From 6784fd3adc5dada5c36c64407c02094965f516cf Mon Sep 17 00:00:00 2001
From: Per <Per Lindgren>
Date: Mon, 20 Nov 2017 16:10:55 +0100
Subject: [PATCH] Threshold

---
 doc/RTFM.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/RTFM.md b/doc/RTFM.md
index 5a21472..309475f 100644
--- a/doc/RTFM.md
+++ b/doc/RTFM.md
@@ -275,7 +275,10 @@ As seen, the implmentation is fairly simple. `ceiling` here is the resource ceil
 - `ceiling == max_priority` => here we cannot protect the resource by setting `BASEPRI` (masking priorities), and instead use `atomic` (which executes the closure `|t| f(data, t)` with globally disabled interrupts ( `PRIMASK = true`)
 - `ceiling != max_priority` => here we store the current system ceiling, (`old = basepri::read())`, set the new system ceiling `basepri::write(hw)` execute the closure `ret = f(data, &mut Threshold::new(ceiling))`, restore the system ceiling, `basepri::write(old)` and return the result `ret`. The `PRIMASK` and `BASEPRI` regeisters are located in the `Private Peripheral Bus` memory region, which is `Strongly-ordered` (meaning that accesses are executed in program order). I.e. the next instruction following  `basepri::write(hw)` (inside the `claim`) will be protected by the raised system ceiling. [Arm doc - memory barriers](https://static.docs.arm.com/dai0321/a/DAI0321A_programming_guide_memory_barriers_for_m_profile.pdf)
 
+Race freness at this level can be argued from:
 
+- Each *resource* is associated a *ceiling according to SRP
+- Accessing a *resource* from *safe* user code can only be done through the `Resource::claim/claim_mut` trait, calling the library `claim`
 
 
 Procedural macros in Rust are executed before code generation (causing the argument AST to replaced by a new AST for the remainder of compilation).
-- 
GitLab