Sempahores: Add logic to clean up after task_delete() or pthread_cancel() if the task happens to be waiting on a semaphore when it is cancelled

7 files changed, 304 insertions, 22 deletions

diff --git a/nuttx/sched/semaphore/Make.defs b/nuttx/sched/semaphore/Make.defs
index 97f7660ec..5349d58b4 100644
--- a/nuttx/sched/semaphore/Make.defs
+++ b/nuttx/sched/semaphore/Make.defs
@@ -34,7 +34,7 @@
 ############################################################################
 
 CSRCS += sem_destroy.c sem_wait.c sem_trywait.c sem_timedwait.c
-CSRCS += sem_post.c
+CSRCS += sem_post.c sem_recover.c
 
 ifneq ($(CONFIG_DISABLE_SIGNALS),y)
 CSRCS += sem_waitirq.c
diff --git a/nuttx/sched/semaphore/sem_recover.c b/nuttx/sched/semaphore/sem_recover.c
new file mode 100644
index 000000000..fd40e6b7d
--- /dev/null
+++ b/nuttx/sched/semaphore/sem_recover.c
@@ -0,0 +1,148 @@
+/****************************************************************************
+ * sched/semaphore/sem_recover.c
+ *
+ *   Copyright (C) 2014 Gregory Nutt. All rights reserved.
+ *   Author: Gregory Nutt <gnutt@nuttx.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+
+#include <nuttx/arch.h>
+#include <nuttx/sched.h>
+
+#include "semaphore/semaphore.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Private Type Declarations
+ ****************************************************************************/
+
+/****************************************************************************
+ * Global Variables
+ ****************************************************************************/
+
+/****************************************************************************
+ * Private Variables
+ ****************************************************************************/
+
+/****************************************************************************
+ * Private Function Prototypes
+ ****************************************************************************/
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: sem_recover
+ *
+ * Description:
+ *   This function is called from task_recover() when a task is deleted via
+ *   task_delete() or via pthread_cancel().  It current only checks on the
+ *   case where a task is waiting for semaphore at the time that is was
+ *   killed.
+ *
+ *   REVISIT:  A more complete implementation would release counts on all
+ *   semaphores held by the thread.  That would, however, require some
+ *   significant extension to the semaphore data structures because given
+ *   only the task, there is not mechanism to traverse all of the semaphores
+ *   with counts held by the task.
+ *
+ * Inputs:
+ *   tcb - The TCB of the terminated task or thread
+ *
+ * Return Value:
+ *   None.
+ *
+ * Assumptions:
+ *   This function is called from task deletion logic in a safe context.
+ *
+ ****************************************************************************/
+
+void sem_recover(FAR struct tcb_s *tcb)
+{
+  irqstate_t flags;
+
+  /* The task is being deleted.  If it is waiting for a semphore, then
+   * increment the count on the semaphores.  This logic is almost identical
+   * to what you see in sem_waitirq() except that no attempt is made to
+   * restart the exiting task.
+   *
+   * NOTE:  In the case that the task is waiting we can assume: (1) That the
+   * task state is TSTATE_WAIT_SEM and (2) that the 'waitsem' in the TCB is
+   * non-null.  If we get here via pthread_cancel() or via task_delete(),
+   * then the task state should be preserved; it will be altered in other
+   * cases but in those cases waitsem should be NULL anyway (but we do not
+   * enforce that here).
+   */
+
+  flags = irqsave();
+  if (tcb->task_state == TSTATE_WAIT_SEM)
+    {
+      sem_t *sem = tcb->waitsem;
+      DEBUGASSERT(sem != NULL && sem->semcount < 0);
+
+      /* Restore the correct priority of all threads that hold references
+       * to this semaphore.
+       */
+
+      sem_canceled(tcb, sem);
+
+      /* And increment the count on the semaphore.  This releases the count
+       * that was taken by sem_post().  This count decremented the semaphore
+       * count to negative and caused the thread to be blocked in the first
+       * place.
+       */
+
+      sem->semcount++;
+
+      /* Clear the semaphore to assure that it is not reused.  But leave the
+       * state as TSTATE_WAIT_SEM.  This is necessary because this is a
+       * necessary indication that the TCB still resides in the waiting-for-
+       * semaphore list.
+       */
+
+      tcb->waitsem = NULL;
+    }
+
+  irqrestore(flags);
+}
diff --git a/nuttx/sched/semaphore/semaphore.h b/nuttx/sched/semaphore/semaphore.h
index d8ed3ecd7..55e83abbf 100644
--- a/nuttx/sched/semaphore/semaphore.h
+++ b/nuttx/sched/semaphore/semaphore.h
@@ -85,6 +85,10 @@ void sem_initialize(void);
 void sem_waitirq(FAR struct tcb_s *wtcb, int errcode);
 #endif
 
+/* Recover semaphore resources with a task or thread is destroyed  */
+
+void sem_recover(FAR struct tcb_s *tcb);
+
 /* Special logic needed only by priority inheritance to manage collections of
  * holders of semaphores.
  */
diff --git a/nuttx/sched/task/task_recover.c b/nuttx/sched/task/task_recover.c
index 797a75605..f1ed0608e 100644
--- a/nuttx/sched/task/task_recover.c
+++ b/nuttx/sched/task/task_recover.c
@@ -43,11 +43,13 @@
 #include <nuttx/wdog.h>
 #include <nuttx/sched.h>
 
+#include "semaphore/semaphore.h"
+#include "wdog/wdog.h"
 #include "mqueue/mqueue.h"
 #include "task/task.h"
 
 /****************************************************************************
- * Definitions
+ * Pre-processor Definitions
  ****************************************************************************/
 
 /****************************************************************************
@@ -78,9 +80,9 @@
  * Name: task_recover
  *
  * Description:
- *   This function is called when a task is deleted via task_deleted or
- *   via pthread_cancel. I checks if the task was waiting for a message
- *   queue event and adjusts counts appropriately.
+ *   This function is called when a task is deleted via task_delete() or
+ *   via pthread_cancel.  I checks checks for semaphores, message queue, and
+ *   watchdog timer resources stranded in bad conditions.
  *
  * Inputs:
  *   tcb - The TCB of the terminated task or thread
@@ -95,28 +97,19 @@
 
 void task_recover(FAR struct tcb_s *tcb)
 {
-  irqstate_t flags;
+  /* The task is being deleted.  Cancel in pending timeout events. */
 
-  /* The task is being deleted.  If it is waiting for any timed event, then
-   * tcb->waitdog will be non-NULL.  Cancel the watchdog now so that no
-   * events occur after the watchdog expires.  Obviously there are lots of
-   * race conditions here so this will most certainly have to be revisited in
-   * the future.
-   */
+  wd_recover(tcb);
 
-  flags = irqsave();
-  if (tcb->waitdog)
-    {
-      (void)wd_cancel(tcb->waitdog);
-      (void)wd_delete(tcb->waitdog);
-      tcb->waitdog = NULL;
-    }
+  /* If the thread holds semaphore counts or is waiting for a semaphore count,
+   * then release the counts.
+   */
 
-  irqrestore(flags);
+  sem_recover(tcb);
 
+#ifndef CONFIG_DISABLE_MQUEUE
   /* Handle cases where the thread was waiting for a message queue event */
 
-#ifndef CONFIG_DISABLE_MQUEUE
   mq_recover(tcb);
 #endif
 }
diff --git a/nuttx/sched/wdog/Make.defs b/nuttx/sched/wdog/Make.defs
index 77fcb7389..c5107bd43 100644
--- a/nuttx/sched/wdog/Make.defs
+++ b/nuttx/sched/wdog/Make.defs
@@ -34,7 +34,7 @@
 ############################################################################
 
 CSRCS += wd_initialize.c wd_create.c wd_start.c wd_cancel.c wd_delete.c
-CSRCS += wd_gettime.c
+CSRCS += wd_gettime.c wd_recover.c
 
 # Include wdog build support
 
diff --git a/nuttx/sched/wdog/wd_recover.c b/nuttx/sched/wdog/wd_recover.c
new file mode 100644
index 000000000..bc1b3a839
--- /dev/null
+++ b/nuttx/sched/wdog/wd_recover.c
@@ -0,0 +1,115 @@
+/****************************************************************************
+ * sched/wdog/wdog_recover.c
+ *
+ *   Copyright (C) 2014 Gregory Nutt. All rights reserved.
+ *   Author: Gregory Nutt <gnutt@nuttx.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+
+#include <nuttx/arch.h>
+#include <nuttx/wdog.h>
+#include <nuttx/sched.h>
+
+#include "wdog/wdog.h"
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Private Type Declarations
+ ****************************************************************************/
+
+/****************************************************************************
+ * Global Variables
+ ****************************************************************************/
+
+/****************************************************************************
+ * Private Variables
+ ****************************************************************************/
+
+/****************************************************************************
+ * Private Function Prototypes
+ ****************************************************************************/
+
+/****************************************************************************
+ * Private Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: wd_recover
+ *
+ * Description:
+ *   This function is called from task_recover() when a task is deleted via
+ *   task_delete() or via pthread_cancel(). It checks if the deleted task
+ *   is waiting for a timed event and if so cancels the timeout
+ *
+ * Inputs:
+ *   tcb - The TCB of the terminated task or thread
+ *
+ * Return Value:
+ *   None.
+ *
+ * Assumptions:
+ *   This function is called from task deletion logic in a safe context.
+ *
+ ****************************************************************************/
+
+void wd_recover(FAR struct tcb_s *tcb)
+{
+  irqstate_t flags;
+
+  /* The task is being deleted.  If it is waiting for any timed event, then
+   * tcb->waitdog will be non-NULL.  Cancel the watchdog now so that no
+   * events occur after the watchdog expires.  Obviously there are lots of
+   * race conditions here so this will most certainly have to be revisited in
+   * the future.
+   */
+
+  flags = irqsave();
+  if (tcb->waitdog)
+    {
+      (void)wd_cancel(tcb->waitdog);
+      (void)wd_delete(tcb->waitdog);
+      tcb->waitdog = NULL;
+    }
+
+  irqrestore(flags);
+}
diff --git a/nuttx/sched/wdog/wdog.h b/nuttx/sched/wdog/wdog.h
index 6ee640867..f26b90f91 100644
--- a/nuttx/sched/wdog/wdog.h
+++ b/nuttx/sched/wdog/wdog.h
@@ -144,6 +144,28 @@ unsigned int wd_timer(int ticks);
 void wd_timer(void);
 #endif
 
+/****************************************************************************
+ * Name: wd_recover
+ *
+ * Description:
+ *   This function is called from task_recover() when a task is deleted via
+ *   task_delete() or via pthread_cancel(). It checks if the deleted task
+ *   is waiting for a timed event and if so cancels the timeout
+ *
+ * Inputs:
+ *   tcb - The TCB of the terminated task or thread
+ *
+ * Return Value:
+ *   None.
+ *
+ * Assumptions:
+ *   This function is called from task deletion logic in a safe context.
+ *
+ ****************************************************************************/
+
+struct tcb_s;
+void wd_recover(FAR struct tcb_s *tcb);
+
 #undef EXTERN
 #ifdef __cplusplus
 }