contiki-ng: It is not safe to call process_post in an interrupt handler
I’m not sure if this is expected or not, but it is not safe to call process_post in an interrupt handler. This is because it may cause inconsistency in the event queue (in sys/process.c).
The consumer of the event queue is do_event function (run in normal context), and the producer is process_post function. Because operation on fevent and nevents are not atomic in do_event, in an interrupt handler process_post may manipulate the event queue while it’s in an inconsistent state. This may cause losing a posted event or dispatching an event that was already dispatched before.
I don’t think so many modules call process_post in an interrupt context, but at least the tsch module does (in tsch_disassociate, which may be called in tsch_slot_operation thread) (although that is relatively a rare case).
I think we should either
- make the event queue thread-safe, probably by using
ringbufindex. - or, add warning to the document of
process_post, and fix existing calls toprocess_postin interrupt contexts. For the tsch case above, we can useprocess_pollinstead.
About this issue
- Original URL
- State: open
- Created 6 years ago
- Reactions: 3
- Comments: 16 (16 by maintainers)
This is documented in the contiki-os process documentation: https://github.com/contiki-os/contiki/wiki/Processes#Polling where it is explicitely stated that the process_poll function is the only one from the process module that can be called from an interrupt service routine. Sorry if I’m a little off-topic here but maybe some of the documentation from Contiki-OS and Protothread could be added to the contiki-ng documentation. When I started using contiki-ng, coming from RTOS habits I was really happy for adam dunkels web site: http://dunkels.com/adam/pt/.
I’m more than happy to take on the task if someone thinks it’s a good idea.