When a failure, or an error is detected in a system (for example memory access fault, thread watchdog alarm, or others) CMSIS-RTOS2 API allows to stop further execution of selected RTOS threads. This can be used to block malfunctioning components or free computing resources and so enable execution of the safety critical threads.
Following approaches are available:
- function osThreadTerminateZone can be called in case of a fault exception. It will terminate all threads from the specified MPU Protected Zone (for example, can be the zone that has caused the fault). The function cannot be called in thread context or interrupts other than faults. Note that osFaultResume can be called at the end of the handling code to return program execution into a known context and let kernel schedule the next thread ready for execution.
- function osThreadSuspendClass can be called in case of a thread watchdog alarm or other errors handled in thread context. It allows to suspend operation of threads based on the safety class assignment. Function osThreadResumeClass can be used to resume operation of threads based on their safety class. Thread Watchdogs contains an example that demonstrates fault handling concept for thread watchdogs.
Function osKernelDestroyClass fully removes RTOS objects of specific safety classes from the system. This can be useful to do before restarting operation of terminated or suspended threads.
Function references
Following CMSIS-RTOS2 functions and macros support fault handling: