CMSIS-RTOS2
Version 2.1.3
Real-Time Operating System: API and RTX Reference Implementation
|
The RTX5 C source files use MISRA C:2012 guidelines as underlying coding standard.
For MISRA validation, PC-lint V9.00L is used with configuration for Arm Compiler V6.9. The PC-Lint validation setup is part of the project file .\CMSIS\RTOS2\RTX\Library\ARM\MDK\RTX_CM.uvprojx as shown below. Refer to Setup for PC-Lint for more information.
The PC-Lint configuration uses the following Options under Tools - PC-Lint Setup...:
The C source code is annotated with PC-Lint control comments to allows MISRA deviations. These deviations with the underlaying design decisions are described in the following.
The RTX source code has the following deviations from MISRA:
All source code deviations are clearly marked and in summary these deviations affect the following MISRA rules:
In the following all deviations are described in detail.
Return statements are used at the beginning of several functions to validate parameter values and object states. The function returns immediately without any side-effects and typically an error status is set. This structure keeps the source code better structured and easier to understand.
This design decision implies the following MISRA deviation:
All locations in the source code are marked with:
CMSIS-RTOS is independant of an underlying RTOS implementation. The object idenifiers are therefore defined as void pointers to:
This design decisions imply the following MISRA deviations:
All locations in the source code are marked with:
In the RTX5 implementation the requried pointer conversions are implemented in the header file rtx_lib.h with the following inline functions:
RTX uses a unified object control block structure that contains common object members. The unified control blocks use a fixed layout at the beginning of the sturcture and starts always with an object identifier. This allows common object functions that receive a pointer to a unified object control block and reference only the pointer or the members in the fixed layout. Using common object functions and data (for example the ISR queue) reduces code complexity and keeps the source code better structured. Refer also to [MISRA Note 4]: Conversion from unified object control blocks
This design decisions imply the following MISRA deviations:
All locations in the source code are marked with:
In the RTX5 implementation the requried pointer conversions are implemented in the header file rtx_lib.h with the following inline function:
RTX uses a unified object control block structure that contains common object members. Refer to [MISRA Note 3]: Conversion to unified object control blocks for more information. To process specifc control block data, pointer conversions are required.
This design decisions imply the following MISRA deviations:
All locations in the source code are marked with:
In the RTX5 source code the requried pointer conversions are implemented in the header file rtx_lib.h with the following inline functions:
The RTX5 kernel has common memory management functions that use void pointers. These memory allocation fuctions returns a void pointer which is correctly aligned for object types.
This design decision implies the following MISRA deviations:
All locations in the source code are marked with:
Code example:
CMSIS-RTOS2 and RTX5 support user provided storage for object control blocks, stack, and data storage. The API uses void pointers to define the location of this user provided storage. It is therefore required to cast the void pointer to underlying storage types. Alignment restrictions of user provided storage are checked before accessing memory. Refer also to [MISRA Note 7]: Check for proper pointer alignment.
This design decisions imply the following MISRA deviations:
All locations in the source code are marked with:
Code example:
RTX5 verifies the alignment of user provided storage for object control blocks, stack, and data storage. Refer also to [MISRA Note 6]: Conversion from user provided storage for more information.
This design decision implies the following MISRA deviations:
All locations in the source code are marked with:
Code example:
RTX5 implements memory allocation functions which require pointer arithmetic to manage memory. The structure with the type mem_block_t that is used to menage memory allocation blocks is defined in rtx_memory.c
This design decision implies the following MISRA deviations:
All locations in the source code are marked with:
The required pointer arithmetic is implemented in rtx_memory.c with the following function:
The CMSIS-Core peripheral register blocks are accessed using a structure. The memory address of this structure is specified as unsigned integer number. Pointer conversions are required to access the specific registers.
This design decision implies the following MISRA deviations:
All locations in the source code are marked with:
Code example:
RTX5 is using SVC (Service Calls) to switch between thread mode (for user code execution) and handler mode (for RTOS kernel execution). The SVC function call mechanism is implemented with assembly instructions to construct the code for SVC. The source code uses C macros and are designed as C function-like macros to generate parameter passing for variables depending on macro parameters. An alternative replacement code would be complex. The C macros use multiple '##' operators however it has been verified that the order of evaluation is irrelevant and result of macro expansion is always predictable.
This design decision implies the following MISRA deviations:
The relevant source code is in the file rtx_core_cm.h and is marked with:
The SVC (Service Call) functions are constructed as a mix of C and inline assembly as it is required to access CPU registers for parameter passing. The function parameters are mapped to the CPU registers R0..R3 and SVC function number to CPU register R12 (or R7). For assembly inter-working the function parameters are casted to unsigned int values.
The function return value after SVC call is mapped to the CPU register R0. Return value is casted from unsigned int to the target value.
It has been verified that this method has has no side-effects and is well defined.
This design decision implies the following MISRA deviations:
SVC functions are marked as library modules and not processed by PC-lint. The relevant source code is marked with:
Code example:
PC-lint does not process ASM input/output operand lists and therefore falsely identifies issues:
The RTX5 implementation uses the CPU instructions LDREX and STREX (when supported by the processor) to implement atomic operations. This atomic operations elimite the requirement for interrupt lock-outs. The atomic operations are implemented using inline assembly.
PC-lint cannot process assembler instructions including the input/output operand lists and therefore falsely identifies issues:
It has been verified that atomic operations have no side-effects and are well defined.
The functions that implement atomic instructions are marked as library modules and not processed by PC-lint. The relevant source code is marked with:
The Event Recorder is a generic event logger and the related functions are called to record an event. The function parameters are 32-bit id, 32-bit values, pointer to void (data) and are recorded as 32-bit numbers. The parameters for the Event Recorder may require cast opertions to unsigned int which however has no side-effects and is well defined.
The return value indicates success or failure. There is no need to check the return value since no action is taken when a Event Recorder function fail. The EventID macro (part of external Event Recorder) constructs the ID based on input parameters which are shifted, masked with '&' and combined with '|'. Zero value input parameters are valid and cause zero used with '&' and '|'.
The usage of the Event Recorder implies the following MISRA deviations:
The functions that call the Event Recorder are in the module rtx_evr.c and the related PC-Lint messages are disabled with: