Stop timer, delete timer and free resource

Viatorus · December 22, 2020, 8:37am

Hello,

is it save to do the following:

StaticTimer_t *buffer = ...; // Heap allocated. Short lifetime. Could also be on the task stack.

xTimerCreateStatic(..., buffer);
xTimerStart(buffer, 100);
// Do stuff.
// ...
// Timer not needed anymore.
xTimerStop(buffer, 100);
xTimerDelete(buffer, 100);
delete buffer;

Is it guaranteed, that all timer commands are processed before deleting the buffer?

The StaticTimer_t contains an intrusive linked list:

github.com

FreeRTOS/FreeRTOS-Kernel/blob/8e99e2d38bf903f52004f2e087db84a3b7d9ba45/timers.c#L75



/* Bit definitions used in the ucStatus member of a timer structure. */
    #define tmrSTATUS_IS_ACTIVE                  ( ( uint8_t ) 0x01 )
    #define tmrSTATUS_IS_STATICALLY_ALLOCATED    ( ( uint8_t ) 0x02 )
    #define tmrSTATUS_IS_AUTORELOAD              ( ( uint8_t ) 0x04 )

/* The definition of the timers themselves. */
    typedef struct tmrTimerControl                  /* The old naming convention is used to prevent breaking kernel aware debuggers. */
    {
        const char * pcTimerName;                   /*<< Text name.  This is not used by the kernel, it is included simply to make debugging easier. */ /*lint !e971 Unqualified char types are allowed for strings and single characters only. */
        ListItem_t xTimerListItem;                  /*<< Standard linked list item as used by all kernel features for event management. */
        TickType_t xTimerPeriodInTicks;             /*<< How quickly and often the timer expires. */
        void * pvTimerID;                           /*<< An ID to identify the timer.  This allows the timer to be identified when the same callback is used for multiple timers. */
        TimerCallbackFunction_t pxCallbackFunction; /*<< The function that will be called when the timer expires. */
        #if ( configUSE_TRACE_FACILITY == 1 )
            UBaseType_t uxTimerNumber;              /*<< An ID assigned by trace tools such as FreeRTOS+Trace */
        #endif
        uint8_t ucStatus;                           /*<< Holds bits to say if the timer was statically allocated or not, and if it is active or not. */
    } xTIMER;

/* The old xTIMER name is maintained above then typedefed to the new Timer_t

If the StaticTimer_t buffer is deallocated, freeRTOS cannot access the memory any longer. How is this ensured since all timer functions are pushed to a queue and not processed immediately?

Thank you in advanced!

richard-damon · December 22, 2020, 1:36pm

When those items are pushed onto the queue, the Timer task will wake up and remove and process those items. If the timer task has a higher priority then your current task (which is normal but not required) then I think they will get done before your task runs. This also assumes that no timer callback (or pended function) blocks for any reason (which they are not supposed to do).

I would first say, why are you creating your own ‘static’ buffer dynamically, instead of using the plain dynamic creation function, which wouldn’t have this issue.

Viatorus · December 23, 2020, 7:18am

Thank you. A coworker of me ran into endless hangs/hard fault because of this.

I will try to reproduce this issue by my own (next year).

We are using C++ so a timer is wrapped in a class object. Following RAII, the constructor creates the timer and the destructor stops and delete the timer. Because we disabled heap allocation in freeRTOS, we use the static timer. Mutex, semaphore, queue, task etc. are all construct/destruct in the same fashion.

E.g. we use a timer to retry operations for a given time, until we break.
E.g. trying to get an acknowledgement from an I2C device. The timer only live in the function scope of i2c::get_acknowledge(time to wait).

richard-damon · December 23, 2020, 12:05pm

As long as the Timer Task is higher priority than any task that does this, and no timer callbacks block, that should work. The non-blocking is important and easy to miss.

Personally, I might make the timer be a member of the i2c object created in the constructor of the i2c driver and destroyed when the destructor of the driver is called (likely never).

Viatorus · December 23, 2020, 12:17pm

Thank you. I will look into this.

Your suggestion is correct. My coworker already applied these changes to our code base.

Viatorus · January 27, 2021, 3:03pm

I debugged through the timer.c code and exactly what you wrote in your first post happend.

So after investigating further, we found the issue: they used blocking methods inside the timer task… ouch.

Thanks for your help.