deadlocks in ISR context.

It also fixes realloc() missing CRITICAL_ENTER before fast paths that called CRITICAL_LEAVE, and add defensive CRITICAL_LEAVE before panic() in malloc().

ISR Context Safety Guide is added to hal-interrupt.md with function tables, callback patterns, and ISR-to-task communication examples.

Summary by cubic

Make critical sections ISR-safe by saving/restoring interrupt state with nesting. Prevents interrupt-state corruption and ISR deadlocks; updates logger/allocator and adds clear ISR safety guidance.

  • Bug Fixes

    • CRITICAL_ENTER/LEAVE now track nesting and restore the original MIE; added underflow guard.
    • mo_logger_enqueue uses CRITICAL_ENTER (no mutex), making logging safe in ISR context.
    • Fixed realloc/malloc critical-section pairing; added defensive CRITICAL_LEAVE before panic().
    • Added kernel state for nesting and saved MIE to support correct restore behavior.

  • New Features

    • Added ISR-safe UART helpers: isr_puts() and isr_putx() for emergency debug output.
    • Documented ISR safety across APIs with [ISR-SAFE]/[TASK-ONLY] annotations; timer management is ISR-safe and callback rules are explicit.
    • Added an ISR Context Safety Guide with function tables, callback patterns, and ISR-to-task communication examples.
    • Updated examples and comments to show ISR-safe logging from timer callbacks.

Written for commit 7a89b64. Summary will update on new commits.

cubic-dev-ai[bot]

This comment was marked as resolved.

Sign in to view

@jserv
Fix ISR-safe critical sections and document APIs
7a89b64 
The CRITICAL_ENTER/LEAVE macros unconditionally enabled interrupts on
leave, which corrupts interrupt state when called from ISR context
(where MIE is already 0). Replace with nesting-aware save/restore:
CRITICAL_ENTER saves MIE on first entry, CRITICAL_LEAVE restores it on
last exit. Add underflow guard to CRITICAL_LEAVE.

This fixes mo_logger_enqueue() to use CRITICAL_ENTER instead of
mo_mutex_lock so the [ISR-SAFE] contract is actually honored -- mutex
blocks, which deadlocks in ISR context.

It also fixes realloc() missing CRITICAL_ENTER before fast paths that
called CRITICAL_LEAVE, and add defensive CRITICAL_LEAVE before panic()
in malloc().

ISR Context Safety Guide is added to hal-interrupt.md with function
tables, callback patterns, and ISR-to-task communication examples.
@github-actions
Copy link

github-actions bot commented Jan 28, 2026

Linmo CI Test Results

Overall Status: ✅ passed
Timestamp: 2026-01-28T14:26:36+00:00
Commit: d19d2eb

Toolchain Results

Toolchain Build Crash Test Functional
GNU ✅ passed ✅ passed ✅ passed
LLVM ✅ passed ⏭️ skipped ⏭️ skipped

Application Tests

App GNU LLVM
cond ✅ passed ⏭️ skipped
coop ✅ passed ⏭️ skipped
cpubench ✅ passed ⏭️ skipped
echo ✅ passed ⏭️ skipped
hello ✅ passed ⏭️ skipped
mqueues ✅ passed ⏭️ skipped
mutex ✅ passed ⏭️ skipped
pipes ✅ passed ⏭️ skipped
pipes_small ✅ passed ⏭️ skipped
pipes_struct ✅ passed ⏭️ skipped
prodcons ✅ passed ⏭️ skipped
progress ✅ passed ⏭️ skipped
rtsched ✅ passed ⏭️ skipped
semaphore ✅ passed ⏭️ skipped
suspend ✅ passed ⏭️ skipped
test64 ✅ passed ⏭️ skipped
test_libc ✅ passed ⏭️ skipped
timer ✅ passed ⏭️ skipped
timer_kill ✅ passed ⏭️ skipped
umode ⚠️ ⏭️ skipped

Functional Test Details

Test GNU LLVM
mutex:data_consistency ✅ passed ⏭️ skipped
mutex:fairness ✅ passed ⏭️ skipped
mutex:mutual_exclusion ✅ passed ⏭️ skipped
mutex:overall ✅ passed ⏭️ skipped
semaphore:overall ✅ passed ⏭️ skipped
umode:[exception]_illegal_instruction ✅ passed ⚠️
umode:pass:_sys_tid()_returned ✅ passed ⚠️
umode:pass:_sys_uptime()_returned ✅ passed ⚠️

Report generated from test-summary.toml

@sysprog21 sysprog21 deleted a comment from github-actions bot Jan 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@visitorckw visitorckw Awaiting requested review from visitorckw

@HeatCrab HeatCrab Awaiting requested review from HeatCrab

@vicLin8712 vicLin8712 Awaiting requested review from vicLin8712

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jserv