Fatal errors when detected will cause the system to reboot. The system
API fatal() can be used to cause a fatal error at any time.
A list of the error codes is kept in include/sys/errno.h.
There is also the nonfatal() API
for logging errors which will not cause a reset. These are audited
and when DEBUGGER is defined, it will display a brief message on the DMD.
The core operating system code throws fatal errors in several key circumstances:
Because tasks continue to run until they give up control, a "hung" task will hang the entire system. At realtime level, this can be detected by seeing that the current task has not changed for a certain period of time. This works because realtime uses interrupts.
The number of tasks is bounded, to prevent runaway task creation/ memory allocation. Many other subsystems do the same whenever a limit is reached.
As a result, you never need to check the return value of a task_create
call, because if it fails, then control is never returned to you.
This is almost
always because someone called pinio_nvram_unlock() and forgot
to call pinio_nvram_lock() afterwards, or executed a task_sleep
in between.