For the fromISR functions, is it assumed that the code in them is not be interrupted? For some other architectures it’s a safe assumption since interrupts are automatically disabled upon entry of ISR and enabled upon exit.
However, for Cortex-M3, it’s not true right? So wouldn’t critical sections be a necessity here?
My explanation probably would be that the task swapping only happens in PendSV handlers, which won’t be triggered until all interrupts are clear, so no critical sections are necessary? Does this explanation make sense?
Even with this explanation I’m still puzzled - well, even without task swapping, if no critical sections are used, there is still a possibility that the xxxFromISR function could still be interrupted, and the higher priority interrupt can still mess with data structures such as ready list, event list, etc. which makes this code unsafe.
Thanks in advance!