Why not put task context in interrupt
Question
Here is the story.
Its a safety critical project and needs to run a time critical functional routine in 20KHz. Now the design is to put functional routine in a 20KHz FIQ interrupt, meanwhile safety interrupt also in FIQ. Thats the only two FIQ in system. (Surely there are couples of IRQ enabled in the MCU)
I know that its not good to put task context in interrupt ISR, the proper way of doing this to set mark and run in OS task. But seems current design harm nobody.
The routine takes about 10us (main clock 300MHz), so basically it will not blocks IRQ/FIQ for unacceptable time. It even save time for extra context switch compare with using OS task to run the functional routine. To me, currently it feels like the design is against every principle written on text book in university but can not find a reason to say no to it.
How could I convince myself to move functional routine from ISR to OS? Should I?
3 answers
solution1
3 ACCPTED 2017-11-11 21:33:31
Let's recollect your situation:
- you are coding a safety critical system
- the software architecture isn't specified otherwise you wouldn't ask the question at hand
- the system requirements weren't processed correctly otherwise 2) wouldn't be in question
- someone told you to "use minimum interrupt if possible in safety critical system"
- you want to use the highest priority & non-interruptible code for "just some math work"
Sorry for being a bit harsh but I wouldn't want to use/be in your safety critical system.
For your actual problem: you have to make sure two things
- the code in the FIQ must be deterministic and WCET tested
- the registers of the timer must be protected and supervised. Why? An unwanted/erroneous manipulation of the timers registers by a lower safety level code can congest the CPU so much that effectively nothing else but the interrupt is processed.
All this under the assumption that your safe state depends entirely on an external hardware watchdog.
PS: Which are the hazards for users of your system? Annoyance? Injury? Lethal? Are you in a SIL or ASIL context?
solution2
0 2017-11-10 06:53:15
The reason to move complex code away from ISR is precisely to avoid lengthy processing in the ISR and thus timing jitter and delayed interrupt servicing resulting from it.
You are stating the your processing is not lengthy so do it in the ISR! Otherwise you are just adding bloat.
solution3
0 2017-11-10 09:25:20
中断之间20Khz = 50us,处理时间为10us,只为此“任务”提供大约20%的CPU时间,在CPU中运行的任何其他例程中抖动为10us,处理时间也为10us对于每个40us,任何其他任务都将消耗,如果你的项目可以,并且你的总CPU处理时间低于70%(这是关键系统可接受的常见最大值),恕我直言它应该没有任何问题。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.