F4.3: monitor de liveness/deadline por tarea + IWDG windowed#81
Merged
Conversation
Detecta tareas VIVAS que dejan de progresar (cuelgue lógico sin crash, que el fault containment no ve) y las recupera, más una ventana inferior en el watchdog que además pilla un supervisor desbocado. rugus-core/sched.rs: - TaskSlot gana liveness_period/liveness_deadline (Option<u32>). - set_liveness_period (arma/desarma con period 0), liveness_checkin(_current), liveness_overdue (escanea no-actuales no-Killed con plazo vencido, comparación monotónica resistente a wrap), force_kill (mata viva no-actual + libera sync + desarma). respawn limpia el plazo viejo. Accesores *_for_test. - Colapsa el arm Sleeping de wake_expired en guard (clippy collapsible_if). rugus-core/syscall.rs: Id::Checkin=0x04 + from_raw + dispatch (sin punteros) + hook checkin + trampoline user::checkin (svc 4). rugus-kernel/lib.rs: hook checkin -> liveness_checkin_current; wrappers set_liveness_period/cpu_checkin/liveness_overdue/force_kill; liveness_selftest de arranque. HAL F4/F7 (gemelos): Iwdg::start_windowed con WINR (offset 0x10) al ~50 % (WINR_HALF=250): alimentar antes de ~1 s tras la recarga también resetea. Ejemplos F407/F769: good_app late con checkin cada loop; main arma liveness de good_app (1 s) y registra liveness_selftest; supervisor kickea el IWDG dentro de la ventana (~1.5 s) y recupera tareas colgadas (liveness_overdue -> force_kill + respawn + rearme). Appliance F103: hook checkin no-op. host-tests: módulo liveness_tests (arming, overdue antes/después del plazo, checkin renueva, tarea actual nunca colgada, force_kill recupera) + Checkin en dispatch e id_from_raw. La reconstrucción de stack de respawn no se ejerce en host (stack_base u32 trunca punteros 64-bit); validada en placa. Validado F407+F769 por RTT: "liveness selftest: PASS", IWDG windowed estable (sin resets) bajo churn de respawn. 29 tests host verdes.
cargo doc --workspace con -D warnings falla por rustdoc::private_intra_doc_links (WINR_HALF es const privada). Se degrada el link a code-span en ambos gemelos F4/F7.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resumen
set_liveness_period/liveness_checkin/liveness_overdue/force_killenrugus-core/sched.rs, conTaskSlot.liveness_period/deadline.Checkin(0x04): latido userland (trampolinesvc 4+ hook +cpu_checkin). El appliance F103 lo deja como no-op.Iwdg::start_windowedañadeWINR(~50 %,WINR_HALF=250) — alimentar demasiado pronto (< ~1 s) también resetea, así que pilla un supervisor desbocado, no solo uno colgado.good_applate concheckin; el supervisor kickea dentro de la ventana (~1.5 s) y recupera colgadas (liveness_overdue→force_kill+respawn+ rearme);liveness_selftestde arranque.Validación
liveness selftest: PASS, IWDG windowed estable (sin resets) bajo churn de respawn por >5 s.liveness_tests(arming, overdue antes/después del plazo, checkin renueva, tarea actual nunca colgada, force_kill recupera). 29 tests verdes.Notas
respawnno se ejerce en host (stack_baseu32 trunca punteros de 64-bit); se valida en placa.ifdewake_expireden guard de match para silenciarclippy::collapsible_if(clippy stable más reciente).🤖 Generated with Claude Code