diff --git a/app/donglet/app-g031.toml b/app/donglet/app-g031.toml index 94f077e58..3cfacc6b5 100644 --- a/app/donglet/app-g031.toml +++ b/app/donglet/app-g031.toml @@ -15,8 +15,9 @@ name = "task-jefe" priority = 0 max-sizes = {flash = 4096, ram = 512} start = true -stacksize = 368 +stacksize = 192 notifications = ["fault", "timer"] +features = ["no-panic", "nano"] [tasks.sys] name = "drv-stm32xx-sys" diff --git a/task/jefe/Cargo.toml b/task/jefe/Cargo.toml index 820b47b59..bae3c207f 100644 --- a/task/jefe/Cargo.toml +++ b/task/jefe/Cargo.toml @@ -31,6 +31,7 @@ build-util = { path = "../../build/util" } [features] dump = [] nano = [ "ringbuf/disabled" ] +no-panic = [ "userlib/no-panic" ] # This section is here to discourage RLS/rust-analyzer from doing test builds, # since test builds don't work for cross compilation. diff --git a/task/jefe/src/main.rs b/task/jefe/src/main.rs index 2d48acd1d..331cdd05f 100644 --- a/task/jefe/src/main.rs +++ b/task/jefe/src/main.rs @@ -310,9 +310,19 @@ impl idol_runtime::NotificationHandler for ServerImpl<'_> { let mut next_task = 1; while let Some(fault_index) = kipc::find_faulted_task(next_task) { let fault_index = usize::from(fault_index); - next_task = fault_index + 1; - - let status = &mut self.task_states[fault_index]; + // This addition cannot overflow in practice, because the number + // of tasks in the system is very much smaller than 2**32. So we + // use wrapping add, because currently the compiler doesn't + // understand this property. + next_task = fault_index.wrapping_add(1); + + // Safety: `fault_index` is from the kernel, and the kernel will + // not give us an out-of-range task index. + // + // TODO: it might be nice to fold this into a utility function + // in kipc or something + let status = + unsafe { self.task_states.get_unchecked_mut(fault_index) }; // If we're aware that this task is in a fault state, don't // bother making a syscall to enquire.