drivers: timer : cortex_m_systick MAX_TICKS protection #83450
Conversation
|
test on mimxrt1170_evk without default sys_tick settings |
hakehuang
force-pushed
the
sys_tick_max_count_protection
branch
from
034f78b to
ceacafd
Compare
drivers/timer/cortex_m_systick.c
Outdated
| #define MAX_TICKS ((k_ticks_t)(COUNTER_MAX / CYC_PER_TICK) - 1) | ||
| /* add MAX_TICKS protection */ | ||
| #define _COUNTER_MAX ((COUNTER_MAX > (2 * CYC_PER_TICK)) ? COUNTER_MAX : (2 * CYC_PER_TICK)) | ||
| #define MAX_TICKS ((k_ticks_t)(_COUNTER_MAX / CYC_PER_TICK) - 1) |
There was a problem hiding this comment.
This seems clumsy. Can't you add a BUILD_ASSERT() in 64 bit precision instead?
There was a problem hiding this comment.
build_assert only assert during building, it does not resolve the problem, so if we want to CONFIG_SYS_CLOCK_TICKS_PER_SEC to be 100 and still running in that high frequency(960M). let me try to find a better way to implement this.
|
@hakehuang here's an old attempt at this that may be a useful reference: 5cbf8d8 #66601 |
I guess the pr attempts to assert the setting in return we still need to increate the CONFIG_SYS_CLOCK_TICKS_PER_SEC to avoid this issue, and my attempt to still use the high frequency, but less tick, by downgrading the accuracy to its up-limits |
hakehuang
force-pushed
the
sys_tick_max_count_protection
branch
2 times, most recently
from
7622a6b to
282f2b2
Compare
There was a problem hiding this comment.
Driving back by. Seems like the real bug here is that "- 1" subexpression that's rolling over when the quotient is zero. Why is that there? It's not mathematically correct. Is it to handle latency slop in the reset code maybe?
Nonetheless if you want the expression to be safe, it's IMHO more clearly expressed as something like this, which clamps the quotient before the subtraction to guarantee no rollover:
#define MAX_TICKS CLAMP(COUNTER_MAX / CYC_PER_TICK, 1, COUNTER_MAX) - 1But your version seems fine too. I'm just concerned about that term and where it came from.
|
Heh, it was my doing, back in 2018 during the timer rewrites: see commit c535300 I think it's just been carried along voodoo-style ever since. It's harmless (except for the possibility of rollover at high clock rates), but I really don't think it's needed. Might be worth spinning a version that simply removes that subtraction and check that nothing breaks. Basically I think the root cause here is a bug I wrote six years ago. :) |
|
Also, just to be clear, the configuration being managed here is pathological: the clock rates is so high and the tick rate so low that it's not possible to deliver interrupts that slowly from the paltry 24 bit SysTick counter. Such a configuration basically has no control over timer interrupt frequency and would be much better served with a regular tick interrupt (which is what it's getting anyway) that avoids all the runtime complexity. |
@andyross will you propose a consolidate solution? my fix is to use the maximum of the 24bit counter if the original setting exceed. I can close my PR, if so. Thanks for checking. |
There was a problem hiding this comment.
To be clear: I don't think there's anything wrong with this fix. It's just that (1) it's working around a rollover condition that shouldn't have been there to begin with, just to (2) handle a pathological case where "the timer can't even count as high as one tick".
I don't know the Right solution there, but I guess in my head it would look nicer as a BUILD_ASSERT() that produces a "Tickless does nothing here, use a ticked kernel" error or something.
hakehuang
force-pushed
the
sys_tick_max_count_protection
branch
from
282f2b2 to
e8f2e76
Compare
I add a message to show this, as warning will break CI. |
|
@andyross please help to review again, thanks. |
|
@teburd please help to check thanks |
|
@teburd please help to review |
|
@hakehuang - FYI #84051 (comment) |
does this pr fix your issue? |
|
@teburd can you help to review this? thanks |
together with #84050 they resolve both overflows and timing instability like these: |
oh, that's a different issue, the max_tick can not be zero which is this PR to resolve |
hakehuang
requested review from
golowanow and
teburd
and removed request for
teburd
|
@golowanow can you help to review and kindly approve this? @teburd seems not interest this area anymore |
when CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC set to 960M and CONFIG_SYS_CLOCK_TICKS_PER_SEC set to 100 the MAX_TICKS will be zero or even negative value, which is not expected. so need add a protection here downgrading the accuracy to its as high as possible also add build message to show that tickless has no effect fixes: zephyrproject-rtos#36766 there used to be a workaround, not a fix, either change the CONFIG_SYS_CLOCK_TICKS_PER_SEC=200 or CONFIG_PM to set the CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC to 32678 Signed-off-by: Hake Huang <hake.huang@oss.nxp.com>
hakehuang
force-pushed
the
sys_tick_max_count_protection
branch
from
e8f2e76 to
ee3a23f
Compare
|
@andyross , @golowanow please help to review and kindly approve. Thanks |
|
@andyross can you help to review again. just a small change on 32 bit compatible. Thanks |
|
@andyross please help to review |
hakehuang
requested review from
mmahadevan108,
dleach02,
decsny and
EmilioCBen
|
@andyross please help to check, no big change as last time. Thanks a lot. |
when CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC set to 960M and CONFIG_SYS_CLOCK_TICKS_PER_SEC set to 100
the MAX_TICKS will be zero or even a negative value, which is not expected, at this time the COUNTER_MAX is
so need add a protection here
fixes: #36766
there used to be a workaround, not a fix,
either change the CONFIG_SYS_CLOCK_TICKS_PER_SEC=200 or
CONFIG_PM to set the CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC to 32678