Forums

Disabling interrupts to protect data

Started by KIRAN October 26, 2009
Hi Guys,

I am working on some RTOS, in which I see lot of interrupts "enabling"
and "disabling" code in most of the RTOS API's to protect kernel data.
For example, Semaphore API's, Message Queue APIs, Runtime memory
management API's. Is enabling / disabling interrupts only to protect
the kernel data? Why  I am asking this is whenever interrupts are
disabled, I am scared of losing timer interrupts. Any input is
appreciated?


Regards,
Kiran
KIRAN wrote:

> I am working on some RTOS, in which I see lot of interrupts "enabling" > and "disabling" code in most of the RTOS API's to protect kernel data. > For example, Semaphore API's, Message Queue APIs, Runtime memory > management API's. Is enabling / disabling interrupts only to protect > the kernel data? Why I am asking this is whenever interrupts are > disabled, I am scared of losing timer interrupts. Any input is > appreciated?
A common approach to providing an atomic operation. Some CPUs don't need this. If it is done correctly, the critical region will be very small (temporally). You shouldn't *lose* a timer interrupt (nor any other) as the hardware should latch the interrupt and you will respond to it as soon as the critical region passes. (a few instructions?) If the critical region is much longer than this, the OS implementation is sloppy.
On Mon, 26 Oct 2009 10:34:33 -0700, D Yuniskis wrote:

> KIRAN wrote: > >> I am working on some RTOS, in which I see lot of interrupts "enabling" >> and "disabling" code in most of the RTOS API's to protect kernel data. >> For example, Semaphore API's, Message Queue APIs, Runtime memory >> management API's. Is enabling / disabling interrupts only to protect >> the kernel data? Why I am asking this is whenever interrupts are >> disabled, I am scared of losing timer interrupts. Any input is >> appreciated? > > A common approach to providing an atomic operation. Some CPUs don't need > this. > > If it is done correctly, the critical region will be very small > (temporally). You shouldn't *lose* a timer interrupt (nor any other) as > the hardware should latch the interrupt and you will respond to it as > soon as the critical region passes. (a few instructions?) > > If the critical region is much longer than this, the OS implementation > is sloppy.
... or your timer period is too short for that RTOS/processor combination. One man's meat... -- www.wescottdesign.com
On Mon, 26 Oct 2009 10:11:45 -0700, KIRAN wrote:

> Hi Guys, > > I am working on some RTOS, in which I see lot of interrupts "enabling" > and "disabling" code in most of the RTOS API's to protect kernel data. > For example, Semaphore API's, Message Queue APIs, Runtime memory > management API's. Is enabling / disabling interrupts only to protect the > kernel data? Why I am asking this is whenever interrupts are disabled, > I am scared of losing timer interrupts. Any input is appreciated?
It's par for the course, and pretty much necessary on most processors. Interrupt controllers don't forget that they've been interrupted -- so if the timer pops off in the middle of a critical block the interrupt will get latched, and vectored to as soon as the OS exits the critical code. You'll only have a problem if you get _two_ timer interrupts in the space of one critical block. If this happens then you're pushing that particular RTOS/processor combination too hard, and you need to re-think some architectural decisions. -- www.wescottdesign.com

D Yuniskis wrote:
> KIRAN wrote: > >> I am working on some RTOS, in which I see lot of interrupts "enabling" >> and "disabling" code in most of the RTOS API's to protect kernel data.
> A common approach to providing an atomic operation. > Some CPUs don't need this.
Some OSes claim that they never disable interrupts, however from what I have seen it was all very impractical. Once you have more or less sophisticated structure of threads and interrupts, you've got to have critical parts with the interrupts disabled. Vladimir Vassilevsky DSP and Mixed Signal Design Consultant http://www.abvolt.com
> Some OSes claim that they never disable interrupts, however from what I > have seen it was all very impractical.
I have seen this claim too - but when you look closely you find it is achieved by having the kernel itself execute with the absolute highest interrupt priority - so the effect on lower priority interrupts is exactly as if interrupts had been disabled. So while the claim is not incorrect, it is somewhat deliberately misleading. People who are that good at marketing should not be engineers. [disclaimer - I don't know this to be the case for all systems that make this claim, just the ones I know about] -- Regards, Richard. + http://www.FreeRTOS.org Designed for Microcontrollers. More than 7000 downloads per month.
Vladimir Vassilevsky wrote:
> > > D Yuniskis wrote: >> KIRAN wrote: >> >>> I am working on some RTOS, in which I see lot of interrupts "enabling" >>> and "disabling" code in most of the RTOS API's to protect kernel data. > >> A common approach to providing an atomic operation. >> Some CPUs don't need this. > > Some OSes claim that they never disable interrupts, however from what I > have seen it was all very impractical. Once you have more or less > sophisticated structure of threads and interrupts, you've got to have > critical parts with the interrupts disabled.
You only need to disable interrupts if an interrupt context can access those "shared objects" *without* observing whatever other "mutex" mechanism you are using. It *can* be done. But, it is a lot trickier than just a tiny little critical region. E.g., if the jiffy comes along (perhaps the most notable active element that *would* be interrupt spawned and asynchronously compete for access to those strctures), it has to notice that a critical region has been entered (by whatever it has interrupted!) and then "schedule" a defered activation. So, the jiffy terminates as expected. The interrupted routine (probably an OS action) finishes up what it was working on, then, examines a flag to see if it can "simply return" or if it has to process some deferred "activity" (i.e. those things that the jiffy *would* have done had it been fortunate enough to come along "outside" that critical region.
Tim Wescott wrote:
> On Mon, 26 Oct 2009 10:34:33 -0700, D Yuniskis wrote: > >> KIRAN wrote: >> >>> I am working on some RTOS, in which I see lot of interrupts "enabling" >>> and "disabling" code in most of the RTOS API's to protect kernel data. >>> For example, Semaphore API's, Message Queue APIs, Runtime memory >>> management API's. Is enabling / disabling interrupts only to protect >>> the kernel data? Why I am asking this is whenever interrupts are >>> disabled, I am scared of losing timer interrupts. Any input is >>> appreciated? >> A common approach to providing an atomic operation. Some CPUs don't need >> this. >> >> If it is done correctly, the critical region will be very small >> (temporally). You shouldn't *lose* a timer interrupt (nor any other) as >> the hardware should latch the interrupt and you will respond to it as >> soon as the critical region passes. (a few instructions?) >> >> If the critical region is much longer than this, the OS implementation >> is sloppy. > > .... or your timer period is too short for that RTOS/processor combination.
I look at it as the RTOS not having been designed "lean enough" (to keep with the meat analogy :> )
> One man's meat...
D Yuniskis wrote:
> and then "schedule" a defered activation. So, the jiffy > terminates as expected. The interrupted routine (probably > an OS action) finishes up what it was working on, then, > examines a flag to see if it can "simply return" or if it has > to process some deferred "activity"
...and how are you protecting access to the flag - or are you assuming the hardware supports atomic read-modify-writes on variables - or that the hardware supports atomic semaphore type operations? -- Regards, Richard. + http://www.FreeRTOS.org Designed for Microcontrollers. More than 7000 downloads per month.
FreeRTOS info wrote:
> D Yuniskis wrote: >> and then "schedule" a defered activation. So, the jiffy >> terminates as expected. The interrupted routine (probably >> an OS action) finishes up what it was working on, then, >> examines a flag to see if it can "simply return" or if it has >> to process some deferred "activity" > > ....and how are you protecting access to the flag - or are you assuming > the hardware supports atomic read-modify-writes on variables - or that > the hardware supports atomic semaphore type operations?
Assuming you don't have a second processor... ever hear of a "Test and Set" instruction?