Re: Two-stage suspend operations

[rieachus@comcast.net]

> I'm looking at a system[1] where I'm assured that we need to run a 
> drone's motor controller at 20 kHz, and SOs seemed a possibility. Of 
> course, if you need to avoid concurrency problems between a timer-driven 
> ISR and tasking code, using SOs isn't going to work! so we are looking 
> at swing-buffering or possibly GNAT's Lock_Free pragma/aspect[2].

It sounds like you need rate-monotonic scheduling: https://en.wikipedia.org/wiki/Rate-monotonic_scheduling  Usually you would run one clock at the highest priority and dispatch lower priority tasks every N ticks for some N.  The Liu Sha and John Goodenough paper tells how to implement RMS in Ada.  Notice though that there is a lot of math for you to do to assign priorities and prove that your system does not exceed a load limit.

Note BTW, that the GNAT pragma specifically allows the protected objects that only run in the context of another task/thread, have a high enough priority not to be interrupted, and do not reference any lower priority protected objects.

This is a sufficient but not necessary condition to insure that these POs are not involved in deadlocks.  To need POs you will have multiple (Ada) tasks, and you need a different way to prove they are deadlock free.  Also are you planning to allow running on more than one physical processor?  From experience you need to test on one, two, and three or more logical CPUs to verify deadlock and livelock free operation.  SPARK can do most of this for you. but sometimes the run-time or OS contain surprises.  Fortunately, when they do, they tend to be in your face rather than a once a year kind of thing.  (I found my share of bugs in Solaris. Only one of them was explicitly real-time related, but they all showed up within a few seconds.)