# atomic.h

/* Copyright (c) 2007 Dean Camera

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.

* Neither the name of the copyright holders nor the names of
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/

/* $Id$ */

#ifndef _UTIL_ATOMIC_H_
#define _UTIL_ATOMIC_H_ 1

#include <avr/io.h>
#include <avr/interrupt.h>

#if !defined(__DOXYGEN__)
/* Internal helper functions. */
static __inline__ uint8_t __iSeiRetVal(void)
{
sei();
return 1;
}

static __inline__ uint8_t __iCliRetVal(void)
{
cli();
return 1;
}

static __inline__ void __iSeiParam(const uint8_t *__s)
{
sei();
__asm__ volatile ("" ::: "memory");
(void)__s;
}

static __inline__ void __iCliParam(const uint8_t *__s)
{
cli();
__asm__ volatile ("" ::: "memory");
(void)__s;
}

static __inline__ void __iRestore(const  uint8_t *__s)
{
SREG = *__s;
__asm__ volatile ("" ::: "memory");
}
#endif  /* !__DOXYGEN__ */

/** \file */
/** \defgroup util_atomic <util/atomic.h> Atomically and Non-Atomically Executed Code Blocks

\code
#include <util/atomic.h>
\endcode

\note The macros in this header file require the ISO/IEC 9899:1999
("ISO C99") feature of for loop variables that are declared inside
the for loop itself.  For that reason, this header file can only
be used if the standard level of the compiler (option --std=) is
set to either \c c99 or \c gnu99.

The macros in this header file deal with code blocks that are
guaranteed to be excuted Atomically or Non-Atmomically.  The term
"Atomic" in this context refers to the unability of the respective
code to be interrupted.

These macros operate via automatic manipulation of the Global
Interrupt Status (I) bit of the SREG register. Exit paths from
both block types are all managed automatically without the need
for special considerations, i. e. the interrupt status will be
restored to the same value it has been when entering the
respective block.

A typical example that requires atomic access is a 16 (or more)
bit variable that is shared between the main execution path and an
ISR.  While declaring such a variable as volatile ensures that the
compiler will not optimize accesses to it away, it does not

\code
#include <inttypes.h>
#include <avr/interrupt.h>
#include <avr/io.h>

volatile uint16_t ctr;

ISR(TIMER1_OVF_vect)
{
ctr--;
}

...
int
main(void)
{
...
ctr = 0x200;
start_timer();
while (ctr != 0)
// wait
;
...
}
\endcode

There is a chance where the main context will exit its wait loop
when the variable \c ctr just reached the value 0xFF.  This happens
because the compiler cannot natively access a 16-bit variable
atomically in an 8-bit CPU.  So the variable is for example at
0x100, the compiler then tests the low byte for 0, which succeeds.
It then proceeds to test the high byte, but that moment the ISR
triggers, and the main context is interrupted.  The ISR will
decrement the variable from 0x100 to 0xFF, and the main context
proceeds.  It now tests the high byte of the variable which is
(now) also 0, so it concludes the variable has reached 0, and
terminates the loop.

Using the macros from this header file, the above code can be
rewritten like:

\code
#include <inttypes.h>
#include <avr/interrupt.h>
#include <avr/io.h>
#include <util/atomic.h>

volatile uint16_t ctr;

ISR(TIMER1_OVF_vect)
{
ctr--;
}

...
int
main(void)
{
...
ctr = 0x200;
start_timer();
sei();
uint16_t ctr_copy;
do
{
ATOMIC_BLOCK(ATOMIC_FORCEON)
{
ctr_copy = ctr;
}
}
while (ctr_copy != 0);
...
}
\endcode

This will install the appropriate interrupt protection before
accessing variable \c ctr, so it is guaranteed to be consistently
tested.  If the global interrupt state were uncertain before
entering the ATOMIC_BLOCK, it should be executed with the
parameter ATOMIC_RESTORESTATE rather than ATOMIC_FORCEON.

See \ref optim_code_reorder for things to be taken into account
with respect to compiler optimizations.
*/

/** \def ATOMIC_BLOCK(type)
\ingroup util_atomic

Creates a block of code that is guaranteed to be executed
atomically. Upon entering the block the Global Interrupt Status
flag in SREG is disabled, and re-enabled upon exiting the block
from any exit path.

Two possible macro parameters are permitted, ATOMIC_RESTORESTATE
and ATOMIC_FORCEON.
*/
#if defined(__DOXYGEN__)
#define ATOMIC_BLOCK(type)
#else
#define ATOMIC_BLOCK(type) for ( type, __ToDo = __iCliRetVal(); \
__ToDo ; __ToDo = 0 )
#endif  /* __DOXYGEN__ */

/** \def NONATOMIC_BLOCK(type)
\ingroup util_atomic

Creates a block of code that is executed non-atomically. Upon
entering the block the Global Interrupt Status flag in SREG is
enabled, and disabled upon exiting the block from any exit
path. This is useful when nested inside ATOMIC_BLOCK sections,
allowing for non-atomic execution of small blocks of code while
maintaining the atomic access of the other sections of the parent
ATOMIC_BLOCK.

Two possible macro parameters are permitted,
NONATOMIC_RESTORESTATE and NONATOMIC_FORCEOFF.
*/
#if defined(__DOXYGEN__)
#define NONATOMIC_BLOCK(type)
#else
#define NONATOMIC_BLOCK(type) for ( type, __ToDo = __iSeiRetVal(); \
__ToDo ;  __ToDo = 0 )
#endif  /* __DOXYGEN__ */

/** \def ATOMIC_RESTORESTATE
\ingroup util_atomic

This is a possible parameter for ATOMIC_BLOCK. When used, it will
cause the ATOMIC_BLOCK to restore the previous state of the SREG
register, saved before the Global Interrupt Status flag bit was
disabled. The net effect of this is to make the ATOMIC_BLOCK's
contents guaranteed atomic, without changing the state of the
Global Interrupt Status flag when execution of the block
completes.
*/
#if defined(__DOXYGEN__)
#define ATOMIC_RESTORESTATE
#else
#define ATOMIC_RESTORESTATE uint8_t sreg_save \
__attribute__((__cleanup__(__iRestore))) = SREG
#endif  /* __DOXYGEN__ */

/** \def ATOMIC_FORCEON
\ingroup util_atomic

This is a possible parameter for ATOMIC_BLOCK. When used, it will
cause the ATOMIC_BLOCK to force the state of the SREG register on
exit, enabling the Global Interrupt Status flag bit. This saves on
flash space as the previous value of the SREG register does not
need to be saved at the start of the block.

Care should be taken that ATOMIC_FORCEON is only used when it is
known that interrupts are enabled before the block's execution or
when the side effects of enabling global interrupts at the block's
completion are known and understood.
*/
#if defined(__DOXYGEN__)
#define ATOMIC_FORCEON
#else
#define ATOMIC_FORCEON uint8_t sreg_save \
__attribute__((__cleanup__(__iSeiParam))) = 0
#endif  /* __DOXYGEN__ */

/** \def NONATOMIC_RESTORESTATE
\ingroup util_atomic

This is a possible parameter for NONATOMIC_BLOCK. When used, it
will cause the NONATOMIC_BLOCK to restore the previous state of
the SREG register, saved before the Global Interrupt Status flag
bit was enabled. The net effect of this is to make the
NONATOMIC_BLOCK's contents guaranteed non-atomic, without changing
the state of the Global Interrupt Status flag when execution of
the block completes.
*/
#if defined(__DOXYGEN__)
#define NONATOMIC_RESTORESTATE
#else
#define NONATOMIC_RESTORESTATE uint8_t sreg_save \
__attribute__((__cleanup__(__iRestore))) = SREG
#endif  /* __DOXYGEN__ */

/** \def NONATOMIC_FORCEOFF
\ingroup util_atomic

This is a possible parameter for NONATOMIC_BLOCK. When used, it
will cause the NONATOMIC_BLOCK to force the state of the SREG
register on exit, disabling the Global Interrupt Status flag
bit. This saves on flash space as the previous value of the SREG
register does not need to be saved at the start of the block.

Care should be taken that NONATOMIC_FORCEOFF is only used when it
is known that interrupts are disabled before the block's execution
or when the side effects of disabling global interrupts at the
block's completion are known and understood.
*/
#if defined(__DOXYGEN__)
#define NONATOMIC_FORCEOFF
#else
#define NONATOMIC_FORCEOFF uint8_t sreg_save \
__attribute__((__cleanup__(__iCliParam))) = 0
#endif  /* __DOXYGEN__ */

#endif