Use EDF scheduler with ecall-based context switch

The preemptive EDF (Earliest Deadline First) scheduler requires a
mechanism for tasks to voluntarily yield CPU time while blocked on
delays. In RISC-V M-mode, the ecall instruction provides a clean way
to trigger a synchronous trap that invokes the scheduler without
relying on timer interrupts.

The dispatcher function now accepts a from_timer parameter to
distinguish between timer-driven preemption and ecall-driven yields.
Timer interrupts increment the system tick counter and process time
slices, while ecall-based yields skip tick advancement to prevent
time drift.

When handling ecall from M-mode, the trap handler advances mepc past
the 4-byte ecall instruction to prevent re-execution upon return.
Critically, the ISR stack frame must also be updated because the ISR
epilogue restores mepc from the saved frame rather than the CSR
directly. Without this fix, mret would jump back to the ecall
instruction causing an infinite trap loop.

The logger subsystem gains a flush mechanism with a direct_mode flag
that bypasses the async queue. This ensures multi-line output like
statistics reports prints in order, as printf normally enqueues to
the ring buffer which the logger task drains asynchronously.

The rtsched test application validates the EDF implementation by
running periodic RT tasks with different periods and deadlines,
measuring execution counts, deadline misses, response times, and
jitter to verify correct scheduler behavior.

Author: jserv

app/rtsched.c

@@ -248,32 +248,40 @@ void hal_cpu_idle(void)
 
 /* Interrupt and Trap Handling */
 
+/* Direct UART output for trap context (avoids printf deadlock) */
+extern int _putchar(int c);
+static void trap_puts(const char *s)
+{
+    while (*s)
+        _putchar(*s++);
+}
+
+/* Exception message table per RISC-V Privileged Spec */
+static const char *exc_msg[] = {
+    [0] = "Instruction address misaligned",
+    [1] = "Instruction access fault",
+    [2] = "Illegal instruction",
+    [3] = "Breakpoint",
+    [4] = "Load address misaligned",
+    [5] = "Load access fault",
+    [6] = "Store/AMO address misaligned",
+    [7] = "Store/AMO access fault",
+    [8] = "Environment call from U-mode",
+    [9] = "Environment call from S-mode",
+    [10] = "Reserved",
+    [11] = "Environment call from M-mode",
+    [12] = "Instruction page fault",
+    [13] = "Load page fault",
+    [14] = "Reserved",
+    [15] = "Store/AMO page fault",
+};
+
 /* C-level trap handler, called by the '_isr' assembly routine.
  * @cause : The value of the 'mcause' CSR, indicating the reason for the trap.
  * @epc   : The value of the 'mepc' CSR, the PC at the time of the trap.
  */
 void do_trap(uint32_t cause, uint32_t epc)
 {
-    static const char *exc_msg[] = {
-        /* For printing helpful debug messages */
-        [0] = "Instruction address misaligned",
-        [1] = "Instruction access fault",
-        [2] = "Illegal instruction",
-        [3] = "Breakpoint",
-        [4] = "Load address misaligned",
-        [5] = "Load access fault",
-        [6] = "Store/AMO address misaligned",
-        [7] = "Store/AMO access fault",
-        [8] = "Environment call from U-mode",
-        [9] = "Environment call from S-mode",
-        [10] = "Reserved",
-        [11] = "Environment call from M-mode",
-        [12] = "Instruction page fault",
-        [13] = "Load page fault",
-        [14] = "Reserved",
-        [15] = "Store/AMO page fault",
-    };
-
     if (MCAUSE_IS_INTERRUPT(cause)) { /* Asynchronous Interrupt */
         uint32_t int_code = MCAUSE_GET_CODE(cause);
         if (int_code == MCAUSE_MTI) { /* Machine Timer Interrupt */
@@ -282,28 +290,59 @@ void do_trap(uint32_t cause, uint32_t epc)
              * consistent tick frequency even with interrupt latency.
              */
             mtimecmp_w(mtimecmp_r() + (F_CPU / F_TIMER));
-            dispatcher(); /* Invoke the OS scheduler */
+            /* Invoke scheduler - parameter 1 = from timer, increment ticks */
+            dispatcher(1);
         } else {
             /* All other interrupt sources are unexpected and fatal */
-            printf("[UNHANDLED INTERRUPT] code=%u, cause=%08x, epc=%08x\n",
-                   int_code, cause, epc);
             hal_panic();
         }
     } else { /* Synchronous Exception */
         uint32_t code = MCAUSE_GET_CODE(cause);
-        const char *reason = "Unknown exception";
+
+        /* Handle ecall from M-mode - used for yielding in preemptive mode */
+        if (code == MCAUSE_ECALL_MMODE) {
+            /* Advance mepc past the ecall instruction (4 bytes) */
+            uint32_t new_epc = epc + 4;
+            write_csr(mepc, new_epc);
+
+            /* Also update mepc in the ISR frame on the stack!
+             * The ISR epilogue will restore mepc from the frame (offset 31*4 =
+             * 124 bytes). If we don't update the frame, mret will jump back to
+             * the ecall instruction!
+             */
+            uint32_t *isr_frame = (uint32_t *) __builtin_frame_address(0);
+            isr_frame[31] = new_epc;
+
+            /* Invoke dispatcher for context switch - parameter 0 = from ecall,
+             * don't increment ticks.
+             */
+            dispatcher(0);
+            return;
+        }
+
+        /* Print exception info via direct UART (safe in trap context) */
+        trap_puts("[EXCEPTION] ");
         if (code < ARRAY_SIZE(exc_msg) && exc_msg[code])
-            reason = exc_msg[code];
-        printf("[EXCEPTION] code=%u (%s), epc=%08x, cause=%08x\n", code, reason,
-               epc, cause);
+            trap_puts(exc_msg[code]);
+        else
+            trap_puts("Unknown");
+        trap_puts(" epc=0x");
+        for (int i = 28; i >= 0; i -= 4) {
+            uint32_t nibble = (epc >> i) & 0xF;
+            _putchar(nibble < 10 ? '0' + nibble : 'A' + nibble - 10);
+        }
+        trap_puts("\r\n");
+
         hal_panic();
     }
 }
 
 /* Enables the machine-level timer interrupt source */
 void hal_timer_enable(void)
 {
-    mtimecmp_w(mtime_r() + (F_CPU / F_TIMER));
+    uint64_t now = mtime_r();
+    uint64_t target = now + (F_CPU / F_TIMER);
+    mtimecmp_w(target);
     write_csr(mie, read_csr(mie) | MIE_MTIE);
 }
 
@@ -313,20 +352,50 @@ void hal_timer_disable(void)
     write_csr(mie, read_csr(mie) & ~MIE_MTIE);
 }
 
-/* Hook called by the scheduler after a context switch.
- * Its primary purpose is to enable global interrupts ('mstatus.MIE') only
- * AFTER the first task has been launched. This ensures interrupts are not
- * globally enabled until the OS is fully running in a valid task context.
+/* Enable timer interrupt bit only - does NOT reset mtimecmp.
+ * Use this for NOSCHED_LEAVE to avoid pushing the interrupt deadline forward.
+ */
+void hal_timer_irq_enable(void)
+{
+    write_csr(mie, read_csr(mie) | MIE_MTIE);
+}
+
+/* Disable timer interrupt bit only - does NOT touch mtimecmp.
+ * Use this for NOSCHED_ENTER to temporarily disable preemption.
+ */
+void hal_timer_irq_disable(void)
+{
+    write_csr(mie, read_csr(mie) & ~MIE_MTIE);
+}
+
+/* Build initial ISR frame on task stack for preemptive mode.
+ * Returns the stack pointer that points to the frame.
+ * When ISR restores from this frame, it will jump to task_entry.
+ *
+ * CRITICAL: ISR deallocates the frame before mret (sp += 128).
+ * We place the frame such that after deallocation, SP is at a safe location.
  */
-void hal_interrupt_tick(void)
+void *hal_build_initial_frame(void *stack_top, void (*task_entry)(void))
 {
-    tcb_t *task = kcb->task_current->data;
-    if (unlikely(!task))
-        hal_panic(); /* Fatal error - invalid task state */
+#define INITIAL_STACK_RESERVE \
+    256 /* Reserve space below stack_top for task startup */
 
-    /* The task's entry point is still in RA, so this is its very first run */
-    if ((uint32_t) task->entry == task->context[CONTEXT_RA])
-        _ei(); /* Enable global interrupts now that execution is in a task */
+    /* Place frame deeper in stack so after ISR deallocates (sp += 128),
+     * SP will be at (stack_top - INITIAL_STACK_RESERVE), not at stack_top.
+     */
+    uint32_t *frame =
+        (uint32_t *) ((uint8_t *) stack_top - INITIAL_STACK_RESERVE -
+                      ISR_STACK_FRAME_SIZE);
+
+    /* Zero out entire frame */
+    for (int i = 0; i < 32; i++) {
+        frame[i] = 0;
+    }
+
+    /* Set mepc (offset 31 words) to task entry point */
+    frame[31] = (uint32_t) task_entry;
+
+    return (void *) frame;
 }
 
 /* Context Switching */
@@ -503,12 +572,43 @@ __attribute__((noreturn)) void hal_context_restore(jmp_buf env, int32_t val)
     __builtin_unreachable(); /* Tell compiler this point is never reached */
 }
 
+/* Stack pointer switching for preemptive context switch.
+ * Saves current SP to *old_sp and loads new SP from new_sp.
+ * Called by dispatcher when switching tasks in preemptive mode.
+ * After this returns, ISR will restore registers from the new stack.
+ *
+ * @old_sp: Pointer to location where current SP should be saved
+ * @new_sp: New stack pointer to switch to
+ */
+void hal_switch_stack(void **old_sp, void *new_sp)
+{
+    asm volatile(
+        "sw   sp, 0(%0)\n" /* Save current SP to *old_sp */
+        "mv   sp, %1\n"    /* Load new SP from new_sp */
+        :                  /* no outputs */
+        : "r"(old_sp), "r"(new_sp)
+        : "memory");
+}
+
 /* Low-level context restore helper. Expects a pointer to a 'jmp_buf' in 'a0'.
- * Restores the GPRs and jumps to the restored return address.
+ * Restores the GPRs, mstatus, and jumps to the restored return address.
+ *
+ * This function must restore mstatus from the context to be
+ * consistent with hal_context_restore(). The first task context is initialized
+ * with MSTATUS_MIE | MSTATUS_MPP_MACH by hal_context_init(), which enables
+ * interrupts. Failing to restore this value would create an inconsistency
+ * where the first task inherits the kernel's mstatus instead of its own.
  */
 static void __attribute__((naked, used)) __dispatch_init(void)
 {
     asm volatile(
+        /* Restore mstatus FIRST to ensure correct processor state.
+         * This is critical for interrupt enable state (MSTATUS_MIE).
+         * Context was initialized with MIE=1 by hal_context_init().
+         */
+        "lw  t0, 16*4(a0)\n"
+        "csrw mstatus, t0\n"
+        /* Now restore all general-purpose registers */
         "lw  s0,   0*4(a0)\n"
         "lw  s1,   1*4(a0)\n"
         "lw  s2,   2*4(a0)\n"
@@ -536,6 +636,7 @@ __attribute__((noreturn)) void hal_dispatch_init(jmp_buf env)
 
     if (kcb->preemptive)
         hal_timer_enable();
+
     _ei(); /* Enable global interrupts just before launching the first task */
 
     asm volatile(

arch/riscv/hal.c

@@ -76,6 +76,12 @@ int32_t hal_context_save(jmp_buf env);
 void hal_context_restore(jmp_buf env, int32_t val);
 void hal_dispatch_init(jmp_buf env);
 
+/* Stack switching for preemptive context switch.
+ * Saves current SP to *old_sp and loads new SP from new_sp.
+ * Used by dispatcher when switching tasks in preemptive mode.
+ */
+void hal_switch_stack(void **old_sp, void *new_sp);
+
 /* Provides a blocking, busy-wait delay.
  * This function monopolizes the CPU and should only be used for very short
  * delays or in pre-scheduling initialization code.
@@ -92,7 +98,13 @@ uint64_t _read_us(void);
 void hal_hardware_init(void);
 void hal_timer_enable(void);
 void hal_timer_disable(void);
-void hal_interrupt_tick(void);
+void hal_timer_irq_enable(
+    void); /* Enable timer interrupt bit only (for NOSCHED) */
+void hal_timer_irq_disable(
+    void); /* Disable timer interrupt bit only (for NOSCHED) */
+void *hal_build_initial_frame(
+    void *stack_top,
+    void (*task_entry)(void)); /* Build ISR frame for preemptive mode */
 
 /* Initializes the context structure for a new task.
  * @ctx : Pointer to jmp_buf to initialize (must be non-NULL).
@@ -109,4 +121,4 @@ void hal_panic(void);
 void hal_cpu_idle(void);
 
 /* Default stack size for new tasks if not otherwise specified */
-#define DEFAULT_STACK_SIZE 4096
+#define DEFAULT_STACK_SIZE 8192

arch/riscv/hal.h

@@ -58,3 +58,21 @@ uint32_t mo_logger_queue_depth(void);
  * Returns total dropped message count since logger init
  */
 uint32_t mo_logger_dropped_count(void);
+
+/* Check if logger is in direct output mode.
+ * Lock-free read for performance - safe to call frequently.
+ * Returns true if printf/puts should bypass the queue.
+ */
+bool mo_logger_direct_mode(void);
+
+/* Flush all pending messages and enter direct output mode.
+ * Drains the queue directly from caller's context.
+ * After flush, printf/puts bypass the queue for ordered output.
+ * Call mo_logger_async_resume() to re-enable async logging.
+ */
+void mo_logger_flush(void);
+
+/* Re-enable async logging after a flush.
+ * Call this after completing ordered output that required direct mode.
+ */
+void mo_logger_async_resume(void);

include/sys/logger.h

@@ -67,6 +67,7 @@ enum task_states {
 typedef struct tcb {
     /* Context and Stack Management */
     jmp_buf context; /* Saved CPU context (GPRs, SP, PC) for task switching */
+    void *sp;        /* Saved stack pointer for preemptive context switch */
     void *stack;     /* Pointer to base of task's allocated stack memory */
     size_t stack_sz; /* Total size of the stack in bytes */
     void (*entry)(void); /* Task's entry point function */
@@ -150,16 +151,16 @@ extern kcb_t *kcb;
  * other hardware interrupts (e.g., UART) to be serviced, minimizing latency.
  * Use when protecting data shared between tasks.
  */
-#define NOSCHED_ENTER()          \
-    do {                         \
-        if (kcb->preemptive)     \
-            hal_timer_disable(); \
+#define NOSCHED_ENTER()              \
+    do {                             \
+        if (kcb->preemptive)         \
+            hal_timer_irq_disable(); \
     } while (0)
 
-#define NOSCHED_LEAVE()         \
-    do {                        \
-        if (kcb->preemptive)    \
-            hal_timer_enable(); \
+#define NOSCHED_LEAVE()             \
+    do {                            \
+        if (kcb->preemptive)        \
+            hal_timer_irq_enable(); \
     } while (0)
 
 /* Core Kernel and Task Management API */
@@ -169,8 +170,8 @@ extern kcb_t *kcb;
 /* Prints a fatal error message and halts the system */
 void panic(int32_t ecode);
 
-/* Main scheduler dispatch function, called by the timer ISR */
-void dispatcher(void);
+/* Main scheduler dispatch function, called by timer ISR or ecall */
+void dispatcher(int from_timer);
 
 /* Architecture-specific context switch implementations */
 void _dispatch(void);