Memfault Firmware SDK 0.30.0 (Build 421632)

Author: Memfault Inc

CHANGES.md

@@ -1,12 +1,28 @@
+### Changes between Memfault SDK 0.30.0 and SDK 0.29.1 - Mar 31, 2022
+
+#### :rocket: New Features
+
+- Added a Task Watchdog optional module. This can be used to monitor and trigger
+  a fault in the case of a task or thread that becomes stuck. See information in
+  [components/include/memfault/core/task_watchdog.h](components/include/memfault/core/task_watchdog.h)
+  for how to configure and use the module
+
+#### :chart_with_upwards_trend: Improvements
+
+- Fix compilation when building for a Zephyr target that does not have the
+  `CONFIG_ARM_MPU` flag enabled
+- Fix compilation errors to enable compatibility with Zephyr v3.0.0
+
 ### Changes between Memfault SDK 0.29.1 and SDK 0.29.0 - Mar 16, 2022
 
 #### :house: Internal
 
-- Updated Memfault Diagnostic GATT Service (MDS) based on feedback. This service can
-  be used to transparently forward data collected by the SDK to a Bluetooth Low
-  Energy gateway and proxied to the cloud. See
+- Updated Memfault Diagnostic GATT Service (MDS) based on feedback. This service
+  can be used to transparently forward data collected by the SDK to a Bluetooth
+  Low Energy gateway and proxied to the cloud. See
   [ports/include/memfault/ports/ble/mds.h](ports/include/memfault/ports/ble/mds.h#L1)
-- Updated Mbed OS invoke commands to be more resilient against python package conflicts
+- Updated Mbed OS invoke commands to be more resilient against python package
+  conflicts
 
 #### :boom: Breaking Changes
 

VERSION

@@ -1,2 +1,2 @@
-BUILD ID: 412506
-GIT COMMIT: f81a4f865
+BUILD ID: 421632
+GIT COMMIT: 92115a2ee

components/core/src/memfault_task_watchdog.c

@@ -0,0 +1,98 @@
+//! @file
+//!
+//! Copyright (c) Memfault, Inc.
+//! See License.txt for details
+//!
+//! Task watchdog implementation.
+
+#include "memfault/core/task_watchdog.h"
+#include "memfault/core/task_watchdog_impl.h"
+
+//! non-module definitions
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "memfault/config.h"
+#include "memfault/core/compiler.h"
+#include "memfault/core/math.h"
+#include "memfault/core/platform/core.h"
+#include "memfault/panics/assert.h"
+
+#if MEMFAULT_TASK_WATCHDOG_ENABLE
+
+sMemfaultTaskWatchdogInfo g_memfault_task_channel_info;
+
+//! Catch if the timeout is set to an incompatible literal
+static const uint32_t s_watchdog_timeout_ms = MEMFAULT_TASK_WATCHDOG_TIMEOUT_INTERVAL_MS;
+
+void memfault_task_watchdog_init(void) {
+  g_memfault_task_channel_info = (struct MemfaultTaskWatchdogInfo){0};
+}
+
+static bool prv_memfault_task_watchdog_expired(struct MemfaultTaskWatchdogChannel channel,
+                                               uint64_t current_time_ms) {
+  const bool active = channel.state == kMemfaultTaskWatchdogChannelState_Started;
+  // const bool expired = (channel.fed_time_ms + s_watchdog_timeout_ms) < current_time_ms;
+  const bool expired = (current_time_ms - channel.fed_time_ms) > s_watchdog_timeout_ms;
+
+  return active && expired;
+}
+
+static size_t prv_memfault_task_watchdog_do_check(void) {
+  const uint32_t time_since_boot_ms = memfault_platform_get_time_since_boot_ms();
+
+  size_t expired_channels_count = 0;
+  for (size_t i = 0; i < MEMFAULT_ARRAY_SIZE(g_memfault_task_channel_info.channels); i++) {
+    if (prv_memfault_task_watchdog_expired(g_memfault_task_channel_info.channels[i],
+                                           time_since_boot_ms)) {
+      expired_channels_count++;
+    }
+  }
+
+  return expired_channels_count;
+}
+
+void memfault_task_watchdog_check_all(void) {
+  size_t expired_channels_count = prv_memfault_task_watchdog_do_check();
+
+  // if any channel reached expiration, trigger a panic
+  if (expired_channels_count > 0) {
+    MEMFAULT_SOFTWARE_WATCHDOG();
+  } else {
+    memfault_task_watchdog_platform_refresh_callback();
+  }
+}
+
+void memfault_task_watchdog_bookkeep(void) {
+  // only update the internal structure, don't trigger callbacks
+  (void)prv_memfault_task_watchdog_do_check();
+}
+
+void memfault_task_watchdog_start(eMemfaultTaskWatchdogChannel channel_id) {
+  g_memfault_task_channel_info.channels[channel_id].fed_time_ms =
+    memfault_platform_get_time_since_boot_ms();
+  g_memfault_task_channel_info.channels[channel_id].state =
+    kMemfaultTaskWatchdogChannelState_Started;
+}
+
+void memfault_task_watchdog_feed(eMemfaultTaskWatchdogChannel channel_id) {
+  g_memfault_task_channel_info.channels[channel_id].fed_time_ms =
+    memfault_platform_get_time_since_boot_ms();
+}
+
+void memfault_task_watchdog_stop(eMemfaultTaskWatchdogChannel channel_id) {
+  g_memfault_task_channel_info.channels[channel_id].state =
+    kMemfaultTaskWatchdogChannelState_Stopped;
+}
+
+//! Callback which is called when there are no expired tasks; can be used for
+//! example to reset a hardware watchdog
+MEMFAULT_WEAK void memfault_task_watchdog_platform_refresh_callback(void) {}
+
+#else  // MEMFAULT_TASK_WATCHDOG_ENABLE
+
+void memfault_task_watchdog_bookkeep(void) {}
+
+#endif  // MEMFAULT_TASK_WATCHDOG_ENABLE

components/include/memfault/components.h

@@ -40,6 +40,7 @@ extern "C" {
 #include "memfault/core/platform/system_time.h"
 #include "memfault/core/reboot_reason_types.h"
 #include "memfault/core/reboot_tracking.h"
+#include "memfault/core/task_watchdog.h"
 #include "memfault/core/sdk_assert.h"
 #include "memfault/core/trace_event.h"
 #include "memfault/core/data_packetizer.h"

components/include/memfault/core/task_watchdog.h

@@ -0,0 +1,129 @@
+#pragma once
+
+//! @file
+//!
+//! Copyright (c) Memfault, Inc.
+//! See License.txt for details
+//!
+//! @brief
+//! Task watchdog API.
+//!
+//! This module implements a task watchdog that can be used to detect stuck RTOS
+//! tasks.
+//!
+//! Example usage:
+//!
+//! // Initialize the task watchdog system on system start
+//! memfault_task_watchdog_init();
+//!
+//! // In a task loop
+//! void example_task_loop(void) {
+//!   while(1) {
+//!     rtos_wait_for_task_to_wake_up();
+//!
+//!     // Example: Use the task watchdog to monitor a block of work
+//!     MEMFAULT_TASK_WATCHDOG_START(example_task_loop_channel_id);
+//!     // do work that should be monitored by the watchdog
+//!     MEMFAULT_TASK_WATCHDOG_STOP(example_task_loop_channel_id);
+//!
+//!     // Example: Use the task watchdog to monitor a repeated operation
+//!     MEMFAULT_TASK_WATCHDOG_START(example_task_loop_channel_id);
+//!     // feeding the watchdog is only necessary if in some long-running task
+//!     // that runs the risk of expiring the timeout, but is not expected to be
+//!     // stuck in between calls
+//!     for (size_t i = 0; i < 100; i++) {
+//!       MEMFAULT_TASK_WATCHDOG_FEED(example_task_loop_channel_id);
+//!       run_slow_repeated_task();
+//!     }
+//!     MEMFAULT_TASK_WATCHDOG_STOP(example_task_loop_channel_id);
+//!
+//!     rtos_put_task_to_sleep();
+//!   }
+//! }
+//!
+//! // In either a standalone timer, or a periodic background task, call the
+//! // memfault_task_watchdog_check_all function
+//! void example_task_watchdog_timer_cb(void) {
+//!   memfault_task_watchdog_check_all();
+//! }
+//!
+//! // Call memfault_task_watchdog_bookkeep() in
+//! // memfault_platform_coredump_save_begin()- this updates all the task
+//! // channel timeouts, in the event that the task monitor wasn't able to run
+//! // for some reason. Also might be appropriate to refresh other system
+//! // watchdogs prior to executing the coredump save.
+//! bool memfault_platform_coredump_save_begin(void) {
+//!   memfault_task_watchdog_bookkeep();
+//!   // may also need to refresh other watchdogs here, for example:
+//!   memfault_task_watchdog_platform_refresh_callback();
+//!   return true;
+//! }
+
+#include <stddef.h>
+
+#include "memfault/config.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//! Declare the task watchdog channel IDs. These shouldn't be used directly, but
+//! should be passed to the MEMFAULT_TASK_WATCHDOG_START etc. functions with the
+//! name declared in the memfault_task_watchdog_config.def file.
+#define MEMFAULT_TASK_WATCHDOG_CHANNEL_DEFINE(channel_) kMemfaultTaskWatchdogChannel_##channel_,
+typedef enum {
+#if MEMFAULT_TASK_WATCHDOG_ENABLE
+#include "memfault_task_watchdog_config.def"
+#else
+  // define one channel to prevent the compiler from complaining about a zero-length array
+  MEMFAULT_TASK_WATCHDOG_CHANNEL_DEFINE(placeholder_)
+#endif
+  kMemfaultTaskWatchdogChannel_NumChannels,
+} eMemfaultTaskWatchdogChannel;
+#undef MEMFAULT_TASK_WATCHDOG_CHANNEL_DEFINE
+#define MEMFAULT_TASK_WATCHDOG_CHANNEL_DEFINE(channel_) kMemfaultTaskWatchdogChannel_##channel_
+
+//! Initialize (or reset) the task watchdog system. This will stop and reset all
+//! internal bookkeeping for all channels.
+void memfault_task_watchdog_init(void);
+
+//! This function should be called periodically (for example, around the
+//! MEMFAULT_TASK_WATCHDOG_TIMEOUT_INTERVAL_MS period). It checks if any task
+//! watchdog channel has reached the timeout interval. If so, it will trigger a
+//! task watchdog assert.
+void memfault_task_watchdog_check_all(void);
+
+//! As in `memfault_task_watchdog_check_all`, but only updates the internal
+//! bookkeeping, and does not trigger any callbacks or asserts.
+//!
+//! Intended to be called just prior to coredump capture when the system is in
+//! the fault_handler.
+void memfault_task_watchdog_bookkeep(void);
+
+//! Start a task watchdog channel. After being started, a channel will now be
+//! eligible for expiration. Also resets the timeout interval for the channel.
+#define MEMFAULT_TASK_WATCHDOG_START(channel_id_) \
+  memfault_task_watchdog_start(MEMFAULT_TASK_WATCHDOG_CHANNEL_DEFINE(channel_id_))
+
+//! Reset the timeout interval for a task watchdog channel.
+#define MEMFAULT_TASK_WATCHDOG_FEED(channel_id_) \
+  memfault_task_watchdog_feed(MEMFAULT_TASK_WATCHDOG_CHANNEL_DEFINE(channel_id_))
+
+//! Stop a task watchdog channel. After being stopped, a channel will no longer
+//! be eligible for expiration and is reset
+#define MEMFAULT_TASK_WATCHDOG_STOP(channel_id_) \
+  memfault_task_watchdog_stop(MEMFAULT_TASK_WATCHDOG_CHANNEL_DEFINE(channel_id_))
+
+//! These functions should not be used directly, but instead through the macros
+//! above.
+void memfault_task_watchdog_start(eMemfaultTaskWatchdogChannel channel_id);
+void memfault_task_watchdog_feed(eMemfaultTaskWatchdogChannel channel_id);
+void memfault_task_watchdog_stop(eMemfaultTaskWatchdogChannel channel_id);
+
+//! Optional weakly defined function to perform any additional actions during
+//! `memfault_task_watchdog_check_all` when no channels have expired
+void memfault_task_watchdog_platform_refresh_callback(void);
+
+#ifdef __cplusplus
+}
+#endif

components/include/memfault/core/task_watchdog_impl.h

@@ -0,0 +1,46 @@
+#pragma once
+
+//! @file
+//!
+//! Copyright (c) Memfault, Inc.
+//! See License.txt for details
+//!
+//! @brief
+//!
+//! Task watchdog APIs intended for use within the memfault-firmware-sdk
+
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "memfault/config.h"
+
+// Keep this after config.h
+#include "memfault/core/task_watchdog.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum MemfaultTaskWatchdogChannelState {
+  kMemfaultTaskWatchdogChannelState_Stopped = 0,
+  kMemfaultTaskWatchdogChannelState_Started,
+  kMemfaultTaskWatchdogChannelState_Expired,
+};
+struct MemfaultTaskWatchdogChannel {
+  // Using a 32-bit value to track fed_time. This is enough for 49 days, which
+  // should be much longer than any watchdog timeout.
+  uint32_t fed_time_ms;
+  enum MemfaultTaskWatchdogChannelState state;
+};
+typedef struct MemfaultTaskWatchdogInfo {
+  struct MemfaultTaskWatchdogChannel channels[kMemfaultTaskWatchdogChannel_NumChannels];
+} sMemfaultTaskWatchdogInfo;
+
+//! Bookkeeping for the task watchdog channels. If the structure needs to change
+//! in the future, rename it to keep analyzer compatibility (eg "_v2")
+extern sMemfaultTaskWatchdogInfo g_memfault_task_channel_info;
+
+#ifdef __cplusplus
+}
+#endif

components/include/memfault/default_config.h

@@ -177,6 +177,10 @@ extern "C" {
 #define MEMFAULT_COREDUMP_COLLECT_LOG_REGIONS 0
 #endif
 
+//
+// Heap Statistics Configuration
+//
+
 //! When the FreeRTOS port is being used, controls whether or not heap
 //! allocation tracking is enabled.
 //! Note: When using this feature, MEMFAULT_COREDUMP_HEAP_STATS_LOCK_ENABLE 0
@@ -203,6 +207,33 @@ extern "C" {
 #define MEMFAULT_COREDUMP_HEAP_STATS_LOCK_ENABLE 1
 #endif
 
+//
+// Task Watchdog Configuration
+//
+
+//! Use this flag to enable the task watchdog component. See the header file at
+//! components/include/memfault/core/task_watchdog.h for usage details.
+#ifndef MEMFAULT_TASK_WATCHDOG_ENABLE
+#define MEMFAULT_TASK_WATCHDOG_ENABLE 0
+#endif
+
+//! Configure the task watchdog timeout value in milliseconds.
+#ifndef MEMFAULT_TASK_WATCHDOG_TIMEOUT_INTERVAL_MS
+#define MEMFAULT_TASK_WATCHDOG_TIMEOUT_INTERVAL_MS 1000
+#endif
+
+//! Enable this flag to collect the task watchdog information on coredump. Only
+//! needed if the entire memory contents are not already collected on coredump.
+#ifndef MEMFAULT_COREDUMP_COLLECT_TASK_WATCHDOG_REGION
+#define MEMFAULT_COREDUMP_COLLECT_TASK_WATCHDOG_REGION 0
+#endif
+
+//
+// Trace Configuration
+//
+
+//! Set the name for the user trace reason config file, which is where custom
+//! trace reasons can be defined
 #ifndef MEMFAULT_TRACE_REASON_USER_DEFS_FILE
 #define MEMFAULT_TRACE_REASON_USER_DEFS_FILE \
   "memfault_trace_reason_user_config.def"

components/include/memfault/panics/fault_handling.h

@@ -105,6 +105,10 @@ MEMFAULT_NORETURN
 #endif
 void memfault_fault_handling_assert_extra(void *pc, void *lr, sMemfaultAssertInfo *extra_info);
 
+//! Handler called in all system-specific fault_handlers, to perform generic
+//! bookkeeping or other operations shared by all fault handlers.
+void memfault_fault_handling_common(void);
+
 #ifdef __cplusplus
 }
 #endif

components/include/memfault/version.h

@@ -19,7 +19,7 @@ typedef struct {
   uint8_t patch;
 } sMfltSdkVersion;
 
-#define MEMFAULT_SDK_VERSION   { .major = 0, .minor = 29, .patch = 1 }
+#define MEMFAULT_SDK_VERSION   { .major = 0, .minor = 30, .patch = 0 }
 
 #ifdef __cplusplus
 }