From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.157.62.181 with SMTP id b50mr27600580otc.19.1462914872829; Tue, 10 May 2016 14:14:32 -0700 (PDT) X-Received: by 10.157.45.79 with SMTP id v73mr405386ota.9.1462914872770; Tue, 10 May 2016 14:14:32 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!news.glorb.com!sq19no5080537igc.0!news-out.google.com!k10ni199igv.0!nntp.google.com!sq19no5080528igc.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Tue, 10 May 2016 14:14:31 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=2601:191:8202:8510:5985:2c17:9409:aa9c; posting-account=fdRd8woAAADTIlxCu9FgvDrUK4wPzvy3 NNTP-Posting-Host: 2601:191:8202:8510:5985:2c17:9409:aa9c References: User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <17d09c96-c5e6-4238-9adb-c1dab5611237@googlegroups.com> Subject: Re: Two-stage suspend operations From: rieachus@comcast.net Injection-Date: Tue, 10 May 2016 21:14:32 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Xref: news.eternal-september.org comp.lang.ada:30380 Date: 2016-05-10T14:14:31-07:00 List-Id: > I'm looking at a system[1] where I'm assured that we need to run a=20 > drone's motor controller at 20 kHz, and SOs seemed a possibility. Of=20 > course, if you need to avoid concurrency problems between a timer-driven= =20 > ISR and tasking code, using SOs isn't going to work! so we are looking=20 > at swing-buffering or possibly GNAT's Lock_Free pragma/aspect[2]. It sounds like you need rate-monotonic scheduling: https://en.wikipedia.org= /wiki/Rate-monotonic_scheduling Usually you would run one clock at the hig= hest priority and dispatch lower priority tasks every N ticks for some N. = The Liu Sha and John Goodenough paper tells how to implement RMS in Ada. N= otice though that there is a lot of math for you to do to assign priorities= and prove that your system does not exceed a load limit. Note BTW, that the GNAT pragma specifically allows the protected objects th= at only run in the context of another task/thread, have a high enough prior= ity not to be interrupted, and do not reference any lower priority protecte= d objects. This is a sufficient but not necessary condition to insure that these POs a= re not involved in deadlocks. To need POs you will have multiple (Ada) tas= ks, and you need a different way to prove they are deadlock free. Also are= you planning to allow running on more than one physical processor? From e= xperience you need to test on one, two, and three or more logical CPUs to v= erify deadlock and livelock free operation. SPARK can do most of this for = you. but sometimes the run-time or OS contain surprises. Fortunately, when= they do, they tend to be in your face rather than a once a year kind of th= ing. (I found my share of bugs in Solaris. Only one of them was explicitly= real-time related, but they all showed up within a few seconds.)