richard_damon wrote on Tuesday, November 21, 2017:
One quick comment, it is very rare to NOT be able to change the software, manyy because you don’t have it, in which case you can’t make the simple change either. It can be impractical, but it is rarely impossible. The other case is that yyou have been geven the task with instructions not to make any big changes, at which point the response sometimes is to go to those giving the instructions and present the options and show why it is needed.
You have a program that as written has a corruption bug, and their are several ways to fix it, which also have the possibility to introduce other, maybe harder to find, problems. Using taskENTER/EXIT_CRITICAL has the issue that it will delay all interrupts for your tens of microseconds. One design issue is to see it this might cause issues with any other device. If there is a device that this might cause an issue with, it very likely will be something very intermintant and hard to figure out.
It is also possible that the suspend/resume option (which would be less invasive) may not be good enough, if there is an interrupt that takes long enough to process that it delays this operation enough to cause the issue. It takes looking at the whole system to be sure.
This sort of operation, the need to write a packet of data, where the data must go out as an uninterrupted whole, is one of the critical timing situations that requires careful design to avoid problems. The ideal solution is a DMA transfer, but depending on the processor and other design decisions, that might not be available (if it is, then if you can add the critical section, you probalby have enough access to implement this, it is more work, but isn’t correct operation worth it). The next best solution is making it interrupt driven with a high priority interrupt.
Ultimately, someone NEEDS to look at the system as a whole to see what is really needed. Doing a quick solution has just too much chance of introducing another hard to find intermitant bug. If due to management issue, that is really needed, do it but make sure that the possible issue is doecumented so if(when) the intermintant shows up, it can be quicker to solve.