fromISR function assumptions and Cortex-M3

c77er wrote on Wednesday, March 03, 2010:

For the fromISR functions, is it assumed that the code in them is not be interrupted? For some other architectures it’s a safe assumption since interrupts are automatically disabled upon entry of ISR and enabled upon exit.

However, for Cortex-M3, it’s not true right? So wouldn’t critical sections be a necessity here?

My explanation probably would be that the task swapping only happens in PendSV handlers, which won’t be triggered until all interrupts are clear, so no critical sections are necessary? Does this explanation make sense?

Even with this explanation I’m still puzzled - well, even without task swapping, if no critical sections are used, there is still a possibility that the xxxFromISR function could still be interrupted, and the higher priority interrupt can still mess with data structures such as ready list, event list, etc. which makes this code unsafe.

Thanks in advance!

rtel wrote on Thursday, March 04, 2010:

The FromISR functions do have critical sections where necessary.  This is especially important for the interrupt nesting.  Inside the functions you will see macros something like portSET_INTERRUPT_PRIORITY_FROM_ISR and portCLEAR_INTERRUPT_PRIORITY_FROM_ISR.  The implementation of these macros is different to that for the standard critical section macros.