Other RTOSes
Unhappily, race conditions occur anytime we're need more than one read
to access data that's changing asynchronously to the software. If
you're reading X and Y coordinates, even with just 8 bits of
resolution, from a moving machine there's some peril they could be
seriously out of sync if two reads are required. A ten-bit encoder
managed through byte-wide ports potentially could create a similar
risk.
Having dealt with this problem in a number of embedded systems over
the years, I wasn't too shocked to see it in the RTEMS RTOS. It's a
pretty obscure issue, after all, though terribly real and potentially
deadly.
For fun I looked through the source of uC/OS, another very popular
operating system whose source is on the net (see www.ucos-ii.com). uC/OS never reads
the timer's hardware. It only counts overflows as detected by the ISR,
as there's no need for higher resolution. There's no chance of an
incorrect value.
Some of you, particularly those with hardware backgrounds, may be
clucking over an obvious solution I've yet to mention. Add an input
capture register between the timer and the system; the code sets a
"lock the value into the latch" bit, then reads this safely unchanging
data. The register is nothing more than a parallel latch, as wide as
the input data.
A single clock line drives each flip-flop in the latch, when strobed
it locks the data into the register. The output is fed to a pair of
processor input ports.
When it's time to read a safe, unchanging value the code issues a
"hold the data now" command, which strobes encoder values into the
latch. So all bits are stored and can be read by the software at any
time, with no fear of things changing between reads. Some designers tie
the register's clock input to one of the port control lines.
The I/O read instruction then automatically strobes data into the
latch, assuming one is wise enough to ensure the register latches data
on the leading edge of the clock.
The input capture register is a very simple way to suspend moving
data during the duration of a couple of reads. At first glance it seems
perfectly safe. However, a bit of analysis shows that for asynchronous
inputs it is not reliable. We're using hardware to fix a software
problem, so we must be aware of the limitations of physical logic
devices.
To simplify things for a minute, let's zoom in on that input capture
register and examine just one of its bits. Each gets stored in a
flip-flop, a bit of logic that might have only three connections: data
in, data out, and clock. When the input is a one, strobing clock puts a
one at the output.
However, suppose the input changes at about the same time clock
cycles. What happens?
The short answer is that no one knows.
Next in Part 3:
Metastable States and interrupt latency
To read Part 1 in this series, go to
Reentrancy,
atomic variables and recursion.
Jakob
Engblom (jakob@virtutech.com)
is technical marketing manager at
at Virtutech.
He has a MSc in computer science and a PhD in Computer Systems from
Uppsala University, and has
worked with programming tools and simulation tools for embedded and
real-time systems since 1997.
He was a contributor of
material to "The Firmware Handbook," edited
by Jack Ganssle, upon which this series of articles was based and
printed
with permission from Newnes, a division of Elsevier.
Copyright 2008. For
other publications by Jakob Engblom, see www.engbloms.se/jakob.html.
